openacs.xml
Delivered as text/xml
[ hide source ] | [ make this the default ]
File Contents
<?xml version='1.0' ?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
<!ENTITY % myvars SYSTEM "../variables.ent">
%myvars;
]>
<sect1 id="openacs" xreflabel="Install OpenACS &version;">
<title>Install OpenACS &version;</title>
<authorblurb>
<para>by <ulink url="mailto:vinod@kurup.com">Vinod Kurup</ulink></para>
</authorblurb>
<sect2 id="install-aolserver-user-accounts">
<title>Set up a user account for each site.</title>
<para>
AOLserver needs to be started as the root user if you want to use
port 80. Once it starts, though, it will drop the root privileges and
run as another user, which you must specify on the command line. It's
important that this user has as few privileges as possible. Why?
Because if an intruder somehow breaks in through AOLserver, you don't
want her to have any ability to do damage to the rest of your
server.</para>
<para>At the same time, AOLserver needs to have write access to
some files on your system in order for OpenACS to function
properly. So, we'll run AOLserver with a different user account
for each different service. A service name should be a single
word, <emphasis>letters and numbers only</emphasis>. If the name
of your site is one word, that would be a good choice. For
example "<replaceable>$OPENACS_SERVICE_NAME</replaceable>" might be the service name for the
<replaceable>$OPENACS_SERVICE_NAME</replaceable>.net community.</para>
<para>We'll leave the password blank, which prevents login by
password, for increased security. The only way to log in will
be with ssh certificates. The only people who should log in are
developers for that specific instance. Add this user, and put
it in the <computeroutput><replaceable>$OPENACS_SERVICE_NAME</replaceable></computeroutput> group so that it
can use database and server commands associated with that group.
(If you don't know how to do this, type
<userinput>man usermod</userinput>. You can type
<userinput>groups</userinput> to find out which groups a user
is a part of)
</para>
<screen>
[root root]# <userinput>useradd <replaceable>$OPENACS_SERVICE_NAME</replaceable></userinput>
</screen>
<para>You also need to set up a group called web.</para>
<screen>
[root root]# <userinput>groupadd web</userinput>
</screen>
<para>
Then change the user to be a part of this group:
</para>
<screen>
[root root]# <userinput>usermod -g web <replaceable>$OPENACS_SERVICE_NAME</replaceable></userinput>
</screen>
<para>FreeBSD creates the user this way:</para>
<screen>
[root root]# <userinput>mkdir -p /home/<replaceable>$OPENACS_SERVICE_NAME</replaceable></userinput>
[root root]# <userinput>pw useradd -n <replaceable>$OPENACS_SERVICE_NAME</replaceable> -g web -d /home/<replaceable>$OPENACS_SERVICE_NAME</replaceable> -s /bin/bash</userinput>
[root root]#
<action>mkdir -p /home/<replaceable>$OPENACS_SERVICE_NAME</replaceable>
pw useradd -n <replaceable>$OPENACS_SERVICE_NAME</replaceable> -g web -d /home/<replaceable>$OPENACS_SERVICE_NAME</replaceable> -s /bin/bash
</action></screen>
</sect2>
<sect2 id="openacs-setup">
<title>Set up the filesystem for one or more OpenACS Sites</title>
<para>For Linux Standard Base compliance and ease of backup,
all of the files in each OpenACS site are stored in a
subdirectory of
<computeroutput>/var/lib/aolserver</computeroutput>, one
subdirectory per site. The first time you install an OpenACS
site on a server, you must create the parent directory and set its permissions:</para>
<screen>[root root]# <userinput>mkdir /var/lib/aolserver</userinput>
[root root]# <userinput>chgrp web /var/lib/aolserver</userinput>
[root root]# <userinput>chmod 770 /var/lib/aolserver</userinput>
[root root]#
<action>mkdir /var/lib/aolserver
chgrp web /var/lib/aolserver
chmod 770 /var/lib/aolserver</action></screen>
</sect2>
<sect2 id="install-with-script">
<title>Installation Option 1: Use automated script</title>
<para>A bash script is available to automate all of the steps for the rest of this section. It requires <link linkend="install-tclwebtest">tclwebtest</link>. The automated script can greatly accelerate the install process, but is very sensitive to the install environment. We recommend that you run the automated install and, if it does not work the first time, consider switching to a <link linkend="install-from-tarball">manual installation</link>.</para>
<para>Get the install script from CVS. It is located within
the main cvs tree, at /etc/install. Use anonymous CVS
checkout to get that directory in the home directory of the
service's dedicated user. We put it there so that it is not
overwritten when we do the main CVS checkout to the target
location.</para>
<screen>[root root]# <userinput>su - <replaceable>$OPENACS_SERVICE_NAME</replaceable></userinput>
[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ <userinput>cvs -d :pserver:anonymous@cvs.openacs.org:/cvsroot co -d install openacs-4/etc/install</userinput>
cvs server: Updating install
U install/README
U install/TODO
... many lines omitted ...
