Web Server Maintenance

From EEBedia
Jump to: navigation, search
Under construction.png This article is still under construction.
Expect it to change frequently until this notice is removed.

This document describes the process of setting up Fedora Core 6 on pediastrum.eeb.uconn.edu, which serves as a backup for the current EEB departmental web server, hydrodictyon.eeb.uconn.edu. Two machines are maintained so that if one goes belly-up in the middle of a semester, the department is not without a web server for more than a few minutes. In the following, "hydrodictyon" will refer to the current web server (hydrodictyon.eeb.uconn.edu, IP 137.99.88.31) and "pediastrum" will be the backup (pediastrum.eeb.uconn.edu, IP 137.99.88.47).

Notation used in this document

Passwords

The passwords and passphrases used for various things are stored separately for security reasons. Thus, if you see something like this in this document:

# mysql -u root -p<mysql root password> mysql

you should replace the string <mysql root password> with the actual password. For example, if the password was abcdef, then you would type this:

# mysql -u root -pabcdef mysql

Prompts

When entering a Linux command, either you will need to be root user or not. If you do not need to be root user, I start the line with the standard unix dollar sign prompt $, like this:

$ /usr/bin/md5sum httpd-2.2.3.tar.gz

If you DO need to be superuser (i.e. root user) to execute the command, I start the line with the standard superuser pound sign prompt #, like this:

# /sbin/shutdown -r now

Just be aware of these prompts and don't actually type the $ or #

Creating files

Often, I create files using the cat command:

$ cat - > doofus.txt
blah, blah, blah, etc.
<Ctrl-d>

In this case, cat takes its input from the console (the hypen) and redirects its output to the new file (in this case doofus.txt). After the first line, everything typed in at the console until the Ctrl and d keys are pressed simultaneously (this is what is meant by <Ctrl-d> above) becomes part of the file. So, please do not type the <Ctrl-d> in these cases!

Creating installation CDs

Download the six Fedora Core ISO images

FC-6-i386-disc1.iso
FC-6-i386-disc2.iso
FC-6-i386-disc3.iso
FC-6-i386-disc4.iso
FC-6-i386-disc5.iso
FC-6-i386-rescuecd.iso

from Red Hat's mirror site

http://fedora.omnispring.com/core/6/i386/iso/

and burn each of them separately to a CD. I used my CD burner's "burn image" option to create the CDs (if you simply copy the ISO files to blank CDs, the CDs will not be bootable). In Nero, click on "Copy and Backup" icon (2nd from right), then "Burn Image to Disc" (not the usual "Data" and "Make Data Disc").

Installer Selections

Choose the defaults except as noted below.

Clean installation

  • Choose "Install Fedora Core" (not "Upgrade an existing installation")
  • Choose "Remove all partitions on selected drives and create default layout"
  • Here is the default layout:
 Device            Mount Point   Type    Size(MB)   Start   End
 LVM Volume Groups
   VolGroup00                              152480
     LovVol00      /             ext3      151968
     LogVol01                    swap         512
 Hard Drives
   /dev/hda1       /boot         ext3         102       1    13
   /dev/hda2       VolGroup00    LVM PV    152523      14 19457
  • Keep default selection: The GRUB boot loader will be installed on /dev/hda. No boot loader password was chosen

Network Devices

  • Set the hostname manually to pediastrum.eeb.uconn.edu
  • Uncheck "Configure using DHCP"
  • Keep default (checked) "Activate on boot"

Time Zone

  • Choose "America/New York, Eastern Time"
  • Leave "System clock uses UTC" unchecked

Root password

  • Entered <root password>

Software choices

  • Unchecked "Office and Productivity"
  • Checked "Software Development"
  • Left default (unchecked) "Web server"
  • Left default "Customize later" selected

First reboot

  • Installation started at 2:02pm, ended at 2:36pm
  • Removed last CD, then allowed machine to reboot.

Firewall

  • SSH only trusted service (this is the default)

SELinux

Make these changes now and you won't have to do it later:

  • Choose System | Administration | Security Level and Firewall | Modify SELinux Policy | HTTPD Service, and check "Unify HTTPD to communicate with the terminal. Needed for handling certificates"
  • Choose System | Administration | Security Level and Firewall | Modify SELinux Policy, Memory Protection, then check "Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t" to avoid getting this error when trying to do an SVN import:
svn: error while loading shared libraries: /usr/local/lib/libsvn_ra_dav-1.so.0: 
cannot restore segment prot after reloc: Permission denied

Network Time Protocol

  • Set to use Network Time Protocol for clock synchronization. These NTP servers were listed already:
137.99.23.130
137.99.25.14
netreg.uconn.edu

Sound

  • Sound card could not automatically be detected, so skipped

Tweaks

System | Administration | Network

  • Select eth0, then choose Edit (button), Statically set IP addresses (radio button)
IP Address:    137.99.88.47
Netmask:       255.255.254.0
Gateway:       137.99.88.1
  • Select eth0, then choose DNS tab:
Primary DNS:   137.99.25.14
Secondary DNS: 137.99.15.64

/etc/resolv.conf

Check /etc/resolv.conf to make sure it contains the lines

nameserver  137.99.25.14
nameserver  137.99.15.64

Passwordless access via ssh

Upload public key (kenzie.pub) to $HOME/.ssh directory from laptop using (commercial) SSH client

% cd .ssh
% ssh-keygen -i -f kenzie.pub >> authorized_keys
% chmod 600 authorized_keys
% cd
% chmod 700 .ssh

Default run level

Edit (as root) the /etc/inittab file to change the default run level from 5 to 3

Make default shell tcsh

Change default shell to tcsh with command

/usr/sbin/usermod -s /bin/tcsh plewis

Setting up .tcshrc

Create (or edit) .tcshrc file, adding these lines

% cd
% cat - > .tcshrc
set prompt = "%m [%/] \!% "
alias www="cd /var/www/html"
alias tiv="cd /opt/tivoli/tsm/client/ba/bin"  
<Ctrl-D>
% chmod 644 .tcshrc

Setting up root's .bashrc

Edit /root/.bashrc and add these lines

alias tiv='cd /opt/tivoli/tsm/client/ba/bin'
alias www='cd /var/www/html'
alias relax='/usr/sbin/setenforce 0'
alias enforce='/usr/sbin/setenforce 1'
alias apache='/usr/local/apache2/bin/apachectl'
alias toapache='cd /usr/local/apache2'
export PATH=/sbin:/usr/sbin:$PATH

Update the database used by locate

Run /usr/bin/updatedb as root

Cron job to synchronize time

Have had to do this in the past, but this time NTP was set up during the install process. In /etc/ntp.conf, add

server uconn.edu

and then create /etc/cron.weekly/resettime as follows:

# cd /etc/cron.weekly
# cat - > resettime
ntpd -q
<Ctrl-d>
# chmod +x resettime

If yum fails

If yum does not work and you get messages like this:

[root@pediastrum plewis]# yum install lynx
Loading "installonlyn" plugin
Setting up Install Process
Setting up repositories
Could not retrieve mirrorlist http://mirrors.fedoraproject.org/mirrorlist?repo=core-6&arch=i386 error was
 [Errno 4] IOError: <urlopen error (-3, 'Temporary failure in name resolution')>
 Error: Cannot find a valid baseurl for repo: core

the problem is most likely that UConn NetReg is getting in the way. Try logging into the GUI, start a browser, and see if you can visit an outside web page. If the problem is not UConn NetReg, then as a last ditch effort, you might try uncommenting the baseurl line in the

/etc/yum.repos.d/fedora-core.repo file

More coming later...