Difference between revisions of "Haas PhD Server Configuration"

From edegan.com
Jump to navigation Jump to search
imported>Ed
(New page: Haas PhD Students have two new servers and this page details their configuration. ==IP Addresses== During the configuration phase the servers will be on: *phd-pgsql: 128.32.66.163 *phd-l...)
 
 
(55 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 +
[[category:McNair Admin]]
 +
 
Haas PhD Students have two new servers and this page details their configuration.
 
Haas PhD Students have two new servers and this page details their configuration.
 +
 +
'''NOTE THAT THE [[Posgres Server Configuration|CONFIGURATION OF POSTGRES2]] HAS ITS OWN PAGE'''
  
 
==IP Addresses==
 
==IP Addresses==
  
During the configuration phase the servers will be on:
+
The servers have been moved to a colo. Their new IP addresses are:
*phd-pgsql: 128.32.66.163
+
*phd-wiki: 128.32.204.202
*phd-lamp: 128.32.66.164
+
*phd-postgres2: 128.32.204.203
 +
 
 +
The domain names wiki.haas.berkeley.edu and postgres.haas.berkeley.edu should be mapped to these IP addresses shortly.
  
 
==Base configurations==
 
==Base configurations==
  
Both servers are running CentOS release 5.5 (cat /etc/*release*), which uses the Yum package manager (yum list installed | more). Both have Gnome on Xwindows available, as well as the following common packages:
+
Both servers are running [http://wiki.centos.org/ CentOS] release 5.5 (cat /etc/*release*), which uses the Yum package manager (yum list installed | more). Both have Gnome on Xwindows available, as well as the following common packages:
 
*cpp 4.1.2-48.el5.
 
*cpp 4.1.2-48.el5.
 
*ftp 0.17-35.el5
 
*ftp 0.17-35.el5
 
*httpd 2.2.3-43.el5.centos.3
 
*httpd 2.2.3-43.el5.centos.3
 
*iptables 1.3.5-5.3.el5_4.1
 
*iptables 1.3.5-5.3.el5_4.1
*mysql 5.0.77-4.el5_5.4
+
*mysql 5.0.77-4.el5_5.4 (note that this is the client)
 
*openssh 4.3p2-41.el5_5.1
 
*openssh 4.3p2-41.el5_5.1
 
*pam 0.99.6.2-6.el5_5.2
 
*pam 0.99.6.2-6.el5_5.2
Line 26: Line 32:
 
*postgresql.x86_64 8.1.22-1.el5_5.1
 
*postgresql.x86_64 8.1.22-1.el5_5.1
  
==Package additions or upgrades==
+
==Before we start==
 +
 
 +
===On Both Machines===
 +
 
 +
====Creating Users====
 +
 
 +
Assuming that you have root, you can create user accounts and give them root too. The process is:
 +
 
 +
First great the users group, checking the last group number:
 +
cat /etc/group
 +
/usr/sbin/groupadd -g 515 username
 +
 
 +
Then add the user
 +
/usr/sbin/useradd -g username -G root -s /bin/bash -p xxxx -d /home/username -m username
 +
      where g is the primary group, G is other groups, p sets a password,
 +
      d declares a home directory and m makes the directory
 +
 
 +
Change the user's password:
 +
passwd username
 +
 
 +
And add the user to the sudoers file
 +
echo 'username ALL=(ALL) ALL' >> /etc/sudoers
 +
 
 +
To delete a user:
 +
/usr/sbin/userdel -r roger
 +
where r removes the home directory
 +
 
 +
And to remove their group
 +
/usr/sbin/groupdel username
 +
 
 +
====Mounting bear====
 +
 +
It is very useful to mount your R drive
 +
 
 +
mkdir /mnt/ed
 +
mount -t cifs //bear/ed_egan/ /mnt/ed -o user=haas\\ed_egan
 +
 +
or:
 +
mount -t cifs //bear/ed_egan/ /mnt/ed -o user=ed_egan
 +
(which ever works)
 +
 
 +
for the inclusion into fstab or other more sophisticated approaches there is a [http://wiki.centos.org/TipsAndTricks/WindowsShares Centos help page].
 +
 
 +
==Package additions/upgrades/removals==
  
 
On lamp:
 
On lamp:
 +
*Upgrade PhP to 5.2.17+
 +
*Install MySQL (the server)
 +
*Install Mediawiki
 +
*Remove ftp
 +
 +
On pgsql:
 +
*Remove httpd, mysql, ftp, sendmail, inn and other servers we don't need
 