U install/tcl/twt-procs.tcl
U install/tcl/user-procs.tcl
[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ <userinput>cd install</userinput>
[$OPENACS_SERVICE_NAME install]$ <userinput>emacs install.tcl</userinput>
</screen>
<para>Edit the installation configuration file, <computeroutput>/home/<replaceable>$OPENACS_SERVICE_NAME</replaceable>/install/install.tcl</computeroutput> and update the site-specific values, such as the new service's IP address and name, which will be written into the new service's <computeroutput>config.tcl</computeroutput> file. If your system is different from the one described in the previous sections, check the file paths as well. Set <computeroutput>do_checkout=yes</computeroutput> to create a new OpenACS site directly from a CVS checkout, or <computeroutput>=no</computeroutput> if you have a fully configured site and just want to rebuild it (drop and recreate the database and repeat the installation). If you have followed a stock installation, the default configuration will work without changes and will install an OpenACS site at 127.0.0.1:8000.</para>
<para>Run the install script <computeroutput>install.sh</computeroutput> as root:</para>
<screen>[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ <userinput>exit</userinput>
[root root]# <userinput>sh /home/<replaceable>$OPENACS_SERVICE_NAME</replaceable>/install/install.sh</userinput>
/home/$OPENACS_SERVICE_NAME/install/install.sh: Starting installation with config_file
/home/$OPENACS_SERVICE_NAME/install/install.tcl. Using serverroot=/var/lib/aolserver/
$OPENACS_SERVICE_NAME, server_url=http://0.0.0.0:8000, do_checkout=yes, do_install=yes,
dotlrn=no, and database=postgres., use_daemontools=true
<emphasis>... many lines omitted ...</emphasis>
Tue Jan 27 11:50:59 CET 2004: Finished (re)installing /var/lib/aolserver/$OPENACS_SERVICE_NAME.
######################################################################
New site URL: http://127.0.0.1:8000
admin email : admin@yourserver.net
admin password: xxxx
######################################################################
[root root]#</screen>
<para>You can proceed to <xref linkend="install-next-steps"/>.</para>
</sect2>
<sect2 id="install-from-tarball">
<title>Installation Option 2: Install from tarball</title>
<para>You should already have downloaded the OpenACS tarball
to the <computeroutput>/var/tmp</computeroutput> directory. If
not, <link linkend="openacs-download">download the OpenACS
tarball</link> and save it in
<computeroutput>/var/tmp</computeroutput> and proceed:</para>
<orderedlist>
<listitem id="install-openacs-download">
<para>Unpack the OpenACS tarball and rename it to <computeroutput>$OPENACS_SERVICE_NAME</computeroutput>. Secure the directory so that only the owner can access it. Check the permissions by listing the directory.</para>
<para>FreeBSD note: Change the period in <userinput>chown -R $OPENACS_SERVICE_NAME.$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME</userinput> to a colon: <userinput>chown -R $OPENACS_SERVICE_NAME:$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME</userinput>
</para>
<screen>[root root]# <userinput>su - <replaceable>$OPENACS_SERVICE_NAME</replaceable></userinput>
[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ <userinput>cd /var/lib/aolserver</userinput>
[$OPENACS_SERVICE_NAME aolserver]$ <userinput>tar xzf /var/tmp/&tarballpath;.tgz</userinput>
[$OPENACS_SERVICE_NAME aolserver]$ <userinput>mv &tarballpath; <replaceable>$OPENACS_SERVICE_NAME</replaceable></userinput>
[$OPENACS_SERVICE_NAME aolserver]$ <userinput>chmod -R 775 <replaceable>$OPENACS_SERVICE_NAME</replaceable></userinput>
[$OPENACS_SERVICE_NAME aolserver]$ <userinput>chown -R <replaceable>$OPENACS_SERVICE_NAME</replaceable>.<replaceable>$OPENACS_SERVICE_NAME</replaceable> <replaceable>$OPENACS_SERVICE_NAME</replaceable></userinput>
[$OPENACS_SERVICE_NAME aolserver]$ <userinput>ls -al</userinput>
total 3
drwxrwx--- 3 root web 1024 Mar 29 16:41 .
