Forum OpenACS Q&A: Any contributions to a RH HowTo?

Collapse
Posted by David Kuczek on
I want to write a HowTo on the part that has not really been covered by the installation guide... OS Installation especially for openacs use. It will be a version for Dummies that want to get a professional site running (just like me). So every single step will be in it...

- HowTo install RH 6.2 on a server
- HowTo install all the necessery updates (+ where to get them, which ones exactly)
- HowTo update to the most recent Kernel (and why?)
- HowTo make all your RAM work with postgres (and why?)

I would ask everybody to send all the docs that you might have already written or that other people have written to my email address.

Thanks
Collapse
Posted by Don Baccus on
Your "install on a server" section needs to include "how to turn off all the crap you don't really need running on a dedicated web/db server".  (read about "chkconfig", that's a handy RH tool for turning  daemons on and off and setting them up to run at various run levels).

I'm not sure a "for dummies" section wants to include information on updating to the most recent kernel.  My feeling is that the best way to build a stable system is to use whatever release (i.e. 6.2 in this case) is deemed most stable and to leave it alone unless you really need to change it.  For instance, I have no compelling need to update my personal web/db server to any 2.4 kernel, even when they've been out and hammered on for a bit longer.  My system's stable and the "if it ain't broke don't fix it" principle applies.

Very useful would be to explain why buying the current RH version and installing it isn't necessarily the thing to do, i.e. we've been telling folks to stick with 6.2 rather than 7.0 (especially) and 7.1 (let others be the guinea pigs).

Collapse
Posted by Don Baccus on
Oh, I guess I forgot to say that integrating this kind of doc with the  OpenACS docs (probably as an addendum or separate piece so more experienced folks can easily ignore it) is a really useful idea.
Collapse
Posted by Roberto Mello on
ArsDigita at one point wrote the "Hitchhiker's Guide to the ACS" which described a good chunk of what you want to write about, especifically, the RH 6.2 installation.

I gave a presentation on basic Linux security that teaches why and how to disable services, among other things. I need to add a couple slides, then I'll post the link here.

And lastly, this would be great to be contributed to the OpenACS docs. Whatever format you write it in (as long as we can export to HTML). Doing it in DocBook is a plus, but don't get stuck there.

Collapse
Posted by Tom Mizukami on
Sean Yamamoto used to have some good material on stuff like this. I don't know about the updating to the most recent kernel, but I would really like to see some basic information on how to increase system security as you transition from a dev server to a "production" linux/postgres/openacs system. Specifically what services to disable, how/why to recompile the kernel, firewall issues, etc.
Thanks,
Collapse
Posted by Walter McGinnis on

Keeping in mind that OpenACS 4 will support Oracle as well as PG it might be good to include Oracle stuff, too.

Check out http://jordan.fortwayne.com/oracle/ for another handy source of information on how to set up Oracle on RH. Alot of it mirrors what you find in ACS's install guide, but it has a section for Oracle 8.1.7 for Linux.

Since we are discussing HowTos, I want to encourage anyone who is using other platforms (other Linux flavors as well as other Unix variants) to make a HowTo out of the steps it takes to get their site up and running. Even if you are running something other than RH, but the steps are exactly the same and work, it would be great if you let author know what system you are using and that it worked so it can be listed as compatible.

I look forward to the day in the not-too-distant future when I can run a OpenACS dev site on a Mac OS X laptop!

Collapse
Posted by Roberto Mello on
Use Debian. To get OpenACS and AOLserver running:

apt-get install aolserver aolserver-postgres openacs

That's it.

Collapse
Posted by Sebastiano Pilla on
An excellent book by Gerhard Mourani, Securing and Optimizing Linux RedHat Edition -A Hands on Guide, is available for free download in HTML and PDF.
Collapse
Posted by Mat Kovach on
I'd be happy to contrib some bits and pieces about running in on SuSE, but I always build from source and have never had a problem on any version from 6.3 -> 7.1

Suse does contain a nice simpe "personal firewall" script that I setup, but beyond that everything is stock out of the box Suse.

Collapse
Posted by Pascal Scheffers on
Don Baccus: Very useful would be to explain why buying the current RH version (...) and 7.1 (let others be the guinea pigs).