*Upgrade python to version 3.1
 
*Upgrade python to version 3.1
*
+
*Install TrueCrypt
 +
 
 +
===On the Wiki Server===
 +
 
 +
====Upgrading PhP====
 +
 
 +
In order to upgrade PhP (or install a more recent version of MySQL) we will probably need access to a different repository.
 +
 
 +
You can automatically add the Atomicorp repository using:
 +
wget -q -O - http://www.atomicorp.com/installers/atomic | sh
 +
 
 +
It has PhP version 5.2.17-1.el5.art and MySQL version 5.1.55-1.el5.art. Also install pgp-mysql.
 +
 
 +
yum list php  #We were running 5.1.6-27.el5_5.3
 +
yum upgrade php
 +
yum install php-mysql
 +
 
 +
====Install MySQL====
 +
 
 +
Install MySql (and update the client):
 +
yum install mysql mysql-server
 +
 
 +
Start the server:
 +
/etc/init.d/mysqld start
 +
 
 +
And make sure it starts automatically on reboot:
 +
/sbin/chkconfig --levels 235 mysqld on
 +
 
 +
Set a root password for the database:
 +
mysqladmin -u root password cheit
 +
 
 +
At this point you should configure and test the webserver and PhP, which is discussed below.
 +
 
 +
====Install Mediawiki====
 +
 
 +
There is no good version of mediawiki available from a yum repo. So you should do this manually. It isn't painful. Detailed instructions (you won't need them) are available from:
 +
*[http://www.mediawiki.org/wiki/Installation MediaWiki's Installation Page]
 +
*[http://www.mediawiki.org/wiki/Manual:Installing_MediaWiki Mediawiki's Installing MediaWiki Page]
 +
 
 +
First change to your home directory (or somewhere 'safe') then
 +
 
 +
wget http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.2.tar.gz
 +
 
 +
Then untar the package, either using the --owner option or as a non-root user to force extracted file ownernship to be other than 1000
 +
 
 +
su username
 +
tar xvzf mediawiki-*.tar.gz
 +
sudo su
 +
 
 +
Now copy the files into the 'right' location and change permissions
 +
 
 +
mkdir /var/www/html/w
 +
cp -r mediawiki-1.16.2/* /var/www/html/w/
 +
chmod a+w /var/www/html/w/config
 +
 
 +
Install ImageMagick using Yum:
 +
 
 +
yum install glib glib2 libpng libjpeg libtiff ghostscript freetype ImageMagick ImageMagick-perl
 +
 
 +
===On Postgres.Haas===
 +
 
 +
====Removing Unneeded Servers====
 +
 
 +
Remove the web, mail, news and other unneeded servers. Consider removing MySQL (but leave it for now):
 +
yum groupremove "Web Server"
 +
yum groupremove "Mail Server"
 +
yum groupremove "News Server"
 +
 
 +
====Install and Configure PostgreSQL====
 +
 
 +
To install Postgres with the PLs (Procedural Languages) do:
 +
 
 +
yum install postgresql postgresql-server postgresql-pl postgresql-libs
 +
 
 +
Start the service with:
 +
 
 +
/sbin/chkconfig postgresql on
 +
/sbin/service postgresql start
 +
 
 +
Add the following to ''/etc/sysconfig/iptables'' to allow access through the firewall:
 +
 
 +
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 128.32.66.0/24 --dport 5432 -j ACCEPT
 +
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 128.32.67.0/24 --dport 5432 -j ACCEPT
 +
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 128.32.74.0/24 --dport 5432 -j ACCEPT
 +
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 10.136.0.0/23 --dport 5432 -j ACCEPT
 +
 
 +
Restart the IPtables so the changes take effect:
 +
 
 +
service iptables restart
 +
 
 +
Now create some users on the database server:
 +
 
 +
su postgres
 +
createuser root
 +
createuser -P ed_egan
 +
exit
 +
 
 +
Check the version of Postgres and Perl installed:
 +
 
 +
psql -c "select version();" template1
 +
  PostgreSQL 8.1.23
 +
perl -v
 +
  v5.8.8
 +
 
 +
Now add the perl PL to the standard template so that all new databases will be perl enabled:
 +
 