drwxr-xr-x 25 root root 1024 Mar 29 16:24 ..
drwx------ 7 $OPENACS_SERVICE_NAME web 1024 Jan 6 14:36 $OPENACS_SERVICE_NAME
[$OPENACS_SERVICE_NAME aolserver]$ <userinput>exit</userinput>
logout
[root root]#
<action>su - $OPENACS_SERVICE_NAME
cd /var/lib/aolserver
tar xzf /var/tmp/&tarballpath;.tgz
mv &tarballpath; $OPENACS_SERVICE_NAME
chmod -R 755 $OPENACS_SERVICE_NAME
chown -R $OPENACS_SERVICE_NAME.$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME
exit</action></screen>
</listitem>
<listitem>
<para><link linkend="cvs-service-import">Add the Service to CVS</link> (OPTIONAL)</para>
</listitem>
<listitem>
<para>Prepare the database</para>
<itemizedlist>
<listitem>
<formalpara id="install-openacs-prepare-oracle">
<title>Prepare Oracle for OpenACS</title>
<para>If you won't be using Oracle, skip to <xref
linkend="install-openacs-prepare-postgres"/></para>
</formalpara>
<para>
You should be sure that your user account
(e.g. <computeroutput><replaceable>$OPENACS_SERVICE_NAME</replaceable></computeroutput>) is in the
<computeroutput>dba</computeroutput> group.
</para>
<orderedlist>
<listitem><para>
Verify membership by typing
<computeroutput>groups</computeroutput> when you login:
<programlisting>[$OPENACS_SERVICE_NAME ~]$ groups
dba web</programlisting>
If you do not see these groups, take the following action:
<programlisting>[$OPENACS_SERVICE_NAME ~]$ <userinput>su -</userinput>
Password: ************
[root ~]# <userinput>adduser <replaceable>$OPENACS_SERVICE_NAME</replaceable> dba</userinput></programlisting>
If you get an error about an undefined group, then add that group
manually:
<programlisting>[root ~]# <userinput>groupadd dba</userinput>
[root ~]# <userinput>groupadd web</userinput></programlisting>
Make sure to logout as <computeroutput>root</computeroutput> when
you are finished with this step and log back in as
your regular user.
</para></listitem>
<listitem><para>
Connect to Oracle using
<computeroutput>svrmgrl</computeroutput> and login:
<programlisting>[$OPENACS_SERVICE_NAME ~]$ <userinput>svrmgrl</userinput>
SVRMGR> <userinput>connect internal</userinput>
Connected.</programlisting>
</para></listitem>
<listitem><para>
Determine where the system tablespaces are stored:
<programlisting>SVRMGR> <userinput>select file_name from dba_data_files;</userinput></programlisting>
Example results:
<programlisting>/ora8/m01/app/oracle/oradata/ora8/system01.dbf
/ora8/m01/app/oracle/oradata/ora8/tools01.dbf
/ora8/m01/app/oracle/oradata/ora8/rbs01.dbf
/ora8/m01/app/oracle/oradata/ora8/temp01.dbf
/ora8/m01/app/oracle/oradata/ora8/users01.dbf
/ora8/m01/app/oracle/oradata/ora8/indx01.dbf
/ora8/m01/app/oracle/oradata/ora8/drsys01.dbf</programlisting>
</para></listitem>
<listitem><para>
Using the above output, you should determine where
to store your tablespace. As a general rule, you'll want to
store your tablespace on a mount point under the
<computeroutput>/ora8</computeroutput> directory that is separate
from the Oracle system data files. By default, the Oracle system
is on <computeroutput>m01</computeroutput>, so we will use
<computeroutput>m02</computeroutput>. This enables your Oracle
system and database files to be on separate disks for optimized
performance. For more information on such a configuration, see
<ulink
url="http://philip.greenspun.com/panda/databases-choosing">Chapter
12</ulink> of <ulink
url="http://philip.greenspun.com/panda/">Philip's
book</ulink>. For this example, we'll use
<computeroutput>/ora8/m02/oradata/ora8/</computeroutput>.
