Skip to Content.
Sympa Menu

idok-commit - [idok-commit] idok commit r768 - in trunk: . doc

idok-commit AT lists.psi.ch

Subject: Commit emails of the iDok project

List archive

[idok-commit] idok commit r768 - in trunk: . doc


Chronological Thread 
    < Chronological >      < Thread >
  • From: "AFS account Roman Geus" <geus AT savannah.psi.ch>
  • To: idok-commit AT lists.psi.ch
  • Subject: [idok-commit] idok commit r768 - in trunk: . doc
  • Date: Wed, 27 Feb 2008 16:03:28 +0100
  • List-archive: <https://lists.web.psi.ch/pipermail/idok-commit/>
  • List-id: Commit emails of the iDok project <idok-commit.lists.psi.ch>
Author: geus
Date: Wed Feb 27 16:03:28 2008
New Revision: 768

Log:
Updated install manual: Added proper way how to create test project and
repository and added section about file permissions

Modified:
trunk/INSTALL.html
trunk/doc/INSTALL.odt

Modified: trunk/INSTALL.html
==============================================================================
--- trunk/INSTALL.html (original)
+++ trunk/INSTALL.html Wed Feb 27 16:03:28 2008
@@ -6,7 +6,7 @@
<META NAME="GENERATOR" CONTENT="OpenOffice.org 2.3 (Linux)">
<META NAME="CREATED" CONTENT="0;0">
<META NAME="CHANGEDBY" CONTENT="Roman Geus">
- <META NAME="CHANGED" CONTENT="20080226;17463200">
+ <META NAME="CHANGED" CONTENT="20080227;15574700">
<META NAME="SDFOOTNOTE" CONTENT=";;;;P">
<META NAME="SDENDNOTE" CONTENT="ARABIC">
<STYLE TYPE="text/css">
@@ -181,9 +181,9 @@
<CODE CLASS="western"><A
HREF="http://trolltech.com/downloads/opensource";>http://trolltech.com/downloads/opensource</A></CODE>,
for the GUI client)</P>
<LI><P LANG="en-US" CLASS="western" STYLE="margin-bottom: 0cm">Java
- Webstart (optionally for starting the GUI client). When using Java
- webstart Qt Jambi is downloaded automatically from the server along
- with the necessary Qt runtime libraries.
+ Web Start (optionally for starting the GUI client). When using Java
+ Web Start, Qt Jambi is downloaded automatically from the server
+ along with the necessary Qt runtime libraries.
</P>
<LI><P LANG="en-US" CLASS="western" STYLE="margin-bottom: 0cm">Windows
or Linux operating system</P>
@@ -215,15 +215,9 @@
<P LANG="en-US" CLASS="western" STYLE="margin-bottom: 0cm">To
generate the necessary directory structures under <CODE
CLASS="western">/tmp/idok_server</CODE>
and some test data run <CODE CLASS="western">ant</CODE> as follows:</P>
-<PRE LANG="zxx" CLASS="western" STYLE="margin-left: 1.25cm">$ ant -f
local-server.xml init-server-dirs</PRE><P LANG="en-US" CLASS="western">
-The <CODE CLASS="western">svnadmin</CODE> executable need to be in
-the PATH for this to work.</P>
-<H3 LANG="en-US" CLASS="western">6.1.2Create test repository</H3>
-<P LANG="en-US" CLASS="western">A test repository containing some
-sample documents can be generated using the following command.</P>
-<PRE LANG="zxx" CLASS="western" STYLE="margin-left: 1.25cm">$ ant -f
local-server.xml create-test-project-svn</PRE><P LANG="en-US" CLASS="western">
-The <CODE CLASS="western">svnadmin</CODE> executable need to be in
-the PATH for this to work.</P>
+<PRE LANG="zxx" CLASS="western" STYLE="margin-left: 1.25cm">$ ant -f
local-server.xml init-server-dirs</PRE><H3 LANG="en-US" CLASS="western">
+6.1.2The <CODE CLASS="western">svnadmin</CODE> executable need to be
+in the PATH for this to work.</H3>
<H3 LANG="en-US" CLASS="western">6.1.3Start CORBA naming service</H3>
<P LANG="en-US" CLASS="western">A naming service is needed to enable
clients to connect to the server using CORBA.</P>
@@ -241,22 +235,45 @@
<H3 LANG="en-US" CLASS="western">6.1.5Start iDok indexer</H3>
<P LANG="en-US" CLASS="western">Start the indexer daemon by running</P>
<PRE LANG="zxx" CLASS="western" STYLE="margin-left: 1.25cm">$ ant -f
local-server.xml start-indexer</PRE><H3 LANG="en-US" CLASS="western">
-6.1.6Log files</H3>
+6.1.6Initialize the authorization database</H3>
+<P LANG="en-US" CLASS="western">Before iDok can be used, the iDok
+service daemon must be instructed to perform a one time
+initialization of its authorization database. This can be achieved by
+running the idok_admin script as follows:</P>
