root / docs / source / adminguide.rst @ 5d56107c
History | View | Annotate | Download (7.2 kB)
1 | 4ddc02a2 | Giorgos Verigakis | Administrator Guide |
---|---|---|---|
2 | 4ddc02a2 | Giorgos Verigakis | =================== |
3 | 4ddc02a2 | Giorgos Verigakis | |
4 | e46798b5 | Antony Chazapis | Simple Setup |
5 | e46798b5 | Antony Chazapis | ------------ |
6 | e46798b5 | Antony Chazapis | |
7 | e46798b5 | Antony Chazapis | Assuming a clean debian squeeze (stable) installation, use the following steps to run the software. |
8 | e46798b5 | Antony Chazapis | |
9 | 75453cf2 | Antony Chazapis | Install packages:: |
10 | 4ddc02a2 | Giorgos Verigakis | |
11 | 5d56107c | Antony Chazapis | apt-get install git python-django python-setuptools python-sphinx |
12 | ac930057 | root | apt-get install python-sqlalchemy python-mysqldb python-psycopg2 |
13 | 75453cf2 | Antony Chazapis | apt-get install apache2 libapache2-mod-wsgi |
14 | 75453cf2 | Antony Chazapis | |
15 | 75453cf2 | Antony Chazapis | Get the source:: |
16 | 75453cf2 | Antony Chazapis | |
17 | 75453cf2 | Antony Chazapis | cd / |
18 | 75453cf2 | Antony Chazapis | git clone https://code.grnet.gr/git/pithos |
19 | 75453cf2 | Antony Chazapis | |
20 | c4af6d07 | Antony Chazapis | Setup the files:: |
21 | 75453cf2 | Antony Chazapis | |
22 | 75453cf2 | Antony Chazapis | cd /pithos/pithos |
23 | 7e318fc8 | Antony Chazapis | python manage.py syncdb |
24 | 7a0063ef | Antony Chazapis | cd /pithos |
25 | 7a0063ef | Antony Chazapis | python setup.py build_sphinx |
26 | 75453cf2 | Antony Chazapis | |
27 | c4af6d07 | Antony Chazapis | It is advised that you create a ``settings.local`` file to place any configuration overrides (at least change ``SECRET_KEY``). |
28 | c4af6d07 | Antony Chazapis | |
29 | e46798b5 | Antony Chazapis | Edit ``/etc/apache2/sites-available/pithos`` (change the ``ServerName`` directive):: |
30 | 75453cf2 | Antony Chazapis | |
31 | 75453cf2 | Antony Chazapis | <VirtualHost *:80> |
32 | 27f35ee3 | Antony Chazapis | ServerAdmin webmaster@pithos.dev.grnet.gr |
33 | 27f35ee3 | Antony Chazapis | ServerName pithos.dev.grnet.gr |
34 | 27f35ee3 | Antony Chazapis | |
35 | 27f35ee3 | Antony Chazapis | DocumentRoot /pithos/htdocs |
36 | 27f35ee3 | Antony Chazapis | Alias /ui "/var/www/pithos_web_client" |
37 | 27f35ee3 | Antony Chazapis | Alias /docs "/pithos/docs/build/html" |
38 | 27f35ee3 | Antony Chazapis | |
39 | 27f35ee3 | Antony Chazapis | <Directory /> |
40 | 27f35ee3 | Antony Chazapis | Options Indexes FollowSymLinks |
41 | 27f35ee3 | Antony Chazapis | AllowOverride None |
42 | 27f35ee3 | Antony Chazapis | Order allow,deny |
43 | 27f35ee3 | Antony Chazapis | Allow from all |
44 | 27f35ee3 | Antony Chazapis | </Directory> |
45 | 27f35ee3 | Antony Chazapis | |
46 | 8783fca7 | Antony Chazapis | SetEnv no-gzip |
47 | 8783fca7 | Antony Chazapis | SetEnv dont-vary |
48 | 8783fca7 | Antony Chazapis | |