</para></listitem>
<listitem><para>
Create the directory for the datafile; to do this,
exit from <computeroutput>svrmgrl</computeroutput> and login as
<computeroutput>root</computeroutput> for this step: </para>
<programlisting>
SVRMGR> <userinput>exit</userinput>
[$OPENACS_SERVICE_NAME ~]$ <userinput>su -</userinput>
Password: ************
[root ~]# <userinput>mkdir -p /ora8/m02/oradata/ora8/</userinput>
[root ~]# <userinput>chown <replaceable>$OPENACS_SERVICE_NAME</replaceable>:web /ora8/m02/oradata/ora8</userinput>
[root ~]# <userinput>chmod 775 /ora8/m02/oradata/ora8</userinput>
[root ~]# <userinput>exit</userinput>
[$OPENACS_SERVICE_NAME ~]$</programlisting>
</listitem>
<listitem><para>
Create a tablespace for the service. It is important that the
tablespace can <computeroutput>autoextend</computeroutput>. This
allows the tablespace's storage capacity to grow as the size
of the data grows. We set the pctincrease to be a very low value
so that our extents won't grow geometrically. We do not set
it to 0 at the tablespace level because this would affect
Oracle's ability to automatically coalesce free space in the
tablespace.
</para>
<programlisting>[$OPENACS_SERVICE_NAME ~]$ <userinput>svrmgrl</userinput>
SVRMGR> <userinput>connect internal;</userinput>
SVRMGR> <userinput>create tablespace <replaceable>$OPENACS_SERVICE_NAME</replaceable>
datafile '/ora8/m02/oradata/ora8/<replaceable>$OPENACS_SERVICE_NAME</replaceable>01.dbf'
size 50M
autoextend on
next 10M
maxsize 300M
extent management local
uniform size 32K;</userinput></programlisting>
</listitem>
<listitem><para>
Create a database user for this service. Give the
user access to the tablespace and rights to connect. We'll use
<computeroutput><replaceable>$OPENACS_SERVICE_NAMEpassword</replaceable></computeroutput> as our password.</para>
<para>
Write down what you specify as
<emphasis>service_name</emphasis>
(i.e. <computeroutput><replaceable>$OPENACS_SERVICE_NAME</replaceable></computeroutput>)
and <emphasis>database_password</emphasis>
(i.e. <computeroutput><replaceable>$OPENACS_SERVICE_NAMEpassword</replaceable></computeroutput>). You
will need this information for configuring exports
and AOLserver.
</para>
<programlisting>
SVRMGR> <userinput>create user <replaceable>$OPENACS_SERVICE_NAME</replaceable> identified by <replaceable>$OPENACS_SERVICE_NAMEpassword</replaceable> default tablespace <replaceable>$OPENACS_SERVICE_NAME</replaceable>
temporary tablespace temp quota unlimited on <replaceable>$OPENACS_SERVICE_NAME</replaceable>;</userinput>
SVRMGR> <userinput>grant connect, resource, ctxapp, javasyspriv, query rewrite to <replaceable>$OPENACS_SERVICE_NAME</replaceable>;</userinput>
SVRMGR> <userinput>revoke unlimited tablespace from <replaceable>$OPENACS_SERVICE_NAME</replaceable>;</userinput>
SVRMGR> <userinput>alter user <replaceable>$OPENACS_SERVICE_NAME</replaceable> quota unlimited on <replaceable>$OPENACS_SERVICE_NAME</replaceable>;</userinput>
SVRMGR> <userinput>exit;</userinput></programlisting>
<para>
Your table space is now ready. In case you are trying to delete a
previous OpenACS installation, consult these commands in <xref
linkend="install-openacs-delete-tablespace"/> below.
</para></listitem>
<listitem><para>
Make sure that you can login to Oracle using your
<emphasis>service_name</emphasis> account: </para>
<programlisting>[$OPENACS_SERVICE_NAME ~]$ <userinput>sqlplus <replaceable>$OPENACS_SERVICE_NAME</replaceable>/<replaceable>$OPENACS_SERVICE_NAMEpassword</replaceable></userinput>
SQL> <userinput>select sysdate from dual;</userinput>
SYSDATE
----------
2001-12-20
SQL> <userinput>exit;</userinput></programlisting>
<para>
You should see today's date in a format 'YYYY-MM-DD.'
