Differences between revisions 12 and 13
Deletions are marked like this. Additions are marked like this.
Line 112: Line 112:

Line 115: Line 113:
  * /var/pubcookie
 * suexec
  * right now, divert debian suexec & copy in our own patched version from apache collections
   * dpkg-divert --divert /usr/lib/apache2/suexec.apache --rename /usr/lib/apache2/suexec
  * could make this into a deb someday
  * requires cgi_limits.db in apache config directory 		  * install libapache2-mod-pubcookie pubcookie-config pubcookie-key-client
  * Copy andrew defaults into /etc/pubcookie/config
  * Drop granting, www.contrib, my.contrib keys into /var/lib/pubcookie/keys from previous machine
 * suexec deb (cclub)
  * Forward-port any necessary updates to deb src and rebuild
   * Should be pretty stable across apache-2.2.*
  * requires cgi_limits.db in /etc/apache2
Line 123: Line 122:
 * cwscript collection
  * put cron/contrib_{user,cgi_user}_update.sh in cron
 * add mycontrib to /etc/passwd.system

Contrib-CGI

The CGI back-end server gets passed requests for CGI scripts that come into the front-ends.

Squeeze

Nonbasic Debian Packages Installed

Note: dependencies are not necessarily included here. Installing the enumerated packages should pull all those in too.

  • Apache
    • apache2-mpm-prefork
    • libapache2-mod-auth-kerb (not really used on contrib-cgi, but why not)
  • PHP
    • php5-cgi
    • php5-cli
    • php5-curl
    • php5-gd
    • php5-imagick
    • php5-ldap
    • php5-mysql
    • php5-pgsql
    • php5-xsl
    • php5-sqlite
    • php5-remctl
  • python/python2
    • python-xapian
    • python-remctl
    • python-yaml
    • python-sqlite
    • python-opencv
    • python-gd
    • python-mysqldb
    • python-pgsql
    • python-recaptcha
    • python-gdbm
    • python-sqlite
    • python-webpy
  • python3
    • python3-yaml
    • python3-gdbm
    • python3-yaml
  • ruby
    • ruby1.8
    • ruby1.9
  • Packages for perl modules installed (not including their dependencies):
    • libcrypt-passwdmd5-perl (Crypt::PasswdMD5)
    • libdbd-mysql-perl (DBD::mysql)
    • libdbd-pg-perl (DBD::pg)
    • libdbi-perl (DBI)
    • libwww-perl (LWP)
    • libcrypt-ssleay-perl (Crypt::SSLeay)
    • libgd-gd2-perl (GD)
    • libnet-ldap-perl (Net::LDAP)
    • libarchive-zip-perl (Archive::Zip)
    • libhtml-template-perl (HTML::Template)
    • libnet-finger-perl (Net::Finger)

    • libgraphics-magick-perl (GraphicsMagick)

    • libdbd-sqlite3-perl (DBD::SQLite)
  • Other nonstandard packages installed:
    • acl (extended POSIX ACLs)
    • daemontools daemontools-run svtools
  • Other useful things not likely necessary for operation
    • mysql-client
    • postgresql-client
    • gs

Setup Procedure

  • Install packages
  • multilog for apache
    • move svscanboot above init.d stuff in /etc/inittab (daemontools-run package bug)
    • add apache_access_log and apache_error_log multilog setups in /etc/service
    • mkdir /var/log/apache2/{access_log,error_log}
  • php
    • dpkg-divert --divert /usr/bin/php5-cli --rename /usr/bin/php5
    • cd /usr/bin
    • ln -s php5-cgi php5
  • apache
    • Add users (currently mycontrib, contribkey, cgi-bin, and boguscgi) to /etc/passwd.system
  • apache support stuff
    • setup /var/apache/andrew-contrib (contains org and usr symlink trees)
      • mkdir /var/apache/andrew-contrib/{org,usr}
      • touch /var/apache/andrew-contrib/passwd.old
    • cwscript (scripts that make contrib go round)
      • copy cwscript-001 from collections into /usr/local/stow
      • make sure to get sql_*.pm with passwords from old contrib-cgi or backup
      • cd /usr/local/stow; stow cwscript-001
      • add /usr/local/cwscript/cron/contrib_user_update.sh to cron for daily
      • add /usr/local/cwscript/cron/contrib_cgi_user_update.sh to cron for twice-daily
      • run /usr/local/cwscript/cron/contrib_user_update.sh once for setup

