Forum OpenACS Q&A: Newbie Installation

Posted by Garn LeBaron on 02/03/03 10:37 PM

I just finished installing OpenACS on my webserver, and the main page stated: Thank you for using our software. Please write to us at the OpenACS bboard to let us know of your experience with installing and using OpenACS.

OK. Here is my experience. First, let me start by thanking everyone who put this whole thing together, because the installation went much better than I had hoped. It has clearly come a long way from when I tried the installation at around version 3.2.

The installation documentation is excellent. I started with a blank system, compiled and installed postgres, aolserver, and openacs without any problems thanks to the great examples.

The only problem that I am still having is the daemontools. I followed the instructions carefully, and the daemontools are running, but I cannot get them to run the website for me. As of this moment, the only way that I can actually run the site is to copy the text out of the run file located at /home/username/web/sitename and then paste it into a command window and run it from the commmand prompt.

Even with this minor issue that I hopefully will get resolved soon, I just can't say enough good about the excellence of the installation experience and the great product that you have put out.

2: Re: Newbie Installation (response to 1)

Posted by Luis Garcia on 02/03/03 11:05 PM

You're not the only one. I set mine up in a Linux SuSe Box and I have to start the whole thing manually every time. But I agree with you, the rest of the experience is excellent. Not big pains at all.

3: Re: daemontools (response to 1)

Posted by Mark Aufflick on 02/04/03 04:48 AM

I have always used inittab, but on my new server decided to try out daemontools.

I have it all working, and it does the trick - but it's a bit obscure, has zip documentation and appears to me to be an abandoned project (the files in the archive are dated Jul 13 2001).

Given these issues, I wonder if we should be promoting it as the method of choice for running OpenACS.

It can't be that hard for us to roll our own perl (say) program to replicate what daemontools does but specifically for OpenACS.

Any comments?

4: Re: Newbie Installation (response to 1)

Posted by David Walker on 02/04/03 05:21 AM

Once I got used to it I came to the conclusion I like inittab the best.

I rarely need to stop the service and when I do I just go into inittab and put a "#" in front of the service and run "init q".

When I need to start it again I just reverse the steps.

5: Re: Newbie Installation (response to 1)

Posted by Jon Griffin on 02/04/03 05:47 AM

Noone says you must run daemontools, but it is way more reliable than the evil inittab, and I doubt you could write the equivalant program in perl. http://jongriffin.com/static/aol-supervise

Just from a security point of view I wouldn't try and inittab is a lot more evil.

I haven't seen the absolute latest doc, but I believe it shows both ways. And, it really isn't very difficult, it is like anything new. Ever tried to configure the most popular web server in the world (apache). If you can figure that out, daemontools is a breeze.

6: Re: Newbie Installation (response to 1)

Posted by Stan Kaufman on 02/04/03 06:48 AM

Jon, what's so evil about inittab?

7: Re: Newbie Installation (response to 1)

Posted by Frank N. on 02/04/03 09:45 AM

Garn,

I couldn't get the supplied script to work with daemontools either. However the following, slightly edited one does the trick for me:

#!/bin/sh exec su -l nsadmin -c "/usr/local/aolserver/bin/nsd -it /usr/local/aolserver/birdnotes.tcl"

8: Re: Newbie Installation (response to 7)

Posted by Jeff Davis on 02/04/03 11:52 AM

Frank, If you do "su -l nsadmin" your server will not be able to bind port 80. It should work fine on ports above 1024 though. Here is what I use:

#!/bin/sh
umask 002
export LD_LIBRARY_PATH=/usr/local/pgsql/lib/:$LD_LIBRARY_PATH
export PATH=/usr/local/pgsql/bin:$PATH
exec /usr/local/aolserver/bin/nsd -z -it /home/nsadmin/oatest.tcl -u nsadmin -g nsadmin 2>&1

Mark, it would be crazy to write a bad copy of init or daemontools in perl. It's certainly not that hard to write a passable c version for a single platform but really getting it right is tricky. I would look at supervise.c in deamontools if you want to get an idea of what something like that would look like.

As for what is wrong with inittab, in terms of starting a process, sitting there until it gets a sigchld, and restarting the process, inittab and daemontools are essentially the same. No advantage one way or the other. The big disadvantage with inittab is that it has one big file for all services and it's possible to break all the services started from inittab by messing up the inittab file (although I think maybe linux is a little more forgiving on this, on solaris I think a missing cr on the last line would break everything). It also means that anyone you want to allow to add or remove services have root (the material security issue). If the machine is just running your server and you are the only one using the box or you don't care if all the inittab things break, then use inittab . It works fine, it's secure, and it's already installed.

daemontools has some nice features though, your services are independent of one another and it provides a machanism for an unpriviledged user to restart (and send other signals) to their service (see svgroup in the docs for details). Also, the logging stuff and taking services up and down w/o editing is less error prone. I think if it wasn't a djb tool people would not have such religion about it and people would just use it since in general it is a better solution but it's not preinstalled and takes a little getting used to and does a few things in ways I dont like (it automatically starts things when added to the /service dir since I invariably link it with the wrong name -- I would rather things be down by default).