If you can't login, try redoing step 1 again. If the date is
in the wrong format, make sure you followed the steps outlined in
<xref linkend="install-oracle-troubleshooting"/>
</para></listitem>
</orderedlist>
</listitem>
<listitem>
<formalpara id="install-openacs-prepare-postgres">
<title>Prepare PostgreSQL for an OpenACS Service</title>
<para></para>
</formalpara>
<itemizedlist>
<listitem id="create-service-db-user">
<para>PostgreSQL:</para>
<para>Create a user in the database matching the service
name. With default PostgreSQL authentication, a system user connecting locally automatically authenticates as the postgres user of the same name, if one exists. We currently use postgres "super-users" for everything, which means that anyone with access to any of the OpenACS system accounts on a machine has full access to all postgresql databases on that machine.</para>
<screen>[root root]# <userinput>su - postgres</userinput>
[postgres pgsql]$ <userinput>createuser -a -d <replaceable>$OPENACS_SERVICE_NAME</replaceable></userinput>
CREATE USER
[postgres pgsql]$ <userinput>exit</userinput>
logout
[root root]#</screen>
</listitem>
<listitem id="create-database">
<para>Create a database with the same name as our service name, <replaceable>$OPENACS_SERVICE_NAME</replaceable>. The full pathname for <computeroutput>createdb</computeroutput> needs to be used, since the pgsql directory has not been added to the $OPENACS_SERVICE_NAME bash profile.</para>
<screen>[root root]# <userinput>su - <replaceable>$OPENACS_SERVICE_NAME</replaceable></userinput>
[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ <userinput>/usr/local/pgsql/bin/createdb -E UNICODE <replaceable>$OPENACS_SERVICE_NAME</replaceable></userinput>
CREATE DATABASE
[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$
<action>su - <replaceable>$OPENACS_SERVICE_NAME</replaceable>
/usr/local/pgsql/bin/createdb -E UNICODE <replaceable>$OPENACS_SERVICE_NAME</replaceable></action></screen>
</listitem>
<listitem>
<para>Automate daily database Vacuuming. This is a process which cleans out discarded data from the database. A quick way to automate vacuuming is to edit the cron file for the database user. Recommended: <computeroutput>VACUUM ANALYZE</computeroutput> every hour and <computeroutput>VACUUM FULL ANALYZE</computeroutput> every day.</para>
<indexterm>
<primary>Postgres</primary>
<secondary>Vacuuming</secondary>
</indexterm>
<screen>[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ <userinput>export EDITOR=emacs;crontab -e</userinput></screen>
<para>Add these lines to the file. The vacuum command cleans up temporary structures within a PostgreSQL database, and can improve performance. We vacuum gently every hour and completely every day. The numbers and stars at the beginning are cron columns that specify when the program should be run - in this case, whenever the minute is 0 and the hour is 1, i.e., 1:00 am every day, and every (*) day of month, month, and day of week. Type <computeroutput>man 5 crontab</computeroutput> for more information.</para>
<programlisting>0 1-23 * * * /usr/local/pgsql/bin/vacuumdb --analyze <replaceable>$OPENACS_SERVICE_NAME</replaceable>
0 0 * * * /usr/local/pgsql/bin/vacuumdb --full --analyze <replaceable>$OPENACS_SERVICE_NAME</replaceable></programlisting>
<para>Depending on your distribution, you may receive
email when the crontab items are executed. If you
don't want to receive email for those crontab items,
you can add <computeroutput>> /dev/null
2>&1</computeroutput> to the end of each crontab
line</para>
</listitem>
<listitem>
<para><link linkend="install-openfts-postgres">Add Full Text Search Support</link> (OPTIONAL)</para>
</listitem>
<listitem id="db-setup-exit">
<para> At this point the database should be ready for installing OpenACS.</para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
</listitem>
<listitem id="install-openacs-configure-aol">
<formalpara>
<title>Configure an AOLserver Service for OpenACS</title>
<para></para>
</formalpara>
<orderedlist>
<listitem id="configure-config-tcl">
<para>
The AOLserver architecture lets you run an arbitrary number of
virtual servers. A virtual server is an HTTP service running on a
specific port, e.g. port 80. In order for OpenACS to work, you
need to configure a virtual server. The Reference Platform
uses a configuration file included in the OpenACS tarball,
<computeroutput>/var/lib/aolserver/<replaceable>$OPENACS_SERVICE_NAME</replaceable>/etc/config.tcl</computeroutput>.
Open it in an editor to adjust the parameters.</para>
<indexterm>
<primary>AOLserver</primary>
<secondary>configuration</secondary>
</indexterm>
<screen>[root root]# <userinput>su - <replaceable>$OPENACS_SERVICE_NAME</replaceable></userinput>
[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ <userinput>cd /var/lib/aolserver/<replaceable>$OPENACS_SERVICE_NAME</replaceable>/etc</userinput>
[$OPENACS_SERVICE_NAME etc]$ <userinput>emacs config.tcl</userinput>
</screen>
<para>
You can continue without changing any values in the file. However, if you don't change <computeroutput>address</computeroutput> to match the computer's IP address, you won't be able to browse to your server from other machines.
