|
|
(12 intermediate revisions by one user not shown) |
Line 3: |
Line 3: |
| The Wiki began very late in the process, so it will be completed slowly over time. | | The Wiki began very late in the process, so it will be completed slowly over time. |
| | | |
− | == General Server Setup == | + | == Volunteer Web Server Introduction == |
| | | |
− | The web server runs Debian, etc. ~root/log contains a list of the things that I (plam) did to bring the system into its current configuration. The server is physically located upstairs in the Sailing Pavilion in a locked black box. It is set up to allow people to log in using their Athena passwords as long as they have a local account (the local password works, but is not mandatory). The web space is located in ~mitna/public_html (configured in the Apache config files to be the root server for sailing.mit.edu). I usually add people to group 'mitna', which has permission to write ~mitna/public_html.
| + | Accounts are setup to try to use the same username and password as MIT Athena. To login to the server you need to point an SSH (secure telnet) client to: |
| + | sailing.mit.edu |
| | | |
− | The server is now backed up using TSM. The username is 'sailing'.
| + | Users also have a local password, different than the Athena password, which is required to use "sudo". |
| | | |
− | sailing.mit.edu has a static IP address and the DNS name is registered to Athletics. Carol Elder administers systems for Athletics but is not involved with actually running this computer.
| + | A general knowledge of both [http://www.w3.org/TR/html401/ HTML] and [http://www.php.net PHP] is expected. |
| | | |
− | === Hard disk partitions ===
| + | The web site is maintained in a git repository. |
| | | |
− | The hard disk was originally partitioned in a very strange way (according to me <alvarso>), or better put, in a way that causes a lot of problems because individual partitions constantly get full. Specifically, doing a | + | The main public website is at: |
| + | public_html |
| | | |
− | sudo df -h | + | The secure parts of the site are at: |
| + | ssl_html |
| | | |
− | (2008-Apr-23) lists: | + | Utility files (very important - they define the framework of the site) are at: |
| + | includes |
| | | |
− | Filesystem Size Used Avail Use% Mounted on
| + | Always keep the general structure of the website as is; please do not create new directories unless you have consulted the webmaster. |
− | /dev/sda1 250M 80M 158M 34% /
| + | |
− | tmpfs 221M 0 221M 0% /lib/init/rw
| + | |
− | udev 10M 48K 10M 1% /dev
| + | |
− | tmpfs 221M 0 221M 0% /dev/shm
| + | |
− | /dev/sda9 221G 7.4G 202G 4% /home
| + | |
− | /dev/sda8 361M 8.1M 334M 3% /tmp
| + | |
− | /dev/sda5 4.6G 1.4G 3.1G 31% /usr
| + | |
− | /dev/sda6 2.8G 975M 1.7G 37% /var
| + | |
| | | |
− | as can be seen, the huge bulk of the space is given to
| + | == General Server Setup == |
− | /home
| + | |
− | which has 202G.
| + | |
− | | + | |
− | However, some critical partitions are very small:
| + | |
− | / (root) has only 250M
| + | |
− | /var has only 2.8G
| + | |
− | /usr has only 4.6G
| + | |
− | | + | |
− | Root has been a problem constantly. The most recent change was to move all parts of "tsm" (backup --- which is NOT working as of April 2008) out of room and put it into
| + | |
− | /opt/tivoli/tsm --> /home/tivoli/tsm
| + | |
− | because I had to move it, it has to be re-installed to work again.
| + | |
− | | + | |
− | Partition /var got full (April 2008) with the "logs". Therefore I had to move
| + | |
− | /var/logs --> /home/logs
| + | |
− | and created a sym-link in /var/ so that logs can still be written, but are stored in the /home partition.
| + | |
− | | + | |
− | It might be smart to also move /var/lib/mysql, which stores the MySQL data, to /home/mysql_data or something like that, so that it can have huge amounts of space available. However, it is not critical, since the MySQL databases are less than 100M at this point (and are likely to not reach 200M for many years).
| + | |
− | | + | |
− | The /usr has not given any problem yet.
| + | |
− | | + | |
− | == PHP == | + | |
− | | + | |
− | === GD Library ===
| + | |
− | Since I used a non-graphical utility to get weather data, I have to make my own graphics... so I wanted to use the GD library. While the default installation is supposed to have GD installed, something was not working.
| + | |
− | | + | |
− | Patrick Lam helped me out by deleting the old library:
| + | |
− | rm /usr/local/lib/libgd*
| + | |
− | | + | |
− | and then restarting apache. (He used "/etc/init.d/apache2 restart" instead of what I used: "apache2 -k restart", although both should work).