I'll be the guinea pig (or am I?), although not on a production machine. I just installed RH7.1, it was very smooth. This was the first time I got my sound card (SB 128) to work with Linux. All previous attempts had failed me, but now it worked out-of-the-box :)

I will be installing 3.2.5/PG7.1 on RH7.1 this week. I'll post the differences to the RH6.2 install guide later this week (if I am succesful, that is).

Collapse
Posted by Don Baccus on
This was the first time I got my sound card (SB 128) to work with Linux
Hmm...you shouldn't've told me this! Now I'm going to have to stop all work on OpenACS and install RH 7.1 on my Dell Laptop!

(I'm just kidding, but it's the best reason I've heard to update so far)

Collapse
Posted by Pascal Scheffers on
The only reason I dared to upgrade was the fact that I have way too much disk space on my machine. I just happened to have a 5GB partion (or two) free (honestly), So the machine is a tripple boot machine: W2k, Rh6.2 and RH7.1

I don't use Win2k all that often, though. Maybe I could try installing OpenACS on W2K and see where it dies. Does anyone have experience with that?

Collapse
Posted by Brad Ford on
I'm just getting back to working with ACS again (first time with OpenACS). I'm not a Linux server admin in the least but have heard that the Bastille Linux scripts at bastille linux do an impressive jobs of turning off all of the useless/redundant stuff that is automatically enabled in RH/Mandrake installs. Supposedly, it also teaches you a lot about what all the services are actually for as well. Haven't used it myself though...
Collapse
Posted by Roberto Mello on
Pascal, if you'd write about your Win2K + OpenACS experience, it'd be a good addition to the documentation.

The reason why it's easier to get the SB 128 to work with RH 7.1 is because the 2.4 kernel is much better at plug-and-pray devices. For my card, I just do "modprobe sb" and voila'.

Collapse
Posted by Pascal Scheffers on
I am not sure yet I'll do the win2k thing. I thought that Postgres *might* compile under Win2k, but from the docs I grepped that only the *client* tools will compile. Now that would become a double project: running OpenACS (3/4?) and Postgres on separate machines /and/ running Open ACS on Win2k. Too much for a lunch time experiment (which I had in mind). It would be kinda cool, though.

About the sound card, I do not thing that was the problem. The old (2.2) kernel had no problems recognising the (PCI) ES1371 based card. I guess it's just 'general progress' on the sound side if GNU/Linux.

Collapse
Posted by S. Y. on
While Tom's comments are very generous, I've never written any security related articles concerning Linux system administration. I'm just not qualified to do so. The security hardening measures I take are mundane things that anyone with "Linux system administration" on their resume would be doing anyhow (turn of remote services like rsh, use ssh, dump sendmail, examining system on a regular basis with a vulnerability assessment utility like Nessus, shutting off unnecessary services, etc.).

My own personal opinion: your average cracker is probably more interested in finding some vulnerable Wintel box to host some clandestine activities and isn't going to try busting into moderately secure box. Crackers going for glory are probably more interested in hacking some government web site or major portal. I'm guessing that by doing the basics and plugging up the most egregious holes, you're probably safer than 95% (maybe more) of all computers on the 'net.

The only worthwhile thing I ever wrote about Linux was basic Red Hat Linux 5.2 installation guide in autumn 1998, but that article is now obsolete and useless.

David, I suggest you work off of Jon Griffin's notes and some of the better security guides now available on the 'net.

Collapse
Posted by Sam Snow on
Here is a link for how to get PostgreSQL going on Win2000:
http://people.freebsd.org/~kevlo/postgres/portNT.html

It does not seem to be plug and play... :(.

Here is the link to PGAdmin: http://www.greatbridge.org/project/pgadmin/projdisplay.php
Collapse
Posted by Jon Griffin on
My docs are at jongriffin.com/static. I also added some new stuff over the weekend.

I have to disagree with installing RH 6.2. That release is a security flaw waiting to happen. The kernel is really not safe, and most of the packages have major exploits.

If you don't want to compile a kernel yourself you should probably not be hosting your own site, period.

Also, don't use a 2.4.x kernel because there are major files system corruption problems and some minor security issues (mainly NFS).

Use 2.2.19, very stable and all know exploits are gone (of course someone will find more, but the script kiddies won't hit you).