 +
createlang plperl template1
 +
 
 +
Check the specs on the machine for the configuration:
 +
 
 +
cat /proc/meminfo
 +
  MemTotal:      8181356 kB
 +
cat /proc/cpuinfo
 +
  2 x Quad core CPUs
 +
  cache size: 2048 KB
 +
  model name: Intel(R) Xeon(TM) CPU 2.80GHz
 +
 
 +
Review the performance tuning section on the [[Working with PostgreSQL]] page, and possibly on [http://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server the official quick guide page] and make the following changes to ''/var/lib/pgsql/data/postgresql.conf'':
 +
 +
listen_addresses = '*'
 +
port = 5432
 +
 +
checkpoint_segments=32
 +
    This is equivalent to every 512Mb
 +
 +
shared_buffers = 786432
 +
  #1gig = 1073741824 => '''131072''' * 8 * 1024, currently trying 6gig
 +
  The recommendation is to use around 10-15% of RAM,
 +
  but for a single user db something higher seems better
 +
  This is in 8K blocks
 +
 +
work_mem = 2097152
 +
  #In KB, so 1024 * 512=> 524288 = 512Mb,
 +
  Note that this might be a little too high for aggresively stacked queries
 +
  But this seems to be the bite point for performance. 
 +
 +
maintenance_work_mem = 262144
 +
  #786432 => 6 * 1073741824 => 6 * 131072 * 8 * 1024
 +
  This is how much VACUUM will use - it doesn't make a huge difference
 +
 +
effective_cache_size = 1835008
 +
  #In 8k blocks. This is the maximum memory that postgres will allocate.
 +
  It is currently set to 14Gb.
 +
 
 +
Alter ''/var/lib/pgsql/data/pg_hba.conf'' to include the lines (under IPv4):
 +
 
 +
host    all        all        128.32.74.0/24        md5
 +
host    all        all        128.32.66.0/24        md5
 +
host    all        all        128.32.67.0/24        md5
 +
host    all        all        10.136.0.0/23        md5
 +
 
 +
Note that this will use encrypted database passwords, and that all accounts must have non-null passwords (i.e. be created with createuser -P username)
 +
 
 +
And restart Postgres:
 +
 
 +
/sbin/service postgresql restart
 +
 
 +
====Upgrade Python?====
 +
Find out which version of Python is currently installed:
 +
yum list python      #lists version 2.4.3-27.el5_5.3
 +
 
 +
There are tarballs of version 3.2 available from [http://www.python.org/download/ Python.org's download area], but it seems too recent to have got rpm/yum support as yet.
 +
 
 +
==Configuration==
 +
 
 +
For both servers:
 +
*Mount bear
 +
*Configure Iptables
 +
 
 +
For lamp:
 +
*Configure Apache
 +
*Configure Mediawiki
 +
*Add Mediawiki extensions
 +
*Create new folder structure
 +
 
 +
For pgsql:
 +
*Configure Postgre
 +
 
 +
===On the Wiki Server===
 +
 
 +
====Configure Apache====
 +
 
 +
Edit the main config file:
 +
vi /etc/httpd/conf/httpd.conf
 +
...
 +
ServerName 128.32.66.164:80
 +
...
 +
 
 +
To start Apache (to restart use 'restart'):
 +
/etc/init.d/httpd start
 +
 
 +
To set Apache to start at boot:
 +
/sbin/chkconfig --levels 235 httpd on
 +
 
 +
First, confirm your IP address:
 +
/sbin/ifconfig
 +
 
 +
====Configure IP Tables====
 +
 
 +
For lamp we need a hole for port 80 for the webserver. For pgsql we need a hole for our clientware. General documentation is available in [http://wiki.centos.org/HowTos/Network/IPTables iptables from Centos]
 +
 
 +
Check that iptables is running:
 +
/sbin/lsmod | grep ip_tables
 +
 
 +
Backup the old rules:
 +
cp /etc/sysconfig/iptables /etc/sysconfig/iptables.bak
 +
 
 +
Add a hole (or two):
 +
vi /etc/sysconfig/iptables
 +
...
 +
  -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 128.32.66.0/24 --dport 80 -j ACCEPT
 +
  -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 128.32.67.0/24 --dport 80 -j ACCEPT
 +
  -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 128.32.74.0/24 --dport 80 -j ACCEPT
 +
  -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 10.136.0.0/23 --dport 80 -j ACCEPT
 +
...
 +
 