49 | 27f35ee3 | Antony Chazapis | RewriteEngine On |
50 | 22062611 | Antony Chazapis | RewriteRule ^/v(.*) /api/v$1 [PT,NE] |
51 | 22062611 | Antony Chazapis | RewriteRule ^/public(.*) /api/public$1 [PT,NE] |
52 | 22062611 | Antony Chazapis | RewriteRule ^/tools(.*) /api/ui$1 [PT,NE] |
53 | 22062611 | Antony Chazapis | RewriteRule ^/im(.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE] |
54 | 22062611 | Antony Chazapis | RewriteRule ^/login(.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE] |
55 | 27f35ee3 | Antony Chazapis | |
56 | 1e20eb36 | Antony Chazapis | RequestHeader set X-Forwarded-Protocol "http" |
57 | 1e20eb36 | Antony Chazapis | |
58 | 27f35ee3 | Antony Chazapis | WSGIScriptAlias /api /pithos/pithos/wsgi/pithos.wsgi |
59 | 27f35ee3 | Antony Chazapis | # WSGIDaemonProcess pithos |
60 | 27f35ee3 | Antony Chazapis | # WSGIProcessGroup pithos |
61 | 27f35ee3 | Antony Chazapis | |
62 | 27f35ee3 | Antony Chazapis | LogLevel warn |
63 | 27f35ee3 | Antony Chazapis | ErrorLog ${APACHE_LOG_DIR}/pithos.error.log |
64 | 27f35ee3 | Antony Chazapis | CustomLog ${APACHE_LOG_DIR}/pithos.access.log combined |
65 | 75453cf2 | Antony Chazapis | </VirtualHost> |
66 | 75453cf2 | Antony Chazapis | |
67 | 7e318fc8 | Antony Chazapis | Edit ``/etc/apache2/sites-available/pithos-ssl`` (assuming files in ``/etc/ssl/private/pithos.dev.grnet.gr.key`` and ``/etc/ssl/certs/pithos.dev.grnet.gr.crt`` - change the ``ServerName`` directive):: |
68 | 75453cf2 | Antony Chazapis | |
69 | 75453cf2 | Antony Chazapis | <IfModule mod_ssl.c> |
70 | 75453cf2 | Antony Chazapis | <VirtualHost _default_:443> |
71 | 27f35ee3 | Antony Chazapis | ServerAdmin webmaster@pithos.dev.grnet.gr |
72 | 27f35ee3 | Antony Chazapis | ServerName pithos.dev.grnet.gr |
73 | 27f35ee3 | Antony Chazapis | |
74 | 27f35ee3 | Antony Chazapis | DocumentRoot /pithos/htdocs |
75 | 27f35ee3 | Antony Chazapis | Alias /ui "/var/www/pithos_web_client" |
76 | 27f35ee3 | Antony Chazapis | Alias /docs "/pithos/docs/build/html" |
77 | 27f35ee3 | Antony Chazapis | |
78 | 27f35ee3 | Antony Chazapis | <Directory /> |
79 | 27f35ee3 | Antony Chazapis | Options Indexes FollowSymLinks |
80 | 27f35ee3 | Antony Chazapis | AllowOverride None |
81 | 27f35ee3 | Antony Chazapis | Order allow,deny |
82 | 27f35ee3 | Antony Chazapis | Allow from all |
83 | 27f35ee3 | Antony Chazapis | </Directory> |
84 | 27f35ee3 | Antony Chazapis | |
85 | 8783fca7 | Antony Chazapis | SetEnv no-gzip |
86 | 8783fca7 | Antony Chazapis | SetEnv dont-vary |
87 | 8783fca7 | Antony Chazapis | |
88 | 27f35ee3 | Antony Chazapis | RewriteEngine On |
89 | 22062611 | Antony Chazapis | RewriteRule ^/v(.*) /api/v$1 [PT,NE] |
90 | 22062611 | Antony Chazapis | RewriteRule ^/public(.*) /api/public$1 [PT,NE] |
91 | 22062611 | Antony Chazapis | RewriteRule ^/tools(.*) /api/ui$1 [PT,NE] |
92 | 22062611 | Antony Chazapis | RewriteRule ^/im(.*) /api/im$1 [PT,NE] |
