Filtered by category Subsystems Documentation, 31 - 40 of 86 Postings (
all,
summary)
Created by OpenACS community, last modified by Gustaf Neumann 11 Oct 2017, at 08:42 AM
You should have an OpenACS distribution downloaded and available at /var/lib/aolserver/$OPENACS_SERVICE_NAME, otherwise en:Get_the_Code.
Option 1: Use an automated script
A bash script is available to automate all of the steps for the rest of this section. It requires tclwebtest. The automated script can greatly accelerate the install process, but is very sensitive to the install environment. We recommend that you run the automated install and, if it does not work the first time, consider switching to a manual installation.
Get the install script from CVS. It is located within the main cvs tree, at /etc/install. Use anonymous CVS checkout to get that directory in the home directory of the service's dedicated user. We put it there so that it is not overwritten when we do the main CVS checkout to the target location.
[root root]# su - $OPENACS_SERVICE_NAME
[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ cvs -d :pserver:anonymous@cvs.openacs.org:/cvsroot co -d install openacs-4/etc/install
cvs server: Updating install
U install/README
U install/TODO
... many lines omitted ...
U install/tcl/twt-procs.tcl
U install/tcl/user-procs.tcl
[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ cd install
[$OPENACS_SERVICE_NAME install]$ emacs install.tcl
Edit the installation configuration file, /home/$OPENACS_SERVICE_NAME/install/install.tcl and update the site-specific values, such as the new service's IP address and name, which will be written into the new service's config.tcl file. If your system is different from the one described in the previous sections, check the file paths as well. Set do_checkout=yes to create a new OpenACS site directly from a CVS checkout, or =no if you have a fully configured site and just want to rebuild it (drop and recreate the database and repeat the installation). If you have followed a stock installation, the default configuration will work without changes and will install an OpenACS site at 127.0.0.1:8000.
Run the install script install.sh as root:
[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ exit
[root root]# sh /home/$OPENACS_SERVICE_NAME/install/install.sh
/home/$OPENACS_SERVICE_NAME/install/install.sh: Starting installation with config_file
/home/$OPENACS_SERVICE_NAME/install/install.tcl. Using serverroot=/var/lib/aolserver/
$OPENACS_SERVICE_NAME, server_url=http://0.0.0.0:8000, do_checkout=yes, do_install=yes,
dotlrn=no, and database=postgres., use_daemontools=true
... many lines omitted ...
Tue Jan 27 11:50:59 CET 2004: Finished (re)installing /var/lib/aolserver/$OPENACS_SERVICE_NAME.
######################################################################
New site URL: http://127.0.0.1:8000
admin email : admin@yourserver.net
admin password: xxxx
######################################################################
[root root]#
If there are no errors, you can browse to the "Welcome" page of your server. Be sure to visit en:docs-admin for administration help and en:docs-dev-tutorial for tutorials.
Option 2: Install available distribution
Secure the directory so that only the owner can access it. Check the permissions by listing the directory.
[root root]# su - $OPENACS_SERVICE_NAME
[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ cd /var/lib/aolserver
[$OPENACS_SERVICE_NAME aolserver]$ tar xzf /var/tmp/openacs-5.2.0d1.tgz
[$OPENACS_SERVICE_NAME aolserver]$ mv openacs-5.2.0d1 $OPENACS_SERVICE_NAME
[$OPENACS_SERVICE_NAME aolserver]$ chmod -R 775 $OPENACS_SERVICE_NAME
[$OPENACS_SERVICE_NAME aolserver]$ chown -R $OPENACS_SERVICE_NAME.$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME
[$OPENACS_SERVICE_NAME aolserver]$ ls -al
total 3
drwxrwx--- 3 root web 1024 Mar 29 16:41 .
drwxr-xr-x 25 root root 1024 Mar 29 16:24 ..
drwx------ 7 $OPENACS_SERVICE_NAME web 1024 Jan 6 14:36 $OPENACS_SERVICE_NAME
[$OPENACS_SERVICE_NAME aolserver]$ exit
logout
[root root]#
su - $OPENACS_SERVICE_NAME
cd /var/lib/aolserver
tar xzf /var/tmp/openacs-5.2.0d1.tgz
mv openacs-5.2.0d1 $OPENACS_SERVICE_NAME
chmod -R 755 $OPENACS_SERVICE_NAME
chown -R $OPENACS_SERVICE_NAME.$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME
exit
Prepare the database
Prepare Oracle for OpenACS. If you won't be using Oracle, skip to Prepare PostgreSQL for an OpenACS Service
You should be sure that your user account (e.g. $OPENACS_SERVICE_NAME) is in the dba group.
