Difference between revisions of "SME Server on Scientific Linux"

From SME Server
Jump to navigationJump to search
 
(29 intermediate revisions by the same user not shown)
Line 18: Line 18:
  
 
== SME Server 9.0 on top of Scientific Linux ==
 
== SME Server 9.0 on top of Scientific Linux ==
The installation instructions of SME Server functionality are based on minimal installation of Scientific Linux 6.3 64-bit and SME Server 9.0alpha1 repository. Please use a virtual environment to test your results. Virtual environments may include e.g. VirtualBox (free), VMWare, KVM or Xen.
+
The installation instructions of SME Server functionality are based on minimal installation of Scientific Linux 6.5 64-bit and SME Server 9.0 repository. Please use a virtual environment to test your results. Virtual environments may include e.g. VirtualBox (free), VMWare, KVM or Xen.
  
  
 
==== Install SL minimal ====
 
==== Install SL minimal ====
SME Server functionality is only tested with a minimal install of Scientific Linux. To be able to install 'SL minimal' one must use the DVD install ISO. Other available downloads like the LiveCD etc. do not have the option to install 'SL minimal'.
+
SME Server functionality is only tested with a minimal install of Scientific Linux. To install 'SL minimal' one can use the boot.iso. A internet connection is required. The URL required for performing a net install must point to the /pub/scientific-linux/6.5/x86_64/os/ diretory of the mirror you use.
  
You can download the SL DVD install CD from either [http://ftp.scientificlinux.org/linux/scientific/6.3/x86_64/iso/SL-63-x86_64-2012-08-02-Install-DVD.iso here], [http://ftp1.scientificlinux.org/linux/scientific/6.3/x86_64/iso/SL-63-x86_64-2012-08-02-Install-DVD.iso here] or [ftp://ftp.scientificlinux.org/linux/scientific/6.3/x86_64/iso/SL-63-x86_64-2012-08-02-Install-DVD.iso here]. Install SL minimal in your virtual environment which should have at least:
+
You can download the SL boot.iso from one of the many scientific mirrors. Install SL minimal in your virtual environment which should have at least:
  
 
* 1Gb RAM memory
 
* 1Gb RAM memory
Line 32: Line 32:
  
  
When using the SL install DVD you have the option to select what to install. Please select 'minimal' and leave all other options as per their defaults.
+
Boot the boot.iso and follow instruction. Once the graphical installer starts, select 'minimal' and leave all other options as per their defaults.
  
 
Once the installation has finished, please reboot and continue with enabling networking and SSH.
 
Once the installation has finished, please reboot and continue with enabling networking and SSH.
Line 38: Line 38:
  
 
==== Enable networking and SSH ====
 
==== Enable networking and SSH ====
Login as root with the password what was provided at installation time. To enable networking please issue:
+
This step may not be required. Please check after login with ifconfig your networking configuration. Otherwise, login as root with the password what was provided at installation time. To enable networking please issue:
 
  ifup eth0
 
  ifup eth0
  
Line 46: Line 46:
 
SSH will now be enabled. Please log in remotely via SSH and further instructions are based on the fact that you are remotely logged in via ssh. Specifically for Cut and Paste operations.
 
SSH will now be enabled. Please log in remotely via SSH and further instructions are based on the fact that you are remotely logged in via ssh. Specifically for Cut and Paste operations.
  
==== Install nano ====
 
If you are not familiar with vi or vim, you can install the nano editor. This page assumes that you have installed nano. Please install nano as follows by issuing as root on the console:
 
yum install nano
 
  
 +
==== Install nano and wget ====
 +
If you are not familiar with vi or vim, you can install the nano editor. This page assumes that you have installed nano. Please install nano and wget as follows by issuing as root on the console:
 +
yum install nano wget
  
 
==== Disable SELinux ====
 
==== Disable SELinux ====
Line 61: Line 61:
  
  
==== Add SME Server repo's ====
+
==== Update SL ====
To be able to download the required packages we need to add the SME Server repo's. The auto-selected (closest) mirror may not be the fastest, and you may want to hash out the 'mirrorlist=' line entries and replace them with 'baseURL=' with a repo location of your choice. Please see this the [http://mirror.contribs.org/mirrors/ download locations overview].
+
Now is a good time to update your SL installation with the latest (security) updates:
 +
yum update
  