You can take a look at the faq and see if any of the reasons deamontools are better matter to you.

9: Inittab vs. daemontools (response to 5)

Posted by Garn LeBaron on 02/04/03 02:59 PM

I agree that daemontools is the way to go. All you have to do is read a little of what DJB has written and all the stuff he writes makes a lot of sense.

I really appreciate all of the tips you have given for setting up my run file. I will try them today.

10: Re: Newbie Installation (response to 1)

Posted by Stan Kaufman on 02/04/03 04:00 PM

Jeff, thanks for the very helpful analysis. I agree with all the benefits of daemontools, which I've been using on development boxes with OpenACS 4.x. On production boxes with OpenACS 3.2.5 sites, though, I've been using the inittab method that Don's install docs suggested -- and found that this method works great as well. I wondered what could be "evil" about it and now I see it's the matter of all services controlled by a single file and the need to be root to make modifications. Points well taken.

11: Re: Newbie Installation (response to 1)

Posted by Tom Jackson on 02/04/03 05:50 PM

I should write up my latest experiments with using daemontools with OpenACS. Things missing from daemontools are the problems of starting and stopping services in some kind of order. Using the /service directory in the default situation works for things like qmail, but not for web services that use a database. I'm doing another install this week, so I can spend time to fine tune my startup scripts. Essentially, I am using the init.d scripts to start and stop things in the correct order, but the scripts use the svc commands. I use the down file to keep services from starting on their own:

# cd /service/myservice
# touch down

With Oracle OpenACS, it is critical to make changes to the Oracle start/stop scripts. Oracle should be brought up after most everything else (especially sshd), but before the webservers. To shut down, the web services need to go first, then Oracle then sshd. This prevents the problem of Oracle deciding not to stop after net access is terminated.

12: Re: Newbie Installation (response to 1)

Posted by Janine Ohmer on 02/05/03 04:47 PM

FWIW, we use inittab for everything and it works for us.

I agree that daemontools has advantages in environments where people need to be able to stop and start servers without being root. I also agree that if it weren't a djb app some of us wouldn't have the knee-jerk "run away quickly!" reaction to it that we do. ;)

I do think that calling inittab "evil" is a bit much. It's inconvenient in some situations, but it works just fine.

14: Re: Newbie Installation (response to 1)

Posted by Ola Hansson on 02/05/03 07:14 PM

Janine,

Just out of curiosity, what makes you want to run away from djb (or his software)?

Based on my practical (non-religous) experience with daemontools, qmail, tinydns, and dnscache I've found each of them a huge success.

/Ola

15: Re: Newbie Installation (response to 1)

Posted by Janine Ohmer on 02/05/03 07:27 PM

My impression is mostly second-hand - it's Mike who does most of the running away, since he installs the tools we use.

What I hear is that DJB software is installed in non-standard places, that he's constantly changing where it goes and how it gets installed, and that he is incredibly arrogant and nasty to anyone who even dares ask why. He also doesn't trust standard libraries so he writes all the code he needs himself instead of linking out. Just a small ego problem, I guess. :)

My impression may be inaccurate - but I've read other references here in these forums to him being quite the nutcase. IMHO we have enough necessary complication in our lives without adding the unnecessary.

16: Re: Newbie Installation (response to 1)

Posted by Tilmann Singer on 02/05/03 08:16 PM

Recently I forgot the option how to restart a service with svc:

develop:~ # svc
develop:~ # svc -h
develop:~ # cvs --help
Usage: cvs [cvs-options] command [command-options-and-arguments]
  where cvs-options are -q, -n, etc.
...
develop:~ # svc --help
develop:~ # man svc
No manual entry for svc
develop:~ # svc -whereisthedamnhelptext
svc: illegal option -- w
svc options: u up, d down, o once, x exit, p pause, c continue, h hup, a alarm, i interrupt, t term, k kill

Just my personal experience - might be wrongly installed. It's great software, but it has unnecessary annoyances, IMHO.

17: Re: Newbie Installation (response to 1)

Posted by Jon Griffin on 02/05/03 08:28 PM

Tilmann,

Try to restart a service under inittab

Janine,

I don't want to start a religous war but, there are reasons DJB doesn't use standard libs, security. As far as standard locations, whose standard?

Re: security, I know many use sendmail, as far as I am concerned, no one will EVER be able to convince me that all of its security problems are fixed. Everytime I have heard that the latest and greatest sendmail cures all security problems, guess what? Well, since security can't really be proven, I have to go on past performance, and no one has collected any money for DJB products under his security guarantee. Sometimes religion should't get in the way of judgement.