      • (etch -> squeeze required update of paths in scripts from /etc/apache -> /etc/apache2)

    • keep going on /var/apache
      • copy scary stuff in andrew-contrib-internal
      • copy cgikeys
        • for i in *; do setfacl -m u:$i:r-- $i; done
      • fix owner/group ownership of mycontrib stuff
  • apache - debian package
    • configs in /etc/apache2 - update paths and port to new configfile format as needed
  • pubcookie debs (cclub)
    • install libapache2-mod-pubcookie pubcookie-config pubcookie-key-client
    • Copy andrew defaults into /etc/pubcookie/config
    • Drop granting, www.contrib, my.contrib keys into /var/lib/pubcookie/keys from previous machine
  • suexec deb (cclub)
    • Forward-port any necessary updates to deb src and rebuild
      • Should be pretty stable across apache-2.2.*
    • requires cgi_limits.db in /etc/apache2

      • recompile update_cgi_limits & dump_cgi_limits in andrew-contrib-internal

      • rebuild from cgi_limits.conf using update_cgi_limits if dump_cgi_limits fails to read the db (eg architecture/version change)
  • binfmt
    • /var/lib/binfmts

Etch

Nonbasic Debian Packages Installed

Note: dependencies are not necessarily included here. Installing the enumerated packages should pull all those in too.

Etch

  • Apache
    • apache2-mpm-prefork
    • apache2-prefork-dev
    • libapache2-mod-pubcookie (club package; none exists in debian [yet?])
    • libapache2-mod-auth-kerb (club package; not really used on contrib-cgi, but why not)
  • PHP4
    • php4
    • php4-cgi
    • php4-cli
    • php4-common
    • php4-curl
    • php4-dev
    • php4-gd
    • php4-imagick
    • php4-ldap
    • php4-mysql
    • php4-pgsql
  • PHP5
    • php5
    • php5-cgi
    • php5-cli
    • php5-common
    • php5-curl
    • php5-dev
    • php5-gd
    • php5-imagick
    • php5-ldap
    • php5-mysql
    • php5-pgsql
  • Other scripting langs
    • python
    • ruby
  • Packages for perl modules installed (not including their dependencies):
    • libcrypt-passwdmd5-perl (Crypt::PasswdMD5)
    • libdbd-mysql-perl (DBD::mysql)
    • libdbd-pg-perl (DBD::pg)
    • libdbi-perl (DBI)
    • libwww-perl (LWP)
    • libcrypt-ssleay-perl (Crypt::SSLeay)
    • libgd-gd2-perl (GD)
    • libnet-ldap-perl (Net::LDAP)
    • libarchive-zip-perl (Archive::Zip)
    • libhtml-template-perl (HTML::Template)
    • libnet-finger-perl (Net::Finger)
  • Other nonstandard packages installed:
    • acl (extended POSIX ACLs)
  • Other useful things not likely necessary for operation
    • mysql-client
    • postgresql-client
    • gs

Setup Procedure

  • Install packages
  • apache - debian package
    • configs in /etc/apache2
    • various files in /var/apache
  • mod_auth_kerb (cclub) - installed but not really used on contrib-cgi
  • pubcookie debs (cclub)
    • /var/pubcookie
  • suexec

    • right now, divert debian suexec & copy in our own patched version from apache collections

      • dpkg-divert --divert /usr/lib/apache2/suexec.apache --rename /usr/lib/apache2/suexec
    • could make this into a deb someday
    • requires cgi_limits.db in apache config directory

      • recompile update_cgi_limits & dump_cgi_limits in andrew-contrib-internal

      • rebuild from cgi_limits.conf using update_cgi_limits if dump_cgi_limits fails to read the db (eg architecture/version change)
  • multilog for apache
    • symlink /var/apache/logs/apache* to /var/service
    • mess with djbdaemon foo as necessary
  • cwscript collection
    • put cron/contrib_{user,cgi_user}_update.sh in cron
  • add mycontrib to /etc/passwd.system
  • binfmt
    • /var/lib/binfmts
  • php
    • dpkg-divert --divert /usr/bin/php4-cli --rename /usr/bin/php4
    • dpkg-divert --divert /usr/bin/php5-cli --rename /usr/bin/php5
    • cd /usr/bin
    • ln -s php4-cgi php4
    • ln -s php5-cgi php5

Services/Contrib CGI (last edited 2017-01-23 09:05:50 by mdille3@CLUB.CC.CMU.EDU)