root / docs / source / adminguide.rst @ ed4725e4
History | View | Annotate | Download (7.8 kB)
1 | 4ddc02a2 | Giorgos Verigakis | Administrator Guide |
---|---|---|---|
2 | 4ddc02a2 | Giorgos Verigakis | =================== |
3 | 4ddc02a2 | Giorgos Verigakis | |
4 | e46798b5 | Antony Chazapis | Simple Setup |
5 | e46798b5 | Antony Chazapis | ------------ |
6 | e46798b5 | Antony Chazapis | |
7 | e46798b5 | Antony Chazapis | Assuming a clean debian squeeze (stable) installation, use the following steps to run the software. |
8 | e46798b5 | Antony Chazapis | |
9 | 75453cf2 | Antony Chazapis | Install packages:: |
10 | 4ddc02a2 | Giorgos Verigakis | |
11 | 5d56107c | Antony Chazapis | apt-get install git python-django python-setuptools python-sphinx |
12 | ac930057 | root | apt-get install python-sqlalchemy python-mysqldb python-psycopg2 |
13 | 75453cf2 | Antony Chazapis | apt-get install apache2 libapache2-mod-wsgi |
14 | 75453cf2 | Antony Chazapis | |
15 | 75453cf2 | Antony Chazapis | Get the source:: |
16 | 75453cf2 | Antony Chazapis | |
17 | 75453cf2 | Antony Chazapis | cd / |
18 | 75453cf2 | Antony Chazapis | git clone https://code.grnet.gr/git/pithos |
19 | 75453cf2 | Antony Chazapis | |
20 | c4af6d07 | Antony Chazapis | Setup the files:: |
21 | 75453cf2 | Antony Chazapis | |
22 | 75453cf2 | Antony Chazapis | cd /pithos/pithos |
23 | 7e318fc8 | Antony Chazapis | python manage.py syncdb |
24 | 7a0063ef | Antony Chazapis | cd /pithos |
25 | 7a0063ef | Antony Chazapis | python setup.py build_sphinx |
26 | 75453cf2 | Antony Chazapis | |
27 | c4af6d07 | Antony Chazapis | It is advised that you create a ``settings.local`` file to place any configuration overrides (at least change ``SECRET_KEY``). |
28 | c4af6d07 | Antony Chazapis | |
29 | e46798b5 | Antony Chazapis | Edit ``/etc/apache2/sites-available/pithos`` (change the ``ServerName`` directive):: |
30 | 75453cf2 | Antony Chazapis | |
31 | 75453cf2 | Antony Chazapis | <VirtualHost *:80> |
32 | 27f35ee3 | Antony Chazapis | ServerAdmin webmaster@pithos.dev.grnet.gr |
33 | 27f35ee3 | Antony Chazapis | ServerName pithos.dev.grnet.gr |
34 | 27f35ee3 | Antony Chazapis | |
35 | 27f35ee3 | Antony Chazapis | DocumentRoot /pithos/htdocs |
36 | 27f35ee3 | Antony Chazapis | Alias /ui "/var/www/pithos_web_client" |
37 | 27f35ee3 | Antony Chazapis | Alias /docs "/pithos/docs/build/html" |
38 | 27f35ee3 | Antony Chazapis | |
39 | 27f35ee3 | Antony Chazapis | <Directory /> |
40 | 27f35ee3 | Antony Chazapis | Options Indexes FollowSymLinks |
41 | 27f35ee3 | Antony Chazapis | AllowOverride None |
42 | 27f35ee3 | Antony Chazapis | Order allow,deny |
43 | 27f35ee3 | Antony Chazapis | Allow from all |
44 | 27f35ee3 | Antony Chazapis | </Directory> |
45 | 27f35ee3 | Antony Chazapis | |
46 | 8783fca7 | Antony Chazapis | SetEnv no-gzip |
47 | 8783fca7 | Antony Chazapis | SetEnv dont-vary |
48 | 8783fca7 | Antony Chazapis | |
49 | 27f35ee3 | Antony Chazapis | RewriteEngine On |
50 | 22062611 | Antony Chazapis | RewriteRule ^/v(.*) /api/v$1 [PT,NE] |
51 | 22062611 | Antony Chazapis | RewriteRule ^/public(.*) /api/public$1 [PT,NE] |