| + | |
− | | + | |
− | This entry helps me remember how to delete old libraries which may be 'corrupt' (the current guess is that when installing things for gallery2, the gd library was corrupted).
| + | |
− | | + | |
− | === Data Warehouse (Oracle) Access ===
| + | |
− | In order to get access to the data Warehouse, I had to install PHP support for Oracle.
| + | |
− | | + | |
− | I installed the Oracle OCI interface, specifically the "Oracle 10 Instant Client" to
| + | |
− | /usr/local/pkgs/oracle/instantclient_10_2
| + | |
− | | + | |
− | Needed both the Basic and SDK versions from:
| + | |
− | http://www.oracle.com/technology/software/tech/oci/instantclient/htdocs/linuxsoft.html
| + | |
− | instantclient-basic-linux32-10.2.0.3-20061115.zip
| + | |
− | instantclient-sdk-linux32-10.2.0.3-20061115.zip
| + | |
− | | + | |
− | This part simply required to 'unzip' the files to the directory.
| + | |
− | | + | |
− | The directions at http://ubuntuforums.org/archive/index.php/t-92528.html were very helpful. The basic steps I did, I think, were:
| + | |
− | | + | |
− | mkdir -p /usr/local/pkgs/oracle/instantclient_10_2
| + | |
− | cd /usr/local/pkgs/oracle/instantclient_10_2
| + | |
− | unzip instantclient-basic-linux32-10.2.0.1-20050713.zip
| + | |
− | unzip instantclient-sdk-linux32-10.2.0.1-20050713.zip
| + | |
− | echo /usr/local/pkgs/oracle/instantclient_10_2 >> /etc/ld.so.conf
| + | |
− | ldconfig
| + | |
− | | + | |
− | Create symbolic links:
| + | |
− |
| + | |
− | ln -s libclntsh.so.10.1 libclntsh.so
| + | |
− | ln -s libocci.so.10.1 libocci.so
| + | |
− | | + | |
− | Install OCI8:
| + | |
− | | + | |
− | pecl install oci8 (don't remember if I had to install 'pear' before using pecl?)
| + | |
− | Answer ORACLE_HOME = instantclient,/usr/local/pkgs/oracle/instantclient
| + | |
− | | + | |
− | Modify the /etc/php/apache2/php.ini file:
| + | |
− | | + | |
− | Add:
| + | |
− | extension=oci8.so
| + | |
− | | + | |
− | Add the environment variables to apache:
| + | |
− | | + | |
− | To: /etc/apache2/envvars
| + | |
− | Add:
| + | |
− | LD_LIBRARY_PATH="/usr/local/apache2/lib:/usr/lib/oracle/10.2.0.3/client:$LD_LIBRARY_PATH"
| + | |
− | TNS_ADMIN="/usr/lib/oracle/10.2.0.3/client"
| + | |
− | LANG=en_US
| + | |
− |
| + | |
− | export LD_LIBRARY_PATH LANG TNS_ADMIN
| + | |
− | | + | |
− | (But I'm not sure if this did anything, I had to use "PutEnv" in the PHP code, see below).
| + | |
− | | + | |
− | Lastly, I had to modify the Oracle files to tell it where the MIT Data Warehouse is:
| + | |
− | | + | |
− | Create /usr/local/pkgs/oracle/instantclient_10_2/tnsnames.ora
| + | |
− | With data:
| + | |
− | | + | |
− | warehouse =
| + | |
− | (DESCRIPTION =
| + | |
− | (ADDRESS_LIST =
| + | |
− | (ADDRESS = (PROTOCOL = TCP)(HOST = warehouse.mit.edu)(PORT = 1521))
| + | |
− | )
| + | |
− | (CONNECT_DATA = (SID = DWRHS))
| + | |
− | )
| + | |
− | | + | |
− | and nothing else in it. THIS IS ESSENTIAL!
