diff --git a/Scientific-linux-(rh5-clone).textile b/Scientific-linux-(rh5-clone).textile new file mode 100644 index 0000000..21fc925 --- /dev/null +++ b/Scientific-linux-(rh5-clone).textile @@ -0,0 +1,264 @@ +h1. Scientific Linux (RH5 clone) + + +Hi all, + +I did a fresh install of tracks a while back, and took a copy of my commands. I've included them here as I thought they might be of use. + +The install is on Scientific Linux 5 (a RedHat 5 clone), and is using apache as a front end proxy for tracks, using a dedicated virtual host in apache, with SSL. I imported my existing tracks database as part of the install. + +It also includes setup for a separate database backup user, and a cronjob that dumps the database out. + +Apologies for any linewrap weirdness due to email format. + +Hope someone finds this useful! + +-- +Orlando. + + + + +Setting up tracks on RedHat 5 / CentOS 5 / Scientific Linux 5 + +Install mysql-server, ruby, ruby-rdoc, ruby-devel.x86_64, mysql-devel.x86_64 + +Create tracks user account: + +[root@mwvm01 ~]# useradd -m tracks + +Set root password in mysql: + +[root@mwvm01 ~]# /etc/init.d/mysqld start Initializing MySQL database: Installing MySQL system tables... +OK +Filling help tables... +OK + +To start mysqld at boot time you have to copy support-files/mysql.server to the right place for your system + +PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER ! +To do so, start the server, then issue the following commands: +/usr/bin/mysqladmin -u root password 'new-password' +/usr/bin/mysqladmin -u root -h mwvm01.mydomain.com password 'new-password' +See the manual for more instructions. +You can start the MySQL daemon with: +cd /usr ; /usr/bin/mysqld_safe & + +You can test the MySQL daemon with mysql-test-run.pl cd mysql-test ; perl mysql-test-run.pl + +Please report any problems with the /usr/bin/mysqlbug script! + +The latest information about MySQL is available on the web at http://www.mysql.com Support MySQL by buying support/licenses at http://shop.mysql.com + [ OK ] + +Starting MySQL: [ OK ] +[root@mwvm01 ~]# +[root@mwvm01 ~]# mysql -u root +Welcome to the MySQL monitor. Commands end with ; or \g. +Your MySQL connection id is 4 +Server version: 5.0.45 Source distribution + +Type 'help;' or '\h' for help. Type '\c' to clear the buffer. + +mysql> use mysql; +Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A + +Database changed +mysql> update user set password=PASSWORD("secret") where User='root'; +Query OK, 3 rows affected (0.00 sec) +Rows matched: 3 Changed: 3 Warnings: 0 +mysql> flush privileges; +Query OK, 0 rows affected (0.00 sec) + +mysql> quit + +Import an existing tracks database: + +[root@mwvm01 ~]# ls -l ~orichard/tracks.db.2009-03-02.gz +-rw-r--r-- 1 orichard is_iti_ug 62508 Mar 2 11:23 /home/orichard/tracks.db.2009-03-02.gz +[root@mwvm01 ~]# cd ~orichard/ +[root@mwvm01 orichard]# gzip -d tracks.db.2009-03-02.gz +[root@mwvm01 orichard]# mysql -u root -p Enter password: +Welcome to the MySQL monitor. Commands end with ; or \g. +Your MySQL connection id is 10 +Server version: 5.0.45 Source distribution + +Type 'help;' or '\h' for help. Type '\c' to clear the buffer. + +mysql> create database tracks; +Query OK, 1 row affected (0.00 sec) + +mysql> Bye +[root@mwvm01 orichard]# mysql -u root -p tracks < tracks.db.2009-03-02 Enter password: +[root@mwvm01 orichard]# + +Set up tracks database accounts: + +mysql> GRANT LOCK TABLES ON tracks.* to 'tracksbackup'@'localhost' +IDENTIFIED BY 'apassword'; +Query OK, 0 rows affected (0.00 sec) + +mysql> GRANT SELECT ON tracks.* to 'tracksbackup'@'localhost' IDENTIFIED +BY 'apassword'; +Query OK, 0 rows affected (0.00 sec) + +mysql> GRANT ALL ON tracks.* to 'tracks'@'localhost' IDENTIFIED BY +'thepassword'; +Query OK, 0 rows affected (0.00 sec) + +Download the latest tracks: + +[root@mwvm01 orichard]# wget +http://bsag.bingodisk.com/public/files/tracks-current.zip +11:34:32 (406 KB/s) - `tracks-current.zip' saved [6080226/6080226] +[root@mwvm01 orichard]# unzip tracks-current.zip +[root@mwvm01 orichard]# mv tracks-1.7/ ~tracks/ +[root@mwvm01 orichard]# chown -R tracks:tracks ~tracks/tracks-1.7/ +[root@mwvm01 orichard]# su - tracks +[tracks@mwvm01 ~]$ cd tracks-1.7/config/ +[tracks@mwvm01 config]$ vi database.yml +# Insert: +production: + adapter: mysql + database: tracks + host: localhost + username: tracks + password: thepassword + +[tracks@mwvm01 config]$ vi site.yml +salt: "mysalt" +time_zone: "Edinburgh" +secure_cookies: true + +[tracks@mwvm01 config]$ cd +[tracks@mwvm01 ~]$ ln -s tracks-1.7/ tracks +[tracks@mwvm01 ~]$ cd tracks +[orichard@espresso tracks]$ cat > start_tracks.sh #!