+<PRE LANG="zxx" CLASS="western" STYLE="margin-left: 1.25cm">$
scripts/unix/idok_admin init_auth_db</PRE><P LANG="en-US" CLASS="western">
+Log in as user <CODE CLASS="western">idokadmin</CODE> with the
+password <CODE CLASS="western">pass</CODE>.</P>
+<H3 LANG="en-US" CLASS="western">6.1.7Create an iDok project and a
+repository</H3>
+<P LANG="en-US" CLASS="western">Use the iDok administration command
+line client to create a project named <I>foo</I>:</P>
+<PRE LANG="zxx" CLASS="western" STYLE="margin-left: 1.25cm">$
scripts/unix/idok_admin create_project foo 100</PRE><P LANG="en-US"
CLASS="western">
+Please note that last command line argument <CODE CLASS="western">100</CODE>
+has no functionality on a local test server.</P>
+<P LANG="en-US" CLASS="western">Use the iDok administration command
+line client to create a repository named <I>bar</I>, which belong to
+the new project:</P>
+<PRE LANG="zxx" CLASS="western" STYLE="margin-left: 1.25cm">$
scripts/unix/idok_admin create_repository foo bar</PRE><H3 LANG="en-US"
CLASS="western">
+6.1.8Import sample repository data</H3>
+<P LANG="en-US" CLASS="western">As long as the Apache web server is
+configured for iDok, the import the data using the Subversion client:</P>
+<PRE LANG="zxx" CLASS="western" STYLE="margin-left: 1.25cm">$ svn import \
+ <SPAN LANG="zxx">-m &quot;Initial import&quot; \</SPAN>
+ <SPAN LANG="zxx">misc/sample_repository_data/ \</SPAN>
+ <SPAN LANG="zxx"><A
HREF="/tmp/idok_server/projects/foo/bar">file:///tmp/idok_server/projects/foo/bar</A></SPAN></PRE><P
LANG="en-US" CLASS="western">
+If the Apache web server was already properly configured (see below)
+the data could be imported as follows:</P>
+<PRE LANG="zxx" CLASS="western" STYLE="margin-left: 1.25cm">$
scripts/unix/idok put \
+ <SPAN LANG="zxx">-m &quot;Initial import&quot; -R \</SPAN>
+ <SPAN LANG="zxx">misc/sample_repository_data/ \</SPAN>
+ <SPAN LANG="zxx">http://localhost/foo/bar</SPAN></PRE><H3 LANG="en-US"
CLASS="western">
+6.1.9Log files</H3>
<P LANG="en-US" CLASS="western">The CORBA naming service, the iDok
service and the iDok indexer write logging informations to files in
the directory <CODE CLASS="western">/tmp/idok_server/log</CODE>. If
these server processes cause trouble, the log files might prove to be
useful.</P>
-<H3 LANG="en-US" CLASS="western">6.1.7Initialize the authorization
-database</H3>
-<P LANG="en-US" CLASS="western">Finally the iDok daemon must be
-instructed to perform a one time initialization of its authorization
-database. This can be achieved by running the idok_admin script as
-follows:</P>
-<PRE LANG="zxx" CLASS="western" STYLE="margin-left: 1.25cm">$
scripts/unix/idok_admin init_auth_db</PRE><P LANG="en-US" CLASS="western">
-Log in as user <CODE CLASS="western">idokadmin</CODE> with the
-password <CODE CLASS="western">pass</CODE>.</P>
-<H3 LANG="en-US" CLASS="western">6.1.8Apache web server</H3>
+<H3 LANG="en-US" CLASS="western">6.1.10Apache web server</H3>
<P LANG="en-US" CLASS="western">The Apache web server together with
the <CODE CLASS="western">mod_dav_svn</CODE> and <CODE
CLASS="western">mod_</CODE><CODE CLASS="western">authz_svn</CODE>
modules are responsible for implementing the read and write access to
@@ -303,8 +320,20 @@
<P LANG="en-US" CLASS="western">Apache needs to be configured in such
a way that the files in <CODE
CLASS="western">/tmp/idok_server/httpd/conf.d</CODE>
are automatically loaded:</P>
-<PRE LANG="zxx" CLASS="western" STYLE="margin-left: 1.25cm">Include
/tmp/idok_server/httpd/conf.d/*.conf</PRE><H2 LANG="en-US" CLASS="western">
-6.2Using the local server</H2>
+<PRE LANG="zxx" CLASS="western" STYLE="margin-left: 1.25cm">Include
/tmp/idok_server/httpd/conf.d/*.conf</PRE><H3 LANG="en-US" CLASS="western">
+6.1.11File permissions and ownership</H3>
+<P LANG="en-US" CLASS="western">Note that the Apache web server must
+have permissions to read all files under <CODE
CLASS="western">/tmp/idok_server/httpd</CODE>.
+It also must have permissions to read and write files under
+<CODE CLASS="western">/tmp/idok_server/projects</CODE>.</P>
+<P LANG="en-US" CLASS="western">The other iDok server components must