| + | |
− | | + | |
− | To connect to the DW in PHP, I created the interface file oracle.php, with the following basic elements:
| + | |
− | | + | |
− | PutEnv("ORACLE_SID=DWRHS");
| + | |
− | PutEnv("ORACLE_HOME=/usr/lib/oracle/10.2.0.3/client/");
| + | |
− | PutEnv("TNS_ADMIN=/usr/lib/oracle/10.2.0.3/client/");
| + | |
− | PutEnv("LD_LIBRARY_PATH=/usr/lib/oracle/10.2.0.3/client/lib");
| + | |
− |
| + | |
− | function ora_query($sql,&$err)
| + | |
− | {
| + | |
− | $conn = oci_pconnect('sailuser','sail2WAREhouse','warehouse');
| + | |
− |
| + | |
− | if (!$conn)
| + | |
− | {
| + | |
− | $err = "No connection!";
| + | |
− | return false;
| + | |
− | }
| + | |
− |
| + | |
− | // empty the error
| + | |
− | $err = "";
| + | |
− |
| + | |
− | // parse the query string
| + | |
− | $stid = oci_parse($conn,$sql);
| + | |
− | if (!$stid)
| + | |
− | {
| + | |
− | $err = oci_error($conn);
| + | |
− | return false;
| + | |
− | }
| + | |
− |
| + | |
− | // execute the actual query
| + | |
− | $res = oci_execute($stid, OCI_DEFAULT);
| + | |
− | if (!$res)
| + | |
− | {
| + | |
− | $err = oci_error($stid);
| + | |
− | return false;
| + | |
− | }
| + | |
− |
| + | |
− | return $stid;
| + | |
− | }
| + | |
− | | + | |
− | function ora_fetch_array($res)
| + | |
− | {
| + | |
− | return oci_fetch_assoc($res);
| + | |
− | }
| + | |
− | | + | |
− | These work mostly equivalent to the mysql 'query' and 'fetch' functions.
| + | |
− | | + | |
− | == MySQL ==
| + | |
− | | + | |
− | The MySQL configuration is at:
| + | |
− | /etc/mysql/my.cnf
| + | |
− | | + | |
− | The data is at
| + | |
− | /var/lib/mysql
| + | |
− | | + | |
− | Start/stop/restart
| + | |
− | sudo /etc/init.d/mysql [start|stop|restart]
| + | |
− | | + | |
− | == Accounts ==
| + | |
− | The server links to the MIT kerberos server to authenticate users. However, when using "SUDO" you must use your local password (which can be the same as your kerberos password, but which would NOT be updated when you change it).
| + | |
− | | + | |
− | The link to the Kerberos was set to happen automatically by Patrick Lam (Commodore 05-06), so I have no detailed information on that.
| + | |
− | | + | |
− | To create new accounts:
| + | |
− | adduser <username>
| + | |
− | adduser <username> mitna <-- to give access to website development
| + | |
| | | |
− | Using the standard adduser process will give the user access either via the local password (set by the admin when calling adduser) or the Kerberos password.
| + | History of server updates since the site was established: |
| + | * [[2009 - Dell Optiplex 760]] |
| + | * [[2004 - Custom Build]] |
| | | |
| == SSL Server Certificates == | | == SSL Server Certificates == |
Line 233: |
Line 70: |
| You're done. Check that the certificate has updated. | | You're done. Check that the certificate has updated. |
| | | |
− | == Weather Station ==
| + | *** UPDATE 2012-2013 *** |
| + | MIT now uses "chain" certificates from a comercial authority (hopefully to prevent people from getting the "we don't know your Certificate Authority" warning/error in browsers. In order to make this work, when you get the Certificate: |
| | | |
− | The Weather Station is a '''[http://www.davisnet.com/weather/products/vantage2.asp Vantage Pro2]''' hard wired model.
| + | *FIRST TIME ONLY* |
| + | Update the configuration of Apache to use a "ChainFile": |
| + | 1 - Find ssl.conf |
| + | 2 - Uncomment SSLCertificateChainFile |
| + | 3 - Use value: /home/mitna/CA/chain.pem |
| + | e.g. SSLCertificateChainFile /home/mitna/CA/chain.pem |
| + | 4 - Create /home/mitna/CA/chain.pem by copying *only* the |
| + | contents of the "Intermediates/root only" part of the |
| + | certificate (first 2 parts) |
| + | 5 - Restart apache (or do it after updating sailing.pem) |
| | | |
− | === NEW ===
| + | *FUTURE YEARS* |
− | W View did not make me happy (it could not give 'real-time' results, only show things about every minute or even more... plus I could not get it to save data to the database to interface easily with PHP.
| + | 1 - Update "sailing.pem" as before |
| + | 2 - Check if "chain.pen" needs updating |
| | | |
− | So, I looked more around, and found this super easy program to use:
| + | == Weather Station == |
| | | |
− | http://www.joejaworski.com/weather/
| + | The Weather Station is a '''[http://www.davisnet.com/weather/products/vantage2.asp Vantage Pro2]''' hard wired model. |
− | | + | |
− | Since our station is in USB and next to the computer, the ONLY software needed is:
| + | |
− | vproweather
| + | |
− | http://www.joejaworski.com/weather/vproweather-0.6.tgz
| + | |
− | | + | |
− | I downloaded/untared it to:
| + | |
− | /usr/local/pkgs/vproweather-0.6/
| + | |
− | | + | |
− | A simple 'make' (using sudo) was all that was needed to compile it. Then, running it with:
| + | |
− | /usr/local/pkgs/vproweather-0.6/vproweather -x /dev/ttyUSB0
| + | |
− | | + | |
− | Gives real time data, and using '-l' instead of '-x' gives low/high data.