Collapse
Posted by Michael A. Cleverly on
Jon, what version would you recommend? (RH 6.2 w/o security patches is obviously a bad decision, as will RH 7.1 w/o security patches next year. Would you recommend RH 7.0 or 7.1 over 6.2+security updates?)
Collapse
Posted by David Kuczek on
Hello Jon,

I already read through your "Linux Security & Performance Notes" and they are great.

What I want to do is make it more understandable for people that don't know that much about linux. And I want to start from the very beginning.

I assume that somebody wants to get openacs running and make something real out of it. But he doesn't want to bother around with all the stuff he never heard of and he might not need to run his web service. And out of my own experience it is sometimes hard to know things like make a symbolic link etc. Why not say make a symbolik link which works like this: type in "ln -s ...."

So I will start with:
- Get your RH 6.2 iso file either from a. or b. or c. and install it this way. (I read through the Hitchhickers Guide and will use that to some extent)
- At the end of the day he should have his service with a scalable and secure openacs up and running.

And yes I want to cover the kernel recompile section in it and the performance and security as well...

I will be writing it in docbook. My extra section will be how to write your own doc in DocBook.

I will post my structure on the openacs.org/file-storage soon. It would be great if you could go over it and make some suggestions. What do you think?

I hold it with A. Einstein "Everything should be made as simple as possible, but not simpler."

David

Collapse
Posted by David Kuczek on
Hello Sean,

you said "dump sendmail"

Well this is another thing I want to cover. How to get Webmail with qmail up and running. From the beginning to the end...

Any contributions anyone??????????

Collapse
Posted by S. Y. on

As Jon mentioned, if you can't compile a kernel from the source, you're simply not qualified to be administering a production web server. End of discussion. By the time something like Red Hat Linux ships, there's probably a newer kernel out there, often before the CDs hit the store shelves. If you installed RH 6.2 and your kernel is still 2.2.16 (or whatever it was), you're at risk for a security breach.

Essentially any unpatched Linux distribution is bad. The vulnerabilities for every single unpatched version of any major Linux distribution are very well documented. That's the first thing any script kiddie is going to try.

As best as I understand, the guys at Openwall don't even bother releasing their patch until a particular version of the kernel is "safe" (they are conservative): http://www.openwall.com/linux

David, I've mentioned several times that what I write is geared toward people who understand *nix. If I need to type in "a symbolic link (a.k.a. "cloning") is accomplished by typing ln -s ..." then I've mimicked the other 400 page Linux books out there to no avail.

You cannot run a secure and reliable service with the Macintosh "click the continue button to continue" method. Anyone who can recompile their Linux kernel will not need explanation on how to create a symbolic link in a *nix operating system. If you need explanation on how to read a man page, how to use chkconfig to turn off a service, how to check for services that might not be using chkconfig, then you don't understand *nix.

Nothing wrong with that (I was there once myself), but do not expect to be qualified to sysadmin a production web server. Come back in a couple of years.

...you said "dump sendmail" Well this is another thing I want to cover. How to get Webmail with qmail up and running. From the beginning to the end...

David, I don't know anything about webmail, but qmail can be installed following the directions included with the source. Annoyingly, you have to jump from one document to another, but qmail can be installed and tested next to a working sendmail system before pulling the plug. While I don't care for the qmail documentation much, I can't say that I could write anything better.

Collapse
Posted by Mat Kovach on
An excellent doc for install qmail is at http://www.lifewithqmail.org. Everything I install qmail I just pull up that doc.
Collapse
Posted by mark dalrymple on
I was just about to post the lifewithqmail link when I discovered Mat beat me to it.  Therre's also pointers to other documentation at qmail.org.  I'd recommend planning on installing it twice. Do it at least once on an expendable box so you can figure out where all the moving pieces live and how they interact, then once you're comfortable with it, put it on your production box.
Collapse
Posted by David Kuczek on
Hello Mr. Yamamoto,

first of all I wanted to tell you how much I adore your motivation skills...

1. "if you can't compile a kernel from the source, you're simply not qualified to be administering a production web server"

2. "Nothing wrong with that (I was there once myself), but do not expect to be qualified to sysadmin a production web server. Come back in a couple of years."