52 | 22062611 | Antony Chazapis | RewriteRule ^/tools(.*) /api/ui$1 [PT,NE] |
53 | 22062611 | Antony Chazapis | RewriteRule ^/im(.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE] |
54 | 22062611 | Antony Chazapis | RewriteRule ^/login(.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE] |
55 | 27f35ee3 | Antony Chazapis | |
56 | 1e20eb36 | Antony Chazapis | RequestHeader set X-Forwarded-Protocol "http" |
57 | 1e20eb36 | Antony Chazapis | |
58 | 27f35ee3 | Antony Chazapis | WSGIScriptAlias /api /pithos/pithos/wsgi/pithos.wsgi |
59 | 27f35ee3 | Antony Chazapis | # WSGIDaemonProcess pithos |
60 | 27f35ee3 | Antony Chazapis | # WSGIProcessGroup pithos |
61 | 27f35ee3 | Antony Chazapis | |
62 | 27f35ee3 | Antony Chazapis | LogLevel warn |
63 | 27f35ee3 | Antony Chazapis | ErrorLog ${APACHE_LOG_DIR}/pithos.error.log |
64 | 27f35ee3 | Antony Chazapis | CustomLog ${APACHE_LOG_DIR}/pithos.access.log combined |
65 | 75453cf2 | Antony Chazapis | </VirtualHost> |
66 | 75453cf2 | Antony Chazapis | |
67 | 075ccdfa | root | To disable non-SSL connections, ``/etc/apache2/sites-available/pithos`` should be:: |
68 | 075ccdfa | root | |
69 | 075ccdfa | root | <VirtualHost *:80> |
70 | 075ccdfa | root | ServerAdmin webmaster@pithos.dev.grnet.gr |
71 | 075ccdfa | root | ServerName pithos.dev.grnet.gr |
72 | 075ccdfa | root | |
73 | 075ccdfa | root | RewriteEngine On |
74 | 075ccdfa | root | RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} |
75 | 075ccdfa | root | </VirtualHost> |
76 | 075ccdfa | root | |
77 | 7e318fc8 | Antony Chazapis | Edit ``/etc/apache2/sites-available/pithos-ssl`` (assuming files in ``/etc/ssl/private/pithos.dev.grnet.gr.key`` and ``/etc/ssl/certs/pithos.dev.grnet.gr.crt`` - change the ``ServerName`` directive):: |
78 | 75453cf2 | Antony Chazapis | |
79 | 75453cf2 | Antony Chazapis | <IfModule mod_ssl.c> |
80 | 75453cf2 | Antony Chazapis | <VirtualHost _default_:443> |
81 | 27f35ee3 | Antony Chazapis | ServerAdmin webmaster@pithos.dev.grnet.gr |
82 | 27f35ee3 | Antony Chazapis | ServerName pithos.dev.grnet.gr |
83 | 27f35ee3 | Antony Chazapis | |
84 | 27f35ee3 | Antony Chazapis | DocumentRoot /pithos/htdocs |
85 | 27f35ee3 | Antony Chazapis | Alias /ui "/var/www/pithos_web_client" |
86 | 27f35ee3 | Antony Chazapis | Alias /docs "/pithos/docs/build/html" |
87 | 27f35ee3 | Antony Chazapis | |
88 | 27f35ee3 | Antony Chazapis | <Directory /> |
89 | 27f35ee3 | Antony Chazapis | Options Indexes FollowSymLinks |
90 | 27f35ee3 | Antony Chazapis | AllowOverride None |
91 | 27f35ee3 | Antony Chazapis | Order allow,deny |
92 | 27f35ee3 | Antony Chazapis | Allow from all |
93 | 27f35ee3 | Antony Chazapis | </Directory> |
94 | 27f35ee3 | Antony Chazapis | |
95 | 8783fca7 | Antony Chazapis | SetEnv no-gzip |
96 | 8783fca7 | Antony Chazapis | SetEnv dont-vary |
97 | 8783fca7 | Antony Chazapis | |
98 | 27f35ee3 | Antony Chazapis | RewriteEngine On |
99 | 22062611 | Antony Chazapis | RewriteRule ^/v(.*) /api/v$1 [PT,NE] |
100 | 22062611 | Antony Chazapis | RewriteRule ^/public(.*) /api/public$1 [PT,NE] |
101 | 22062611 | Antony Chazapis | RewriteRule ^/tools(.*) /api/ui$1 [PT,NE] |
