Katlas installation notes: Difference between revisions
From Knot Atlas
Jump to navigationJump to search
No edit summary |
(Replacing page with 'On July 14, 2007 we've upgraded MediaWiki to version 1.10.1. The pre-upgrade installation notes are at MediaWiki 1.4 installation notes.') |
||
Line 1: | Line 1: | ||
On July 14, 2007 we've upgraded MediaWiki to version 1.10.1. The pre-upgrade installation notes are at [[MediaWiki 1.4 installation notes]]. |
|||
This page is [http://math.berkeley.edu/~scott/wiki/Katlas_installation_notes mirrored on Scott's wiki]. |
|||
Okay... these are our notes while trying to setup [http://katlas.math.toronto.edu/wiki/ the wiki on katlas]. |
|||
==Upgrading MySQL== |
|||
For better or worse, I decided to upgrade MySQL to version 4.0 before doing anything else. I mostly followed [http://dev.mysql.com/doc/mysql/en/linux-rpm.html these instructions]. |
|||
''Warning: do not install MySQL 4.1. It is incompatible with mediawiki. Install version 4.0.'' |
|||
For this I need three RPMs which are all available with only a little digging at [http://www.mysql.com/ mysql.com] |
|||
* MySQL-shared-compat-4.0.25-0.i386.rpm |
|||
* MySQL-server-4.0.25-0.i386.rpm |
|||
* MySQL-client-4.0.25-0.i386.rpm |
|||
*[http://blog.eukhost.com/2006/06/09/steps-to-upgrade-mysql-on-the-server/ MySQL Upgrade on a Server] |
|||
The first of these is required so we don't break dependencies while upgrading. Install it first, with |
|||
:rpm -iv MySQL-shared-compat-4.0.25-0.i386.rpm |
|||
Then upgrade the other two packages |
|||
:rpm -U MySQL-server-4.0.25-0.i386.rpm |
|||
:rpm -U MySQL-client-4.0.25-0.i386.rpm |
|||
Note the warning the server install gives -- |
|||
<pre> |
|||
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER ! |
|||
To do so, start the server, then issue the following commands: |
|||
/usr/bin/mysqladmin -u root password 'new-password' |
|||
/usr/bin/mysqladmin -u root -h katlas.math.toronto.edu password 'new-password' |
|||
See the manual for more instructions. |
|||
</pre> |
|||
(note however that you need to upgrade the client package before mysqladmin is available to do this!) |
|||
I also deleted the local anonymous account, and put a password on the remote anonymous account. (Ask [[User:Scott]] for these passwords.) |
|||
==Apache== |
|||
I had to fix the server name, from katlas to katlas.math.toronto.edu in /etc/httpd/conf/httpd.conf |
|||
I added |
|||
AllowOverride FileInfo |
|||
AllowOverride AuthConfig |
|||
in the httpd.conf file, in the section for /var/www/html, so I could use .htaccess files to rewrite the wiki URLs nicely, and to disallow access to phpMyAdmin. |
|||
I added a [http://meta.wikimedia.org/wiki/Robots.txt robots.txt] file, to protect the wiki internals from spiders. --[[User:Scott|Scott]] 12:44, 19 Aug 2005 (EDT) |
|||
I moved the document root from /var/www/html to /www/html. (Actually, I moved everything in /var/www to /www) This required the following steps |
|||
# in /var/www, as root <pre>cp -R --preserve * /www</pre> |
|||
# in httpd.conf, replacing /var/www everywhere with /www |
|||
# in LocalSettings.php replacing /var/www with /www in the $IP line |
|||
# test everything seems to work! |
|||
# in /var, as root, <pre>rm -Rf www</pre> |
|||
--[[User:Scott|Scott]] 12:44, 19 Aug 2005 (EDT) |
|||
