There are two types of machine which may have a full Stellar installation: an Athena workstation for development, and a server maintained by "OPS". Many steps in setting up the servers are the same, but many differ.
Privatize as usual, see the Private Athena Workstation Owner's guide http://web.mit.edu/olh/Private/.
It needs to have a kerberos ID and be added to the stellar-servers list for AFS access. It needs to be given access to the subversion repository. Send mail to stellar-ops@mit.edu to have it given AFS access and be added to the stellar-servers list. Send mail to svn-admin to have the host's kerberos ID added to the .k5login file for the stellarcvs user on svn.mit.edu
To avoid putting settings in the root login which would always be active, we use a separate file which must be sourced after logging in. AMPS was the organization which included Stellar from the creation of AMPS until the end of 2006.
mkdir -p /var/local/amps cat > /var/local/amps/cshrc <<EOF alias rm 'rm -i' alias cp 'cp -i' alias mv 'mv -i' alias ll 'ls -ltr' setenv CVSROOT :kserver:cvs.mit.edu:/cvs/okapi set ignoreeof set noclobber bindkey "^U" universal-argument setenv EDITOR emacs set history=20000 set histfile=/var/local/amps/history set savehist=20000 history -L /var/local/amps/history set path=($path /var/local/maven-2.0.7/bin/) setenv JAVA_HOME /var/local/java1.6 setenv KRB5CCNAME /tmp/krb5cc_stellarcvs setenv KRBTKFILE /tmp/tkt_stellarcvs kinit -k EOF source /var/local/amps/cshrc
Every time you log in to this server as root, first do source /var/local/amps/cshrc.
(similar on both types of machine)
e.g.
add gnu stellar-sakai svn mkdir /var/local/stellar-svn cd /var/local/stellar-svn svn co svn+ssh://stellarcvs@svn.mit.edu/svn/amps
If you are checking out code on your own workstation using your own identity, use
kinit mkdir /var/local/stellar-svn cd /var/local/stellar-svn svn co svn+ssh://svn.mit.edu/amps
(the same on both types of machine, though oracle is now optional since we no longer expect to install oracle on each machine)
Add to /etc/passwd.local, and /etc/passwd:
oracle:*:9877:33537:Oracle Database,,,,:/var/local/oracle-user:/bin/ksh www:*:6623:101:Unprivileged W User,,,,:/mit/www:/dev/null
Add to /etc/shadow.local, and /etc/shadow:
oracle:SSpbaftOt8rE6:8573::::::
Add to /etc/group.local and /etc/group:
oinstall:*:33537:oracle oracle:*:19620:oracle dba:*:29263:oracle www:*:15588:
Check /etc/system parameters, if needed, the following are from Athena 9.3.18
set noexec_user_stack=1 set noexec_user_stack_log=1 set shmsys:shminfo_shmmax=4294967295 set shmsys:shminfo_shmmin=1 set shmsys:shminfo_shmmni=100 set shmsys:shminfo_shmseg=10 set semsys:seminfo_semmni=100 set semsys:seminfo_semmsl=256 set semsys:seminfo_semmns=1024 set semsys:seminfo_semopm=100 set semsys:seminfo_semvmx=32767
(the same on both types of machine)
cd /var/local/stellar-svn/amps/stellar/support-files/docs/trunk/ mv stellar-docs /var/local/ svn update
(the same on both categories of machine)
To be sure of the java version being used, download and install it in /var/local anyhow so we always have a known and potentially newer version including bugfixes. Download the "Java SE Development Kit" for the desired platform (e.g. Solaris SPARC), the self-installing shell script version; the directory to which you have downloaded it is denoted $COMPONENTS below.
chmod 755 $COMPONENTS/jdk-6u2-solaris-sparc.sh chmod 755 $COMPONENTS/jdk-6u2-solaris-sparcv9.sh mkdir /var/local/java cd /var/local/java $COMPONENTS/jdk-6u2-solaris-sparc.sh $COMPONENTS/jdk-6u2-solaris-sparcv9.sh cd /var/local ln -s /var/local/java/jdk1.6.0_02 /var/local/java1.6
Install maven in /var/local by untarring the binary distribution. Set the path and JAVA_HOME in /var/local/amps/cshrc as above.
Use the settings.xml in the shared-build project.
(the same on both types of machine)
Put stellar xsl on local disk:
cd /var/local/stellar-svn/amps/stellar/support-files mv templates/xslt/xsl /var/local/stellar-xsl svn update
Make the directory for logs:
mkdir /var/local/stellar-logs chown www:www /var/local/stellar-logs
If you aren't doing this on your own workstation, make the directories for jforum:
mkdir /var/local/stellar-jforum-config mkdir /var/local/stellar-jforum mkdir /var/local/stellar-jforum/avatars mkdir /var/local/stellar-jforum/attachments chown www:www /var/local/stellar-jforum*
(similar on both types of machine)
Tomcat ajp connector ports (8009 and others) need to be protected and only accessable from the httpd hosts (in production these would be asterope and merope). Oracle DB port 1521 needs to be accessable only from the Tomcat hosts (e.g. aludra).