13: Re: Newbie Installation (response to 1)

Posted by Tom Jackson on 02/05/03 09:47 PM

I do think that calling inittab "evil" is a bit much. It's inconvenient in some situations, but it works just fine.

The daemontools package uses inittab to start up svscanboot, so it seems DJB doesn't consider it too evil.

Janine makes some valid points about about DJB: he doesn't mind sharing his arrogant opinions with the world, he puts his software in strange locations, etc. All true. However noone here seems to complain that AOLserver, PostgreSQL, Oracle and OpenACS are all similarly strange. If you compare different flavors of unix, they do not adhear to exact standards on the way the os starts up and how they start services, the result is that every software that is installed using standard locations and practices have to use different locations and practices depending on the unix flavor.

The Postgres team seems to believe that they can make incompatable changes without changing the Major version, forcing developers to go back and constantly revise their software to conform.

OpenACS tcl code doesn't conform to any standard either, even though a tcl style manual existed before ArsDigita wrote the 3.x series.

The lack of man pages for the daemontools package could be frustrating. However the README file contains a link to the online documentation.

As arrogant as DJB may be, he is definitely selfless in sharing his software. He doesn't promote it, sell it, or make any money off of it. But he still makes it available to everyone, he maintains and improves it. He even offered $500 for anyone who could find a security related bug caused by his qmail software. To date the money is unclaimed.

He is also fighting the U.S. Commerce Department on a legal issue where he established that 'source code is speech' and the Department's export regulations amounted to censorship. He won in the District Court, but the Government is appealing. He case is being handled by the Free Software Foundation.

18: nsd restart w/inittab (response to 1)

Posted by David Walker on 02/06/03 12:18 AM

To restart nsd when started from inittab you only need permission to stop the service. You can do this via an authorized web page that issues a "ns_shutdown" or if you have permissions to the running task (i.e. you are the user that nsd is running as) then you can kill it.
("ns_shutdown" being the cleanest option)

inittab will restart the service as root and you will be back up and running in no time.

if you actually needed to completely stop the service and have it not restart you will need root privileges though.

19: Re: Newbie Installation (response to 1)

Posted by Don Baccus on 02/06/03 02:25 AM

Janine makes some valid points about about DJB: he doesn't mind sharing his arrogant opinions with the world, he puts his software in strange locations, etc. All true. However noone here seems to complain that AOLserver, PostgreSQL, Oracle and OpenACS are all similarly strange.

That's because Mike does everything except those things!

(couldn't help but drive my truck through that opening!)

20: Re: Newbie Installation (response to 16)

Posted by Randy O'Meara on 02/06/03 03:55 AM

Tilmann (and all who *hate* that there are no manpages),

Get and install the daemontools man pages at:

http://smarden.org/pape/djb/manpages/daemontools-0.76-man.tar.gz

Randy

21: Re: nsd restart w/inittab (response to 18)

Posted by Mat Kovach on 02/06/03 04:36 AM

_Janine makes some valid points about about DJB: he doesn't mind sharing his arrogant opinions with the world, he puts his software in strange locations, etc. All true. However noone here seems to complain that AOLserver, PostgreSQL, Oracle and OpenACS are all similarly strange. If you compare different flavors of unix, they do not adhear to exact standards on the way the os starts up and how they start services, the result is that every software that is installed using standard locations and practices have to use different locations and practices depending on the unix flavor_

Yes, he does install the software in what is considered strange locations, but it is the same across ALL platforms. He had to pick "strange" locations (ie: broke frrom the various standards out there) so that this software was in one location. But if you goto Solaris, Irix, Linux, *BSD you can always find (or should unless the installer changes it) /command, /package, /service, /var/qmail.

Now if that is good or bad is up to debate (I don't like it but I apperciate the effort).

You can also find the latest docs of DJB's code at:

http://cr.yp.to

22: Re: Newbie Installation (response to 1)

Posted by Tom Jackson on 02/06/03 05:34 AM

Just to point out the obvious: inittab should only be used to control services belonging to the root user. This is apparent from the permissions needed to edit the file. Web services don't belong to root, although to capture port 80, they do need the help of root.

daemontools is a set of programs used in controlling user programs. Using the script svgroup, you can setup the permissions necessary for any member of a given group to control the service using svc.

23: Re: Newbie Installation (response to 1)

Posted by Janine Ohmer on 02/06/03 06:10 PM

That's because Mike does everything except those things!

Don is correct, of course. :)

Seriously, though, there is a difference. All of those things are easy to install wherever you want them to go. They do default to non-standard places, but we have created our own standards for them. The difficulty with DJB software, or so I understand, is that it pretty much has to go where he puts it. I don't know if this is a limitation of the install or if it's just because it's too much of a pain to follow the installation instructions otherwise.

Anyway, I believe in "live and let live" for most things, and I'm certainly not trying to convince anyone else not to use DJB software. I just think it should be presented as an option among options, and not the One True Way.