 +
Restart the service:
 +
/etc/init.d/iptables restart
 +
 
 +
====Test the webserver and PhP====
 +
 
 +
Browse to http://128.32.66.164/ you should see the test page. Write the following text file to /var/www/html/Test.php:
 +
 
 +
<?php
 +
  phpinfo();
 +
?>
 +
 
 +
Browse to http://128.32.66.164/Test.php and you should see the PhP version page.
 +
 
 +
====Configure MediaWiki====
 +
 
 +
Browse to http://128.32.66.164/w/config/index.php, and set the following setting:
 +
WikiName: HaasPhDWiki
 +
Contact: kimg@haas.berkeley.edu
 +
Admin password and dbase password: cheit
 +
All other settings as default (you do have superuser on the dbase so tick that box)
 +
 
 +
Now move the LocalSettings.php file, change the permissions, and remove the config directory.
 +
 
 +
cp config/LocalSettings.php LocalSettings.php
 +
chmod 600 LocalSettings.php
 +
chown apache LocalSettings.php
 +
mkdir /mnt/ed/configbak
 +
cp -r ./config /mnt/ed/configbak/
 +
rm -rf ./config
 +
 
 +
You can now view your Wiki at http://128.32.66.164/w/index.php
 +
 
 +
We will now do the extensions and fine detail configuration.
 +
 
 +
Change the following settings in LocalSettings.php
 +
 
 +
$wgEnableUploads      = true; #Changed by Ed
 +
$wgUseTeX          = true; #Changed by Ed
 +
$wgLogo            = "/icons/wiki_logo.gif";
 +
$wgArticlePath = "/wiki/$1";
 +
$wgUsePathInfo = true;
 +
$wgFavicon = "$wgScriptPath/favicon.ico";
 +
$wgGroupPermissions['*']['edit'] = false; #Stops editing without an account, globally
 +
 
 +
 
 +
Change the permissions on the images directory:
 +
 
 +
chmod a+w /var/www/html/w/images
 +
 
 +
Add the info for the side bar (this might be restored from a backup):
 +
 
 +
Edit (or create): 
 +
http://wiki.haas.berkeley.edu/wiki/MediaWiki:Sidebar
 +
 +
* navigation
 +
** mainpage|mainpage-description
 +
** research_computing |Research Computing
 +
** portal-url|Community
 +
** currentevents-url|currentevents
 +
** recentchanges-url|recentchanges
 +
** randompage-url|randompage
 +
** helppage|help
 +
* Group Pages
 +
** accounting|Accounting
 +
** bpp|BPP
 +
** finance|Finance
 +
** management_of_organizations|Management of Organizations
 +
** marketing|Marketing
 +
** operations_and_it_management|Operations and IT Management
 +
** real_estate|Real Estate
 +
* SEARCH
 +
* TOOLBOX
 +
* LANGUAGES
 +
 
 +
 
 +
 
 +
And populate the wiki using the Special:Import page. Note that you can get a list of all pages on a wiki using the API:
 +
 
 +
http://wiki.haas.berkeley.edu/w/api.php?action=query&list=allpages&aplimit=500
 +
 
 +
Mount the Backup Directory:
 +
mkdir /mnt/wiki
 +
mount -t cifs //bear.haas.berkeley.edu/wiki/bulk/backup /mnt/wiki/ -o user=haas\\wiki
 +
 
 +
Mount the Images Directory:
 +
mv /var/www/html/w/images /var/www/html/w/imagesorg
 +
mkdir images
 +
mount -t cifs //bear.haas.berkeley.edu/wiki/bulk/media /var/www/html/w/images -o user=haas\\wiki
 +
mkdir /var/www/html/w/image/tmp
 +
 
 +
Change the max_upload_filesize to 8M in php.ini:
 +
vi php.ini
 +
#edit max_upload_filesize variable
 +
 
 +
Restart the webserver:
 +
/etc/init.d/httpd restart
 +
 
 +
 
 +
=====Do the extensions:=====
 +
 
 +
'''Simple security'''
 +
Get it from: http://www.mediawiki.org/wiki/Extension:Simple_Security
 +
 
 +
tar -xzf /mnt/ed/HaasWiki/SimpleSecurity-MW1.16-r62389.tar.gz -C /var/www/html/w/extensions
 +
 
 +
'''UserMerge'''
 +
Get it from: http://www.mediawiki.org/wiki/Extension:UserMerge
 +
 
