Linux skyBox HOWTO
Necessary links (in no particular order):
RedHat
The GNU Project
The Apache Software Foundation
The Comprehensive Perl Archive Network
PHP Hypertext Preprocessor
PostgreSQL (documentation)
Open Secure Shell
The National Institute of Standards and Technology
WebMin
This is the process for configuring a new RedHat 7.3 installation to become a skyBox capable of running (and developing) skyBuilders timeLines. In order to be capable of this, there are a few required services and utilities:
-
http service with middleware: Apache mod_perl and mod_php
-
RDBMS: PostgreSQL
-
GUI for maintenance and development: XFree86, Gnome
-
Editing and Network Utilities: the GNU Project system of software tools
skyBox3, the machine used for this trial run has specs as follows:
-
CPU: Intel Celeron 900MHz, 128MB cache
-
RAM: 507MB + 16MB shared
-
Hard Drives: Maxtors
hda = ~19500MB
hdc = ~39000MB
-
CD-ROM: BCD 48SB I/OMAGIC
-
NICs:
NetGear FA310TX
SiS 900 PCI
-
Display Adapter: SiS 630/730
-
Monitor: Hitachi CM751U
Install RedHat 7.3
Partitioning recommendation:
|
name
|
recommended (100%)
|
actual (58.5GB)
|
format
|
drive
|
|
/
|
10% (6GB)
|
6GB
|
ext3
|
hda
|
|
/boot
|
50MB
|
50MB
|
ext3
|
hda
|
|
/swap
|
2xRAM (1GB)
|
1GB
|
N/A (linux swap)
|
hdc
|
|
/tmp
|
2GB
|
2GB
|
ext3
|
hda
|
|
/home
|
10% (6GB)
|
11GB
|
ext3
|
hda
|
|
/var
|
30% (18GB)
|
23GB
|
ext3
|
hdc
|
|
/usr
|
20% (12GB)
|
15GB
|
ext3
|
hdc
|
IP Address: 206.253.4.20
NetMask: 255.255.255.224
Gateway: 206.253.4.1
Note: During the install process, in the network configuration section, once the IP and netmask were indicated, the interface filled in two other fields. It suggested .30 as the gateway, and .1 as the name server. Odd.
DNS Servers:
209.87.64.70
209.87.79.232
The choices made during installation are logged in /root/install.log and a kickstart file for the RedHat Anaconda installer is in /root/anaconda-ks.cfg
Add crontab for NIST clock synchronization
(add other things like updating the root hints file and the file db later)
# cd /root
# mkdir scripts
# cd scripts
Download http://jesse.skybuilders.com/scratch/other/misc_linux/miscScripts.tar
# tar -xvf miscScripts.tar
# crontab clockSync.cron
To see current settings, # crontab -l
Enable ssh for all users except root.
SSH lives in /etc/ssh
Edit sshd_config
Find the commented line that reads "# PermitRootLogin off"
Add the following line, "PermitRootLogin on"
Go to the end of the file
After the last line, add a line that reads "AllowUsers dtd jesse bobdoyle" ("AllowUsers" followed by a tab followed by a space-delimited list of usernames to allow)
Test login
There is an upgrade for openSSH (possibly available from the website), which patches a security hole to which we are not, under our current settings, vulnerable. The ideal version would be 0.9.6e
To report current version:
# rpm -q <rpmname>
To upgrade with verbose and progress bar:
# rpm -Uvh <rpmname>
Possibilities
WebMin? Probably unnecessary.
SFTP? May already be enabled under SSH. Requires research. timeLines File Server would be preferable (with directory- and file-level permissioning for all files (not just skyPages)).
Locate Apache httpd
-
/etc/httpd is the program directory
-
/etc/httpd/conf/httpd.conf is the configuration file
-
/var/www/html is the wwwroot/home directory for the server
-
# service httpd start/restart/stop/status can be used to control the service
Set httpd to start on boot
To check the current setting:
# chkconfig httpd --list
To set the service to start on boot:
# chkconfig httpd --level 3456 on
Test http service
Open any browser to skybox3.skybuilders.com
The index page should be the Apache test page
Locate Perl
Perl is not a service - it runs when called.