All other access should be left alone.
Filter rules for 18.89.3.242 to allow apache on 18.89.1.67 to tomcat on 18.89.3.242 (untried):
block in on bge0 proto tcp from any to 18.89.3.242/32 port=8559 pass in quick on bge0 proto tcp from 18.89.1.67/32 to 18.89.3.242/32 port=8559
For some machines the interface is ce0 rather than bge0
These should be put in /etc/ipf/ipf.conf, the ce line in /etc/ipf/pfil.ap should be uncommented and the commands in http://docs.sun.com/app/docs/doc/816-4554/ should be run.
To update the ipf after the ipf.conf file is changed, do ipf -Fa -f /etc/ipf/ipf.conf
Oracle software installation is in a separate document.
Oracle database import is in a separate document.
SSH is handling the X windows traffic, so it pretends to be a display on the machine you're sshed in to.
The problem with su - oracle is that there's an additional layer of security, xauth is being used. in the login message is something like: /usr/openwin/bin/xauth: creating new authority file /tmp/xauth-root-27444/Xauthority
As root, after ssh -l root -X servername:
chmod 644 $XAUTHORITY chmod 755 $XAUTHORITY:h chgrp oinstall $XAUTHORITY:h $XAUTHORITY echo "as oracle do: export XAUTHORITY=$XAUTHORITY" echo "as oracle do: export DISPLAY=$DISPLAY"
As oracle (substitute DISPLAY and XAUTHORITY from above):
export DISPLAY=localhost:10.0 export XAUTHORITY=/tmp/xauth-123/XAuthority
Servers will be exporting data, private workstations may be importing data from the servers.
To allow a server (e.g. stellar.mit.edu) to scp files to another server (opening up a ssh hole for root@stellar to have root access on the other machine)
On the server, as root:
ssh-keygen -t dsa
Use nothing for the password (just press enter)
Then ssh to the other machine, and add the contents of /.ssh/id_dsa.pub on the server to /.ssh/authorized_keys on the target machine.
chmod 400 /.ssh/authorized_keys
Be sure to set /etc/sshd_config to allow RSAAuthentication and PubkeyAuthentication.
See the crontabs in subversion at svn+ssh://svn.mit.edu/amps/stellar/2.0/trunk/support/src/site/resources/crontabs for the appropriate type of machine.
mkdir /var/local/stellar-backups/ chown oracle /var/local/stellar-backups mkdir /var/local/stellar-support cp /var/local/stellar-cvs/stellar/sysutils/runCookieMonitor /var/local/stellar-support/ cp -r /var/local/stellar-cvs/stellar/sysutils/gnu /var/local/stellar-support/ cp /var/local/stellar-cvs/stellar/sysutils/probe-cookie-monitor.perl /var/local/stellar-support/ cp /var/local/stellar-cvs/stellar/sysutils/spacereport.perl /var/local/stellar-support/ cp /var/local/stellar-cvs/stellar/sysutils/eval-nexus-info.perl /var/local/stellar-support/ cp /var/local/stellar-cvs/stellar/conf/production/yesterday /var/local/stellar-support/ cp /var/local/stellar-cvs/stellar/sysutils/cleanup /var/local/stellar-support/ cp /var/local/stellar-cvs/stellar/sysutils/CookieMonitor.java /var/local/stellar-support/ cp /var/local/stellar-cvs/stellar/sysutils/update-users.perl /var/local/stellar-support/ cp /var/local/stellar-cvs/stellar/db/OkapiCoreTablesReLoad-* /var/local/stellar-support/ cp /var/local/stellar-cvs/stellar/sysutils/videocron.perl /var/local/stellar-support/ cp /afs/athena/project/gnu/bin/wget /var/local/stellar-support/ cp /var/local/stellar-cvs/stellar/sysutils/bull.perl /var/local/stellar-support/ cp /var/local/stellar-cvs/stellar/sysutils/copy-logs.perl /var/local/stellar-support/ cp /var/local/stellar-cvs/stellar/conf/production/cronjob2 /var/local/stellar-support/ cp /var/local/stellar-cvs/stellar/conf/production/cronjob-hourly /var/local/stellar-support/ cp /var/local/stellar-cvs/stellar/conf/production/oracle/cronjob1 /var/local/oracle-user/ chmod 755 /var/local/stellar-support/cronjob2 /var/local/stellar-support/cronjob-hourly /var/local/stellar-support/eval-nexus-info.perl modify cronjob2 to export to desired servers and use correct backup directories modify cronjob1 to use correct SID and directories modify probe-cookie-monitor.perl as needed modify cleanup as needed modify update-users.perl as needed modify copy-logs.perl as needed date > /var/local/stellar-backups/incremental-after and edit time as needed touch /var/local/stellar-logs/usercount for reporting: mkdir /var/local/stellar-support/reports cp -r /var/local/stellar-cvs/stellar/sysutils/reports /var/local/stellar-support/ crontabs