The below example uses a fixed URl to download the RPM's. In general this URL is fast and reliable so there is no immediate need to change these URL's.
+
==== Add SME Server repo ====
 +
To be able to download the required packages we need to add the SME Server repo:
 +
nano -w /etc/yum.repos.d/smeos9.repo
  
To add the smeos9 repo's please copy the below text in the block and and issue the following commands:
+
and paste the following into it:
nano -w /etc/yum.repos.d/smeos9.repo
 
and paste the following into the new '/etc/yum.repos.d/smeos9.repo' file
 
  
 
  [smeos9]
 
  [smeos9]
 
  enabled=1
 
  enabled=1
  BaseURL=http://ftp.nluug.nl/os/Linux/distr/smeserver/releases/testing/9/smeos/$basearch
+
  MirrorList=http://mirrorlist.contribs.org/mirrorlist/smeos-9
 
  name=SME Server9 - os
 
  name=SME Server9 - os
gpgcheck=1
 
 
  enablegroups=1
 
  enablegroups=1
gpgkey = http://mirror.contribs.org/releases/testing/9/smeos/$basearch/RPM-GPG-KEY-SMEServer
 
includepkgs = e-smith\* smeserver\* *.sme.* clamav* clamd* mhash tbb perl-* htop proftpd
 
php-pear-* GeoIP mod_auth_tkt radiusclient-ng nut-client nut pyzor oidentd rssh pam_abl clamav
 
par2cmdline DCC wv checkpassword-pam pv razor-agents clam-db
 
 
 
[smeupdates9]
 
enabled=1
 
BaseURL=http://ftp.nluug.nl/os/Linux/distr/smeserver/releases/testing/9/smeupdates/$basearch
 
name=SME Server9 - updates
 
 
  gpgcheck=1
 
  gpgcheck=1
enablegroups=1
+
  includepkgs = e-smith\* smeserver\* *.sme.* clamav* clamd* *dar mod_authnz* mhash tbb perl-* htop proftpd php-pear-* GeoIP mod_auth_tkt radiusclient-ng nut-client nut pyzor oidentd rssh pam_abl clamav par2cmdline DCC wv checkpassword pam pv razor-agents clam-db initscripts checkpassword-pam
gpgkey = http://mirror.contribs.org/releases/testing/9/smeos/$basearch/RPM-GPG-KEY-SMEServer
 
  includepkgs = e-smith\* smeserver\* *.sme.* clamav* clamd* mhash tbb perl-* htop proftpd
 
php-pear-* GeoIP mod_auth_tkt radiusclient-ng nut-client nut pyzor oidentd rssh pam_abl clamav
 
par2cmdline DCC wv checkpassword-pam pv razor-agents clam-db
 
 
 
[smeupdates-testing9]
 
enabled=1
 
BaseURL=http://ftp.nluug.nl/os/Linux/distr/smeserver/releases/testing/9/smeupdates-testing/$basearch
 
name=SME Server9 - updates testing
 
gpgcheck=1
 
enablegroups=1
 
gpgkey = http://mirror.contribs.org/releases/testing/9/smeos/$basearch/RPM-GPG-KEY-SMEServer
 
includepkgs = e-smith\* smeserver\* *.sme.* clamav* clamd* mhash tbb perl-* htop proftpd
 
php-pear-* GeoIP mod_auth_tkt radiusclient-ng nut-client nut pyzor oidentd rssh pam_abl clamav
 
par2cmdline DCC wv checkpassword-pam pv razor-agents clam-db
 
  
  
 
Now we can install the required packages from the repo's. The ''includepkgs'' line in the SME Server repo file ensure that '''only''' the required packages for SME Server will come from the SME repo's, and all others from the sl repo's.
 
Now we can install the required packages from the repo's. The ''includepkgs'' line in the SME Server repo file ensure that '''only''' the required packages for SME Server will come from the SME repo's, and all others from the sl repo's.
  yum install e-smith\* smeserver\* --exclude=smeserver-release*,*86 --nogpg
+
  yum install e-smith\* smeserver\* *.sme.* initscripts --exclude=smeserver-release*,*86 --nogpg
  
 
This will result in the following summary. The numbers may vary depending on the changes in the repositories.
 
