root / docs / source / adminguide.rst @ 0f8ffac4
History | View | Annotate | Download (7 kB)
1 | 4ddc02a2 | Giorgos Verigakis | Administrator Guide |
---|---|---|---|
2 | 4ddc02a2 | Giorgos Verigakis | =================== |
3 | 4ddc02a2 | Giorgos Verigakis | |
4 | e46798b5 | Antony Chazapis | Simple Setup |
5 | e46798b5 | Antony Chazapis | ------------ |
6 | e46798b5 | Antony Chazapis | |
7 | e46798b5 | Antony Chazapis | Assuming a clean debian squeeze (stable) installation, use the following steps to run the software. |
8 | e46798b5 | Antony Chazapis | |
9 | 75453cf2 | Antony Chazapis | Install packages:: |
10 | 4ddc02a2 | Giorgos Verigakis | |
11 | 0f8ffac4 | Antony Chazapis | apt-get install git python-django python-django-south python-setuptools python-sphinx python-httplib2 |
12 | ac930057 | root | apt-get install python-sqlalchemy python-mysqldb python-psycopg2 |
13 | 75453cf2 | Antony Chazapis | apt-get install apache2 libapache2-mod-wsgi |
14 | 75453cf2 | Antony Chazapis | |
15 | 75453cf2 | Antony Chazapis | Get the source:: |
16 | 75453cf2 | Antony Chazapis | |
17 | 75453cf2 | Antony Chazapis | cd / |
18 | 75453cf2 | Antony Chazapis | git clone https://code.grnet.gr/git/pithos |
19 | 75453cf2 | Antony Chazapis | |
20 | f4b61e0c | Antony Chazapis | Setup the files (choose where to store data in ``settings.py`` and change ``SECRET_KEY``):: |
21 | 75453cf2 | Antony Chazapis | |
22 | 75453cf2 | Antony Chazapis | cd /pithos/pithos |
23 | 75453cf2 | Antony Chazapis | cp settings.py.dist settings.py |
24 | 7e318fc8 | Antony Chazapis | python manage.py syncdb |
25 | 0c581627 | Sofia Papagiannaki | python manage.py schemamigration im --initial |
26 | 7a0063ef | Antony Chazapis | cd /pithos |
27 | 7a0063ef | Antony Chazapis | python setup.py build_sphinx |
28 | 75453cf2 | Antony Chazapis | |
29 | e46798b5 | Antony Chazapis | Edit ``/etc/apache2/sites-available/pithos`` (change the ``ServerName`` directive):: |
30 | 75453cf2 | Antony Chazapis | |
31 | 75453cf2 | Antony Chazapis | <VirtualHost *:80> |
32 | 27f35ee3 | Antony Chazapis | ServerAdmin webmaster@pithos.dev.grnet.gr |
33 | 27f35ee3 | Antony Chazapis | ServerName pithos.dev.grnet.gr |
34 | 27f35ee3 | Antony Chazapis | |
35 | 27f35ee3 | Antony Chazapis | DocumentRoot /pithos/htdocs |
36 | 27f35ee3 | Antony Chazapis | Alias /ui "/var/www/pithos_web_client" |
37 | 27f35ee3 | Antony Chazapis | Alias /docs "/pithos/docs/build/html" |
38 | 27f35ee3 | Antony Chazapis | |
39 | 27f35ee3 | Antony Chazapis | <Directory /> |
40 | 27f35ee3 | Antony Chazapis | Options Indexes FollowSymLinks |
41 | 27f35ee3 | Antony Chazapis | AllowOverride None |
42 | 27f35ee3 | Antony Chazapis | Order allow,deny |
43 | 27f35ee3 | Antony Chazapis | Allow from all |
44 | 27f35ee3 | Antony Chazapis | </Directory> |
45 | 27f35ee3 | Antony Chazapis | |
46 | 27f35ee3 | Antony Chazapis | RewriteEngine On |
47 | 22062611 | Antony Chazapis | RewriteRule ^/v(.*) /api/v$1 [PT,NE] |
48 | 22062611 | Antony Chazapis | RewriteRule ^/public(.*) /api/public$1 [PT,NE] |
49 | 22062611 | Antony Chazapis | RewriteRule ^/tools(.*) /api/ui$1 [PT,NE] |
50 | 22062611 | Antony Chazapis | RewriteRule ^/im(.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE] |
51 | 22062611 | Antony Chazapis | RewriteRule ^/login(.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE] |