This messed up webalizer, however, so I modified the appropriate line in /etc/webalizer.conf. I also added a section in http.conf to make /usage world-readable. --[[User:Scott|Scott]] 13:03, 19 Aug 2005 (EDT) |
|||
Restarting apache is best achieved by (as root) |
|||
<pre>/usr/sbin/apachectl graceful</pre> |
|||
or |
|||
<pre>/etc/rc.d/init.d/httpd restart</pre>--[[User:Scott|Scott]] 13:17, 19 Aug 2005 (EDT) |
|||
Error logs can be found at /var/log/httpd --[[User:Scott|Scott]] 10:33, 26 Aug 2005 (EDT) |
|||
We had a nasty (to diagnose!) problem with uploading large files. We had to edit /etc/httpd/conf.d/php.conf, modifying the LimitRequestBody line. --[[User:Scott|Scott]] 11:08, 23 Aug 2005 (EDT) |
|||
===creating new accounts=== |
|||
As root, do something like |
|||
<pre> |
|||
$ htpasswd -m /www/.htpasswd sally |
|||
New password: ******* |
|||
Re-type new password: ******* |
|||
Adding password for user sally |
|||
</pre> |
|||
==phpMyAdmin== |
|||
Just unzip'd it into phpMyAdmin, editted the config.inc.php, created a .htpassword file and added a <nowiki><Directory></nowiki> entry to httpd.conf --[[User:Scott|Scott]] 10:34, 26 Aug 2005 (EDT) |
|||
==MediaWiki== |
|||
I added the namespace "Data", and later "Article", as per [http://meta.wikimedia.org/wiki/Help:Custom_namespaces these instructions], adding |
|||
<pre> |
|||
$wgExtraNamespaces = |
|||
array(100 => "Data", |
|||
101 => "Data_talk", |
|||
102 => "Article", |
|||
103 => "Article_talk"); |
|||
# Enable subpages in the knot data namespace |
|||
$wgNamespacesWithSubpages[100] = 1; |
|||
$wgNamespacesWithSubpages[101] = 1; |
|||
$wgNamespacesWithSubpages[102] = 1; |
|||
$wgNamespacesWithSubpages[103] = 1; |
|||
</pre> |
|||
to LocalSettings.php. Do not use spaces in the namespace names, only underscores. |
|||
===Enable <nowiki><math></math></nowiki> processing=== |
|||
First, I made the /images directory writable. |
|||
Next, I installed ocaml (download the sources, ./configure, make world, make bootstrap, make opt, make install). What a pain! After that, go to the math directory under the wiki installation, and run make. |
|||
Finally, edit LocalSettings.php to enable TeX. |
|||
Later, we started modifying texvc, to allow more symbols from amssymb, and to allow use of Dror's [http://www.math.toronto.edu/~drorbn/projects/dbnsymb/dbnsymbman.html dbnsymb]. This required modifications to [[Texutil.ml]], and recompiling texvc (just run make). --[[User:Scott|Scott]] 15:10, 29 Aug 2005 (EDT) |
|||
====Installing the Font dbnsymb==== |
|||
# Download the files dbnsymb.mf and dbnsymb.sty from [http://www.math.toronto.edu/~drorbn/projects/dbnsymb/dbnsymbman.html]. |
|||
# Put dbnsymb.mf at "/usr/share/texmf/fonts/source/public". |
|||
# Put dbnsymb.sty at "/usr/share/texmf/tex/latex/misc". |
|||
# Run the command "texhash". |
|||
===Allowing .zip and .gif uploads=== |
|||
In LocalSettings.php I added the line |
|||
<pre> |
|||
$wgFileExtensions = array( 'png','gif','jpg','jpeg','ogg','mp3','pdf','zip','gz','nb','m','lhs'); |
|||
</pre> |
|||
===Marking users as bots=== |
|||
See [http://meta.wikimedia.org/wiki/Setting_user_rights_in_MediaWiki]. Note that all our tables have the prefix mw_. As far as I can tell, you have to guess the user number (or you can log in as that user, and go to Preferences). |
|||
===Modifying the navigation box=== |
|||
Follow the instructions at [http://meta.wikimedia.org/wiki/MediaWiki_FAQ#How_to_customize_your_own_navigation_bar] |