102 | 22062611 | Antony Chazapis | RewriteRule ^/im(.*) /api/im$1 [PT,NE] |
103 | 22062611 | Antony Chazapis | RewriteRule ^/login(.*) /api/im/login/dummy$1 [PT,NE] |
104 | 27f35ee3 | Antony Chazapis | |
105 | 1e20eb36 | Antony Chazapis | RequestHeader set X-Forwarded-Protocol "https" |
106 | 1e20eb36 | Antony Chazapis | |
107 | 27f35ee3 | Antony Chazapis | WSGIScriptAlias /api /pithos/pithos/wsgi/pithos.wsgi |
108 | 27f35ee3 | Antony Chazapis | # WSGIDaemonProcess pithos |
109 | 27f35ee3 | Antony Chazapis | # WSGIProcessGroup pithos |
110 | 27f35ee3 | Antony Chazapis | |
111 | 27f35ee3 | Antony Chazapis | LogLevel warn |
112 | 27f35ee3 | Antony Chazapis | ErrorLog ${APACHE_LOG_DIR}/pithos.error.log |
113 | 27f35ee3 | Antony Chazapis | CustomLog ${APACHE_LOG_DIR}/pithos.access.log combined |
114 | 27f35ee3 | Antony Chazapis | |
115 | 27f35ee3 | Antony Chazapis | SSLEngine on |
116 | 27f35ee3 | Antony Chazapis | SSLCertificateFile /etc/ssl/certs/pithos.dev.grnet.gr.crt |
117 | 27f35ee3 | Antony Chazapis | SSLCertificateKeyFile /etc/ssl/private/pithos.dev.grnet.gr.key |
118 | 75453cf2 | Antony Chazapis | </VirtualHost> |
119 | 75453cf2 | Antony Chazapis | </IfModule> |
120 | 75453cf2 | Antony Chazapis | |
121 | 0112e6e9 | Antony Chazapis | Add in ``/etc/apache2/mods-available/wsgi.conf``:: |
122 | 0112e6e9 | Antony Chazapis | |
123 | 0112e6e9 | Antony Chazapis | WSGIChunkedRequest On |
124 | 0112e6e9 | Antony Chazapis | |
125 | c290c4e5 | Antony Chazapis | Make sure the data folder is writable by the web server user:: |
126 | c290c4e5 | Antony Chazapis | |
127 | c290c4e5 | Antony Chazapis | chown -R www-data:www-data /pithos/pithos/data |
128 | c290c4e5 | Antony Chazapis | |
129 | c290c4e5 | Antony Chazapis | If using an SQLite database, the same goes for the database file and the containing folder:: |
130 | c290c4e5 | Antony Chazapis | |
131 | c290c4e5 | Antony Chazapis | chown www-data:www-data /pithos/pithos/ |
132 | c290c4e5 | Antony Chazapis | chown www-data:www-data /pithos/pithos/backend.db |
133 | c290c4e5 | Antony Chazapis | |
134 | 75453cf2 | Antony Chazapis | Configure and run apache:: |
135 | 75453cf2 | Antony Chazapis | |
136 | 75453cf2 | Antony Chazapis | a2enmod ssl |
137 | 75453cf2 | Antony Chazapis | a2enmod rewrite |
138 | 75453cf2 | Antony Chazapis | a2dissite default |
139 | 75453cf2 | Antony Chazapis | a2ensite pithos |
140 | 75453cf2 | Antony Chazapis | a2ensite pithos-ssl |
141 | 75453cf2 | Antony Chazapis | mkdir /var/www/pithos |
142 | 75453cf2 | Antony Chazapis | mkdir /var/www/pithos_web_client |
143 | 75453cf2 | Antony Chazapis | /etc/init.d/apache2 restart |
144 | e46798b5 | Antony Chazapis | |
145 | e46798b5 | Antony Chazapis | Useful alias to add in ``~/.bashrc``:: |
146 | e46798b5 | Antony Chazapis | |
147 | ddd45453 | Antony Chazapis | alias sync-pithos='cd /pithos && git pull && python setup.py build_sphinx && /etc/init.d/apache2 restart' |
148 | 904fdebe | Antony Chazapis | |
149 | aa62890f | Antony Chazapis | Gunicorn Setup |
150 | aa62890f | Antony Chazapis | -------------- |