Then I have to tell you that you unfortunately didn't quote Jon correctly. He said "if you don't want" and you said that he said "if you can't"... This is quite a significant difference.

Then it is up to me to help people that don't want to come back in a couple of years and don't want to spend a couple of years to learn the relevant stuff about openacs although they don't know anything about cool "*nix" (I don't really appreciate people that know only to talk in a specific jargon...)

Last an foremost I asked for contributions and not for contra-productive criticism...(I am open to productive criticism, I ask you not to get me wrong on that.)

Yours, David Kuczek
Collapse
Posted by Tom Mizukami on
Great discussion. I am new to Linux, didn't really have a reason before wanting to do interesting things with the web. Had some experience with Unix >5 years ago in school. I've installed various versions of ACS/OpenACS 4 times by hand and know how to create symbolic links. However, I have never compiled a kernel or fully secured a server and I don't have two years to wait. Jon, thanks for the documents exactly what I was looking for. I think these would be great to add to the HOWTO, maybe with some added flesh. Thanks.
Collapse
Posted by Jon Griffin on
Contrary to other opinion here, I really think doing anything with RH 6.2 is counterproductive.

The only real reason to get RH (or Mandrake, or Debian for that matter) is you buy into the package system of choice. RH 6.2 has old rpms, an old RPM and it is really not easy getting new rpms to work. You have to upgrade to 3.x RPM, oops that needs glibc 2.2, oops need this and that. If you want a dummys guide to openACS you really should dump 2 year old technologies. A lot changes fast.

The main reason not to use RH 7.0 was the pain of Oracle install. I have been using RH 7.0 since the day it came out (with ReiserFS also) on many systems and if you understand linux you can get Oracle up and running with basically little hassle. Everything is completly stable and of course you will be recompiling a new kernel anyway. Since many users here won't be running Oracle at all it is really a moot point.

If I ever can download 7.1 I will update my doc for that.

Collapse
Posted by Jon Griffin on
As far as qmail, do yourself a favor and just use the rpms at Bruce Guenters site http://em.ca/~bruceg. Of course if you aren't running an RPM distro you will have to do it yourself. Bruce's stuff has all the patches you are likely to need, and some great scripts for setting up services ( I actually run all my aolservers with these also).

As for webmail, just remember, security flaws, security flaws, security flaws. Thats right, javascript is evil. Also, you may wish to nix qmail in favor of just using Courier (which uses Maildirs).

Collapse
Posted by David Kuczek on
I don't really care what Version of RedHat to install or write a HowTo on. But as there is obviously quite some people that would like to know what to do and how and even more people that have different opinions about what to install I will be listening to the one with the most experience.

And as I have read quite some threads of this bboard I thought this to be Jon and Don (even sounds good).

Is it reasonable to get some consensus on this topic as soon as possible?

By the way. I have written my first DocBook on "HowTo write a DocBook" today. It is really not that tough. Could I post it somewhere on openacs - Don, Ben? You can check on it first of course.

Collapse
Posted by Pascal Scheffers on
By the way. I have written my first DocBook on "HowTo write a DocBook" today. It is really not that tough. Could I post it somewhere on openacs

Ehrm, /file-storage ?

Collapse
Posted by David Kuczek on
Thought of that right after I submitted the answer.

It is up already...

Have fun and tell me about mistakes on my side.

Collapse
Posted by Jonathan Marsden on
On versions of Red Hat:

I've used Linux since 1992 and Red Hat since 4.x.  RH 6.2 + updates
works fine.  What I do for myself and for clients is to build
CD-Rs with the updated RPMs already present.  I tend to be very
wary of Red Hat .0 releases, so I stayed away from RH 7.0.

Now 7.1 is out and I expect to be creating OpenACS and AOLserver RPMs
for it shortly.  IMO it is still too new to be run on a production
machine connected to the global Internet.  But in a few weeks, when
the early adopters have found the first set of obvious issues and
updated RPMs are issued for them, it will probably be time for
migration to RH 7.1.

Meanwhile, I am looking at creating an RH 6.2 CD which has all
RH-supplied updates and PG 7.1 and AOLserver and OpenACS.  This should
make installing a working OpenACS 3.2.5 box fairly quick. I had not
intended to make that ISO image public, but if there is interest,
I might be persuaded to do so.