-
Verify membership by typing groups when you login:
[$OPENACS_SERVICE_NAME ~]$ groups
dba web
If you do not see these groups, take the following action:
[$OPENACS_SERVICE_NAME ~]$ su -
Password: ************
[root ~]# adduser $OPENACS_SERVICE_NAME dba
If you get an error about an undefined group, then add that group manually:
[root ~]# groupadd dba
[root ~]# groupadd web
Make sure to logout as root when you are finished with this step and log back in as your regular user.
-
Connect to Oracle using svrmgrl and login:
[$OPENACS_SERVICE_NAME ~]$ svrmgrl
SVRMGR> connect internal
Connected.
-
Determine where the system tablespaces are stored:
SVRMGR> select file_name from dba_data_files;
Example results:
/ora8/m01/app/oracle/oradata/ora8/system01.dbf
/ora8/m01/app/oracle/oradata/ora8/tools01.dbf
/ora8/m01/app/oracle/oradata/ora8/rbs01.dbf
/ora8/m01/app/oracle/oradata/ora8/temp01.dbf
/ora8/m01/app/oracle/oradata/ora8/users01.dbf
/ora8/m01/app/oracle/oradata/ora8/indx01.dbf
/ora8/m01/app/oracle/oradata/ora8/drsys01.dbf
-
Using the above output, you should determine where to store your tablespace. As a general rule, you'll want to store your tablespace on a mount point under the /ora8 directory that is separate from the Oracle system data files. By default, the Oracle system is on m01, so we will use m02. This enables your Oracle system and database files to be on separate disks for optimized performance. For more information on such a configuration, see Chapter 12 of Philip's book. For this example, we'll use /ora8/m02/oradata/ora8/.
-
Create the directory for the datafile; to do this, exit from svrmgrl and login as root for this step:
SVRMGR> exit
[$OPENACS_SERVICE_NAME ~]$ su -
Password: ************
[root ~]# mkdir -p /ora8/m02/oradata/ora8/
[root ~]# chown $OPENACS_SERVICE_NAME:web /ora8/m02/oradata/ora8
[root ~]# chmod 775 /ora8/m02/oradata/ora8
[root ~]# exit
[$OPENACS_SERVICE_NAME ~]$
-
Create a tablespace for the service. It is important that the tablespace can autoextend. This allows the tablespace's storage capacity to grow as the size of the data grows. We set the pctincrease to be a very low value so that our extents won't grow geometrically. We do not set it to 0 at the tablespace level because this would affect Oracle's ability to automatically coalesce free space in the tablespace.
[$OPENACS_SERVICE_NAME ~]$ svrmgrl
SVRMGR> connect internal;
SVRMGR> create tablespace $OPENACS_SERVICE_NAME
datafile '/ora8/m02/oradata/ora8/$OPENACS_SERVICE_NAME01.dbf'
size 50M
autoextend on
next 10M
maxsize 300M
extent management local
uniform size 32K;
-
Create a database user for this service. Give the user access to the tablespace and rights to connect. We'll use $OPENACS_SERVICE_NAMEpassword as our password.
Write down what you specify as service_name (i.e. $OPENACS_SERVICE_NAME) and database_password (i.e. $OPENACS_SERVICE_NAMEpassword). You will need this information for configuring exports and AOLserver.
SVRMGR> create user $OPENACS_SERVICE_NAME identified by $OPENACS_SERVICE_NAMEpassword default tablespace $OPENACS_SERVICE_NAME
temporary tablespace temp quota unlimited on $OPENACS_SERVICE_NAME;
SVRMGR> grant connect, resource, ctxapp, javasyspriv, query rewrite, create view, create synonym to $OPENACS_SERVICE_NAME;
SVRMGR> revoke unlimited tablespace from $OPENACS_SERVICE_NAME;
SVRMGR> alter user $OPENACS_SERVICE_NAME quota unlimited on $OPENACS_SERVICE_NAME;
SVRMGR> exit;
Your table space is now ready. In case you are trying to delete a previous OpenACS installation, consult these commands in the section called “Deleting a tablespace” below.
-
Make sure that you can login to Oracle using your service_name account:
[$OPENACS_SERVICE_NAME ~]$ sqlplus $OPENACS_SERVICE_NAME/$OPENACS_SERVICE_NAMEpassword
SQL> select sysdate from dual;
SYSDATE
----------
2001-12-20
SQL> exit;
You should see today's date in a format 'YYYY-MM-DD.' If you can't login, try redoing step 1 again. If the date is in the wrong format, make sure you followed the steps outlined in the section called “Troubleshooting Oracle Dates”
Prepare PostgreSQL for an OpenACS Service.