93 | 22062611 | Antony Chazapis | RewriteRule ^/login(.*) /api/im/login/dummy$1 [PT,NE] |
94 | 27f35ee3 | Antony Chazapis | |
95 | 1e20eb36 | Antony Chazapis | RequestHeader set X-Forwarded-Protocol "https" |
96 | 1e20eb36 | Antony Chazapis | |
97 | 27f35ee3 | Antony Chazapis | WSGIScriptAlias /api /pithos/pithos/wsgi/pithos.wsgi |
98 | 27f35ee3 | Antony Chazapis | # WSGIDaemonProcess pithos |
99 | 27f35ee3 | Antony Chazapis | # WSGIProcessGroup pithos |
100 | 27f35ee3 | Antony Chazapis | |
101 | 27f35ee3 | Antony Chazapis | LogLevel warn |
102 | 27f35ee3 | Antony Chazapis | ErrorLog ${APACHE_LOG_DIR}/pithos.error.log |
103 | 27f35ee3 | Antony Chazapis | CustomLog ${APACHE_LOG_DIR}/pithos.access.log combined |
104 | 27f35ee3 | Antony Chazapis | |
105 | 27f35ee3 | Antony Chazapis | SSLEngine on |
106 | 27f35ee3 | Antony Chazapis | SSLCertificateFile /etc/ssl/certs/pithos.dev.grnet.gr.crt |
107 | 27f35ee3 | Antony Chazapis | SSLCertificateKeyFile /etc/ssl/private/pithos.dev.grnet.gr.key |
108 | 75453cf2 | Antony Chazapis | </VirtualHost> |
109 | 75453cf2 | Antony Chazapis | </IfModule> |
110 | 75453cf2 | Antony Chazapis | |
111 | 0112e6e9 | Antony Chazapis | Add in ``/etc/apache2/mods-available/wsgi.conf``:: |
112 | 0112e6e9 | Antony Chazapis | |
113 | 0112e6e9 | Antony Chazapis | WSGIChunkedRequest On |
114 | 0112e6e9 | Antony Chazapis | |
115 | 75453cf2 | Antony Chazapis | Configure and run apache:: |
116 | 75453cf2 | Antony Chazapis | |
117 | 75453cf2 | Antony Chazapis | a2enmod ssl |
118 | 75453cf2 | Antony Chazapis | a2enmod rewrite |
119 | 75453cf2 | Antony Chazapis | a2dissite default |
120 | 75453cf2 | Antony Chazapis | a2ensite pithos |
121 | 75453cf2 | Antony Chazapis | a2ensite pithos-ssl |
122 | 75453cf2 | Antony Chazapis | mkdir /var/www/pithos |
123 | 75453cf2 | Antony Chazapis | mkdir /var/www/pithos_web_client |
124 | 75453cf2 | Antony Chazapis | /etc/init.d/apache2 restart |
125 | e46798b5 | Antony Chazapis | |
126 | e46798b5 | Antony Chazapis | Useful alias to add in ``~/.bashrc``:: |
127 | e46798b5 | Antony Chazapis | |
128 | 5d56107c | Antony Chazapis | alias pithos-sync='cd /pithos && git pull && python setup.py build_sphinx && /etc/init.d/apache2 restart' |
129 | 904fdebe | Antony Chazapis | |
130 | aa62890f | Antony Chazapis | Gunicorn Setup |
131 | aa62890f | Antony Chazapis | -------------- |
132 | aa62890f | Antony Chazapis | |
133 | aa62890f | Antony Chazapis | Add in ``/etc/apt/sources.list``:: |
134 | aa62890f | Antony Chazapis | |
135 | aa62890f | Antony Chazapis | deb http://backports.debian.org/debian-backports squeeze-backports main |
136 | aa62890f | Antony Chazapis | |
137 | aa62890f | Antony Chazapis | Then:: |
138 | aa62890f | Antony Chazapis | |
139 | aa62890f | Antony Chazapis | apt-get update |
140 | aa62890f | Antony Chazapis | apt-get -t squeeze-backports install gunicorn |
141 | aa62890f | Antony Chazapis | apt-get -t squeeze-backports install python-gevent |