 +
tar -xzf /mnt/ed/HaasWiki/UserMerge-MW1.16-r66255.tar.gz -C /var/www/html/w/extensions
 +
 
 +
'''RenameUser'''
 +
Get it from:
 +
http://www.mediawiki.org/wiki/Extension:Rename_user
 +
 
 +
tar -xzf /mnt/ed/HaasWiki/Renameuser-MW1.16-r66255.tar.gz -C /var/www/html/w/extensions
 +
 
 +
'''ImportUsers'''
 +
Get it from: http://www.mediawiki.org/wiki/Extension:ImportUsers
 +
 
 +
tar -xzf /mnt/ed/HaasWiki/ImportUsers-MW1.16-r62790.tar.gz -C /var/www/html/w/extensions
 +
 
 +
'''UserRightsList'''
 +
Get it from: http://www.mediawiki.org/wiki/Extension:UserRightsList
 +
 
 +
tar -xzf /mnt/ed/HaasWiki/UserRightsList.0.52.tgz -C /var/www/html/w/extensions
 +
 
 +
'''MultipleUpload'''
 +
Get it from: http://www.mediawiki.org/wiki/Extension:MultiUpload
 +
 
 +
tar -xzf /mnt/ed/HaasWiki/MultiUpload-MW1.16-r78542.tar.gz -C /var/www/html/w/extensions
 +
 
 +
 
 +
Add to LocalSettings.php
 +
 
 +
#SimpleSecurity
 +
$wgSecurityUseDBHook = true; # Add this to enable the experimental DB hook for stronger security
 +
include_once("{$IP}/extensions/SimpleSecurity/SimpleSecurity.php");
 +
# All other SimpleSecurity directives MUST be specified after the include or the defaults will override them.
 +
$wgSecurityRenderInfo = true;
 +
$wgSecurityAllowUnreadableLinks = false;
 +
$wgPageRestrictions['Category:Servers']['read'] = 'sysop';
 +
$wgSecurityExtraGroups = array(
 +
    'students' => 'Students',
 +
    'faculty' => 'Faculty,
 +
    'staff' => 'Staff',
 +
);
 +
 
 +
#UserMerge
 +
require_once( "$IP/extensions/UserMerge/UserMerge.php" );
 +
$wgGroupPermissions['bureaucrat']['usermerge'] = true;
 +
 +
#RenameUser
 +
require_once("$IP/extensions/Renameuser/Renameuser.php");
 +
 +
#ImportUsers
 +
require_once("$IP/extensions/ImportUsers/SpecialImportUsers.php");
 +
 +
#UserRightsList
 +
require_once("$IP/extensions/UserRightsList/UserRightsList.php");
 +
 +
#MultipleUpload
 +
require_once("$IP/extensions/MultiUpload/SpecialMultipleUpload.php");
 +
$wgMaxUploadFiles=10;
 +
 
 +
[[admin_classification::IT Build| ]]

Latest revision as of 16:47, 21 June 2016


Haas PhD Students have two new servers and this page details their configuration.

NOTE THAT THE CONFIGURATION OF POSTGRES2 HAS ITS OWN PAGE

IP Addresses

The servers have been moved to a colo. Their new IP addresses are:

  • phd-wiki: 128.32.204.202
  • phd-postgres2: 128.32.204.203

The domain names wiki.haas.berkeley.edu and postgres.haas.berkeley.edu should be mapped to these IP addresses shortly.

Base configurations

Both servers are running CentOS release 5.5 (cat /etc/*release*), which uses the Yum package manager (yum list installed | more). Both have Gnome on Xwindows available, as well as the following common packages:

  • cpp 4.1.2-48.el5.
  • ftp 0.17-35.el5
  • httpd 2.2.3-43.el5.centos.3
  • iptables 1.3.5-5.3.el5_4.1
  • mysql 5.0.77-4.el5_5.4 (note that this is the client)
  • openssh 4.3p2-41.el5_5.1
  • pam 0.99.6.2-6.el5_5.2
  • perl 4:5.8.8-32.el5_5.2
  • python 2.4.3-27.el5_5.3
  • php 5.1.6-27.el5_5.3
  • samba 3.0.33-3.29.el5_5.1
  • squid 7:2.6.STABLE21-6.el5

Notable additional packages on pgsql are:

  • postgresql.x86_64 8.1.22-1.el5_5.1

Before we start

On Both Machines

Creating Users

Assuming that you have root, you can create user accounts and give them root too. The process is:

First great the users group, checking the last group number:

cat /etc/group
/usr/sbin/groupadd -g 515 username 

Then add the user

/usr/sbin/useradd -g username -G root -s /bin/bash -p xxxx -d /home/username -m username
      where g is the primary group, G is other groups, p sets a password, 
      d declares a home directory and m makes the directory

Change the user's password:

passwd username

And add the user to the sudoers file

echo 'username ALL=(ALL) ALL' >> /etc/sudoers

To delete a user:

/usr/sbin/userdel -r roger 
where r removes the home directory

And to remove their group

/usr/sbin/groupdel username

Mounting bear

It is very useful to mount your R drive

mkdir /mnt/ed
mount -t cifs //bear/ed_egan/ /mnt/ed -o user=haas\\ed_egan

or:
mount -t cifs //bear/ed_egan/ /mnt/ed -o user=ed_egan
(which ever works)

for the inclusion into fstab or other more sophisticated approaches there is a Centos help page.

Package additions/upgrades/removals

On lamp:

  • Upgrade PhP to 5.2.17+
  • Install MySQL (the server)
  • Install Mediawiki
  • Remove ftp

On pgsql:

  • Remove httpd, mysql, ftp, sendmail, inn and other servers we don't need
  • Upgrade python to version 3.1
  • Install TrueCrypt

On the Wiki Server

Upgrading PhP

In order to upgrade PhP (or install a more recent version of MySQL) we will probably need access to a different repository.

You can automatically add the Atomicorp repository using:

wget -q -O - http://www.atomicorp.com/installers/atomic | sh

It has PhP version 5.2.17-1.el5.art and MySQL version 5.1.55-1.el5.art. Also install pgp-mysql.

yum list php   #We were running 5.1.6-27.el5_5.3
yum upgrade php
yum install php-mysql

Install MySQL

Install MySql (and update the client):

yum install mysql mysql-server

Start the server:

/etc/init.d/mysqld start

And make sure it starts automatically on reboot:

/sbin/chkconfig --levels 235 mysqld on

Set a root password for the database:

mysqladmin -u root password cheit

At this point you should configure and test the webserver and PhP, which is discussed below.

Install Mediawiki

There is no good version of mediawiki available from a yum repo. So you should do this manually. It isn't painful. Detailed instructions (you won't need them) are available from:

First change to your home directory (or somewhere 'safe') then

wget http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.2.tar.gz

Then untar the package, either using the --owner option or as a non-root user to force extracted file ownernship to be other than 1000

su username
tar xvzf mediawiki-*.tar.gz
sudo su

Now copy the files into the 'right' location and change permissions

mkdir /var/www/html/w
cp -r mediawiki-1.16.2/* /var/www/html/w/
chmod a+w /var/www/html/w/config

Install ImageMagick using Yum:

yum install glib glib2 libpng libjpeg libtiff ghostscript freetype ImageMagick ImageMagick-perl

On Postgres.Haas

Removing Unneeded Servers

Remove the web, mail, news and other unneeded servers. Consider removing MySQL (but leave it for now):

yum groupremove "Web Server"
yum groupremove "Mail Server"
yum groupremove "News Server"

Install and Configure PostgreSQL

To install Postgres with the PLs (Procedural Languages) do:

yum install postgresql postgresql-server postgresql-pl postgresql-libs

Start the service with:

/sbin/chkconfig postgresql on
/sbin/service postgresql start

Add the following to /etc/sysconfig/iptables to allow access through the firewall:

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 128.32.66.0/24 --dport 5432 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 128.32.67.0/24 --dport 5432 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 128.32.74.0/24 --dport 5432 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 10.136.0.0/23 --dport 5432 -j ACCEPT

Restart the IPtables so the changes take effect:

service iptables restart

Now create some users on the database server:

su postgres
createuser root
createuser -P ed_egan
exit

Check the version of Postgres and Perl installed:

psql -c "select version();" template1
 PostgreSQL 8.1.23
perl -v
 v5.8.8

Now add the perl PL to the standard template so that all new databases will be perl enabled:

createlang plperl template1

Check the specs on the machine for the configuration:

cat /proc/meminfo
 MemTotal:      8181356 kB
cat /proc/cpuinfo
 2 x Quad core CPUs 
 cache size: 2048 KB
 model name: Intel(R) Xeon(TM) CPU 2.80GHz