-
PostgreSQL:
Create a user in the database matching the service name. With default PostgreSQL authentication, a system user connecting locally automatically authenticates as the postgres user of the same name, if one exists. We currently use postgres "super-users" for everything, which means that anyone with access to any of the openacs system accounts on a machine has full access to all postgresql databases on that machine.
[root root]# su - postgres
[postgres pgsql]$ createuser -a -d $OPENACS_SERVICE_NAME
CREATE USER
[postgres pgsql]$ exit
logout
[root root]#
-
Create a database with the same name as our service name, $OPENACS_SERVICE_NAME.
[root root]# su - $OPENACS_SERVICE_NAME
[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ createdb -E UNICODE $OPENACS_SERVICE_NAME
CREATE DATABASE
-
Automate daily database Vacuuming. This is a process which cleans out discarded data from the database. A quick way to automate vacuuming is to edit the cron file for the database user. Recommended: VACUUM ANALYZE every hour and VACUUM FULL ANALYZE every day.
[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ export EDITOR=emacs;crontab -e
Add these lines to the file. The vacuum command cleans up temporary structures within a PostGreSQL database, and can improve performance. We vacuum gently every hour and completely every day. The numbers and stars at the beginning are cron columns that specify when the program should be run - in this case, whenever the minute is 0 and the hour is 1, i.e., 1:00 am every day, and every (*) day of month, month, and day of week. Type man 5 crontab for more information.
0 1-23 * * * /usr/local/pgsql/bin/vacuumdb --analyze $OPENACS_SERVICE_NAME
0 0 * * * /usr/local/pgsql/bin/vacuumdb --full --analyze $OPENACS_SERVICE_NAME
Depending on your distribution, you may receive email when the crontab items are executed. If you don't want to receive email for those crontab items, you can add > /dev/null 2>&1 to the end of each crontab line
At this point the database should be ready for installing OpenACS.
Configure an AOLserver Service for OpenACS.
-
The AOLserver architecture lets you run an arbitrary number of virtual servers. A virtual server is an HTTP service running on a specific port, e.g. port 80. In order for OpenACS to work, you need to configure a virtual server. The Reference Platform uses a configuration file included in the OpenACS tarball, /var/lib/aolserver/$OPENACS_SERVICE_NAME/etc/config.tcl. Open it in an editor to adjust the parameters.
[root root]# su - $OPENACS_SERVICE_NAME
[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ cd /var/lib/aolserver/$OPENACS_SERVICE_NAME/etc
[$OPENACS_SERVICE_NAME etc]$ emacs config.tcl
You can continue without changing any values in the file. However, if you don't change address to match the computer's ip address, you won't be able to browse to your server from other machines. See en:aolserver-admin for an explanation of some other values you might want to change in the config.tcl file.
Verify AOLserver startup.
-
Kill any current running AOLserver processes and start a new one. The recommended way to start an AOLserver process is by running the included script, /var/lib/aolserver/$OPENACS_SERVICE_NAME/etc/daemontools/run. If you are not using the default file paths and names, you will need to edit run.
If you want to use port 80, there are complications. AOLserver must be root to use system ports such as 80, but refuses to run as root for security reasons. So, we call the run script as root and specify a non-root user ID and Group ID which AOLserver will switch to after claiming the port. To do so, find the UID and GID of the $OPENACS_SERVICE_NAME user via grep $OPENACS_SERVICE_NAME /etc/passwd and then put those numbers into the command line via -u 501 -g 502. In AOLserver 4, you must also send a -b flag. Do this by editing the run file as indicated in the comments.
If you are root then killall will affect all OpenACS services on the machine, so if there's more than one you'll have to do ps -auxw | grep nsd and selectively kill by job number.
[$OPENACS_SERVICE_NAME etc]$ killall nsd
nsd: no process killed
[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ /usr/local/aolserver/bin/nsd-postgres -t /var/lib/aolserver/$OPENACS_SERVICE_NAME/etc/config.tcl
[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ [08/Mar/2003:18:13:29][32131.8192][-main-] Notice: nsd.tcl: starting to read config file...
[08/Mar/2003:18:13:29][32131.8192][-main-] Notice: nsd.tcl: finished reading config file.
-
Attempt to connect to the service from a web browser. You should specify a URL like: http://yourserver.test:8000
You should see a page that looks like this, otherwise check the en:aolserver-admin Troobleshooting secton.
Configure a Service with the OpenACS Installer. Now that you've got AOLserver up and running, let's install OpenACS 5.2.0d1.
-
You should see a page from the webserver titled OpenACS Installation: Welcome. You will be warned if your version of the database driver is out of date, if AOLserver cannot connect to the database, if any modules are missing or out-of-date, or if there are any problems with filesystem permissions on the server side. But if everything is fine, you can click Next to proceed to load the OpenACS Kernel data model.