|||
# Make changes to LocalSettings.php |
|||
# edit the pages Mediawiki:todo, Mediawiki:todo-url, Mediawiki:rolfsen, Mediawiki:rolfsen-url, etc. (these pages are protected.) |
|||
Note that this will change in mediawiki 1.5, and become a lot easier. |
|||
===Add "tour" sidebar box=== |
|||
In skins/MonoBook.php, right above the line beginning with |
|||
<?php if( $this->data['language_urls'] ) |
|||
add lines as follows:<pre><nowiki> |
|||
<div class="portlet" id="p-tour"> |
|||
<h5><a href="/wiki/Tour_of_the_Knot_Atlas">tour</a></h5> |
|||
<div class="pBody"> |
|||
<ul> |
|||
<li><a href="/wiki/5_2">5 2</a> (edit me!) |
|||
<li><a href="/wiki/5_2_Quantum_Invariants">5 2 Quantum Invariants</a> |
|||
<li><a href="/wiki/L10n85">L10n85</a> |
|||
<li><a href="/wiki/The_Multivariable_Alexander_Polynomial">Multivariable Alexander</a> |
|||
<li><a href="/wiki/Knot_Atlas:About">About</a> |
|||
<li><a href="/wiki/Data:5_2/Bridge_Index">Data:5_2/Bridge_Index</a> |
|||
<li><a href="/wiki/The_Mathematica_Package_KnotTheory%60">Knot Theory`</a> |
|||
<li><a href="/wiki/How_to_Edit_this_Manual...">How to Edit Manual...</a> |
|||
<li><a href="/wiki/Modifying_Knot_Pages">Modifying Knot Pages</a> |
|||
<li><a href="/wiki/Special:Recentchanges">Recent changes</a> |
|||
<li><a href="/wiki/To_Do">To Do</a> (history!) |
|||
</ul> |
|||
</div> |
|||
</div> |
|||
</nowiki></pre> |
|||
(this will surely change as we understand MediaWiki better) |
|||
===Modifying the logo=== |
|||
Grab [[Image:The_Knot_Atlas.png|36px]], resize it to 145x145, save it as /www/html/w/skins/common/images/katlas.png, and put the line |
|||
$wgLogo = "$wgStylePath/common/images/katlas.png"; |
|||
in LocalSettings.php. Also, grab [[Image:favicon.png|16px]], convert it to Windows .ico format and save it as favicon.ico at /www/html (not /www/html/w !). |
|||
===Fixing search=== |
|||
In file <tt>/www/html/w/skins/MonoBook.php</tt> within <tt><form name="searchform" ... ></tt> add <tt>method="post"</tt>. |
|||
===Automatic "&action=purge"=== |
|||
In file <tt>/www/html/w/index.php</tt> change the line reading <tt>$action = $wgRequest->getVal( 'action', 'view' );</tt> to <tt>$action = $wgRequest->getVal( 'action', 'purge' );</tt>. |
|||
===Several Wikis=== |
|||
Allow logins on several wikis on the same server: Add the following line to LocalSettings.php after <code>$wgSiteName = ...</code>: |
|||
ini_set("session.name", "KnotAtlasSession" ); |
|||
===Spam blacklists=== |
|||
After surviving several annoying spam attacks on my private wiki, I learnt how to deal with it, and I'm applying what I've learnt here. See /w/extensions/SpamBlacklist for the spam blacklist extension, and LocalSettings.php for the changes required there. Things should just work. Even better, if you're a sysop, you can just edit the page [[Local spam blacklist]] to add regular expressions. I've downloaded the latest copy of the [http://meta.wikimedia.org/wiki/Spam_blacklist spam blacklist from meta], but we should update it more often. Updating it is simply a matter of running /www/html/w/extensions/SpamBlacklist/load_lists --[[User:Scott|Scott]] 13:20, 29 Sep 2005 (EDT) |
|||
Can we create a cron job for /www/html/w/extensions/SpamBlacklist/load_lists, or add it to our backup script? --[[User:Scott|Scott]] 13:20, 29 Sep 2005 (EDT) |
|||
