
Jump to navigation Jump to search
no edit summary
[[category:McNair Admin]]
Haas PhD Students have two new servers and this page details their configuration.
==IP Addresses==
During the configuration phase the The servers will be onhave been moved to a colo. Their new IP addresses are:*phd-pgsqlwiki: 128.32.66204.163202*phd-lamppostgres2: 128.32.66204.203 The domain names and should be mapped to these IP addresses shortly.164
==Base configurations==
*httpd 2.2.3-43.el5.centos.3
*iptables 1.3.5-5.3.el5_4.1
*mysql 5.0.77-4.el5_5.4(note that this is the client)
*openssh 4.3p2-41.el5_5.1
Notable additional packages on pgsql are:
*postgresql.x86_64 8.1.22-1.el5_5.1
==Before we start==
===On Both Machines===
====Creating Users====
Assuming that you have root, you can create user accounts and give them root too. The process is:
First great the users group, checking the last group number:
cat /etc/group
/usr/sbin/groupadd -g 515 username
Then add the user
/usr/sbin/useradd -g username -G root -s /bin/bash -p xxxx -d /home/username -m username
where g is the primary group, G is other groups, p sets a password,
d declares a home directory and m makes the directory
Change the user's password:
passwd username
And add the user to the sudoers file
echo 'username ALL=(ALL) ALL' >> /etc/sudoers
To delete a user:
/usr/sbin/userdel -r roger
where r removes the home directory
And to remove their group
/usr/sbin/groupdel username
====Mounting bear====
It is very useful to mount your R drive
mkdir /mnt/ed
mount -t cifs //bear/ed_egan/ /mnt/ed -o user=haas\\ed_egan
mount -t cifs //bear/ed_egan/ /mnt/ed -o user=ed_egan
(which ever works)
for the inclusion into fstab or other more sophisticated approaches there is a [ Centos help page].
==Package additions/upgrades/removals==
On lamp:
*Upgrade python PhP to version 35.12.17+*Install MySQL (the server)*Install mediawikiMediawiki
*Remove ftp
On pgsql:
*Remove httpd, mysql, ftp, sendmail, inn and other servers we don't need*Upgrade python to version 3.1*Install TrueCrypt ===On the Wiki Server=== ====Upgrading PhP==== In order to upgrade PhP (or install a more recent version of MySQL) we will probably need access to a different repository. You can automatically add the Atomicorp repository using: wget -q -O - | sh It has PhP version and MySQL version Also install pgp-mysql.  yum list php #We were running 5.1.6-27.el5_5.3 yum upgrade php yum install php-mysql ====Install MySQL==== Install MySql (and update the client): yum install mysql mysql-server Start the server: /etc/init.d/mysqld start And make sure it starts automatically on reboot: /sbin/chkconfig --levels 235 mysqld on Set a root password for the database: mysqladmin -u root password cheit At this point you should configure and test the webserver and PhP, which is discussed below. ====Install Mediawiki==== There is no good version of mediawiki available from a yum repo. So you should do this manually. It isn't painful. Detailed instructions (you won't need them) are available from:*[ MediaWiki's Installation Page]*[ Mediawiki's Installing MediaWiki Page] First change to your home directory (or somewhere 'safe') then  wget Then untar the package, either using the --owner option or as a non-root user to force extracted file ownernship to be other than 1000  su username tar xvzf mediawiki-*.tar.gz sudo su Now copy the files into the 'right' location and change permissions  mkdir /var/www/html/w cp -r mediawiki-1.16.2/* /var/www/html/w/ chmod a+w /var/www/html/w/config Install ImageMagick using Yum:  yum install glib glib2 libpng libjpeg libtiff ghostscript freetype ImageMagick ImageMagick-perl ===On Postgres.Haas=== ====Removing Unneeded Servers==== Remove the web, mail, news and other unneeded servers. Consider removing MySQL (but leave it for now): yum groupremove "Web Server" yum groupremove "Mail Server" yum groupremove "News Server" ====Install and Configure PostgreSQL==== To install Postgres with the PLs (Procedural Languages) do:  yum install postgresql postgresql-server postgresql-pl