-
The next page shows the results of loading the OpenACS Kernel data model - be prepared to wait a few minutes as it works. You should see a string of output messages from the database as the datamodel is created. You'll see the line:
Loading package .info files ... this will take a few minutes
This will really take a few minutes. Have faith! Finally, another Next button will appear at the bottom - click it.
-
The following page shows the results of loading the core package data models. You should see positive results for each of the previously selected packages, but watch out for any errors. Eventually, the page will display "Generating secret tokens" and then "Done"- click Next.
-
You should see a page, "OpenACS Installation: Create Administrator" with form fields to define the OpenACS site administrator. Fill out the fields as appropriate, and click Create User.
-
You should see a page, "OpenACS Installation: Set System Information" allowing you to name your service. Fill out the fields as appropriate, and click Set System Information
-
You'll see the final Installer page, "OpenACS Installation: Complete." It will tell you that the server is being restarted; note that unless you already set up a way for AOLserver to restart itself (ie. inittab or daemontools), you'll need to manually restart your service.
[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ /usr/local/aolserver/bin/nsd-postgres -t /var/lib/aolserver/$OPENACS_SERVICE_NAME/etc/config.tcl
-
Give the server a few minutes to start up. Then reload the final page above. You should see the front page, with an area to login near the upper right. Congratulations, OpenACS <version> is now up and running!
ref: https://openacs.org/doc/openacs.html
Created by OpenACS community, last modified by Benjamin Brink 22 Jul 2017, at 11:49 PM
OpenACS for everyone
OpenACS (Open Architecture Community System) is:
- an advanced toolkit for building scalable, community-oriented web applications.
- a robust, scalable framework (see: en:openacs-system) for building dynamic content driven sites and enterprise-level web applications.
- a collection of pre-built applications and services that you can build on to create a custom web-site or application.
- derived from the ArsDigita Community System (ACS). ArsDigita (now part of Red Hat, Inc.) kindly made their work available under the GPL, making all of this possible.
Through a modular architecture, OpenACS has packages for user/groups management, content management, e-commerce, news, FAQs, calendar, forums, bug tracking, wiki (XoWiki), full-text searching etc. See OpenACS repository.
Strengths
Use the OpenACS fourms to contact the OpenACS community. We welcome your feedback and can help with your OpenACS endeavors. Commercial support is also available.
What others say about OpenACS
Others' descriptions of OpenACS
Testimonials posted to forums on OpenACS
History of OpenACS
See: History of OpenACS en:docs-history
Bibliography and Credits
See: Documentation Credits en:doc-credits
Created by OpenACS community, last modified by Benjamin Brink 07 Jul 2017, at 07:15 AM
Getting admin-level help
Install OpenACS
Setup database environment variables. See end of https://openacs.org/doc/openacs.html,
https://openacs.org/doc/backup-recovery.html, and https://openacs.org/doc/snapshot-backup.html
https://openacs.org/doc/analog-setup.html
For creating custom pages, see developer tutorials https://openacs.org/doc/tutorial.html
Administrating a system
These OpenACS packages are useful for diagnostics and development:
Performance monitoring
Bibliography and Credits
See en:doc-credits.
Created by OpenACS community, last modified by Benjamin Brink 07 Jul 2017, at 07:11 AM
Site and System Administrators - Documentation Requirements
By the OpenACS Community. This section is a collection of documentation requirements that have been expressed in the OpenACS forums to 4th July 2003.
OpenACS administrators' documentation should meet the following requirements. No significance has been given to the order presented, topic breadth or depth here.
-
For each requirement below, include links to developer tutorials and other documentation for more detail.
-
Describe a structural overview of a working system and how the components work together. "The Layered Cake view" a general network view of system; a table showing system levels versus roles to help with understanding how the subsystems are interconnected.
-
Provide a comprehensive description of typical administrative processes for operating an OpenACS system responsibly, including reading logs and command line views that describe status of various active processes.
-
Create a list of administrative tools that are useful to administrating OpenACS, including developer support, schema-browser and api browser. Link to AOLserver's config file documentation.
-
Resources on high level subjects such as web services, security guidelines
-
Describe typical skill sets (and perhaps mapped to standardized job titles) for administrating an OpenACS system (human-resources style). For a subsite admin/moderator attributes might include trustworthy, sociable, familiarity with the applications and subsystems, work/group communication skills et cetera
-
Describe how to set up typical site moderation and administration including parameters, permissions, "Hello World" page
-
Show directory structure of a typical package, explanation of the various file types in a package (tcl,adp,xql) and how those relate to the previously described subsystems, when they get refreshed etc.
