Revision dd45ee44

b/docs/quick-install-admin-guide.rst
98 98
		* gevent
99 99
		* dns server
100 100

  
101
You can install apache2, progresql and ntp by running:
101
You can install apache2, postgresql and ntp by running:
102 102

  
103 103
.. code-block:: console
104 104

  
......
250 250

  
251 251
Now you can create the certificate
252 252

  
253
.. code-block:: console 
254
		
253
.. code-block:: console
254

  
255 255
		# ./build-ca
256 256

  
257 257
The previous will create a ``ca.crt`` file. Copy this file under
......
266 266
Now you can create the keys and sign them with the certificate
267 267

  
268 268
.. code-block:: console
269
		
269

  
270 270
		# ./build-key-server node1.example.com
271 271

  
272 272
This will create a .pem and a .key file in your current folder. Copy these in
273
``/etc/ssl/certs/`` and ``/etc/ssl/private/`` respectively and 
273
``/etc/ssl/certs/`` and ``/etc/ssl/private/`` respectively and
274 274
use them in the apache2 configuration file below instead of the defaults.
275 275

  
276 276
Apache2 setup
......
344 344
   # a2enmod headers
345 345
   # a2enmod proxy_http
346 346

  
347
.. note:: This isn't really needed, but it's a good security practice to disable
348
    directory listing in apache::
349

  
350
        # a2dismod autoindex
351

  
352

  
347 353
.. warning:: Do NOT start/restart the server yet. If the server is running::
348 354

  
349 355
       # /etc/init.d/apache2 stop
......
387 393
In order to set up a dns server using dnsmasq do the following
388 394

  
389 395
.. code-block:: console
390
			
396

  
391 397
				# apt-get install dnsmasq
392 398

  
393 399
Then edit you ``/etc/hosts/`` as follows
......
400 406
Finally edit the ``/etc/dnsmasq.conf`` file and specify the ``listen-address`` and
401 407
the ``interface`` you would like to listen to.
402 408

  
403
Also add the following in your ``/etc/resolv.conf`` file 
409
Also add the following in your ``/etc/resolv.conf`` file
404 410

  
405 411
.. code-block:: console
406 412

  
......
556 562
   # a2enmod headers
557 563
   # a2enmod proxy_http
558 564

  
565
.. note:: This isn't really needed, but it's a good security practice to disable
566
    directory listing in apache::
567

  
568
        # a2dismod autoindex
569

  
559 570
.. warning:: Do NOT start/restart the server yet. If the server is running::
560 571

  
561 572
       # /etc/init.d/apache2 stop
......
582 593
Add the following line in ``/etc/resolv.conf`` file
583 594

  
584 595
.. code-block:: console
585
		
596

  
586 597
		nameserver 4.3.2.1
587 598

  
588 599
to inform the node about the new dns server.
......
703 714
Email delivery configuration
704 715
----------------------------
705 716

  
706
Many of the ``astakos`` operations require server to notify service users and 
707
administrators via email. e.g. right after the signup process the service sents 
708
an email to the registered email address containing an email verification url, 
709
after the user verifies the email address astakos once again needs to notify 
717
Many of the ``astakos`` operations require server to notify service users and
718
administrators via email. e.g. right after the signup process the service sents
719
an email to the registered email address containing an email verification url,
720
after the user verifies the email address astakos once again needs to notify
710 721
administrators with a notice that a new account has just been verified.
711 722

  
712 723
More specifically astakos sends emails in the following cases
713 724

  
714 725
- An email containing a verification link after each signup process.
715
- An email to the people listed in ``ADMINS`` setting after each email 
716
  verification if ``ASTAKOS_MODERATION`` setting is ``True``. The email 
717
  notifies administrators that an additional action is required in order to 
726
- An email to the people listed in ``ADMINS`` setting after each email
727
  verification if ``ASTAKOS_MODERATION`` setting is ``True``. The email
728
  notifies administrators that an additional action is required in order to
718 729
  activate the user.
719
- A welcome email to the user email and an admin notification to ``ADMINS`` 
730
- A welcome email to the user email and an admin notification to ``ADMINS``
720 731
  right after each account activation.
721
- Feedback messages submited from astakos contact view and astakos feedback 
732
- Feedback messages submited from astakos contact view and astakos feedback
722 733
  API endpoint are sent to contacts listed in ``HELPDESK`` setting.
723
- Project application request notifications to people included in ``HELPDESK`` 
734
- Project application request notifications to people included in ``HELPDESK``
724 735
  and ``MANAGERS`` settings.
725
- Notifications after each project members action (join request, membership 
736
- Notifications after each project members action (join request, membership
726 737
  accepted/declinde etc.) to project members or project owners.
727 738

  
728
Astakos uses the Django internal email delivering mechanism to send email 
729
notifications. A simple configuration, using an external smtp server to 
730
deliver messages, is shown below. Alter the following example to meet your 
739
Astakos uses the Django internal email delivering mechanism to send email
740
notifications. A simple configuration, using an external smtp server to
741
deliver messages, is shown below. Alter the following example to meet your
731 742
smtp server characteristics. Notice that the smtp server is needed for a proper
732 743
installation
733 744