151 | aa62890f | Antony Chazapis | |
152 | aa62890f | Antony Chazapis | Add in ``/etc/apt/sources.list``:: |
153 | aa62890f | Antony Chazapis | |
154 | aa62890f | Antony Chazapis | deb http://backports.debian.org/debian-backports squeeze-backports main |
155 | aa62890f | Antony Chazapis | |
156 | aa62890f | Antony Chazapis | Then:: |
157 | aa62890f | Antony Chazapis | |
158 | aa62890f | Antony Chazapis | apt-get update |
159 | aa62890f | Antony Chazapis | apt-get -t squeeze-backports install gunicorn |
160 | aa62890f | Antony Chazapis | apt-get -t squeeze-backports install python-gevent |
161 | aa62890f | Antony Chazapis | |
162 | aa62890f | Antony Chazapis | Create ``/etc/gunicorn.d/pithos``:: |
163 | aa62890f | Antony Chazapis | |
164 | aa62890f | Antony Chazapis | CONFIG = { |
165 | aa62890f | Antony Chazapis | 'mode': 'django', |
166 | aa62890f | Antony Chazapis | 'working_dir': '/pithos/pithos', |
167 | aa62890f | Antony Chazapis | 'user': 'www-data', |
168 | aa62890f | Antony Chazapis | 'group': 'www-data', |
169 | aa62890f | Antony Chazapis | 'args': ( |
170 | aa62890f | Antony Chazapis | '--bind=[::]:8080', |
171 | aa62890f | Antony Chazapis | '--worker-class=egg:gunicorn#gevent', |
172 | aa62890f | Antony Chazapis | '--workers=4', |
173 | aa62890f | Antony Chazapis | '--log-level=debug', |
174 | aa62890f | Antony Chazapis | '/pithos/pithos/settings.py', |
175 | aa62890f | Antony Chazapis | ), |
176 | aa62890f | Antony Chazapis | } |
177 | aa62890f | Antony Chazapis | |
178 | aa62890f | Antony Chazapis | Replace the ``WSGI*`` directives in ``/etc/apache2/sites-available/pithos`` and ``/etc/apache2/sites-available/pithos-ssl`` with:: |
179 | aa62890f | Antony Chazapis | |
180 | aa62890f | Antony Chazapis | <Proxy *> |
181 | aa62890f | Antony Chazapis | Order allow,deny |
182 | aa62890f | Antony Chazapis | Allow from all |
183 | aa62890f | Antony Chazapis | </Proxy> |
184 | aa62890f | Antony Chazapis | |
185 | aa62890f | Antony Chazapis | SetEnv proxy-sendchunked |
186 | aa62890f | Antony Chazapis | SSLProxyEngine off |
187 | aa62890f | Antony Chazapis | ProxyErrorOverride off |
188 | aa62890f | Antony Chazapis | |
189 | aa62890f | Antony Chazapis | ProxyPass /api http://localhost:8080 retry=0 |
190 | aa62890f | Antony Chazapis | ProxyPassReverse /api http://localhost:8080 |
191 | aa62890f | Antony Chazapis | |
192 | c4af6d07 | Antony Chazapis | Make sure that in ``settings.local``:: |
193 | 4048f62c | Antony Chazapis | |
194 | 4048f62c | Antony Chazapis | USE_X_FORWARDED_HOST = True |
195 | 4048f62c | Antony Chazapis | |
196 | aa62890f | Antony Chazapis | Configure and run:: |
197 | aa62890f | Antony Chazapis | |
198 | aa62890f | Antony Chazapis | /etc/init.d/gunicorn restart |
199 | aa62890f | Antony Chazapis | a2enmod proxy |
200 | aa62890f | Antony Chazapis | a2enmod proxy_http |
201 | aa62890f | Antony Chazapis | /etc/init.d/apache2 restart |
202 | aa62890f | Antony Chazapis | |
203 | ed4b77a1 | Antony Chazapis | If experiencing timeout problems, try adding to ``/etc/gunicorn.d/pithos``:: |
204 | ed4b77a1 | Antony Chazapis | |