-
Ways to build a "Hello World" page
-
Show examples of how the OpenACS templating system is used, including portal sections of pages. For example, create a customised auto-refreshing startpage using lars-blogger, a photo gallery, and latest posts from a forum. This should rely heavily on documentation existing elsewhere to keep current. This would essentially be a heavily annotated list of links.
-
Show ways of modifying the look and feel across pages of an OpenACS website. Refer to the skins package tutorial.
-
Describe a methodology for diagnosing problems, finding error statements and interpreting them --for OpenACS and the underlying processes.
-
FAQs: Administration tasks commonly discussed on boards: admin page flow, how to change the looks of a subsite with a new master.adp, options on "user pages" , a quick introduction to the functions and processes. info about the user variables, file locations
Pull in docs from: https://openacs.org/doc/acs-admin.html
Created by OpenACS community, last modified by Benjamin Brink 07 Jul 2017, at 07:06 AM
Keeping track of the commands you run and recording their output has important diagnostic value. I like to create a literal history of my installations in a shell inside of emacs (M-x shell) so that I can save the output if needed. An alternative would be to use the script command.
Check the error logs. We point out the location of error logs for the various pieces of software. Output from those logs will help you, and help us help you. Do not worry if you feel overwhelmed by all the information in the error logs. Over time, you will find that they make more and more sense. At some point, you may actually look forward to errors so that you can run to the log and diagnose the problem.
If something goes wrong, do not panic. There are plenty of ways to get help. Here are some:
-
Search the forums at openacs.org - Frequently, people who have struggled through the same issue have already posted and received help with answers immediately available to you.
-
The bottom of each page has a link to OpenACS.org, where you can post comments and read other users comments about the contents of the page.
-
Post a question on the forums. Make sure you've done a search first. When you do post, be sure to include your setup information (OS, etc) as well as the exact commands that are failing with the accompanying error. If there is a SQL error in the TCL error or in the log, post that too.
-
Ask questions at the irc channel on freenode.net (#openacs). They're knowledgeable and quite friendly if you can keep them on topic.
-
If you find errors in this document or if you have ideas about making it better, please post them in the forum or BugTracker.
Created by OpenACS community, last modified by Benjamin Brink 30 Jun 2017, at 06:56 AM
OpenACS Performance Tuning
Here is some documentation on general OpenACS performance tuning:
Much performance tuning is targeted at the subsystems level, and so you will find some specific tuning information in these pages:
A broad scope of causes can be attributed to OpenACS performance issues. These forum threads help identify useful diagnostic techniques and accurate testing to help narrow the scope of problem areas etc.
Created by Kenneth Wyrick, last modified by Benjamin Brink 29 Jun 2017, at 11:38 AM
Next-Steps
After following:
Debian Installation Instructions
A. Installing Daemontools
Documentation
nano /usr/share/doc/openacs|dotlrn/README.daemontools on openacs package.
apt-get install daemontools daemontools-run
B. Configuring Daemontools and Using SVC
1) Change the "StartDaemon" value to "no" in /etc/default/:
# OpenACS
nano /etc/default/openacs
... or ...
# .LRN
nano /etc/default/dotlrn
2) Stop the daemon:
# OpenACS
/etc/init.d/openacs stop
... or ...
# .LRN
/etc/init.d/dotlrn stop
3) Link daemontools dotlrn|openacs script:
# OpenACS
ln -s /usr/share/openacs/etc/daemontools /etc/service/openacs
... or ...
# .LRN
ln -s /usr/share/dotlrn/etc/daemontools /etc/service/dotlrn
Now you can control the dotlrn service using the svc command:
* To start the service: svc -u /etc/service//openacs or dotlrn
* To stop the service: svc -d /etc/service//openacs or dotlrn
* To restart the service: svc -t /etc/service/openacs or dotlrn
C. If There's Problems Purge and Reinstall
apt-get remove --purge openacs or dotlrn
apt-get install openacs or dotlrn
D. To configure the instance to listen on a different IP than 127.0.0.1
Edit the config.tcl file:
nano /etc/openacs|dotlrn/config.tcl
Change the following parameters to fit your needs:
set hostname Your hostname
set address to Your public IP
E. Backup and Restore (to be filled in)
and found that I had to figure out how to:
su - $OPENACS_SERVICE_NAME
pg_dump -f /var/lib/aolserver/$OPENACS_SERVICE_NAME/database-backup/before_upgrade_to_4.6.dmp openacs-dev
ls -al /var/lib/aolserver/$OPENACS_SERVICE_NAME/database-backup/before_upgrade_to_4.6.dmp
exit
The $OPENACS_SERVICE_NAME
which I thought would be "dotlrn"
turned out to be "www-data"
Next I found there was no /var/lib/aolserver but there are /var/lib/dotlrn and /var/lib/postgresql
The default paths show the locations that were decided upon (in early 2004) so below we will try to document were things are in a standard dotlrn installation, now.