Eventually I'll probably build similar customized RH 7.1 CDs, once I
have more experience with and confidence in that distribution.

Knowing how to recompile a kernel is good.  Not having to, because
the one on your install CD is current and has the OpenWall patches
applied already, is probably better still, for many sysadmins.

Overall, I suspect that "For Dummies" and keeping a "professional site
running" may be somewhat awkward things to put together.  So I would
suggest either creating a CD so that newcomers can do the installation
easily, or else write the document for those with some existing
Unix/Linux experience.

Right now if you wrote your "OS for OpenACS" HOWTO based around RH 6.2
it would become old quickly.  But if you wrote based on RH 7.1 you
would have essentially zero experience base to write it from.  If you
try to be generic to cover both, my guess is the HOWTO will become too
generic for the "Dummies" (your chosen term not mine!) who are your
intended readership.

What is the "answer"?  Personal opinion: I think I'd write for RH 6.2
for now, but be prepared to rewrite for RH 7.1 in a couple of months
time.

Collapse
Posted by S. Y. on
David,

Sorry that my tone came across wrong, but I'm not discouraging people from learning Linux/OpenACS/security and I apologize if I've misquoted Jon. My point is simply that for a *production* box, I personally would never consider someone with little/no experience to harden UNIX/Linux.

I said "a couple of years" because that's probably how long it took me to learn UNIX to the point where I might stick it on a resume; I admit that a moron. I'm certainly no programmer and I'm not a very good sysadmin anymore.

Over the past few years, I have encouraged people to contribute documentation to places where it was lacking. I see no point in creating a Reader's Guide version of the Oracle Installation Guide, but folks seem to be happy when they find concise notes about A.) when the provided documents are unclear or wrong, B.) how to work around problems in an undocumented environment (e.g., Oracle8i glibc2.2 issue on Red Hat 7.0), and C.) offering verbatim copies of working configuration files.

Attempting to educate Linux newcomers to the myriad issues concerning security is a very, very tall task. I wish you the best of luck, and no doubt lots of people will find the proposed document a helpful tutorial.

In addition to Jon's docs, I suggest that you base your article from the O'Reilly UNIX sysadmin book (Aeleen Frisch), other O'Reilly Linux books and the security related documents at: http://www.kernel.org/LDP/ particularly the longer guides (although they are now aging quickly) at http://www.kernel.org/LDP/guides.html

Re: RH 7.0

Like Jon, I too have been using RH 7.0 since it came out, also with the ReiserFS patches (as a matter of fact, the only ext2 partition I have is /boot). I've already ordered RH 7.1 which I'll install as soon as it arrives, but I'm not running Linux production servers anymore (I was boldly using kernel 2.4.3 on the last one). Annoyingly, Red Hat chose to go with an experimental compiler (gcc 2.96) with Red Hat 7.x, but you can simply move it aside and use "kgcc" (which is a renamed egcs).

Different versions of kernel have different ways of modifying/tuning. For example, the shared memory parameters file moved between kernel 2.2 and 2.4 and you can use sysctl to change certain kernel parameters without recompiling.

Things also change with different versions of RH. I used to get updates with the Red Hat updater, then moved to the Helixcode updater (which has undergone a name change to Ximian). I'm currently using Red Carpet. As Red Hat versions are released, additional services are added that probably need to be turned off, but added security functionality is added (e.g., openssh) so it would certainly be easier to write a security document based on a baseline standard Linux distribution.

RH 7.0 has been pretty good to me, so that plus updated RPMs, plus kernel 2.2.19 is my suggestion for a document.

Collapse
Posted by David Kuczek on
Hello Jonathan,

I don't like the expression for Dummies and I don't know why I used it either. Well, what I wanted to do, is to write a documentation that is very easy to understand and covers every aspect that you need to look at in order to run a "professional" web site. I heard Don saying:

"Depends on the subject matter, but a lot of installation stuff is just a matter of learning a bunch of magic incantations and once learnt, anyone can do them." This was said in a kernel recompile context for raising shared memory!!!

You are right that this is awkward, but I believe that it is a good way for somebody "quite" new to the material, to realize what it needs to build a site that scales with some perspective. On the other hand I want to show exactly which steps to follow, because it is always more relaxing to know what you typed in than to know that you installed an rpm - on my side at least.