205 | ed4b77a1 | Antony Chazapis | ... |
206 | ed4b77a1 | Antony Chazapis | '--timeout=43200', |
207 | ed4b77a1 | Antony Chazapis | ... |
208 | ed4b77a1 | Antony Chazapis | |
209 | 904fdebe | Antony Chazapis | Shibboleth Setup |
210 | 904fdebe | Antony Chazapis | ---------------- |
211 | 904fdebe | Antony Chazapis | |
212 | 904fdebe | Antony Chazapis | Install package:: |
213 | 904fdebe | Antony Chazapis | |
214 | 904fdebe | Antony Chazapis | apt-get install libapache2-mod-shib2 |
215 | 904fdebe | Antony Chazapis | |
216 | 904fdebe | Antony Chazapis | Setup the files in ``/etc/shibboleth``. |
217 | 904fdebe | Antony Chazapis | |
218 | 1a24acbf | Antony Chazapis | Add in ``/etc/apache2/sites-available/pithos-ssl``:: |
219 | 904fdebe | Antony Chazapis | |
220 | aa62890f | Antony Chazapis | ShibConfig /etc/shibboleth/shibboleth2.xml |
221 | aa62890f | Antony Chazapis | Alias /shibboleth-sp /usr/share/shibboleth |
222 | 904fdebe | Antony Chazapis | |
223 | 22062611 | Antony Chazapis | <Location /api/im/login/shibboleth> |
224 | aa62890f | Antony Chazapis | AuthType shibboleth |
225 | aa62890f | Antony Chazapis | ShibRequireSession On |
226 | aa62890f | Antony Chazapis | ShibUseHeaders On |
227 | aa62890f | Antony Chazapis | require valid-user |
228 | aa62890f | Antony Chazapis | </Location> |
229 | 904fdebe | Antony Chazapis | |
230 | 904fdebe | Antony Chazapis | Configure and run apache:: |
231 | 904fdebe | Antony Chazapis | |
232 | 904fdebe | Antony Chazapis | a2enmod shib2 |
233 | 904fdebe | Antony Chazapis | /etc/init.d/apache2 restart |
234 | 904fdebe | Antony Chazapis | /etc/init.d/shibd restart |
235 | e46798b5 | Antony Chazapis | |
236 | 8af4c26d | Antony Chazapis | The following tokens should be available at the destination, after passing through the apache module:: |
237 | 8af4c26d | Antony Chazapis | |
238 | 258bb7dd | Antony Chazapis | eppn # eduPersonPrincipalName |
239 | 258bb7dd | Antony Chazapis | Shib-InetOrgPerson-givenName |
240 | 258bb7dd | Antony Chazapis | Shib-Person-surname |
241 | 258bb7dd | Antony Chazapis | Shib-Person-commonName |
242 | 258bb7dd | Antony Chazapis | Shib-InetOrgPerson-displayName |
243 | 258bb7dd | Antony Chazapis | Shib-EP-Affiliation |
244 | 258bb7dd | Antony Chazapis | Shib-Session-ID |
245 | 8af4c26d | Antony Chazapis | |
246 | e46798b5 | Antony Chazapis | MySQL Setup |
247 | e46798b5 | Antony Chazapis | ----------- |
248 | e46798b5 | Antony Chazapis | |
249 | e46798b5 | Antony Chazapis | If using MySQL instead of SQLite for the database engine, consider the following. |
250 | e46798b5 | Antony Chazapis | |
251 | e46798b5 | Antony Chazapis | Server side:: |
252 | e46798b5 | Antony Chazapis | |
253 | e46798b5 | Antony Chazapis | apt-get install mysql-server |
254 | e46798b5 | Antony Chazapis | |
255 | 8ed4d90d | Antony Chazapis | Add in ``/etc/mysql/conf.d/pithos.cnf``:: |
256 | 8ed4d90d | Antony Chazapis | |
257 | 8ed4d90d | Antony Chazapis | [mysqld] |
258 | 8ed4d90d | Antony Chazapis | sql-mode="NO_AUTO_VALUE_ON_ZERO" |
259 | 8ed4d90d | Antony Chazapis | |
260 | e46798b5 | Antony Chazapis | Edit ``/etc/mysql/my.cnf`` to allow network connections and restart the server. |