a work in progress |
|
|
|
OpenACS service |
dotlrn |
OpenACS service account |
www-data |
OpenACS database name |
dotlrn |
SERVERROOT |
/usr/share/dotlrn/www |
Database backup directory |
/var/backups/ |
Service config files |
/usr/share/dotlrn/etc/config.tcl |
Service log files |
/usr/share/dotlrn/log/ |
PostgreSQL directory |
/usr/lib/postgresql/8.3/main |
AOLserver directory |
/usr/lib/aolserver4 |
Backup Script |
/usr/share/dotlrn/etc/backup.sh |
F. Installing Packages (to be filled in)
1. From .LRN CVS
a) Create a local repository
b) Download to your local repository
G. View the Log File
nano /var/log/aolserver4/dotlrn/error.log
H. Mail Server (to be filled in)
- Installation
- configuration
Created by Benjamin Brink, last modified by Benjamin Brink 29 Jun 2017, at 11:33 AM
It's imperative that you secure your installation. As Jon Griffin repeatedly warns us, "No distribution is secure out of the box."
A Reference Platform implements some basic precautions, but security is a process, not a condition. If you are responsible for a computer hooked to the internet, you are responsible for learning some rudiments of security, such as monitoring the state of a computer, maintaining patch levels, and keeping backups.
We recommend these resources:
Content Security Policies (CSP)
OpenACS supports CSP starting with version 5.9.1.
Created by OpenACS community, last modified by Benjamin Brink 29 Jun 2017, at 11:30 AM
Follow the installation directions that come with the distribution.
There are generally 2 strategies at this point:
- Install an OS with minimum programs, or
- Install a suite of programs, for example choose between a developer set or desktop set.
Precaution
For a quick installation, we recommend the two scripts at naviserver-openacs. These will install OpenACS from scratch on a variety of systems (including Debian/RHEL Linux or Mac OS X). Detailed dependencies are listed during the build process.
For other ways to install or try OpenACS See openacs-system-install.
Steps for manually installing OpenACS
We recommend installing only the OS to minimize the chances of conflicts resulting from installing 2 or more copies of one of the OpenACS system components (openacs-system).
Many additional programs, such as a build environment (gcc), Mail Transport Agent (MTA), and source control system, are also needed for a fully operational installation. Most of these are included with a basic OS installation.
Install some helper software
You might want to install some of these after a minimum OS install, since OpenACS administration usually assumes you have these (or alternates) installed:
- wget
- emacs or vi/vim
- bash shell (usually automatically installed with Linux distributions)
- gcc or equivalent (along with standard distribution source libraries) - if you plan to install software from source.
- ImageMagick or GraphicsMagick - used by some packages for server side image processing
- aspell - used to offer spell checking in forms
*nix install guides
some helpful documentation for installing *nix flavors
Next, secure your system: system-security
Created by OpenACS community, last modified by Gustaf Neumann 18 Jun 2017, at 12:37 PM
by Matthew Burke and Curtis Galloway and others
NOTE: These instructions were valid for ACS v4, but have not been tested with OpenACS and the ArsDigita binary distributions are no longer available. Currently (Summer 2010), the best option to get OpenACS 5.6.* and .LRN 2.5.* running on Windows is to use the native windows installation Windows-OpenACS by Spazio IT (Maurizio Martignano).
Overview
With the recent release of a win32 version of AOLserver, it is now possible to run the OpenACS on Windows2000 and Windows98. This document explains the steps necessary to get the OpenACS installed and running on your machine.
Note:
We do not recommend running a production server on Windows98. But the platform is more than sufficient for working the problem sets and for getting a feel for the OpenACS.
You'll need to use the ArsDigita binary distribution of AOLserver for the Win32 platform, which contains patches for several problems we have come across in the default AOLserver binary distribution. See the ArsDigita AOLserver 3 distribution page (from archive.org) for details.
You can download the binary distribution from the ArsDigita download page (compliments of Eve Andersson) under "ArsDigita AOLserver 3 Binary Distribution for Win32." Please read the release notes in the distribution for configuration notes specific to the version you are downloading.
Prerequisites
It is helpful if you have Oracle interMedia Text for full-text searches. We're also trying to make our system work with the PLS System, available free from http://www.pls.com.
Although the zsh shell is the only command-line tool required to install the OpenACS, if you are a UNIX person used to typing ls instead of dir you'll get along much better with the Cygwin toolkit. This is a development library and set of tools that gives you a very UNIX-like environment under Windows. In particular, it includes bash, gzip and tar, which you can use to perform the OpenACS installation instead of WinZip and zsh.