52 | 27f35ee3 | Antony Chazapis | |
53 | 27f35ee3 | Antony Chazapis | WSGIScriptAlias /api /pithos/pithos/wsgi/pithos.wsgi |
54 | 27f35ee3 | Antony Chazapis | # WSGIDaemonProcess pithos |
55 | 27f35ee3 | Antony Chazapis | # WSGIProcessGroup pithos |
56 | 27f35ee3 | Antony Chazapis | |
57 | 27f35ee3 | Antony Chazapis | LogLevel warn |
58 | 27f35ee3 | Antony Chazapis | ErrorLog ${APACHE_LOG_DIR}/pithos.error.log |
59 | 27f35ee3 | Antony Chazapis | CustomLog ${APACHE_LOG_DIR}/pithos.access.log combined |
60 | 75453cf2 | Antony Chazapis | </VirtualHost> |
61 | 75453cf2 | Antony Chazapis | |
62 | 7e318fc8 | Antony Chazapis | Edit ``/etc/apache2/sites-available/pithos-ssl`` (assuming files in ``/etc/ssl/private/pithos.dev.grnet.gr.key`` and ``/etc/ssl/certs/pithos.dev.grnet.gr.crt`` - change the ``ServerName`` directive):: |
63 | 75453cf2 | Antony Chazapis | |
64 | 75453cf2 | Antony Chazapis | <IfModule mod_ssl.c> |
65 | 75453cf2 | Antony Chazapis | <VirtualHost _default_:443> |
66 | 27f35ee3 | Antony Chazapis | ServerAdmin webmaster@pithos.dev.grnet.gr |
67 | 27f35ee3 | Antony Chazapis | ServerName pithos.dev.grnet.gr |
68 | 27f35ee3 | Antony Chazapis | |
69 | 27f35ee3 | Antony Chazapis | DocumentRoot /pithos/htdocs |
70 | 27f35ee3 | Antony Chazapis | Alias /ui "/var/www/pithos_web_client" |
71 | 27f35ee3 | Antony Chazapis | Alias /docs "/pithos/docs/build/html" |
72 | 27f35ee3 | Antony Chazapis | |
73 | 27f35ee3 | Antony Chazapis | <Directory /> |
74 | 27f35ee3 | Antony Chazapis | Options Indexes FollowSymLinks |
75 | 27f35ee3 | Antony Chazapis | AllowOverride None |
76 | 27f35ee3 | Antony Chazapis | Order allow,deny |
77 | 27f35ee3 | Antony Chazapis | Allow from all |
78 | 27f35ee3 | Antony Chazapis | </Directory> |
79 | 27f35ee3 | Antony Chazapis | |
80 | 27f35ee3 | Antony Chazapis | RewriteEngine On |
81 | 22062611 | Antony Chazapis | RewriteRule ^/v(.*) /api/v$1 [PT,NE] |
82 | 22062611 | Antony Chazapis | RewriteRule ^/public(.*) /api/public$1 [PT,NE] |
83 | 22062611 | Antony Chazapis | RewriteRule ^/tools(.*) /api/ui$1 [PT,NE] |
84 | 22062611 | Antony Chazapis | RewriteRule ^/im(.*) /api/im$1 [PT,NE] |
85 | 22062611 | Antony Chazapis | RewriteRule ^/login(.*) /api/im/login/dummy$1 [PT,NE] |
86 | 27f35ee3 | Antony Chazapis | |
87 | 27f35ee3 | Antony Chazapis | WSGIScriptAlias /api /pithos/pithos/wsgi/pithos.wsgi |
88 | 27f35ee3 | Antony Chazapis | # WSGIDaemonProcess pithos |
89 | 27f35ee3 | Antony Chazapis | # WSGIProcessGroup pithos |
90 | 27f35ee3 | Antony Chazapis | |
91 | 27f35ee3 | Antony Chazapis | LogLevel warn |
92 | 27f35ee3 | Antony Chazapis | ErrorLog ${APACHE_LOG_DIR}/pithos.error.log |
93 | 27f35ee3 | Antony Chazapis | CustomLog ${APACHE_LOG_DIR}/pithos.access.log combined |
94 | 27f35ee3 | Antony Chazapis | |
95 | 27f35ee3 | Antony Chazapis | SSLEngine on |
96 | 27f35ee3 | Antony Chazapis | SSLCertificateFile /etc/ssl/certs/pithos.dev.grnet.gr.crt |
97 | 27f35ee3 | Antony Chazapis | SSLCertificateKeyFile /etc/ssl/private/pithos.dev.grnet.gr.key |
98 | 75453cf2 | Antony Chazapis | </VirtualHost> |
99 | 75453cf2 | Antony Chazapis | </IfModule> |
100 | 75453cf2 | Antony Chazapis | |
101 | 0112e6e9 | Antony Chazapis | Add in ``/etc/apache2/mods-available/wsgi.conf``:: |
102 | 0112e6e9 | Antony Chazapis | |
103 | 0112e6e9 | Antony Chazapis | WSGIChunkedRequest On |