postgresql-libs Start the service with:  /sbin/chkconfig postgresql on /sbin/service postgresql start Add the following to ''/etc/sysconfig/iptables'' to allow access through the firewall:  -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s --dport 5432 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s --dport 5432 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s --dport 5432 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s --dport 5432 -j ACCEPT Restart the IPtables so the changes take effect:  service iptables restart Now create some users on the database server:  su postgres createuser root createuser -P ed_egan exit Check the version of Postgres and Perl installed:  psql -c "select version();" template1 PostgreSQL 8.1.23 perl -v v5.8.8 Now add the perl PL to the standard template so that all new databases will be perl enabled:   createlang plperl template1 Check the specs on the machine for the configuration:  cat /proc/meminfo MemTotal: 8181356 kB cat /proc/cpuinfo 2 x Quad core CPUs cache size: 2048 KB model name: Intel(R) Xeon(TM) CPU 2.80GHz Review the performance tuning section on the [[Working with PostgreSQL]] page, and possibly on [ the official quick guide page] and make the following changes to ''/var/lib/pgsql/data/postgresql.conf'': listen_addresses = '*' port = 5432 checkpoint_segments=32 This is equivalent to every 512Mb shared_buffers = 786432 #1gig = 1073741824 => '''131072''' * 8 * 1024, currently trying 6gig The recommendation is to use around 10-15% of RAM, but for a single user db something higher seems better This is in 8K blocks work_mem = 2097152 #In KB, so 1024 * 512=> 524288 = 512Mb, Note that this might be a little too high for aggresively stacked queries But this seems to be the bite point for performance. maintenance_work_mem = 262144 #786432 => 6 * 1073741824 => 6 * 131072 * 8 * 1024 This is how much VACUUM will use - it doesn't make a huge difference effective_cache_size = 1835008 #In 8k blocks. This is the maximum memory that postgres will allocate. It is currently set to 14Gb. Alter ''/var/lib/pgsql/data/pg_hba.conf'' to include the lines (under IPv4):  host all all md5 host all all md5 host all all md5 host all all md5 Note that this will use encrypted database passwords, and that all accounts must have non-null passwords (i.e. be created with createuser -P username) And restart Postgres:  /sbin/service postgresql restart ====Upgrade Python?====Find out which version of Python is currently installed: yum list python #lists version 2.4.3-27.el5_5.3 There are tarballs of version 3.2 available from ['s download area], but it seems too recent to have got rpm/yum support as yet.
*Configure Postgre
===Mounting bearOn the Wiki Server===
mount -t cifs //bear/ed_egan/ /mnt -o user=ed_egan===Configure Apache====
for Edit the inclusion into fstab or other more sophisticated approaches there is a [httpmain config file: vi /etc/wikihttpd/conf/httpd.conf ... ServerName Centos help page].
==Configure Apache== To start Apache(to restart use 'restart'): /etc/init.d/httpd start
To set Apache to start at boot:
/sbin/chkconfig --levels 235 httpd on The main config file is: /etc/httpd/conf/httpd.conf
First, confirm your IP address:
 ====Configure IpTablesIP Tables====
For lamp we need a hole for port 80 for the webserver. For pgsql we need a hole for our clientware. General documentation is available in [ iptables from Centos]
Check that iptables is running:
/sbin/lsmod | grep ip_tables View the rules either by:cat /etc/sysconfig/iptables/sub/iptables -L
Backup the old rules:
cp /etc/sysconfig/iptables /etc/sysconfig/iptables.bak
Add a hole (or two):