</para>
<itemizedlist>
<listitem><para><emphasis>httpport</emphasis> - If you want your
server on a different port, enter it here. The Reference Platform port is 8000, which is suitable for development use. Port 80 is the standard http port - it's the port used by your browser when you enter http://yourserver.test. So you should use port 80 for your production site.</para></listitem>
<listitem>
<para><emphasis>httpsport</emphasis> - This is the
port for https requests. The Reference Platform https port is
8443. If http port is set to 80, httpsport should be 443 to
match the standard.</para>
</listitem>
<listitem><para>
<emphasis>address</emphasis> - The IP address of the server. If you are hosting multiple IPs on one computer, this is the address specific to the web site. Each virtual server will ignore any requests directed at other addresses.</para>
</listitem>
<listitem>
<para><emphasis>server</emphasis> - This is the keyword that, by convention, identifies the service. It is also used as part of the path for the service root, as the name of the user for running the service, as the name of the database, and in various dependent places. The Reference Platform uses <replaceable>$OPENACS_SERVICE_NAME</replaceable>.
</para></listitem>
<listitem><para><emphasis>db_name</emphasis> - In almost all cases,
this can be kept as a reference to $server. If for some reason,
the tablespace you are using is different than your servername,
then you can set it here. You should have a good reason for doing
this.
</para></listitem>
<listitem><para>
<emphasis>servername</emphasis> - This is just a *pretty* name for your server.</para>
</listitem>
<listitem>
<para><emphasis>user_account</emphasis> - The account that
will both own OpenACS files and connect to the database (for
Postgresql).</para>
</listitem>
<listitem>
<para><emphasis>debug</emphasis> - Set to true for a very verbose error log, including many lines for every page view, success or failure.</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
AOLserver is very configurable. These settings should get you
started, but for more options, read the <ulink
url="http://aolserver.com/docs/admin/config.html">AOLserver
docs</ulink>.
</para>
</listitem>
<listitem>
<para><link linkend="enable-openfts">Enable OpenFTS Full Text Search</link> (OPTIONAL)</para>
</listitem>
<listitem>
<para><link linkend="install-ssl">Install nsopenssl
for SSL support.</link> (OPTIONAL)</para>
</listitem>
</orderedlist>
</listitem>
<listitem id="verify-aolserver-startup">
<formalpara>
<title>Verify AOLserver startup</title>
<para></para>
</formalpara>
<orderedlist>
<listitem id="start-aolserver">
<para>
Kill any current running AOLserver processes and start a new
one. The recommended way to start an AOLserver process is by running the included script, <computeroutput>/var/lib/aolserver/<replaceable>$OPENACS_SERVICE_NAME</replaceable>/etc/daemontools/run</computeroutput>. If you are not using the default file paths and names, you will need to edit <computeroutput>run</computeroutput>.</para>
<para>If you want to use port 80, there are complications. AOLserver must be root to use system ports such as
80, but refuses to run as root for security reasons. So, we call the run script as root and specify a non-root user ID and
Group ID which AOLserver will switch to after claiming the
port. To do so, find the UID and GID of the
<replaceable>$OPENACS_SERVICE_NAME</replaceable> user via
<computeroutput>grep <replaceable>$OPENACS_SERVICE_NAME</replaceable>
/etc/passwd</computeroutput> and then put those numbers into
the command line via <computeroutput>-u
<replaceable>501</replaceable> -g
<replaceable>502</replaceable></computeroutput>. In AOLserver 4, you must also send a <computeroutput>-b</computeroutput> flag. Do this by editing the <computeroutput>run</computeroutput> file as indicated in the comments. </para>
<para>If you are root then killall will affect all OpenACS services on the machine, so if there's more than one you'll have to do <computeroutput>ps -auxw | grep
nsd</computeroutput> and selectively kill by job number.</para>
<screen>[$OPENACS_SERVICE_NAME etc]$ <userinput>killall nsd</userinput>
nsd: no process killed
[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$<userinput> /usr/local/aolserver/bin/nsd-postgres -t /var/lib/aolserver/<replaceable>$OPENACS_SERVICE_NAME</replaceable>/etc/config.tcl</userinput>
[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ [08/Mar/2003:18:13:29][32131.8192][-main-] Notice: nsd.tcl: starting to read config file...
[08/Mar/2003:18:13:29][32131.8192][-main-] Notice: nsd.tcl: finished reading config file.</screen>
</listitem>
<listitem id="connect-to-aolserver">
<para>
Attempt to connect to the service from a web browser. You should specify a URL like: <computeroutput>http://<replaceable>yourserver.test</replaceable>:8000</computeroutput></para>
<para>
You should see a page that looks like <ulink
url="files/openacs-start.html">this</ulink>. If you <link
linkend="cvs-service-import">imported your files into
cvs</link>, now that you know it worked you can erase the temp
directory with <computeroutput>rm -rf /var/lib/aolserver/$OPENACS_SERVICE_NAME.orig</computeroutput>.