This will result in the following summary. The numbers may vary depending on the changes in the repositories.
Transaction Summary
+
Transaction Summary
  Install    379 Package(s)
+
  Install    402 Package(s)
  Total size: 164 M
+
  Upgrade      1 Package(s)
  Installed size: 481 M
+
  Total size: 232 M
  
==== Yum upgrade ====
+
After yum is finished and all packages are installed, we can remove the temporary /etc/yum.repos.d/smeos9.repo file:
After the initial installation of the required packages, a yum upgrade is required without enabling or disabling repo's
+
  rm -f /etc/yum.repos.d/smeos9.repo
  yum upgrade --nogpg
 
  
 
==== Post-upgrade/reboot ====
 
==== Post-upgrade/reboot ====
Line 131: Line 104:
 
After the first boot, there is the opportunity to restore from a backup and a new root (admin) password will be asked. This may be the same as you used for the initial installation of SL or you can set a new one. After setting the root password, SME Server will configure additional settings and automatically reboot.
 
After the first boot, there is the opportunity to restore from a backup and a new root (admin) password will be asked. This may be the same as you used for the initial installation of SL or you can set a new one. After setting the root password, SME Server will configure additional settings and automatically reboot.
  
==== Enable ssh access ====
 
Since we are now in SME Server mode, we need to enable ssh acces the 'SME Server way'. To enable ssh access from this point on, please issue the following commands:
 
db configuration setprop sshd status enabled
 
db configuration setprop sshd PermitRootLogin yes
 
db configuration setprop sshd acccess public
 
db configuration setprop sshd PasswordAuthentication yes
 
/sbin/e-smith/signal-event remoteaccess-update
 
  
Now one can remotely ssh in to the server, which makes it easier to execute the remaining steps.
 
  
==== Reset MySQL root password ====
+
==== Configuration ====
SME Server uses a secure random password for the MySQL root user. A new MySQL root password has to be generated to overwrite the SL root MySQL password so that it is compliant with SME Server inner workings. There should be no reason to change or use the MySQL password, so we '''strongly''' advise you '''never''' to change or use the MySQL root password, even though many how-to's or (web)applications will tell you they 'require' this'. You can grant permissions to a (new) MySQL user for a certain database as system root. How to do this is explained [[MySQL#Resetting_the_MySQL_root_password|here]]. As root issue the following commands:
+
When the system has rebooted, it is ready for SME Server configuration of network and services settings. To start this process, please login as root and type:
cd /var/service/mysqld
+
console
sv d .
+
 
/sbin/e-smith/expand-template /root/.my.cnf
+
and select 'configure this server'. After configuration, the server will reboot itself, re-configure itself based on the user choices and is in full operational mode ready for full use.
/sbin/e-smith/expand-template /var/service/mysqld/set.password
+
 
/usr/libexec/mysqld --bootstrap --user=mysql --skip-grant-tables < ./set.password
+
After the reboot, you can access the server-manager (https://your_ip/server-manager) and login as admin and the root password. In server-manager one can enable ssh and set various ssh options.
sv u .
 
  
  
 
==== Adjust yum repositories ====
 
==== Adjust yum repositories ====
 
By default SME Server assumes it has CentOS as base linux system, In this case we use Scientific Linux, so we have to remove the CentOS specific repo's and add the SL repo's.
 
By default SME Server assumes it has CentOS as base linux system, In this case we use Scientific Linux, so we have to remove the CentOS specific repo's and add the SL repo's.
 +
 +
NOTES:
 +
* The default SME Server repo's are part of sme-base
 +
* The default (CentOS) repo's get re-initialized on yum-update
 +
* so..... with an update of sme-base or a post-install, the repo's turn back to SME defaults
  
 
To remove the CentOS specific repo's issue the following commands as root:
 
To remove the CentOS specific repo's issue the following commands as root:
Line 160: Line 129:
 
  db yum_repositories delete contrib
 
  db yum_repositories delete contrib
 
  db yum_repositories delete extras
 
  db yum_repositories delete extras
 +
db yum_repositories delete fasttrack
 +
db yum_repositories delete updates
 +
and update the yum repositories db
 +
signal-event yum-modify
  
and add SL repo's the 'SME Server way'
 
TBA
 
  
and update and activate the revised yum repo's configuration with the following command:
+
Now we need to configure the SME repo's to *only* include SME Specific packages or packages that are not available in the SL repo's, and we need to configure the SL repo's the SME Server way.
signal-event yum-modify
 