vi /sbinetc/sysconfig/iptables ... -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s --dport 80 -j ACCEPT ... Restart the service: /etc/init.d/iptables restart ====Test the webserver and PhP==== Browse to you should see the test page. Write the following text file to /var/www/html/Test.php:  <?php phpinfo(); ?> Browse to and you should see the PhP version page.  ====Configure MediaWiki==== Browse to, and set the following setting: WikiName: HaasPhDWiki Contact: Admin password and dbase password: cheit All other settings as default (you do have superuser on the dbase so tick that box) Now move the LocalSettings.php file, change the permissions, and remove the config directory.  cp config/LocalSettings.php LocalSettings.php chmod 600 LocalSettings.php chown apache LocalSettings.php mkdir /mnt/ed/configbak cp -r ./config /mnt/ed/configbak/ rm -rf ./config You can now view your Wiki at We will now do the extensions and fine detail configuration. Change the following settings in LocalSettings.php  $wgEnableUploads = true; #Changed by Ed $wgUseTeX = true; #Changed by Ed $wgLogo = "/icons/wiki_logo.gif"; $wgArticlePath = "/wiki/$1"; $wgUsePathInfo = true; $wgFavicon = "$wgScriptPath/favicon.ico"; $wgGroupPermissions['*']['edit'] = false; #Stops editing without an account, globally  Change the permissions on the images directory:  chmod a+w /var/www/html/w/images Add the info for the side bar (this might be restored from a backup):  Edit (or create): * navigation ** mainpage|mainpage-description ** research_computing |Research Computing ** portal-url|Community ** currentevents-url|currentevents ** recentchanges-url|recentchanges ** randompage-url|randompage ** helppage|help * Group Pages ** accounting|Accounting ** bpp|BPP ** finance|Finance ** management_of_organizations|Management of Organizations ** marketing|Marketing ** operations_and_it_management|Operations and IT Management ** real_estate|Real Estate * SEARCH * TOOLBOX * LANGUAGES  
Save And populate the table (so it will persist post wiki using the Special:Import page. Note that you can get a list of all pages on a reboot)wiki using the API:/sbin/service iptables save
For lampMount the Backup Directory:*Import Wiki pages mkdir /mnt/wiki mount -t cifs // /mnt/wiki/ -o user=haas\\wiki Mount the Images Directory: mv /var/www/html/w/images /var/www/html/w/imagesorg mkdir images mount -t cifs // /var/www/html/w/images -o user=haas\\wiki mkdir /var/www/html/w/image/tmp *Change links the max_upload_filesize to pdfs and repository files8M in php.ini: vi php.ini #edit max_upload_filesize variable Restart the webserver: /etc/init.d/httpd restart  =====Do the extensions:===== '''Simple security'''Get it from:  tar -xzf /mnt/ed/HaasWiki/SimpleSecurity-MW1.16-r62389.tar.gz -C /var/www/html/w/extensions '''UserMerge'''Get it from:  tar -xzf /mnt/ed/HaasWiki/UserMerge-MW1.16-r66255.tar.gz -C /var/www/html/w/extensions '''RenameUser'''Get it from:  tar -xzf /mnt/ed/HaasWiki/Renameuser-MW1.16-r66255.tar.gz -C /var/www/html/w/extensions '''ImportUsers'''Get it from:  tar -xzf /mnt/ed/HaasWiki/ImportUsers-MW1.16-r62790.tar.gz -C /var/www/html/w/extensions '''UserRightsList'''Get it from:  tar -xzf /mnt/ed/HaasWiki/UserRightsList.0.52.tgz -C /var/www/html/w/extensions '''MultipleUpload'''Get it from:  tar -xzf /mnt/ed/HaasWiki/MultiUpload-MW1.16-r78542.tar.gz -C /var/www/html/w/extensions  Add to LocalSettings.php  #SimpleSecurity $wgSecurityUseDBHook = true; # Add this to enable the experimental DB hook for stronger security include_once("{$IP}/extensions/SimpleSecurity/SimpleSecurity.php"); # All other SimpleSecurity directives MUST be specified after the include or the defaults will override them. $wgSecurityRenderInfo = true; $wgSecurityAllowUnreadableLinks = false; $wgPageRestrictions['Category:Servers']['read'] = 'sysop'; $wgSecurityExtraGroups = array( 'students' => 'Students', 'faculty' => 'Faculty, 'staff' => 'Staff', ); #UserMerge require_once( "$IP/extensions/UserMerge/UserMerge.php" ); $wgGroupPermissions['bureaucrat']['usermerge'] = true; #RenameUser require_once("$IP/extensions/Renameuser/Renameuser.php"); #ImportUsers require_once("$IP/extensions/ImportUsers/SpecialImportUsers.php"); #UserRightsList require_once("$IP/extensions/UserRightsList/UserRightsList.php"); #MultipleUpload require_once("$IP/extensions/MultiUpload/SpecialMultipleUpload.php"); $wgMaxUploadFiles=10; [[admin_classification::IT Build| ]]

Navigation menu