142 | aa62890f | Antony Chazapis | |
143 | aa62890f | Antony Chazapis | Create ``/etc/gunicorn.d/pithos``:: |
144 | aa62890f | Antony Chazapis | |
145 | aa62890f | Antony Chazapis | CONFIG = { |
146 | aa62890f | Antony Chazapis | 'mode': 'django', |
147 | aa62890f | Antony Chazapis | 'working_dir': '/pithos/pithos', |
148 | aa62890f | Antony Chazapis | 'user': 'www-data', |
149 | aa62890f | Antony Chazapis | 'group': 'www-data', |
150 | aa62890f | Antony Chazapis | 'args': ( |
151 | aa62890f | Antony Chazapis | '--bind=[::]:8080', |
152 | aa62890f | Antony Chazapis | '--worker-class=egg:gunicorn#gevent', |
153 | aa62890f | Antony Chazapis | '--workers=4', |
154 | aa62890f | Antony Chazapis | '--log-level=debug', |
155 | aa62890f | Antony Chazapis | '/pithos/pithos/settings.py', |
156 | aa62890f | Antony Chazapis | ), |
157 | aa62890f | Antony Chazapis | } |
158 | aa62890f | Antony Chazapis | |
159 | aa62890f | Antony Chazapis | Replace the ``WSGI*`` directives in ``/etc/apache2/sites-available/pithos`` and ``/etc/apache2/sites-available/pithos-ssl`` with:: |
160 | aa62890f | Antony Chazapis | |
161 | aa62890f | Antony Chazapis | <Proxy *> |
162 | aa62890f | Antony Chazapis | Order allow,deny |
163 | aa62890f | Antony Chazapis | Allow from all |
164 | aa62890f | Antony Chazapis | </Proxy> |
165 | aa62890f | Antony Chazapis | |
166 | aa62890f | Antony Chazapis | SetEnv proxy-sendchunked |
167 | aa62890f | Antony Chazapis | SSLProxyEngine off |
168 | aa62890f | Antony Chazapis | ProxyErrorOverride off |
169 | aa62890f | Antony Chazapis | |
170 | aa62890f | Antony Chazapis | ProxyPass /api http://localhost:8080 retry=0 |
171 | aa62890f | Antony Chazapis | ProxyPassReverse /api http://localhost:8080 |
172 | aa62890f | Antony Chazapis | |
173 | c4af6d07 | Antony Chazapis | Make sure that in ``settings.local``:: |
174 | 4048f62c | Antony Chazapis | |
175 | 4048f62c | Antony Chazapis | USE_X_FORWARDED_HOST = True |
176 | 4048f62c | Antony Chazapis | |
177 | aa62890f | Antony Chazapis | Configure and run:: |
178 | aa62890f | Antony Chazapis | |
179 | aa62890f | Antony Chazapis | /etc/init.d/gunicorn restart |
180 | aa62890f | Antony Chazapis | a2enmod proxy |
181 | aa62890f | Antony Chazapis | a2enmod proxy_http |
182 | aa62890f | Antony Chazapis | /etc/init.d/apache2 restart |
183 | aa62890f | Antony Chazapis | |
184 | ed4b77a1 | Antony Chazapis | If experiencing timeout problems, try adding to ``/etc/gunicorn.d/pithos``:: |
185 | ed4b77a1 | Antony Chazapis | |
186 | ed4b77a1 | Antony Chazapis | ... |
187 | ed4b77a1 | Antony Chazapis | '--timeout=43200', |
188 | ed4b77a1 | Antony Chazapis | ... |
189 | ed4b77a1 | Antony Chazapis | |
190 | 904fdebe | Antony Chazapis | Shibboleth Setup |
191 | 904fdebe | Antony Chazapis | ---------------- |
192 | 904fdebe | Antony Chazapis | |
193 | 904fdebe | Antony Chazapis | Install package:: |
194 | 904fdebe | Antony Chazapis | |