  
 +
includepkgs = e-smith\* smeserver\* *.sme.* clamav* clamd* *dar mod_authnz* mhash tbb perl-* htop proftpd php-pear-* GeoIP mod_auth_tkt radiusclient-ng nut-client nut pyzor oidentd rssh pam_abl clamav par2cmdline DCC wv checkpassword pam pv razor-agents clam-db initscripts checkpassword-pam
  
==== Configuration ====
 
When the system has rebooted, it is ready for SME Server configuration of network and services settings. To start this process, please login as root and type:
 
console
 
  
and select 'configure this server'. After configuration, the server will reboot itself, re-configure itself based on the user choices and is in full operational mode ready for full use.
+
Add SL repo's the 'SME Server way'
 +
TBA
  
 +
and update and activate the revised yum repo's configuration with the following command:
 +
signal-event yum-modify
  
 
== Current status ==
 
== Current status ==
The above instructions should have brought you 'on par' with the current developments [[SME_Server_9.0_Development|here]].
+
The above instructions should have brought you 'on par' with SME Server 9.0

Latest revision as of 15:01, 9 October 2014

Important.png Note:
This is a work in progress, and full functionality has not been tested yet. Please note that SME Server 9.0 is still in alpha stage and may not work properly. Do not use on production servers!


The SME Server distribution is based on CentOS. Since CentOS is a derivative of RHEL, it is possible to install the SME Server functionalities on top of other (virtually 100% binary compatible) RHEL derivatives, including CentOS itself.

This possibility may be interesting for organisations that have a software policy in place that prevents the deployment of a server OS not listed as an allowed OS within such a policy. Typically large enterprises, governmental and university related organisations have and enforce such a policy.


Scientific Linux has the following introduction:

SL is a Linux release put together by Fermilab, CERN, and various other labs and universities around the world. Its primary purpose is to reduce duplicated effort of the labs, and to have a common install base for the various experimenters. The base SL distribution is basically Enterprise Linux, recompiled from source. Our main goal for the base distribution is to have everything compatible with Enterprise, with only a few minor additions or changes. Examples of items that were added are Alpine, and OpenAFS. Our secondary goal is to allow easy customization for a site, without disturbing the Scientific Linux base. The various labs are able to add their own modifications to their own site areas. By the magic of scripts, and the anaconda installer, each site is to be able to create their own distributions with minimal effort. Or, if a user wishes, they can simply install the base SL release.


SME Server 9.0 on top of Scientific Linux

The installation instructions of SME Server functionality are based on minimal installation of Scientific Linux 6.5 64-bit and SME Server 9.0 repository. Please use a virtual environment to test your results. Virtual environments may include e.g. VirtualBox (free), VMWare, KVM or Xen.


Install SL minimal

SME Server functionality is only tested with a minimal install of Scientific Linux. To install 'SL minimal' one can use the boot.iso. A internet connection is required. The URL required for performing a net install must point to the /pub/scientific-linux/6.5/x86_64/os/ diretory of the mirror you use.

You can download the SL boot.iso from one of the many scientific mirrors. Install SL minimal in your virtual environment which should have at least:

  • 1Gb RAM memory
  • 20Gb harddisk
  • 1 Network interface bridged to your host network interface
  • Internet access


Boot the boot.iso and follow instruction. Once the graphical installer starts, select 'minimal' and leave all other options as per their defaults.

Once the installation has finished, please reboot and continue with enabling networking and SSH.


Enable networking and SSH

This step may not be required. Please check after login with ifconfig your networking configuration. Otherwise, login as root with the password what was provided at installation time. To enable networking please issue:

ifup eth0

This will bring up eth0 based on your local available DHCP server. Please check you IP with 'ipconfig' and 'ip link show'. During the configuration of SME Server functionality, final and fixed IP addresses will be configured. To enable SSH please issue:

service sshd start

SSH will now be enabled. Please log in remotely via SSH and further instructions are based on the fact that you are remotely logged in via ssh. Specifically for Cut and Paste operations.


