• Services
• Contrib CGI

Contrib-CGI

The CGI back-end server gets passed requests for CGI scripts that come into the front-ends.

Squeeze

Nonbasic Debian Packages Installed

Note: dependencies are not necessarily included here. Installing the enumerated packages should pull all those in too.

• Apache
  • apache2-mpm-prefork
  • libapache2-mod-auth-kerb (not really used on contrib-cgi, but why not)
• PHP
  • php5-cgi
  • php5-cli
  • php5-curl
  • php5-gd
  • php5-imagick
  • php5-ldap
  • php5-mysql
  • php5-pgsql
  • php5-xsl
  • php5-sqlite
  • php5-remctl
• python/python2
  • python-xapian
  • python-remctl
  • python-yaml
  • python-sqlite
  • python-opencv
  • python-gd
  • python-mysqldb
  • python-pgsql
  • python-recaptcha
  • python-gdbm
  • python-sqlite
  • python-webpy
• python3
  • python3-yaml
  • python3-gdbm
  • python3-yaml
• ruby
  • ruby1.8
  • ruby1.9
• Packages for perl modules installed (not including their dependencies):
  • libcrypt-passwdmd5-perl (Crypt::PasswdMD5)
  • libdbd-mysql-perl (DBD::mysql)
  • libdbd-pg-perl (DBD::pg)
  • libdbi-perl (DBI)
  • libwww-perl (LWP)
  • libcrypt-ssleay-perl (Crypt::SSLeay)
  • libgd-gd2-perl (GD)
  • libnet-ldap-perl (Net::LDAP)
  • libarchive-zip-perl (Archive::Zip)
  • libhtml-template-perl (HTML::Template)
  • libnet-finger-perl (Net::Finger)

  • libgraphics-magick-perl (GraphicsMagick)

  • libdbd-sqlite3-perl (DBD::SQLite)
  • libnet-remctl-perl (Net::Remctl)
• Other nonstandard packages installed:
  • acl (extended POSIX ACLs)
  • daemontools daemontools-run svtools
• Other useful things not likely necessary for operation
  • mysql-client
  • postgresql-client
  • gs

Setup Procedure

• Install packages
• multilog for apache
  • move svscanboot above init.d stuff in /etc/inittab (daemontools-run package bug)
  • add apache_access_log and apache_error_log multilog setups in /etc/service
  • mkdir /var/log/apache2/{access_log,error_log}
• php
  • dpkg-divert --divert /usr/bin/php5-cli --rename /usr/bin/php5
  • cd /usr/bin
  • ln -s php5-cgi php5
  • Disable cgi.force_redirect in /etc/php5/cgi/php.ini
• apache
  • Add users (currently mycontrib, contribkey, cgi-bin, and boguscgi) to /etc/passwd.system
• apache support stuff
  • setup /var/apache/andrew-contrib (contains org and usr symlink trees)
    • mkdir /var/apache/andrew-contrib/{org,usr}
    • touch /var/apache/andrew-contrib/passwd.old
  • cwscript (scripts that make contrib go round)
    • copy cwscript-001 from collections into /usr/local/stow
    • make sure to get sql_*.pm with passwords from old contrib-cgi or backup
    • cd /usr/local/stow; stow cwscript-001
    • add /usr/local/cwscript/cron/contrib_user_update.sh to cron for daily
    • add /usr/local/cwscript/cron/contrib_cgi_user_update.sh to cron for twice-daily
    • run /usr/local/cwscript/cron/contrib_user_update.sh once for setup

    • (etch -> squeeze required update of paths in scripts from /etc/apache -> /etc/apache2)

  • keep going on /var/apache
    • copy scary stuff in andrew-contrib-internal
    • copy cgikeys
      • for i in *; do setfacl -m u:$i:r-- $i; done
    • fix owner/group ownership of mycontrib stuff
• apache - debian package
  • configs in /etc/apache2 - update paths and port to new configfile format as needed
• pubcookie debs (cclub)
  • install libapache2-mod-pubcookie pubcookie-config pubcookie-key-client
  • Copy andrew defaults into /etc/pubcookie/config
  • Drop granting, www.contrib, my.contrib keys into /var/lib/pubcookie/keys from previous machine