</para>
<para>
If you don't see the login page, view your error log
(<computeroutput>/var/lib/aolserver/<replaceable>$OPENACS_SERVICE_NAME</replaceable>/log/<replaceable>$OPENACS_SERVICE_NAME</replaceable>-error.log</computeroutput>)
to make sure the service is starting without any
problems. The most common errors here are trying to start a
port 80 server while not root, failing to connect because of
a firewall, and AOLserver failing to start due to
permissions errors or missing files. If you need to make
changes, don't forget to kill any running servers with
<userinput>killall nsd</userinput>.
</para>
</listitem>
<listitem>
<para><link linkend="install-openacs-keepalive">Automate
AOLserver keepalive</link> (OPTIONAL)</para>
</listitem>
</orderedlist>
</listitem>
<listitem id="install-openacs-using-installer">
<formalpara>
<title>Configure a Service with the OpenACS
Installer</title>
<para>
Now that you've got AOLserver up and running, let's install OpenACS
&version;.
</para>
</formalpara>
<itemizedlist>
<listitem><para>
You should see a page from the webserver titled
<computeroutput>OpenACS Installation:
Welcome</computeroutput>. You will be warned if your version of
the database driver is out of date, if AOLserver cannot connect
to the database, if any modules are missing or out-of-date, or if
there are any problems with filesystem permissions on the server
side. But if everything is fine, you can click
<computeroutput>Next</computeroutput> to proceed to load the
OpenACS Kernel data model.
</para></listitem>
<listitem><para>
The next page shows the results of loading the OpenACS Kernel
data model - be prepared to wait a few minutes as it works. You
should see a string of output messages from the database as the
datamodel is created. You'll see the line:
</para>
<programlisting>
Loading package .info files ... this will take a few minutes</programlisting>
<para>
This will really take a few minutes. Have faith! Finally, another
<computeroutput>Next</computeroutput> button will appear at the
bottom - click it.
</para>
</listitem>
<listitem><para>
The following page shows the results of loading the core package
data models. You should see positive results for each of the
previously selected packages, but watch out for any
errors. Eventually, the page will display "Generating secret
tokens" and then "Done"- click
<computeroutput>Next</computeroutput>.
</para></listitem>
<listitem><para>
You should see a page, "OpenACS Installation: Create
Administrator" with form fields to define the OpenACS site
administrator. Fill out the fields as appropriate, and click
<computeroutput>Create User</computeroutput>.
</para></listitem>
<listitem><para>
You should see a page, "OpenACS Installation: Set System
Information" allowing you to name your service. Fill out the
fields as appropriate, and click <computeroutput>Set System
Information</computeroutput>
</para></listitem>
<listitem><para>
You'll see the final Installer page, "OpenACS
Installation: Complete." It will tell you that the server is
being restarted; note that unless you already set up a way for
AOLserver to restart itself (i.e. <link linkend="install-openacs-keepalive">inittab or daemontools</link>),
you'll need to manually restart your service.
</para>
<screen>[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ <userinput>/usr/local/aolserver/bin/nsd-postgres -t /var/lib/aolserver/<replaceable>$OPENACS_SERVICE_NAME</replaceable>/config.tcl</userinput></screen>
</listitem>
<listitem><para>
Give the server a few minutes to start up. Then
reload the final page above. You should see the front page, with
an area to login near the upper right. Congratulations, OpenACS
&version; is now up and running!