261 | e46798b5 | Antony Chazapis | |
262 | e46798b5 | Antony Chazapis | Create database and user:: |
263 | e46798b5 | Antony Chazapis | |
264 | fbe91e6c | Antony Chazapis | CREATE DATABASE pithos CHARACTER SET utf8 COLLATE utf8_bin; |
265 | e46798b5 | Antony Chazapis | GRANT ALL ON pithos.* TO pithos@localhost IDENTIFIED BY 'password'; |
266 | e46798b5 | Antony Chazapis | GRANT ALL ON pithos.* TO pithos@'%' IDENTIFIED BY 'password'; |
267 | e46798b5 | Antony Chazapis | |
268 | e46798b5 | Antony Chazapis | Client side:: |
269 | e46798b5 | Antony Chazapis | |
270 | e46798b5 | Antony Chazapis | apt-get install mysql-client |
271 | e46798b5 | Antony Chazapis | |
272 | e46798b5 | Antony Chazapis | It helps to create a ``~/.my.cnf`` file, for automatically connecting to the server:: |
273 | e46798b5 | Antony Chazapis | |
274 | e46798b5 | Antony Chazapis | [client] |
275 | e46798b5 | Antony Chazapis | user = pithos |
276 | e46798b5 | Antony Chazapis | password = 'password' |
277 | e46798b5 | Antony Chazapis | host = pithos-storage.dev.grnet.gr |
278 | e46798b5 | Antony Chazapis | |
279 | e46798b5 | Antony Chazapis | [mysql] |
280 | e46798b5 | Antony Chazapis | database = pithos |
281 | 6728c32f | Antony Chazapis | |
282 | 6728c32f | Antony Chazapis | PostgreSQL Setup |
283 | 6728c32f | Antony Chazapis | ---------------- |
284 | 6728c32f | Antony Chazapis | |
285 | 6728c32f | Antony Chazapis | If using PostgreSQL instead of SQLite for the database engine, consider the following. |
286 | 6728c32f | Antony Chazapis | |
287 | 6728c32f | Antony Chazapis | Server side:: |
288 | 6728c32f | Antony Chazapis | |
289 | 6728c32f | Antony Chazapis | apt-get install postgresql |
290 | 6728c32f | Antony Chazapis | |
291 | 6728c32f | Antony Chazapis | Edit ``/etc/postgresql/8.4/main/postgresql.conf`` and ``/etc/postgresql/8.4/main/pg_hba.conf`` to allow network connections and restart the server. |
292 | 6728c32f | Antony Chazapis | |
293 | 6728c32f | Antony Chazapis | Create database and user:: |
294 | 6728c32f | Antony Chazapis | |
295 | 6728c32f | Antony Chazapis | CREATE DATABASE pithos WITH ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' TEMPLATE=template0; |
296 | 6728c32f | Antony Chazapis | CREATE USER pithos WITH PASSWORD 'password'; |
297 | 6728c32f | Antony Chazapis | GRANT ALL PRIVILEGES ON DATABASE pithos TO pithos; |
298 | 6728c32f | Antony Chazapis | |
299 | 6728c32f | Antony Chazapis | Client side:: |
300 | 6728c32f | Antony Chazapis | |
301 | 6728c32f | Antony Chazapis | apt-get install postgresql-client |
302 | 6728c32f | Antony Chazapis | |
303 | 6728c32f | Antony Chazapis | It helps to create a ``~/.pgpass`` file, for automatically passing the password to the server:: |
304 | 6728c32f | Antony Chazapis | |
305 | 6728c32f | Antony Chazapis | pithos-storage.dev.grnet.gr:5432:pithos:pithos:password |
306 | 6728c32f | Antony Chazapis | |
307 | 6728c32f | Antony Chazapis | Connect with:: |
308 | 6728c32f | Antony Chazapis | |
309 | 6728c32f | Antony Chazapis | psql -h pithos-storage.dev.grnet.gr -U pithos |