Install nano and wget

If you are not familiar with vi or vim, you can install the nano editor. This page assumes that you have installed nano. Please install nano and wget as follows by issuing as root on the console:

yum install nano wget

Disable SELinux

SELinux is enabled by default. We want to disable it for there are a few services (e.g. httpd) that get blocked by SELinux. To check the status of SELinux you can enter the command:

getenforce

SELinux uses policies that conflict with some of the SME Server services ports like https. One can adjust the allowed ports, or remove the SELinux policies and disable SELinux by the following commands:

setenforce 0
sed -i -e 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
yum remove selinux-policy-targeted


Update SL

Now is a good time to update your SL installation with the latest (security) updates:

yum update

Add SME Server repo

To be able to download the required packages we need to add the SME Server repo:

nano -w /etc/yum.repos.d/smeos9.repo

and paste the following into it:

[smeos9]
enabled=1
MirrorList=http://mirrorlist.contribs.org/mirrorlist/smeos-9
name=SME Server9 - os
enablegroups=1
gpgcheck=1
includepkgs = e-smith\* smeserver\* *.sme.* clamav* clamd* *dar mod_authnz* mhash tbb perl-* htop proftpd php-pear-* GeoIP mod_auth_tkt radiusclient-ng nut-client nut pyzor oidentd rssh pam_abl clamav par2cmdline DCC wv checkpassword pam pv razor-agents clam-db initscripts checkpassword-pam


Now we can install the required packages from the repo's. The includepkgs line in the SME Server repo file ensure that only the required packages for SME Server will come from the SME repo's, and all others from the sl repo's.

yum install e-smith\* smeserver\* *.sme.* initscripts --exclude=smeserver-release*,*86 --nogpg

This will result in the following summary. The numbers may vary depending on the changes in the repositories. Transaction Summary

Install     402 Package(s)
Upgrade       1 Package(s)
Total size: 232 M

After yum is finished and all packages are installed, we can remove the temporary /etc/yum.repos.d/smeos9.repo file:

rm -f /etc/yum.repos.d/smeos9.repo

Post-upgrade/reboot

The installation of SME Server functionality is finished. For the initial configuration the following commands are mandatory:

/sbin/e-smith/signal-event post-upgrade
/sbin/e-smith/signal-event reboot


Important.png Note:
Please note that as of this point SME Server functionality is in place and in control. This means that your normal admin tasks have to be adapted to the SME Server principales described in the Administration Manual.



First use

Set root password

After the first boot, there is the opportunity to restore from a backup and a new root (admin) password will be asked. This may be the same as you used for the initial installation of SL or you can set a new one. After setting the root password, SME Server will configure additional settings and automatically reboot.


Configuration

When the system has rebooted, it is ready for SME Server configuration of network and services settings. To start this process, please login as root and type:

console

and select 'configure this server'. After configuration, the server will reboot itself, re-configure itself based on the user choices and is in full operational mode ready for full use.

After the reboot, you can access the server-manager (https://your_ip/server-manager) and login as admin and the root password. In server-manager one can enable ssh and set various ssh options.


Adjust yum repositories

By default SME Server assumes it has CentOS as base linux system, In this case we use Scientific Linux, so we have to remove the CentOS specific repo's and add the SL repo's.

NOTES:

  • The default SME Server repo's are part of sme-base
  • The default (CentOS) repo's get re-initialized on yum-update
  • so..... with an update of sme-base or a post-install, the repo's turn back to SME defaults

To remove the CentOS specific repo's issue the following commands as root:

db yum_repositories delete base
db yum_repositories delete addons
db yum_repositories delete centosplus
db yum_repositories delete contrib
db yum_repositories delete extras
db yum_repositories delete fasttrack
db yum_repositories delete updates

and update the yum repositories db

signal-event yum-modify


Now we need to configure the SME repo's to *only* include SME Specific packages or packages that are not available in the SL repo's, and we need to configure the SL repo's the SME Server way.

includepkgs = e-smith\* smeserver\* *.sme.* clamav* clamd* *dar mod_authnz* mhash tbb perl-* htop proftpd php-pear-* GeoIP mod_auth_tkt radiusclient-ng nut-client nut pyzor oidentd rssh pam_abl clamav par2cmdline DCC wv checkpassword pam pv razor-agents clam-db initscripts checkpassword-pam


Add SL repo's the 'SME Server way'

TBA

and update and activate the revised yum repo's configuration with the following command:

signal-event yum-modify

Current status

The above instructions should have brought you 'on par' with SME Server 9.0