195 | 904fdebe | Antony Chazapis | apt-get install libapache2-mod-shib2 |
196 | 904fdebe | Antony Chazapis | |
197 | 904fdebe | Antony Chazapis | Setup the files in ``/etc/shibboleth``. |
198 | 904fdebe | Antony Chazapis | |
199 | 1a24acbf | Antony Chazapis | Add in ``/etc/apache2/sites-available/pithos-ssl``:: |
200 | 904fdebe | Antony Chazapis | |
201 | aa62890f | Antony Chazapis | ShibConfig /etc/shibboleth/shibboleth2.xml |
202 | aa62890f | Antony Chazapis | Alias /shibboleth-sp /usr/share/shibboleth |
203 | 904fdebe | Antony Chazapis | |
204 | 22062611 | Antony Chazapis | <Location /api/im/login/shibboleth> |
205 | aa62890f | Antony Chazapis | AuthType shibboleth |
206 | aa62890f | Antony Chazapis | ShibRequireSession On |
207 | aa62890f | Antony Chazapis | ShibUseHeaders On |
208 | aa62890f | Antony Chazapis | require valid-user |
209 | aa62890f | Antony Chazapis | </Location> |
210 | 904fdebe | Antony Chazapis | |
211 | 904fdebe | Antony Chazapis | Configure and run apache:: |
212 | 904fdebe | Antony Chazapis | |
213 | 904fdebe | Antony Chazapis | a2enmod shib2 |
214 | 904fdebe | Antony Chazapis | /etc/init.d/apache2 restart |
215 | 904fdebe | Antony Chazapis | /etc/init.d/shibd restart |
216 | e46798b5 | Antony Chazapis | |
217 | 8af4c26d | Antony Chazapis | The following tokens should be available at the destination, after passing through the apache module:: |
218 | 8af4c26d | Antony Chazapis | |
219 | 258bb7dd | Antony Chazapis | eppn # eduPersonPrincipalName |
220 | 258bb7dd | Antony Chazapis | Shib-InetOrgPerson-givenName |
221 | 258bb7dd | Antony Chazapis | Shib-Person-surname |
222 | 258bb7dd | Antony Chazapis | Shib-Person-commonName |
223 | 258bb7dd | Antony Chazapis | Shib-InetOrgPerson-displayName |
224 | 258bb7dd | Antony Chazapis | Shib-EP-Affiliation |
225 | 258bb7dd | Antony Chazapis | Shib-Session-ID |
226 | 8af4c26d | Antony Chazapis | |
227 | e46798b5 | Antony Chazapis | MySQL Setup |
228 | e46798b5 | Antony Chazapis | ----------- |
229 | e46798b5 | Antony Chazapis | |
230 | e46798b5 | Antony Chazapis | If using MySQL instead of SQLite for the database engine, consider the following. |
231 | e46798b5 | Antony Chazapis | |
232 | e46798b5 | Antony Chazapis | Server side:: |
233 | e46798b5 | Antony Chazapis | |
234 | e46798b5 | Antony Chazapis | apt-get install mysql-server |
235 | e46798b5 | Antony Chazapis | |
236 | 8ed4d90d | Antony Chazapis | Add in ``/etc/mysql/conf.d/pithos.cnf``:: |
237 | 8ed4d90d | Antony Chazapis | |
238 | 8ed4d90d | Antony Chazapis | [mysqld] |
239 | 8ed4d90d | Antony Chazapis | sql-mode="NO_AUTO_VALUE_ON_ZERO" |
240 | 8ed4d90d | Antony Chazapis | |
241 | e46798b5 | Antony Chazapis | Edit ``/etc/mysql/my.cnf`` to allow network connections and restart the server. |
242 | e46798b5 | Antony Chazapis | |
243 | e46798b5 | Antony Chazapis | Create database and user:: |
244 | e46798b5 | Antony Chazapis | |