</para></listitem>
</itemizedlist>
</listitem>
</orderedlist>
</sect2>
<sect2 id="install-from-cvs">
<title>Installation Option 3: Install from CVS</title>
<para>If you want to track fresh code developments between
releases, or you are an OpenACS core developer, you may want to
install from CVS. This is identical to Option 2 except that you
get the files from CVS instead of the tarball: <ulink
url="/xowiki/Get_the_Code">CVS Checkout Instructions</ulink>. In short,
instead of <computeroutput><userinput>tar xzf
/var/tmp/&tarballpath;.tgz</userinput></computeroutput>, use
<computeroutput><userinput>cvs -z3 -d
:pserver:anonymous@openacs.org:/cvsroot co
acs-core</userinput></computeroutput> to obtain an ACS core installation.</para>
</sect2>
<sect2 id="install-next-steps">
<title>Next Steps</title>
<itemizedlist>
<listitem>
<para>Use daemontools <computeroutput>supervise</computeroutput> and <computeroutput>svc</computeroutput>, or <computeroutput>inittab</computeroutput>, to <link linkend="install-openacs-inittab">automate server startup and shutdown.</link></para>
</listitem>
<listitem>
<para>Install Full Text Search (OPTIONAL). If you have <link
linkend="install-openfts">installed OpenFTS</link> and enabled
OpenFTS, you can now <link linkend="install-fts-engine">install</link> the OpenFTS Driver package and
Full Text Search Engine package in the OpenACS service.</para>
</listitem>
<listitem>
<para>This is a good time to make a <link
linkend="snapshot-backup">backup</link> of your service. If this is a
production site, you should set up <link
linkend="automated-backup">automatic nightly backups</link>.</para>
</listitem>
<listitem>
<para>If you want traffic reports, <link
linkend="analog-setup">set up analog</link> or another log
processing program.</para>
</listitem>
<listitem><para>Follow the instruction on the home page to
change the appearance of your service or add more
packages. (<link linkend="configuring-new-site">more information</link>)</para>
</listitem>
<listitem><para>Proceed to the <link linkend="tutorial">tutorial</link> to learn how to develop your own packages.</para>
</listitem>
<listitem>
<para>Set up database environment variables for the site
user. Depending on how you installed Oracle or PostgreSQL, these settings may be necessary for working with the
database while logged in as the service user. They do not
directly affect the service's run-time connection with the
database, because those environmental variables are set by the
wrapper scripts nsd-postgres and nsd-oracle.</para>
<screen>[root root]# <userinput>su - <replaceable>$OPENACS_SERVICE_NAME</replaceable></userinput>
[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ <userinput>emacs .bashrc</userinput></screen>
<para>Put in the appropriate lines for the database you are running. If you will use both databases, put in both sets of lines.</para>
<itemizedlist>
<listitem>
<para>PostgreSQL:</para>
<programlisting>export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/pgsql/lib
export PATH=$PATH:/usr/local/pgsql/bin</programlisting>
</listitem>
<listitem>
<para>Oracle. These environment variables are specific for a local Oracle
installation communicating via IPC. If you are connecting to a remote
Oracle installation, you'll need to adjust these appropriately. Also,
make sure that the '8.1.7' matches your Oracle version.
</para>
<programlisting>export ORACLE_BASE=/ora8/m01/app/oracle
export ORACLE_HOME=$ORACLE_BASE/product/<replaceable>8.1.7</replaceable>
export PATH=$PATH:$ORACLE_HOME/bin
export LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib:/usr/lib
export ORACLE_SID=ora8
export ORACLE_TERM=vt100
export ORA_NLS33=$ORACLE_HOME/ocommon/nls/admin/data</programlisting>
</listitem>
</itemizedlist>
<para>Test this by logging out and back in as
<computeroutput><replaceable>$OPENACS_SERVICE_NAME</replaceable></computeroutput> and checking the paths.</para>
<screen>[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ <userinput>exit</userinput>
logout
[root src]# <userinput>su - <userinput><replaceable>$OPENACS_SERVICE_NAME</replaceable></userinput></userinput>
[$OPENACS_SERVICE_NAME ~]$ <userinput>env</userinput>
</screen>
<itemizedlist>
<listitem>
<para>For PostgreSQL, you should see:</para>
<screen>
LD_LIBRARY_PATH=:/usr/local/pgsql/lib
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/bin/X11:/usr/X11R6/bin:\
/root/bin:/usr/local/pgsql/bin:/usr/local/pgsql/bin</screen>
</listitem>
<listitem>
<para>For Oracle:</para>
<screen>ORACLE_BASE=/ora8/m01/app/oracle
ORACLE_HOME=/ora8/m01/app/oracle/product/8.1.7
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/bin/X11:/usr/X11R6/bin:\
/root/bin:/ora8/m01/app/oracle/product/8.1.7/bin
LD_LIBRARY_PATH=/ora8/m01/app/oracle/product/8.1.7/lib:/lib:/usr/lib
ORACLE_SID=ora8
ORACLE_TERM=vt100
ORA_NLS33=$ORACLE_HOME/ocommon/nls/admin/data</screen>
</listitem>
</itemizedlist>
</listitem>
<listitem><para>Test your <link linkend="backup-recovery">backup and recovery</link> procedure.</para>
</listitem>
<listitem><para>Set up <xref linkend="uptime"/>.</para>
</listitem>
</itemizedlist>
<para><phrase role="cvstag">($Id: openacs.xml,v 1.33.2.3 2021/10/05 07:01:20 gustafn Exp $)</phrase></para>
</sect2>
</sect1>