There's a setting $wgSpamRegex in LocalSettings.php. I added "HTTP:.*HTTP:.*HTTP:.*" (actually, the lower case version of that, but I'm not allowed to say that anymore!) on several wikis; it seems on at least one spammers got around it very quickly. --[[User:Scott|Scott]] 09:18, 18 May 2007 (EDT) |
|||
====Referer Spam==== |
|||
To combat [http://www.spywareinfo.com/articles/referer_spam/ referer spam], I added a referer's black list as [http://www.joemaller.com/htaccess.txt here] to <tt>/www/html/.htaccess</tt>, with some additions of my own following the log files. More should be added as needed. --[[User:Drorbn|Drorbn]] 09:33, 10 May 2006 (EDT) |
|||
===Upgrading mediawiki=== |
|||
katlas hasn't been upgraded from mediawiki 1.4.7 since it was first set up. Scott's successfully upgraded several other wikis, however. |
|||
Here's a recipe: |
|||
#mv w w-old |
|||
#gzip -d mediawiki-[version].tar.gz |
|||
#tar xvf mediawiki-[version].tar |
|||
#mv mediawiki-[version] w |
|||
#chmod a+w w/config |
|||
#Go to http://example.com/w/config/ and fill in all the fields. It's useful to have w-old/LocalSettings.php open as you do this, as many of the fields can be copied from this. |
|||
#If installation is successful, follow the instructions: mv w/config/LocalSettings.php w/ |
|||
#Go through the new and old LocalSettings.php files, migrating changes across to the new LocalSettings.php |
|||
#Copy across the contents of the images/ directory. |
|||
#Remember to set permissions on the images/ directory (probably <code>chmod -R g+w images</code>). |
|||
#If appropriate, copy across the math/ directory, containing our hacks (allowing use of dbnsymb, amongst other things). |
|||
Actually, this wasn't entirely successful. Dror subsequently discovered that LaTeX support was broken, and that new pages couldn't be created. --[[User:Scott|Scott]] 13:00, 28 Mar 2006 (EST) |
|||
The new page problem is because the spam blacklist extension installed is not compatible with mediawiki 1.5. We need to download a new copy of the spam blacklist extension for any wikis we upgrade to 1.5, from [http://cvs.sourceforge.net/viewcvs.py/wikipedia/extensions/SpamBlacklist/]. Alternatively, is should be safe to copy it from the omath wiki. The LaTeX support was broken because I hadn't made the images directory group writable (or, for that matter, copied across the images directory!) --[[User:Scott|Scott]] 13:28, 28 Mar 2006 (EST) |
|||
==Server security== |
|||
Everyday we have scripts come through trying to login through sshd, with various user/pass combinations. If we need to a solution we could either |
|||
# move sshd to listen on another port |
|||
# install on the the scripts described at http://www.linux.com/article.pl?sid=05/09/15/1655234 |
|||
==up2date and python== |
|||
At some point I installed version 2.4 of python on katlas; we previously had version 2.2 installed, and something (I can't remember what) needed a more recent version. However, I never worked out how to properly install new python modules, and, as a result, there's various stuff missing from the python 2.4 installation, in particular the rpm module. This causes redhat's "up2date" program to fail, which is serious, as this is the main mechanism for automatically installing security updates from redhat. --[[User:Scott|Scott]] 08:36, 3 Apr 2006 (EDT) |
|||
===Work around=== |
|||