If you want to contribute somehow let me know :-)

But I think that your rpms are a great idea too. Especially for people that want to get going very quickly...

Collapse
Posted by David Kuczek on
Hello Sean,

you shall be forgiven :-)

I would like to buy myself a real good linux admin too, but neither my mother nor my University will pay for that.

And I still want to get a platform of mine up and running soon that I have been working on for quite some time. The "perfectionist" that I am I would like to know how to get the best configuration running. So I am writing a HowTo for everyone that might need it in the future. Of course this will only be possible with a lot of help by the community and I might not be the perfect nomination for this job, but that's life (last year I didn't even know how to spell HTML - but if everything crashes.... it crashes and I will be asking questions on the bboard as always.)

Collapse
Posted by Tom Mizukami on
"...but folks seem to be happy when they find concise notes about A.) when the provided documents are unclear or wrong, B.) how to work around problems in an undocumented environment (e.g., Oracle8i glibc2.2 issue on Red Hat 7.0), and C.) offering verbatim copies of working configuration files."

I completly agree, whatever form the final documentation takes it should have general comments enabled so people can post inline comments regarding steps that don't work and workarounds. This has always been a problem at aD. Good luck.

Collapse
Posted by David Kuczek on
One thing that I forgot,

I don't want to stuff every single security hole this would be sysiphus style. Just the ones that won't take you a lifetime.

Another thing that is at least as important is the the RAM and shared memory question. It has been quite hard to mobilize someone to tell you how to get all the Ram working with Postgres, how much to dedicate to Postgres etc.. I don't know why. This is closely related with the swap file partition question. I read on aD that it should be twice your ram or > 400mb for Oracle? And the funniest thing is that someone told me on one of my threads that "we all have more Ram than users" so there must be people that have done that before.

Jon's HowTo on performance was actually the first help that I got after having asked this question couple times on the bboard. I didn't even know if this topic was too easy or to complicated.

Well, I will get all the information together somehow after all. I hope :-)

Collapse
Posted by Pascal Scheffers on
Well, I can contribute to the swap file issue. For starters,
everyone always suggests the swap space to be twice the size of your
RAM. There are probably some theories behind that, but I think the
most important argument is always: running out of swap space crashes
your machine (typically), so plenty of swap means your safe. <p>With
kernel 2.4.x that all changed a bit. What I grepped from the
kernel-traffic mailing list, before 2.4.x you weren't required to
use a minimum amount of swap, other than what you need to fulfill
the need of your processes. Due to some reengineering/optimizations
they (Linus, Alan, et. al) introduced a requirement for the swap: if
you have <i>any</i> swap, it must be atleast twice your physical
RAM. If I understand correctly, this has to do with the algorithm
used for reclaiming unused pages. IIRC, this is especially important
for systems that use the swap a lot. If you do not reserve twice
your RAM size, you risk a kernel deadlock. Now don't start panicking
-
it also doesn't happen very often. That's what I know about it.
Collapse
Posted by S. Y. on
I think it's the Oracle docs that say swap should be twice RAM or 400MB. I personally budget swap for 2-3 times RAM and never less than 1 gigabyte (especially because disk space is so cheap nowadays) even if I'm not running Oracle. I'm currently running 384 MB RAM with 1 gig of swap (no Oracle) on a 9.1GB drive (puny, but fast, since it's a 10,000rpm Ultra160 drive). You can create swapfiles, but it's better to use a raw swap partition (or even another disk).

If you're going to deal with security, you should have a section on performance tuning (or at least specify when you are doing something for security reasons, performance reasons, or both).

More RAM, more disk spindles (nothing but SCSI for me). I always keep user accounts (home directories), web software, third party apps (databases, etc.) off the root drive. I guess one topic you might consider is mirroring the root drive (I don't do it myself). I prefer ECC memory myself, but my current motherboard (ASUS CUSL2 w/Intel i815E chipset) doesn't enable ECC (ECC DIMMS work though).

Collapse
Posted by S. Y. on
There's a brand new overview of qmail at Security Focus today:

http://www.securityfocus.com/templates/forum_message.html?forum=2&head=5418&id=5418

I just scanned it briefly and it looks okay, but I already installed qmail so there's no way for me to check the accuracy of the individual steps.