245 | fbe91e6c | Antony Chazapis | CREATE DATABASE pithos CHARACTER SET utf8 COLLATE utf8_bin; |
246 | e46798b5 | Antony Chazapis | GRANT ALL ON pithos.* TO pithos@localhost IDENTIFIED BY 'password'; |
247 | e46798b5 | Antony Chazapis | GRANT ALL ON pithos.* TO pithos@'%' IDENTIFIED BY 'password'; |
248 | e46798b5 | Antony Chazapis | |
249 | e46798b5 | Antony Chazapis | Client side:: |
250 | e46798b5 | Antony Chazapis | |
251 | e46798b5 | Antony Chazapis | apt-get install mysql-client |
252 | e46798b5 | Antony Chazapis | |
253 | e46798b5 | Antony Chazapis | It helps to create a ``~/.my.cnf`` file, for automatically connecting to the server:: |
254 | e46798b5 | Antony Chazapis | |
255 | e46798b5 | Antony Chazapis | [client] |
256 | e46798b5 | Antony Chazapis | user = pithos |
257 | e46798b5 | Antony Chazapis | password = 'password' |
258 | e46798b5 | Antony Chazapis | host = pithos-storage.dev.grnet.gr |
259 | e46798b5 | Antony Chazapis | |
260 | e46798b5 | Antony Chazapis | [mysql] |
261 | e46798b5 | Antony Chazapis | database = pithos |
262 | 6728c32f | Antony Chazapis | |
263 | 6728c32f | Antony Chazapis | PostgreSQL Setup |
264 | 6728c32f | Antony Chazapis | ---------------- |
265 | 6728c32f | Antony Chazapis | |
266 | 6728c32f | Antony Chazapis | If using PostgreSQL instead of SQLite for the database engine, consider the following. |
267 | 6728c32f | Antony Chazapis | |
268 | 6728c32f | Antony Chazapis | Server side:: |
269 | 6728c32f | Antony Chazapis | |
270 | 6728c32f | Antony Chazapis | apt-get install postgresql |
271 | 6728c32f | Antony Chazapis | |
272 | 6728c32f | Antony Chazapis | Edit ``/etc/postgresql/8.4/main/postgresql.conf`` and ``/etc/postgresql/8.4/main/pg_hba.conf`` to allow network connections and restart the server. |
273 | 6728c32f | Antony Chazapis | |
274 | 6728c32f | Antony Chazapis | Create database and user:: |
275 | 6728c32f | Antony Chazapis | |
276 | 6728c32f | Antony Chazapis | CREATE DATABASE pithos WITH ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' TEMPLATE=template0; |
277 | 6728c32f | Antony Chazapis | CREATE USER pithos WITH PASSWORD 'password'; |
278 | 6728c32f | Antony Chazapis | GRANT ALL PRIVILEGES ON DATABASE pithos TO pithos; |
279 | 6728c32f | Antony Chazapis | |
280 | 6728c32f | Antony Chazapis | Client side:: |
281 | 6728c32f | Antony Chazapis | |
282 | 6728c32f | Antony Chazapis | apt-get install postgresql-client |
283 | 6728c32f | Antony Chazapis | |
284 | 6728c32f | Antony Chazapis | It helps to create a ``~/.pgpass`` file, for automatically passing the password to the server:: |
285 | 6728c32f | Antony Chazapis | |
286 | 6728c32f | Antony Chazapis | pithos-storage.dev.grnet.gr:5432:pithos:pithos:password |
287 | 6728c32f | Antony Chazapis | |
288 | 6728c32f | Antony Chazapis | Connect with:: |
289 | 6728c32f | Antony Chazapis | |
290 | 6728c32f | Antony Chazapis | psql -h pithos-storage.dev.grnet.gr -U pithos |