| + | |
− | | + | |
− | I put this in a cron to run the real-time every 1 minute (fastes crontab can do) and update a table in the database, which is then used by the rest of the site (table: weather). The low/high will run once a day.
| + | |
− | | + | |
− | Hopefully I'll be able to create a daemon which updates the table every 10 seconds or so... we'll see.
| + | |
− | | + | |
− | === "Dynamic" Update ===
| + | |
− | | + | |
− | In order to update the weather information dynamically, I got the following packages online:
| + | |
− | | + | |
− | ajax-dynamic-contant.js - from DHTMLGoodies.com (Alf Magne Kalleland)
| + | |
− | ajax.js - Simple AJAX Code Kit (SACK) - twilightuniverse.com (Gregory Wild-Smith)
| + | |
− | | + | |
− | I then modified '''vpro.php''' to create a file in
| + | |
− | html/inc/weather.txt
| + | |
− | which updated every time the cron process runs and which is read by the ajax tools.
| + | |
− | | + | |
− | The header function in '''format.php''' now calls a set of javascript functions which load the weather.txt file, instead of using sql to obtain the information from the database.
| + | |
− | | + | |
− | Now the weather information updates dynamically, without having to reload a page.
| + | |
− | | + | |
− | === OLD ===
| + | |
− | The linux software is [http://www.wviewweather.com/ W View]. I followed the [http://www.wviewweather.com/release-notes/wview-User-Manual.html User Manual] detailed instructions.
| + | |
− | | + | |
− | Install (untar) to:
| + | |
− | <ul><li>/usr/local/pkgs/wview-3.3.0</li></ul>
| + | |
− | | + | |
− | Commands (what should be done next time in order, I did not do it in this order):
| + | |
− | <ul>
| + | |
− | <li>Installed mysqlclient-dev: sudo apt-get install libmysqlclient-dev</li>
| + | |
− | | + | |
− | <li>Installed libpng-dev: sudo apt-get install libpng12-dev</li>
| + | |
− | | + | |
− | <li>Install 'radlib':</li>
| + | |
− | <ul>
| + | |
− | <li>get .tar</li>
| + | |
− | <li>install to /urs/local/pkgs/radlib-2.7.0</li>
| + | |
− | <li>./configure</li>
| + | |
− | <li>make</li>
| + | |
− | <li>sudo make install</li>
| + | |
− | <li>edit /etc/ld.so.conf --> add /usr/local/lib --> run ldconfig</li>
| + | |
− | </ul>
| + | |
− | | + | |
− | <li>Install 'libgd' (all with sudo):</li>
| + | |
− | <ul>
| + | |
− | <li>get .tar</li>
| + | |
− | <li>install to /usr/local/pkgs/gd-2.0.35</li>
| + | |
− | <li>./configure</li>
| + | |
− | <li>make</li>
| + | |
− | <li>make install</li>
| + | |
− | </ul>
| + | |
− | | + | |
− | <li>./configure --enable-mysql</li>
| + | |
− | <li>sudo make</li>
| + | |
− | <li>sudo make install</li>
| + | |
− | </ul>
| + | |
| | | |
− | <i>Not working! Will need to check USB drivers/connection</i>
| + | The server uses WeeWX with various extensions to collect and publish the weather data from the station. |
This entry contains information on the packages installed in the web server and the process followed for their installation.
The Wiki began very late in the process, so it will be completed slowly over time.
Accounts are setup to try to use the same username and password as MIT Athena. To login to the server you need to point an SSH (secure telnet) client to:
Users also have a local password, different than the Athena password, which is required to use "sudo".
The web site is maintained in a git repository.
Always keep the general structure of the website as is; please do not create new directories unless you have consulted the webmaster.
When certificates expire (they are given for one year at a time), you need to send a new certificate request to
Do everything out of /home/mitna/CA (you don't need to do anything on Athena, all local on the server)
Feel free to delete foo.
You're done. Check that the certificate has updated.
MIT now uses "chain" certificates from a comercial authority (hopefully to prevent people from getting the "we don't know your Certificate Authority" warning/error in browsers. In order to make this work, when you get the Certificate:
The server uses WeeWX with various extensions to collect and publish the weather data from the station.