104 | 0112e6e9 | Antony Chazapis | |
105 | 75453cf2 | Antony Chazapis | Configure and run apache:: |
106 | 75453cf2 | Antony Chazapis | |
107 | 75453cf2 | Antony Chazapis | a2enmod ssl |
108 | 75453cf2 | Antony Chazapis | a2enmod rewrite |
109 | 75453cf2 | Antony Chazapis | a2dissite default |
110 | 75453cf2 | Antony Chazapis | a2ensite pithos |
111 | 75453cf2 | Antony Chazapis | a2ensite pithos-ssl |
112 | 75453cf2 | Antony Chazapis | mkdir /var/www/pithos |
113 | 75453cf2 | Antony Chazapis | mkdir /var/www/pithos_web_client |
114 | 75453cf2 | Antony Chazapis | /etc/init.d/apache2 restart |
115 | e46798b5 | Antony Chazapis | |
116 | e46798b5 | Antony Chazapis | Useful alias to add in ``~/.bashrc``:: |
117 | e46798b5 | Antony Chazapis | |
118 | 904fdebe | Antony Chazapis | alias pithos-sync='cd /pithos && git pull && python setup.py build_sphinx && /etc/init.d/apache2 restart' |
119 | 904fdebe | Antony Chazapis | |
120 | aa62890f | Antony Chazapis | Gunicorn Setup |
121 | aa62890f | Antony Chazapis | -------------- |
122 | aa62890f | Antony Chazapis | |
123 | aa62890f | Antony Chazapis | Add in ``/etc/apt/sources.list``:: |
124 | aa62890f | Antony Chazapis | |
125 | aa62890f | Antony Chazapis | deb http://backports.debian.org/debian-backports squeeze-backports main |
126 | aa62890f | Antony Chazapis | |
127 | aa62890f | Antony Chazapis | Then:: |
128 | aa62890f | Antony Chazapis | |
129 | aa62890f | Antony Chazapis | apt-get update |
130 | aa62890f | Antony Chazapis | apt-get -t squeeze-backports install gunicorn |
131 | aa62890f | Antony Chazapis | apt-get -t squeeze-backports install python-gevent |
132 | aa62890f | Antony Chazapis | |
133 | aa62890f | Antony Chazapis | Create ``/etc/gunicorn.d/pithos``:: |
134 | aa62890f | Antony Chazapis | |
135 | aa62890f | Antony Chazapis | CONFIG = { |
136 | aa62890f | Antony Chazapis | 'mode': 'django', |
137 | aa62890f | Antony Chazapis | 'working_dir': '/pithos/pithos', |
138 | aa62890f | Antony Chazapis | 'user': 'www-data', |
139 | aa62890f | Antony Chazapis | 'group': 'www-data', |
140 | aa62890f | Antony Chazapis | 'args': ( |
141 | aa62890f | Antony Chazapis | '--bind=[::]:8080', |
142 | aa62890f | Antony Chazapis | '--worker-class=egg:gunicorn#gevent', |
143 | aa62890f | Antony Chazapis | '--workers=4', |
144 | aa62890f | Antony Chazapis | '--log-level=debug', |
145 | aa62890f | Antony Chazapis | '/pithos/pithos/settings.py', |
146 | aa62890f | Antony Chazapis | ), |
147 | aa62890f | Antony Chazapis | } |
148 | aa62890f | Antony Chazapis | |
149 | aa62890f | Antony Chazapis | Replace the ``WSGI*`` directives in ``/etc/apache2/sites-available/pithos`` and ``/etc/apache2/sites-available/pithos-ssl`` with:: |
150 | aa62890f | Antony Chazapis | |
151 | aa62890f | Antony Chazapis | <Proxy *> |
152 | aa62890f | Antony Chazapis | Order allow,deny |
153 | aa62890f | Antony Chazapis | Allow from all |
154 | aa62890f | Antony Chazapis | </Proxy> |
155 | aa62890f | Antony Chazapis | |
156 | aa62890f | Antony Chazapis | SetEnv proxy-sendchunked |
157 | aa62890f | Antony Chazapis | SSLProxyEngine off |
158 | aa62890f | Antony Chazapis | ProxyErrorOverride off |
159 | aa62890f | Antony Chazapis | |
160 | aa62890f | Antony Chazapis | ProxyPass /api http://localhost:8080 retry=0 |
161 | aa62890f | Antony Chazapis | ProxyPassReverse /api http://localhost:8080 |