In /usr/bin, you'll find files "python2.2", "python2.4" and "python". "python2.2" is a copy of the originally installed "python"; "python2.4" is a symbolic link to my installation of python 2.4. Currently, the file "python" is an exact copy of the file "python2.2". Things seem to work; in particular, "up2date" runs again. |
|||
If you find something that needs python 2.4 (happily, running up2date brought the honest version of python up to 2.3), you could try replacing "python" with "python2.4", but I really wouldn't recommend it. --[[User:Scott|Scott]] 08:36, 3 Apr 2006 (EDT) |
|||
===Running up2date=== |
|||
Running up2date for the first time in a long while seemed to work just fine. It complained about two sendmail configuration files, and made new versions with .rpmnew appended, but there were no essential differences. --[[User:Scott|Scott]] 09:45, 3 Apr 2006 (EDT) |
|||
We should check with the toronto math department computer people to see if they're now happy with katlas. |
|||
==Subversion== |
|||
We have a working subversion server going now. (I had to find the RHEL3 rpm, but it was easy after that!) |
|||
We have several separate repositories, and it's easy (for root) to create more. Go to one of |
|||
*http://katlas.math.toronto.edu/svn/KnotAtlas |
|||
*http://katlas.math.toronto.edu/svn/KnotTheory |
|||
*http://katlas.math.toronto.edu/svn/WikiLink |
|||
*http://katlas.math.toronto.edu/svn/QuantumGroups |
|||
*http://katlas.math.toronto.edu/svn/Tungsten |
|||
to get started. |
|||
To create a new repository, type something like |
|||
<pre> |
|||
svnadmin create RepositoryName /home/svn |
|||
</pre> |
|||
then change the ownership and permissions to match the other repositories. (The easiest way to do this is to login as svn, before using svnadmin, then <code>chmod -R g+w /home/svn/RepositoryName</code> to allow commits via the web.) |
|||
There's read-only public access; to commit changes you'll need to [[#creating new accounts|create an account]]. For windows, download [http://tortoisesvn.tigris.org/ TortoiseSVN], for eclipse use subclipse. |
|||
I've set up fine grained access control, as per [http://svnbook.red-bean.com/en/1.2/svn-book.html#svn.serverconfig.httpd.authz.perdir instructions in the SVN Book]. You'll need to edit <code>/home/svn/svnaccess.conf</code> to grant people access to the repositories. --[[User:Scott|Scott]] 20:26, 9 Oct 2006 (EDT) |
|||
Some people have had trouble with Mathematica notebooks in version control, although so far it's been fine for us. There are several solutions people have come up with. Do be very careful when resolving conflicts, on the other hand! |
|||
*http://www.itwm.fhg.de/as/asemployees/wichmann/nbcache.html A perl script for stripping out the cache data. |
|||
*Using the ShowShortBoxForm option in Mathematica [http://forums.wolfram.com/mathgroup/archive/2005/Mar/msg00175.html], which apparently makes notebooks less prone to arbitrary changes independent of real content changes. |
|||
==iptables== |
|||
Arno's iptables is the way to go. Just edit |
|||
<pre> |
|||
/etc/iptables-firewall.conf |
|||
</pre> |
|||
Make sure to have "<tt>DROP_IANA_RESERVED=0</tt>" to prevent the blocking of certain DSL/Cable providers. |
|||
To restart, use |
|||
<pre> |
|||
/etc/init.d/rc.iptables restart |
|||
</pre> |
|||
==Fisheye and Jira== |
|||
*run /home/fisheye/server/bin/start.sh and /home/jira/server/bin/startup.sh to start them |
|||