Review the performance tuning section on the Working with PostgreSQL page, and possibly on the official quick guide page and make the following changes to /var/lib/pgsql/data/postgresql.conf:

listen_addresses = '*'
port = 5432

checkpoint_segments=32
   This is equivalent to every 512Mb

shared_buffers = 786432	
  #1gig = 1073741824 => 131072 * 8 * 1024, currently trying 6gig
  The recommendation is to use around 10-15% of RAM, 
  but for a single user db something higher seems better
  This is in 8K blocks

work_mem = 2097152
  #In KB, so 1024 * 512=> 524288 = 512Mb, 
  Note that this might be a little too high for aggresively stacked queries
  But this seems to be the bite point for performance.  

maintenance_work_mem = 262144
  #786432 => 6 * 1073741824 => 6 * 131072 * 8 * 1024
  This is how much VACUUM will use - it doesn't make a huge difference

effective_cache_size = 1835008
  #In 8k blocks. This is the maximum memory that postgres will allocate.
  It is currently set to 14Gb.

Alter /var/lib/pgsql/data/pg_hba.conf to include the lines (under IPv4):

host    all         all         128.32.74.0/24        md5
host    all         all         128.32.66.0/24        md5
host    all         all         128.32.67.0/24        md5
host    all         all         10.136.0.0/23         md5

Note that this will use encrypted database passwords, and that all accounts must have non-null passwords (i.e. be created with createuser -P username)

And restart Postgres:

/sbin/service postgresql restart

Upgrade Python?

Find out which version of Python is currently installed:

yum list python       #lists version 2.4.3-27.el5_5.3

There are tarballs of version 3.2 available from Python.org's download area, but it seems too recent to have got rpm/yum support as yet.

Configuration

For both servers:

  • Mount bear
  • Configure Iptables

For lamp:

  • Configure Apache
  • Configure Mediawiki
  • Add Mediawiki extensions
  • Create new folder structure

For pgsql:

  • Configure Postgre

On the Wiki Server

Configure Apache

Edit the main config file:

vi /etc/httpd/conf/httpd.conf
...
ServerName 128.32.66.164:80
...

To start Apache (to restart use 'restart'):

/etc/init.d/httpd start

To set Apache to start at boot:

/sbin/chkconfig --levels 235 httpd on

First, confirm your IP address:

/sbin/ifconfig

Configure IP Tables

For lamp we need a hole for port 80 for the webserver. For pgsql we need a hole for our clientware. General documentation is available in iptables from Centos

Check that iptables is running:

/sbin/lsmod | grep ip_tables

Backup the old rules:

cp /etc/sysconfig/iptables /etc/sysconfig/iptables.bak

Add a hole (or two):

vi /etc/sysconfig/iptables
...
 -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 128.32.66.0/24 --dport 80 -j ACCEPT
 -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 128.32.67.0/24 --dport 80 -j ACCEPT
 -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 128.32.74.0/24 --dport 80 -j ACCEPT
 -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 10.136.0.0/23 --dport 80 -j ACCEPT
...

Restart the service:

/etc/init.d/iptables restart

Test the webserver and PhP

Browse to http://128.32.66.164/ you should see the test page. Write the following text file to /var/www/html/Test.php:

<?php
  phpinfo();
?>

Browse to http://128.32.66.164/Test.php and you should see the PhP version page.

Configure MediaWiki

Browse to http://128.32.66.164/w/config/index.php, and set the following setting:

WikiName: HaasPhDWiki
Contact: kimg@haas.berkeley.edu
Admin password and dbase password: cheit
All other settings as default (you do have superuser on the dbase so tick that box)

Now move the LocalSettings.php file, change the permissions, and remove the config directory.

cp config/LocalSettings.php LocalSettings.php
chmod 600 LocalSettings.php
chown apache LocalSettings.php
mkdir /mnt/ed/configbak
cp -r ./config /mnt/ed/configbak/
rm -rf ./config

You can now view your Wiki at http://128.32.66.164/w/index.php

We will now do the extensions and fine detail configuration.