/usr/bin/perl is Perl itself (this is the path that needs to go in the first line of every file)
Apply settings to each directory that wants to run Perl in sections in httpd.conf (if the default example is used, Perl will try to execute for any file in the directory, not limited by file type)
Test Perl
Download test.pl and/or simpletest.pl into a Perl-enabled directory
direct a browser at the file and check the output
Test PHP
Download test.php
direct a browser at the file and check the output
Set postgresql to start on boot
To check the current setting:
# chkconfig postgresql --list
To set the service to start on boot:
# chkconfig postgresql --level 3456 on
PostgreSQL configuration is in /var/lib/pgsql/data/postgresql.conf
Test pgsql
First, users must be added to pgsql. Probably one user should have authority over everything (probably root). Then there should be one user defined for each site on the machine. Perhaps db.inc, if it doesn't have a username and password combination hardcoded into itself (The install image may be based on a running site. Maybe it should compare its FQDN to the username it has in order to notice when it is new.), should generate one and instruct the user to add it to pgsql. (Once it is able to connect, it could change its password dynamically.)
- PostgreSQL must be configured to allow users other than the operating system users to login securely. This is controlled from the file /var/lib/pgsql/data/pg_hba.conf
In this file, uncomment lines 221 and 222, and comment out line 250. There is a good description of what this allows in the lines preceding 221.
Add a new line; a duplicate of line 221. Substitute the word "skyTemplate" for the word "sameuser" in the new line 221. This will allow all users a connection point that will let them create their own dbs without giving them access to template1.
All user management should be done as the user postgres.
These edits will only be applied the next time the service restarts. The skyTemplate db must first be created.
- As root, start a session as the postgres user:
# su postgres
which takes you to a prompt which looks like:
bash-2.05a$
- Connect to template1 as user postgres. (Whenever in psql, be sure to expect confirmations of any action; a null response is a sure sign of no action performed.)
bash-2.05a$ psql template1
- Create a new db called "skyTemplate".
template1=# CREATE DATABASE "skyTemplate";
- Exit psql.
template1=# \q
- Exit postgres user session.
bash-2.05a$ exit
- Restart the postgresql service.
# service postgresql restart
- Create a new db user. This new user should correspond to the site that db will be supporting. For example, our test site is called "pipelines.skybuilders.com". The corresponding username should be "pipelines_skybuilders_com". This should also be the name of the database. Permissioning allows users other than the admin user "postgres" to connect only to "skyTemplate" and the database with the same name as the user.
To make users (outside psql) as user postgres:
bash-2.05a$ createuser <options> <username>
In this case:
bash-2.05a$ createuser -d -P -A pipelines_skybuilders_com
-d = allowed to create databases
-P = prompt for a password
-A = not allowed to create users
(man createuser for details, user dropuser to delete users, and ALTER USER from inside psql to change setting for a user)
- Connect to template1 and use ALTER USER to change the user's password (psql should resond "ALTER USER"), then exit psql and the postgres user session:
bash-2.05a$ psql template1
template1=# ALTER USER <username> WITH PASSWORD <newpassword>;
template1=# \q
bash-2.05a$ exit
- Connect to skyTemplate as the new db user. (Notice that the psql prompt ends with a ">" rather than a "#", to show that you are not a superuser (postgres).)
# psql skyTemplate <username>
- Create a the database corresponding to the new user's site. The user is automatically given ownership of the db created. psql should respond "CREATE DATABASE".
skyTemplate=> CREATE DATABASE "<dbname>";
- Connect to the new database.
skyTemplate=> \c "<dbname>";
- Create the new database's schema.
Create a table. psql should return "CREATE TABLE".
<dbname>=> CREATE TABLE <tablename> (<columnname> <columntype> <columnconstraint> [, ... ]);
In this case:
<dbname>=> CREATE TABLE ODBM_Segments (ID SERIAL PRIMARY KEY, SegmentName TEXT, NetworkAddress TEXT, NetMask TEXT);
- Create the rest of the tables.
<dbname>=> CREATE TABLE ODBM_IPAddresses (ID SERIAL PRIMARY KEY, SegmentID INTEGER, HostID INTEGER, IPAddress TEXT);
- NEXT:
To make a database (which will be owned by the operating system user who issues the command):
bash-2.05a$ createdb <dbname>
All user and db management can be done through the PostgreSQL interactive terminal (which accept both SQL statements and Postgres metacommands) called psql (man psql for reference):
bash-2.05a$ psql
which takes you to a prompt which looks like:
=#
To add/manage users:
PGSQL User Management
To create users:
=# CREATE USER
Every db must be VACUUMed at least once every billion transactions with the vacuum command in psql (or risk catastrophic data loss). See Routine Vacuuming.
Host Based Access configuration file is in /var/lib/pgsql/data/pg_hba.conf
A few useful tools.
To list all postgresql users:
skyTemplate=> SELECT * FROM pg_database;
To list all postgresql databases:
skyTemplate=> SELECT * FROM pg_user;
To find out the currently selected database, look at the name in the prompt:
skyTemplate=>