*to allow fisheye access to a new repository, see http://www.cenqua.com/fisheye/doc/1.1/admin/svnallow.html |
|||
*I modified /etc/rc.d/rc.local to automatically start fisheye and jira. |
|||
*getting the automatic proxying working on the new server required copying [[/etc/httpd/conf.d/jira.conf]] over. |
|||
==Sendmail== |
|||
Not too sure, but I think the critical step to getting sendmail working again was |
|||
cd /etc/mail |
|||
nano sendmail.mc |
|||
(... editing the line <code>DAEMON_OPTIONS(`Port=smtp,Addr=128.100.68.50, Name=MTA')dnl</code> |
|||
by replacing 127.0.0.1 with the local IP ...) |
|||
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf |
|||
service sendmail restart |
|||
==OS Upgrade, October 2006== |
|||
On October 2006 we had a disk failure and had to replace it with a new disk and re-install the OS. After doing so, we had to modify the following OS files from the RedHat default: |
|||
* /etc/iptables-firewall.conf |
|||
* /etc/hosts.allow |
|||
* /etc/fstab |
|||
* /etc/passwd |
|||
* /etc/shadow |
|||
* /etc/group |
|||
* /etc/httpd/conf/httpd.conf |
|||
Dror will be holding the old HD on his counter for at least a few months just to be sure everything is fine. To use it, open the box and reconnect it at the slot marked "Old HD", reboot, go to /mnt/oldhd and run "mountme" or simply enter the lines |
|||
mount /dev/Volume00/LogVol00 /mnt/oldhd/LogVol00 |
|||
mount /dev/Volume00/LogVol01 /mnt/oldhd/LogVol01 |
|||
mount /dev/Volume00/LogVol02 /mnt/oldhd/LogVol02 |
|||
mount /dev/Volume00/LogVol04 /mnt/oldhd/LogVol04 |
|||
==Upgrading java== |
|||
I've installed newer versions of java several times, but always in adhoc ways. They reside in /usr/java/*. |
|||
I'm about to change the symbolic link at /usr/bin/java to point to something newer. We used to have |
|||
<pre> |
|||
[scott@katlas ~]$ java -version |
|||
java version "1.4.2_12" |
|||
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_12-b03) |
|||
BEA JRockit(R) (build R27.1.0-109-73164-1.4.2_12-20061129-1418-linux-ia32, compiled mode) |
|||
[scott@katlas ~]$ which java |
|||
/usr/bin/java |
|||
[scott@katlas ~]$ ls -l /usr/bin/java |
|||
lrwxrwxrwx 1 root root 22 Oct 11 2006 /usr/bin/java -> /etc/alternatives/java |
|||
</pre> |
|||
and now it's just |
|||
<pre> |
|||
[root@katlas ~]# ls -l /usr/bin/java |
|||
lrwxrwxrwx 1 root root 26 Jun 27 19:42 /usr/bin/java -> /usr/java/default/bin/java |
|||
[root@katlas ~]# ls -l /usr/java/ |
|||
total 16 |
|||
lrwxrwxrwx 1 root root 16 Jun 12 00:41 default -> /usr/java/latest |
|||
drwxr-xr-x 10 root root 4096 Jun 22 21:57 jdk1.6.0_01 |
|||
lrwxrwxrwx 1 root root 21 Jun 22 21:58 latest -> /usr/java/jdk1.6.0_01 |
|||
[root@katlas ~]# |
|||
</pre> |
|||
--[[User:Scott|Scott]] 19:50, 27 Jun 2007 (EDT) |
|||
==Upgrading to php 5== |
|||
On RHEL4, upgrading to php5 is a little bit painful. We got the following steps to work: |
|||
*Removed php4, using <code>rpm -e php</code>, and then running <code>php -e <all dependencies here></code> |
|||
*Grabbed all the rpms from http://mirror.cheetaweb.com/redhat/4ES/i386/RPMS.php52/ |
|||
*Installed sqlite > 3.0, from a random rpm |
|||
*<code>rpm --install <all the php5 rpms></code> |
|||
*Restart apache |
Revision as of 16:08, 14 July 2007
On July 14, 2007 we've upgraded MediaWiki to version 1.10.1. The pre-upgrade installation notes are at MediaWiki 1.4 installation notes.