  
734 745
.. code-block:: python
735
    
746

  
736 747
    # /etc/synnefo/00-snf-common-admins.conf
737 748
    EMAIL_HOST = "mysmtp.server.synnefo.org"
738 749
    EMAIL_HOST_USER = "<smtpuser>"
......
740 751

  
741 752
    # this gets appended in all email subjects
742 753
    EMAIL_SUBJECT_PREFIX = "[example.synnefo.org] "
743
    
754

  
744 755
    # Address to use for outgoing emails
745 756
    DEFAULT_FROM_EMAIL = "server@example.synnefo.org"
746 757

  
747
    # Email where users can contact for support. This is used in html/email 
758
    # Email where users can contact for support. This is used in html/email
748 759
    # templates.
749 760
    CONTACT_EMAIL = "server@example.synnefo.org"
750 761

  
......
753 764

  
754 765
Notice that since email settings might be required by applications other than
755 766
astakos they are defined in a different configuration file than the one
756
previously used to set astakos specific settings. 
767
previously used to set astakos specific settings.
757 768

  
758
Refer to 
769
Refer to
759 770
`Django documentation <https://docs.djangoproject.com/en/1.2/topics/email/>`_
760 771
for additional information on available email settings.
761 772

  
762
As refered in the previous section, based on the operation that triggers 
763
an email notification, the recipients list differs. Specifically for 
764
emails whose recipients include contacts from your service team 
765
(administrators, managers, helpdesk etc) synnefo provides the following 
773
As refered in the previous section, based on the operation that triggers
774
an email notification, the recipients list differs. Specifically for
775
emails whose recipients include contacts from your service team
776
(administrators, managers, helpdesk etc) synnefo provides the following
766 777
settings located in ``10-snf-common-admins.conf``:
767 778

  
768 779
.. code-block:: python
769 780

  
770
    ADMINS = (('Admin name', 'admin@example.synnefo.org'), 
781
    ADMINS = (('Admin name', 'admin@example.synnefo.org'),
771 782
              ('Admin2 name', 'admin2@example.synnefo.org))
772 783
    MANAGERS = (('Manager name', 'manager@example.synnefo.org'),)
773 784
    HELPDESK = (('Helpdesk user name', 'helpdesk@example.synnefo.org'),)
......
1219 1230
:ref:`GANETI-NODE <GANETI_NODES>` and is Master-capable and VM-capable too.
1220 1231

  
1221 1232
We highly recommend that you read the official Ganeti documentation, if you are
1222
not familiar with Ganeti. 
1233
not familiar with Ganeti.
1223 1234

  
1224 1235
Unfortunately, the current stable version of the stock Ganeti (v2.6.2) doesn't
1225 1236
support IP pool management. This feature will be available in Ganeti >= 2.7.
......
1231 1242

  
1232 1243
   # apt-get install snf-ganeti ganeti-htools
1233 1244

  
1234
Ganeti will make use of drbd. To enable this and make the configuration pemanent 
1245
Ganeti will make use of drbd. To enable this and make the configuration pemanent
1235 1246
you have to do the following :
1236 1247

  
1237 1248
.. code-block:: console
1238 1249

  
1239
		# rmmod -f drbd && modprobe drbd minor_count=255 usermode_helper=/bin/true	
1250
		# rmmod -f drbd && modprobe drbd minor_count=255 usermode_helper=/bin/true
1240 1251
		# echo 'drbd minor_count=255 usermode_helper=/bin/true' >> /etc/modules
1241 1252

  
1242 1253

  
1243 1254
We assume that Ganeti will use the KVM hypervisor. After installing Ganeti on
1244 1255
both nodes, choose a domain name that resolves to a valid floating IP (let's
1245
say it's ``ganeti.node1.example.com``). This IP is needed to communicate with 
1246
the Ganeti cluster. Make sure node1 and node2 have same dsa,rsa keys and authorised_keys 
1247
for password-less root ssh between each other. If not then skip passing --no-ssh-init but be 
1248
aware that it will replace /root/.ssh/* related files and you might lose access to master node. 
1249
Also, Ganeti will need a volume to host your VMs' disks. So, make sure there is an lvm volume 
1250
group named ``ganeti``. Finally, setup a bridge interface on the host machines (e.g: br0). This  
1256
say it's ``ganeti.node1.example.com``). This IP is needed to communicate with
1257
the Ganeti cluster. Make sure node1 and node2 have same dsa,rsa keys and authorised_keys
1258
for password-less root ssh between each other. If not then skip passing --no-ssh-init but be
1259
aware that it will replace /root/.ssh/* related files and you might lose access to master node.
1260
Also, Ganeti will need a volume to host your VMs' disks. So, make sure there is an lvm volume
1261
group named ``ganeti``. Finally, setup a bridge interface on the host machines (e.g: br0). This
1251 1262
will be needed for the network configuration afterwards.
1252 1263

  
1253 1264
Then run on node1:
......
1291 1302
able to access the Pithos database. This is why, we also install them on *all*
1292 1303
VM-capable Ganeti nodes.
1293 1304

  
1294
.. warning:: 
1305
.. warning::
1295 1306
		snf-image uses ``curl`` for handling URLs. This means that it will
1296 1307
		not  work out of the box if you try to use URLs served by servers which do
1297 1308
		not have a valid certificate. In case you haven't followed the guide's

Also available in: Unified diff