Your Oracle installation
When you install Oracle, a good rule of thumb is "every default setting is wrong." We will not discuss Oracle configuration here except to mention that the OpenACS requires Oracle's NLS_DATE_FORMAT parameter be set to 'YYYY-MM-DD'. Fixing this depends on whether Oracle Administration Assistant for Windows NT (yes, that's Windows NT) will run on your machine or not (in some cases, it will complain about Microsoft Management Console not being installed).
If it runs on your machine, proceed as follows:
-
Run Oracle Administration Assistant for Windows NT
-
Navigate using the Explorer-style control in the left panel and select the Oracle Home for the database you wish to use.
-
Bring up its properties dialog and add a parameter NLS_DATE_FORMAT with value 'YYYY-MM-DD' (without the quotes)
-
Verify the date format by logging into the database using SQL Plus and run the following query: select sysdate from dual;
Otherwise you will need to perform a little registry surgery as follows:
-
Run regedit and navigate down the registry keys to HKEY_LOCAL_MACHINE\Software\ORACLE.
-
Choose the appropriate subtree; this will be HOME0 if you only have on einstallation of Oracle.
If you are an Oracle achiever and have more than one Oracle installation on your machine, you will see HOME0, HOME1, HOME2, etc. Choose the subtree that corresponds to the Oracle installtion you wish to use with the OpenACS.
-
If the NLS_DATE_FORMAT key is already present, double-click on its value and change it to 'YYYY-MM-DD' (without the quotes). If the key does not exist, choose Edit->New->String Value from the menu and type NLS_DATE_FORMAT for the name of the new value to create it. Then double-click on the empty value to change it.
-
Verify the date format by logging into the database using SQL Plus and run the following query: select sysdate from dual;
For more information on Oracle configuration look at oracle-install or search the OpenACS forums. One other note: the "nuke a user" admin page and Intermedia won't run unless you set open_cursors = 500 for your database.
The ArsDigita binary installation
Extract the ArsDigita AOLserver distribution onto the C: drive into the default aol30 directory. You can install it on any drive, but it will make your life easier if you keep the AOLserver binary and your OpenACS instance on the same drive. For the rest of these instructions, we'll assume that you used drive C:.
Untar the OpenACS
We recommend rooting webserver content in c:\web. Since most servers these days are expected to run multiple services from multiple IP addresses, each server gets a subdirectory from c:\web. For example, http://scorecard.org would be rooted at c:\web\scorecard on one of our machines and if http://jobdirect.com were on the same box then it would be at c:\web\jobdirect.
For the sake of argument, we're going to assume that your service is called "yourdomain", is going to be at http://yourdomain.com and is rooted at c:\web\yourdomain in the Windows 2000 file system. Note that you'll find our definitions files starting out with "yourdomain.com".
You'll now find that c:\web\yourdomain\www contains the document root and c:\web\yourdomain\tcl contains Tcl scripts that are loaded when the AOLserver starts up.
Feeding Oracle the Data Model
The entire server will behave in an unhappy manner if it connects to Oracle and finds that, for example, the users table does not exist. Thus you need to connect to Oracle as whatever user the AOLserver will connect as, and feed Oracle the table definitions.
-
load the states, country_codes and counties tables using the load-geo-tables shell script in the c:\web\yourdomain\www\install directory. You will need to open a console window and run
zsh load-geo-tables foo/foopassword
You most likely will see a slew of "Commit point reached . . . " messages. This does not indicate a problem.
-
cd to c:\web\yourdomain\www\doc\sql and feed Oracle the .sql files that you find there. There is a meta-loader file, load-data-model.sql, that includes the other files in the proper order. To use it, open a console window and run
sqlplus foo/foopassword < load-data-model.sql
-
If you have interMedia installed, while still in c:\web\yourdomain\www\doc\sql, run
zsh load-site-wide-search foo foopassword ctxsys-password
Note that there's no slash between foo and foopassword here. The third argument, ctxsys-password, is the password for interMedia Text's special ctxsys user.
Configuring AOLserver
You will need two configuration files. The first is a Tcl file with configuration information for AOLserver. This should be called yourdomain and should be located in c:\aolserve3_0. The second is an .ini file that configures the OpenACS and is discussed below. Note that pathnames in yourdomain must use forward slashes rather than the Windows back slashes. This is also true for the .ini file.
The following items must be defined in yourdomain:
-
three database pools: main, subquery, and log. They must be named as such. The default pool will be "main".