Collapse
Posted by Jonathan Marsden on
David wrote:
You are right that this is awkward, but I believe that it is a good way for somebody "quite" new to the material, to realize what it needs to build a site that scales with some perspective. On the other hand I want to show exactly which steps to follow, because it is always more relaxing to know what you typed in than to know that you installed an rpm - on my side at least.

Encouraging anyone to type in commands they do not understand (especially as root!) is in general a bad idea IMO. But if your doc explains each command you suggest in sufficient detail for newcomers to grasp, it will be a huge tome. So, they will probably lack the patience to actually progress all the way through it? Leave out the explanations, and you are either writing only for experienced folks, or else you are in effect encouraging a "trust me and just type this stuff" mentality which I don't think is likely to helpful.

If you have RPMs (or .debs, or whatever packaging system you choose, I'm not tied to RPM except that it is what RH use and I use RH currently) then beginners can just "trust the RPM maintainer", and those with some knowhow can do

rpm -qp --scripts openacs-3.2.5-2.noarch.rpm

and see exactly what the RPM is going to do, and then decide whether they want to install it or not. It also minimizes how much typing is needed, so reducing install problems that end up being caused by a typo by the sysadmin.

If you choose to limit the HOWTO to an RH base, and to one specific RH distribution, then I don't see the value in then not using the packaging system which is the basis of that distribution. If you really dislike RPMs, why would you be running RedHat anyway?

Just one person's opinion; if you have time and energy to write a doc, I'll probably read it, and I may even suggest changes to it. But I think that the exact audience you have chosen -- Red Hat users with only limited Linux/Unix background, but who don't like the idea of installing from an RPM -- seems to be a rather odd and perhaps somewhat small group.

Given the other documentation needs surrounding OpenACS, I'm not sure the niche you have chosen is the most obviously wanted high priority thing to write. But obviously, that is your call to make, not mine!

Final thought for now: at first glance at least, the new RH 7.1 looks a lot more security conscious than older RH versions were. So basing your work on that might reduce the size of the 'OS security' part of it?

Collapse
Posted by Arthur Pinkerton on
I have used Jonathan's RPMs and they worked great, though I had to get the latest db lib's for 6.2. http://www.rpmfind.net Once I had the latest db libs's the install of OpenACS, Aolserver, PostgreSQL took a little over 90 seconds. "WOW"

David, There is a real good newbie Linux install doc @ Orchard Labs

Using RPM's work great but you don't really get to know how things actually work until you have gone through the installs and ironing out the bugs.(I.E Myself.) I guess Sean is right a newbie DOC is not bad but I think going through a UNIX admin book and really learning UNIX (*nix) would prove more benefitial in the long run.

Collapse
Posted by Rafael Calvo on
Hi,
Regreatbly I got a new machine from Dell with RH 7.0. I downloaded and installed aolserver3.3.1 and postres7.1 (removed the RPM installation from dell and did it from scratch).
Of course it doesn't pass the acceptance test (sysdate...) -although some things seem to work
I haven't used openacs before but I am planing to help porting it later on, so I would need Oracle installed (to compare)
What do you suggest, install RH 7.1, try to work it out with RH7.0 or go back to 6.2?
thanks
Collapse
Posted by David Kuczek on
Hello Jonathan,
<br><br>
<i>
"Encouraging anyone to type in commands they do not understand (especially as root!) is in general a bad idea IMO."
</I>
<br><br>
I think that you are not 100% right with that. I will not be just executing the commands but will try to look them up first and see what they are exactly doing. This procedure ist way easier than not knowing what to type in and maybe searching for this in the wrong desert of commands (newbies usually search there :-)).
<br><br>
Hello Arthur,
<br>
The Orchard Labs intro was <b>exactly</b> what I was looking for. Great work really. And I am picky as hell. ;-)
<br><br>
Maybe we could put a link to that page in our official Installation Guides....
Collapse
Posted by Gilbert Wong on
Arthur,

Thanks for linking to my site.  That article was more for me than anyone else.  If I don't write things down minutes after I do it, I will forget it.  :-)  It really sucks when I have to spend hours trying to remember the exact install procedure I used months before...