162 | aa62890f | Antony Chazapis | |
163 | 4048f62c | Antony Chazapis | Make sure that in ``settings.py``:: |
164 | 4048f62c | Antony Chazapis | |
165 | 4048f62c | Antony Chazapis | USE_X_FORWARDED_HOST = True |
166 | 4048f62c | Antony Chazapis | |
167 | aa62890f | Antony Chazapis | Configure and run:: |
168 | aa62890f | Antony Chazapis | |
169 | aa62890f | Antony Chazapis | /etc/init.d/gunicorn restart |
170 | aa62890f | Antony Chazapis | a2enmod proxy |
171 | aa62890f | Antony Chazapis | a2enmod proxy_http |
172 | aa62890f | Antony Chazapis | /etc/init.d/apache2 restart |
173 | aa62890f | Antony Chazapis | |
174 | 904fdebe | Antony Chazapis | Shibboleth Setup |
175 | 904fdebe | Antony Chazapis | ---------------- |
176 | 904fdebe | Antony Chazapis | |
177 | 904fdebe | Antony Chazapis | Install package:: |
178 | 904fdebe | Antony Chazapis | |
179 | 904fdebe | Antony Chazapis | apt-get install libapache2-mod-shib2 |
180 | 904fdebe | Antony Chazapis | |
181 | 904fdebe | Antony Chazapis | Setup the files in ``/etc/shibboleth``. |
182 | 904fdebe | Antony Chazapis | |
183 | 1a24acbf | Antony Chazapis | Add in ``/etc/apache2/sites-available/pithos-ssl``:: |
184 | 904fdebe | Antony Chazapis | |
185 | aa62890f | Antony Chazapis | ShibConfig /etc/shibboleth/shibboleth2.xml |
186 | aa62890f | Antony Chazapis | Alias /shibboleth-sp /usr/share/shibboleth |
187 | 904fdebe | Antony Chazapis | |
188 | 22062611 | Antony Chazapis | <Location /api/im/login/shibboleth> |
189 | aa62890f | Antony Chazapis | AuthType shibboleth |
190 | aa62890f | Antony Chazapis | ShibRequireSession On |
191 | aa62890f | Antony Chazapis | ShibUseHeaders On |
192 | aa62890f | Antony Chazapis | require valid-user |
193 | aa62890f | Antony Chazapis | </Location> |
194 | 904fdebe | Antony Chazapis | |
195 | 904fdebe | Antony Chazapis | Configure and run apache:: |
196 | 904fdebe | Antony Chazapis | |
197 | 904fdebe | Antony Chazapis | a2enmod shib2 |
198 | 904fdebe | Antony Chazapis | /etc/init.d/apache2 restart |
199 | 904fdebe | Antony Chazapis | /etc/init.d/shibd restart |
200 | e46798b5 | Antony Chazapis | |
201 | 8af4c26d | Antony Chazapis | The following tokens should be available at the destination, after passing through the apache module:: |
202 | 8af4c26d | Antony Chazapis | |
203 | 258bb7dd | Antony Chazapis | eppn # eduPersonPrincipalName |
204 | 258bb7dd | Antony Chazapis | Shib-InetOrgPerson-givenName |
205 | 258bb7dd | Antony Chazapis | Shib-Person-surname |
206 | 258bb7dd | Antony Chazapis | Shib-Person-commonName |
207 | 258bb7dd | Antony Chazapis | Shib-InetOrgPerson-displayName |
208 | 258bb7dd | Antony Chazapis | Shib-EP-Affiliation |
209 | 258bb7dd | Antony Chazapis | Shib-Session-ID |
210 | 8af4c26d | Antony Chazapis | |
211 | e46798b5 | Antony Chazapis | MySQL Setup |
212 | e46798b5 | Antony Chazapis | ----------- |
213 | e46798b5 | Antony Chazapis | |
214 | e46798b5 | Antony Chazapis | If using MySQL instead of SQLite for the database engine, consider the following. |
215 | e46798b5 | Antony Chazapis | |
216 | e46798b5 | Antony Chazapis | Server side:: |
217 | e46798b5 | Antony Chazapis | |
218 | e46798b5 | Antony Chazapis | apt-get install mysql-server |
219 | e46798b5 | Antony Chazapis | |
220 | 8ed4d90d | Antony Chazapis | Add in ``/etc/mysql/conf.d/pithos.cnf``:: |
221 | 8ed4d90d | Antony Chazapis | |