/bin/bash + +cd ~tracks/tracks +./script/server -e production --binding=127.0.0.1 -d +[tracks@mwvm01 tracks]$ chmod +x start_tracks.sh + +Set up rubygems: + +[tracks@mwvm01 ~]$ wget +http://rubyforge.org/frs/download.php/45905/rubygems-1.3.1.tgz +11:45:42 (530 KB/s) - `rubygems-1.3.1.tgz' saved [263748/263748] +[tracks@mwvm01 ~]$ tar -zxf rubygems-1.3.1.tgz + + +[root@mwvm01 rubygems-1.3.1]# ruby setup.rb +Building native extensions. This could take a while... +Successfully installed mysql-2.7 +1 gem installed + +[root@mwvm01 ~]# gem install rake +Successfully installed rake-0.8.3 +1 gem installed +Installing ri documentation for rake-0.8.3... +Installing RDoc documentation for rake-0.8.3... + +And start up: + +[tracks@mwvm01 tracks]$ ./start_tracks.sh +=> Booting WEBrick... + +=> Rails 2.2.2 application started on http://127.0.0.1:3000 +[2009-03-02 11:53:29] INFO WEBrick 1.3.1 +[2009-03-02 11:53:29] INFO ruby 1.8.5 (2006-08-25) [x86_64-linux] + +[tracks@mwvm01 tracks]$ netstat -l -n | grep 3000 +tcp 0 0 127.0.0.1:3000 0.0.0.0:* + LISTEN + +Configure apache: + +[root@mwvm01 certs]# cd /etc/pki/tls/certs/ +[root@mwvm01 certs]# make certreq +umask 77 ; \ + /usr/bin/openssl req -utf8 -new -key +/etc/pki/tls/private/localhost.key -out /etc/pki/tls/certs/localhost.csr +You are about to be asked to enter information that will be incorporated +into your certificate request. +What you are about to enter is what is called a Distinguished Name or a DN. +There are quite a few fields but you can leave some blank +For some fields there will be a default value, +If you enter '.', the field will be left blank. +----- +Country Name (2 letter code) [GB]: +State or Province Name (full name) [Berkshire]:Lothian +Locality Name (eg, city) [Newbury]:Edinburgh +Organization Name (eg, company) [My Company Ltd]:MyCompany +Organizational Unit Name (eg, section) []:My Section +Common Name (eg, your name or your server's hostname) []:tracks.mydomain.com +Email Address []:email@address.com + +Please enter the following 'extra' attributes +to be sent with your certificate request +A challenge password []: +An optional company name []: + +[root@mwvm01 certs]# mv localhost.csr tracks.mydomain.com.csr + +# Once you have your cert, copy it in to +/etc/pki/tls/private/tracks.mydomain.com.crt + +[root@mwvm01 ~]# cat > /etc/httpd/conf.d/tracks.conf +NameVirtualHost tracks.mydomain.com:443 +Listen IP_ADDRESS_OF_tracks.mydomain.com:443 + + + SSLEngine on + SSLProtocol all -SSLv2 + SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW + SSLCertificateFile /etc/pki/tls/certs/tracks.mydomain.com.crt + SSLCertificateKeyFile /etc/pki/tls/private/localhost.key + RequestHeader set X_FORWARDED_PROTO 'https' + ProxyPass / http://127.0.0.1:3000/ + ProxyPassReverse / http://127.0.0.1:3000/ + ProxyRequests Off + + + + +[root@mwvm01 conf.d]# vi /etc/httpd/conf/httpd.conf + +# Set to listen on loopback only: +Listen 127.0.0.1:80 + +# Similarly for ssl: +Listen 127.0.0.1:443 + +Set up the interface: + +[root@mwvm01 conf.d]# ifconfig eth0:1 IP_ADDRESS_OFtracks.mydomain.com + +Start up apache: + +[root@mwvm01 conf.d]# /etc/init.d/httpd configtest +Syntax OK +[root@mwvm01 conf.d]# /etc/init.d/httpd start +Starting httpd: [ OK ] + +Set everything to come up on boot: + +[root@mwvm01 ~]# chkconfig mysqld on +[root@mwvm01 ~]# chkconfig httpd on +[root@mwvm01 etc]# cat >> /etc/rc.local + +su - tracks -c /home/tracks/tracks/start_tracks.sh + +Update /etc/sysconfig/iptables with: + +# Allow HTTPS to tracks.mydomain.com +-A RH-Firewall-1-INPUT -m state --state NEW -d tracks.mydomain.com -m +tcp -p tcp --dport 443 -j ACCEPT + +Set up database backups: + +[tracks@mwvm01 ~]$ mkdir backups + +[tracks@mwvm01 ~]$ crontab -e +01 9 * * * /usr/bin/mysqldump -u tracksbackup -p'apassword' tracks > +/home/tracks/backups/tracks.db.`date \+\%F`; gzip +/home/tracks/backups/tracks.db.`date \+\%F` \ No newline at end of file