-
the auxconfig directory which contains the .ini file: c:\web\yourdomain\parameters
-
the pageroot: c:\web\yourdomain\www
-
the directory containing the TclLibrary: c:\web\yourdomain\tcl
You can use our template file as a starting point (you'll need to save this file with a rather than .txt extension).
Configuring OpenACS itself
If you want a system that works, go to c:\web\yourdomain\parameters and copy ad.ini to yourdomain.ini (or any other name different from ad.ini). You don't actually have to delete ad.ini.
Each section of yourdomain.ini has a hardcoded "yourservername" in the name (e.g. [ns/server/yourservername/acs]). This means that the OpenACS will ignore your configuration settings unless your AOLserver name happens to be "yourservername". Therefore you must go through yourdomain.ini and change "yourservername" to whatever you're calling this particular AOLserver (look at the server name in the nsd file for a reference).
Unless you want pages that advertise a community called "Yourdomain Network" owned by "webmaster@yourdomain.com", you'll probably want to edit the text of yourdomain.ini to change system-wide parameters. If you want to see how some of these are used, a good place to look is c:\web\yourdomain\tcl\ad-defs. The Tcl function, ad_parameter, is used to grab parameter values from the .ini file.
Starting the Service
Now you're ready to start things up. Before installing as a Windows service, you might want to test the setup for configuration errors. Open up a console window and go to c:\aol30. Then run
bin\nsd -ft yourdomain.tcl
This will print all the AOLserver messages to the console so you can see them.
Try to connect to your new server with a web browser. If you see the message "Error in serving group pages", you probably forgot to copy the ad.ini file in c:\web\yourdomain\parameters If everything seems ok, you can kill the server with Control-c and then issue the following command to install as a Windows service:
bin\nsd -I -s yourdomain -t yourdomain.tcl
You can now configure error recovery and other Windows aspects of the service from the Services control panel. If you make further changes to yourdomain or yourdomain.ini you should stop and start the service from the Services control panel.
Configuring Permissions
Now, you need to protect the proper administration directories of the OpenACS. You decide the policy although we recommend requiring the admin directories be accessible only via an SSL connection. Here are the directories to consider protecting:
-
/doc (or at least /doc/sql/ since some AOLserver configurations will allow a user to execute SQL files)
-
/admin
-
any private admin dirs for a module you might have written that are not underneath the /admin directory
Adding Yourself as a User and Making Yourself a Sysadmin
OpenACS will define two users: system and anonymous. It will also define a user group of system administrators. You'll want to add yourself as a user (at /register/ ) and then add yourself as as member of the site-wide administration group. Start by logging out as yourself and logging in as the system user (email of "system"). Change the system user's password. Visit the https://yourservername.com/admin/ug/ directory and add your personal user as a site-wide administrator. Now you're bootstrapped!
If you do not know what the system user's password is connect to Oracle using SQL Plus and run the following query:
select password from users where last_name = 'system';
Where to Find What
A few pointers:
-
the /register directory contains the login and registration scripts. You can easily redirect someone to /register/index to have them login or register.
-
the /pvt directory is for user-specific pages. They can only be accessed by people who have logged in.
Making sure that it works
Run the acceptance tests in /doc/acceptance-test
Running Multiple Instances of the OpenACS
You can run multiple instances of the OpenACS on a physical machine but they must each be set up as a separate Windows service. Each instance of the OpenACS must have its own:
-
Oracle tablespace and a user account with the appropriate permissions on that tablespace. Each of these tablespaces must have the OpenACS data model loaded.
-
file with the appropriate settings including server name, auxconfig, ipaddress, and port.
-
Copy of the acs files in an appropriate directory under c:\web.
Suppose you wish to run two services: lintcollectors.com and iguanasdirect.com. You would need the following:
-
an Oracle tablespace, lintcollectors with a user lintcollectors and password secretlint
-
an Oracle tablespace, iguanasdirect with a user iguanasdirect and password secretiguanas
For each of these tablespaces/users you would load the OpenACS data model as described above. Then in c:\aolserver3_0 create files for each service, i.e. lintcollectors and iguanasdirect. These files would point to their respective pageroots, c:\web\lintcollectors\www and c:\web\iguanasdirect\www; their respective auxconfigdirs, c:\web\lintcollectors\parameters and c:\web\iguanasdirect\parameters; etc. In the respective auxconfigdirs would be the files lintcollectors.ini and iguanasdirect.ini.
Now open a console window and go to c:\aol30. You'll start up the two services as follows:
bin\nsd -I -s lintcollectors -t lintcollectors.tcl
bin\nsd -I -s iguanasdirect -t iguanasdirect.tcl
In the services control panel you should see two services: AOLserver-lintcollectors and AOLserver-iguanasdirect.
ref: https://openacs.org/doc/win2k-installation.html