222 | 8ed4d90d | Antony Chazapis | [mysqld] |
223 | 8ed4d90d | Antony Chazapis | sql-mode="NO_AUTO_VALUE_ON_ZERO" |
224 | 8ed4d90d | Antony Chazapis | |
225 | e46798b5 | Antony Chazapis | Edit ``/etc/mysql/my.cnf`` to allow network connections and restart the server. |
226 | e46798b5 | Antony Chazapis | |
227 | e46798b5 | Antony Chazapis | Create database and user:: |
228 | e46798b5 | Antony Chazapis | |
229 | fbe91e6c | Antony Chazapis | CREATE DATABASE pithos CHARACTER SET utf8 COLLATE utf8_bin; |
230 | e46798b5 | Antony Chazapis | GRANT ALL ON pithos.* TO pithos@localhost IDENTIFIED BY 'password'; |
231 | e46798b5 | Antony Chazapis | GRANT ALL ON pithos.* TO pithos@'%' IDENTIFIED BY 'password'; |
232 | e46798b5 | Antony Chazapis | |
233 | e46798b5 | Antony Chazapis | Client side:: |
234 | e46798b5 | Antony Chazapis | |
235 | e46798b5 | Antony Chazapis | apt-get install mysql-client |
236 | e46798b5 | Antony Chazapis | |
237 | e46798b5 | Antony Chazapis | It helps to create a ``~/.my.cnf`` file, for automatically connecting to the server:: |
238 | e46798b5 | Antony Chazapis | |
239 | e46798b5 | Antony Chazapis | [client] |
240 | e46798b5 | Antony Chazapis | user = pithos |
241 | e46798b5 | Antony Chazapis | password = 'password' |
242 | e46798b5 | Antony Chazapis | host = pithos-storage.dev.grnet.gr |
243 | e46798b5 | Antony Chazapis | |
244 | e46798b5 | Antony Chazapis | [mysql] |
245 | e46798b5 | Antony Chazapis | database = pithos |
246 | 6728c32f | Antony Chazapis | |
247 | 6728c32f | Antony Chazapis | PostgreSQL Setup |
248 | 6728c32f | Antony Chazapis | ---------------- |
249 | 6728c32f | Antony Chazapis | |
250 | 6728c32f | Antony Chazapis | If using PostgreSQL instead of SQLite for the database engine, consider the following. |
251 | 6728c32f | Antony Chazapis | |
252 | 6728c32f | Antony Chazapis | Server side:: |
253 | 6728c32f | Antony Chazapis | |
254 | 6728c32f | Antony Chazapis | apt-get install postgresql |
255 | 6728c32f | Antony Chazapis | |
256 | 6728c32f | Antony Chazapis | Edit ``/etc/postgresql/8.4/main/postgresql.conf`` and ``/etc/postgresql/8.4/main/pg_hba.conf`` to allow network connections and restart the server. |
257 | 6728c32f | Antony Chazapis | |
258 | 6728c32f | Antony Chazapis | Create database and user:: |
259 | 6728c32f | Antony Chazapis | |
260 | 6728c32f | Antony Chazapis | CREATE DATABASE pithos WITH ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' TEMPLATE=template0; |
261 | 6728c32f | Antony Chazapis | CREATE USER pithos WITH PASSWORD 'password'; |
262 | 6728c32f | Antony Chazapis | GRANT ALL PRIVILEGES ON DATABASE pithos TO pithos; |
263 | 6728c32f | Antony Chazapis | |
264 | 6728c32f | Antony Chazapis | Client side:: |
265 | 6728c32f | Antony Chazapis | |
266 | 6728c32f | Antony Chazapis | apt-get install postgresql-client |
267 | 6728c32f | Antony Chazapis | |
268 | 6728c32f | Antony Chazapis | It helps to create a ``~/.pgpass`` file, for automatically passing the password to the server:: |
269 | 6728c32f | Antony Chazapis | |
270 | 6728c32f | Antony Chazapis | pithos-storage.dev.grnet.gr:5432:pithos:pithos:password |
271 | 6728c32f | Antony Chazapis | |
272 | 6728c32f | Antony Chazapis | Connect with:: |
273 | 6728c32f | Antony Chazapis | |
274 | 6728c32f | Antony Chazapis | psql -h pithos-storage.dev.grnet.gr -U pithos |