Change the following settings in LocalSettings.php

$wgEnableUploads       = true; #Changed by Ed
$wgUseTeX           = true; #Changed by Ed
$wgLogo             = "/icons/wiki_logo.gif";
$wgArticlePath = "/wiki/$1";
$wgUsePathInfo = true;
$wgFavicon = "$wgScriptPath/favicon.ico";
$wgGroupPermissions['*']['edit'] = false; #Stops editing without an account, globally


Change the permissions on the images directory:

chmod a+w /var/www/html/w/images

Add the info for the side bar (this might be restored from a backup):

Edit (or create):  
http://wiki.haas.berkeley.edu/wiki/MediaWiki:Sidebar

* navigation
** mainpage|mainpage-description
** research_computing |Research Computing
** portal-url|Community
** currentevents-url|currentevents
** recentchanges-url|recentchanges
** randompage-url|randompage
** helppage|help
* Group Pages
** accounting|Accounting
** bpp|BPP
** finance|Finance
** management_of_organizations|Management of Organizations
** marketing|Marketing
** operations_and_it_management|Operations and IT Management
** real_estate|Real Estate
* SEARCH
* TOOLBOX
* LANGUAGES


And populate the wiki using the Special:Import page. Note that you can get a list of all pages on a wiki using the API:

http://wiki.haas.berkeley.edu/w/api.php?action=query&list=allpages&aplimit=500

Mount the Backup Directory:

mkdir /mnt/wiki
mount -t cifs //bear.haas.berkeley.edu/wiki/bulk/backup /mnt/wiki/ -o user=haas\\wiki

Mount the Images Directory:

mv /var/www/html/w/images /var/www/html/w/imagesorg
mkdir images
mount -t cifs //bear.haas.berkeley.edu/wiki/bulk/media /var/www/html/w/images -o user=haas\\wiki
mkdir /var/www/html/w/image/tmp

Change the max_upload_filesize to 8M in php.ini:

vi php.ini
#edit max_upload_filesize variable

Restart the webserver:

/etc/init.d/httpd restart


Do the extensions:

Simple security Get it from: http://www.mediawiki.org/wiki/Extension:Simple_Security

tar -xzf /mnt/ed/HaasWiki/SimpleSecurity-MW1.16-r62389.tar.gz -C /var/www/html/w/extensions

UserMerge Get it from: http://www.mediawiki.org/wiki/Extension:UserMerge

tar -xzf /mnt/ed/HaasWiki/UserMerge-MW1.16-r66255.tar.gz -C /var/www/html/w/extensions

RenameUser Get it from: http://www.mediawiki.org/wiki/Extension:Rename_user

tar -xzf /mnt/ed/HaasWiki/Renameuser-MW1.16-r66255.tar.gz -C /var/www/html/w/extensions

ImportUsers Get it from: http://www.mediawiki.org/wiki/Extension:ImportUsers

tar -xzf /mnt/ed/HaasWiki/ImportUsers-MW1.16-r62790.tar.gz -C /var/www/html/w/extensions

UserRightsList Get it from: http://www.mediawiki.org/wiki/Extension:UserRightsList

tar -xzf /mnt/ed/HaasWiki/UserRightsList.0.52.tgz -C /var/www/html/w/extensions

MultipleUpload Get it from: http://www.mediawiki.org/wiki/Extension:MultiUpload

tar -xzf /mnt/ed/HaasWiki/MultiUpload-MW1.16-r78542.tar.gz -C /var/www/html/w/extensions


Add to LocalSettings.php

#SimpleSecurity
$wgSecurityUseDBHook = true; # Add this to enable the experimental DB hook for stronger security
include_once("{$IP}/extensions/SimpleSecurity/SimpleSecurity.php");
# All other SimpleSecurity directives MUST be specified after the include or the defaults will override them.
$wgSecurityRenderInfo = true;
$wgSecurityAllowUnreadableLinks = false;
$wgPageRestrictions['Category:Servers']['read'] = 'sysop';
$wgSecurityExtraGroups = array(
   'students' => 'Students',
   'faculty' => 'Faculty,
   'staff' => 'Staff',
);
 
#UserMerge
require_once( "$IP/extensions/UserMerge/UserMerge.php" );
$wgGroupPermissions['bureaucrat']['usermerge'] = true;

#RenameUser
require_once("$IP/extensions/Renameuser/Renameuser.php");

#ImportUsers
require_once("$IP/extensions/ImportUsers/SpecialImportUsers.php");

#UserRightsList
require_once("$IP/extensions/UserRightsList/UserRightsList.php");

#MultipleUpload
require_once("$IP/extensions/MultiUpload/SpecialMultipleUpload.php");
$wgMaxUploadFiles=10;