  • Tweak mods-available/pubcookie.conf to set PubcookieAuthTypeNames and comment out their defaults

• suexec deb (cclub)
  • Forward-port any necessary updates to deb src and rebuild
    • Should be pretty stable across apache-2.2.*
  • requires cgi_limits.db in /etc/apache2

    • recompile update_cgi_limits & dump_cgi_limits in andrew-contrib-internal

    • rebuild from cgi_limits.conf using update_cgi_limits if dump_cgi_limits fails to read the db (eg architecture/version change)
• binfmt
  • copy /var/lib/binfmts from source machine or backup
  • Formats so far: python (magic), php (extension) -- do .php, .php5, and .php4 for backwards-compat
• Setup /var/log/apache2/cgi for userlogging
  • Copy /var/apache/andrew-contrib-internal/rotate_userlogs.sh and /etc/logrotate.d/cgilogs from prior machine or backup

Etch

Nonbasic Debian Packages Installed

Note: dependencies are not necessarily included here. Installing the enumerated packages should pull all those in too.

Etch

• Apache
  • apache2-mpm-prefork
  • apache2-prefork-dev
  • libapache2-mod-pubcookie (club package; none exists in debian [yet?])
  • libapache2-mod-auth-kerb (club package; not really used on contrib-cgi, but why not)
• PHP4
  • php4
  • php4-cgi
  • php4-cli
  • php4-common
  • php4-curl
  • php4-dev
  • php4-gd
  • php4-imagick
  • php4-ldap
  • php4-mysql
  • php4-pgsql
• PHP5
  • php5
  • php5-cgi
  • php5-cli
  • php5-common
  • php5-curl
  • php5-dev
  • php5-gd
  • php5-imagick
  • php5-ldap
  • php5-mysql
  • php5-pgsql
• Other scripting langs
  • python
  • ruby
• Packages for perl modules installed (not including their dependencies):
  • libcrypt-passwdmd5-perl (Crypt::PasswdMD5)
  • libdbd-mysql-perl (DBD::mysql)
  • libdbd-pg-perl (DBD::pg)
  • libdbi-perl (DBI)
  • libwww-perl (LWP)
  • libcrypt-ssleay-perl (Crypt::SSLeay)
  • libgd-gd2-perl (GD)
  • libnet-ldap-perl (Net::LDAP)
  • libarchive-zip-perl (Archive::Zip)
  • libhtml-template-perl (HTML::Template)
  • libnet-finger-perl (Net::Finger)
• Other nonstandard packages installed:
  • acl (extended POSIX ACLs)
• Other useful things not likely necessary for operation
  • mysql-client
  • postgresql-client
  • gs

Setup Procedure

• Install packages
• apache - debian package
  • configs in /etc/apache2
  • various files in /var/apache
• mod_auth_kerb (cclub) - installed but not really used on contrib-cgi
• pubcookie debs (cclub)
  • /var/pubcookie
• suexec

  • right now, divert debian suexec & copy in our own patched version from apache collections

    • dpkg-divert --divert /usr/lib/apache2/suexec.apache --rename /usr/lib/apache2/suexec
  • could make this into a deb someday
  • requires cgi_limits.db in apache config directory

    • recompile update_cgi_limits & dump_cgi_limits in andrew-contrib-internal

    • rebuild from cgi_limits.conf using update_cgi_limits if dump_cgi_limits fails to read the db (eg architecture/version change)
• multilog for apache
  • symlink /var/apache/logs/apache* to /var/service
  • mess with djbdaemon foo as necessary
• cwscript collection
  • put cron/contrib_{user,cgi_user}_update.sh in cron
• add mycontrib to /etc/passwd.system
• binfmt
  • /var/lib/binfmts
• php
  • dpkg-divert --divert /usr/bin/php4-cli --rename /usr/bin/php4
  • dpkg-divert --divert /usr/bin/php5-cli --rename /usr/bin/php5
  • cd /usr/bin
  • ln -s php4-cgi php4
  • ln -s php5-cgi php5