+be able to write to certain directories under <CODE
CLASS="western">/tmp/idok_server</CODE>
+as well.</P>
+<P LANG="en-US" CLASS="western">In many cases it makes sense to run
+all iDok server processes (including the Apache web server) on behalf
+of the same user account and give that user ownership to all files
+under /tmp/idok_server.</P>
+<H2 LANG="en-US" CLASS="western">6.2Using the local server</H2>
<P LANG="en-US" CLASS="western">Visit
<A
HREF="http://www.idok.ch/documentation/";>http://www.idok.ch/documentation/</A>
for accessing the iDok user manuals. The following sections just
@@ -385,12 +414,12 @@
7.10 server into an iDok test server.</P>
<H3 LANG="en-US" CLASS="western">8.1.1Important files and directories</H3>
<P LANG="en-US" CLASS="western">This is a list of the files and
-directories that iDok specfic and relevant for operating the iDok
+directories that iDok specific and relevant for operating the iDok
server:</P>
<P LANG="en-US"
CLASS="gegen&uuml;berstellung-western"><DFN>/etc/apache2/sites-enabled/idok
basic
-Apache webserver configuration for iDok server</DFN></P>
+Apache web server configuration for iDok server</DFN></P>
<P LANG="en-US"
CLASS="gegen&uuml;berstellung-western"><DFN>/etc/apache2/mods-enabled loaded
-Apache webserver modules</DFN></P>
+Apache web server modules</DFN></P>
<P LANG="en-US" CLASS="gegen&uuml;berstellung-western">/etc/init.d/idok
init
script for starting and stopping iDok server components</P>
<P LANG="en-US"
CLASS="gegen&uuml;berstellung-western">/home/toor/configure.sh script
@@ -400,7 +429,7 @@
build files)</P>
<P LANG="en-US"
CLASS="gegen&uuml;berstellung-western"><DFN>/usr/lib/cgi-bin/idok.jnlp CGI
script generating the JNLP file for starting the iDok GUI using Java
-webstart</DFN></P>
+Web Start</DFN></P>
<P LANG="en-US" CLASS="gegen&uuml;berstellung-western">/var/lib/idok_server
base
directory for iDok data</P>
<P LANG="en-US"
CLASS="gegen&uuml;berstellung-western">/var/lib/idok_server/derby iDok
@@ -453,7 +482,7 @@
build file local-server.xml takes case the signing process: First,
all present signatures are removed, then the JAR files are signed
with a certificate in the keystore <CODE CLASS="western">file
-java/ch/idok/service/common/dms.jks</CODE>. The certifucate can be
+java/ch/idok/service/common/dms.jks</CODE>. The certificate can be
created using the <CODE CLASS="western">generate-keystore</CODE>
task.</P>
<H2 LANG="en-US" CLASS="western">8.3Deploying the software</H2>
@@ -546,8 +575,8 @@
<LI><P LANG="en-US" CLASS="western">The data that is sent over the
network is not encrypted.</P>
<LI><P LANG="en-US" CLASS="western">No centralized and flexible user
- management is used. The iDok service daemon and the Apache webserver
- use two separate user databases.</P>
+ management is used. The iDok service daemon and the Apache web
+ server use two separate user databases.</P>
</UL>
<H2 LANG="en-US" CLASS="western">9.1Security</H2>
<H3 LANG="en-US" CLASS="western">9.1.1Keystore certificates</H3>
@@ -603,7 +632,7 @@
to Kerberos-aware services in such a way, that these can
authenticate themselves to other services on behalf of the user</P>
</UL>
-<P LANG="en-US" CLASS="western">The Apache webserver and the iDok
+<P LANG="en-US" CLASS="western">The Apache web server and the iDok
software written in Java can be configured to support Kerberos. In
addition also many web browsers (e.g. Firefox and Internet Explorer 6
or newer) support Kerberos, if configured accordingly.</P>
@@ -640,16 +669,16 @@
fails.</P>
<P LANG="en-US" CLASS="western">Below is a sample <CODE
CLASS="western">mod_auth_kerb</CODE>
configuration.</P>
-<PRE LANG="zxx" CLASS="western" STYLE="margin-left: 1.25cm">&lt;Location
/&gt;

- <SPAN LANG="zxx">AuthType Kerberos
</SPAN>
- <SPAN LANG="zxx">KrbAuthoritative On
</SPAN>
- <SPAN LANG="zxx">KrbMethodNegotiate On
</SPAN>
- <SPAN LANG="zxx">KrbMethodK5Passwd On
</SPAN>
- <SPAN LANG="zxx">KrbAuthRealms IDOK.CH
</SPAN>
- <SPAN LANG="zxx">KrbVerifyKDC On
</SPAN>
- <SPAN LANG="zxx">Krb5KeyTab /etc/idok_server.keytab
</SPAN>
- <SPAN LANG="zxx">KrbSaveCredentials Off
</SPAN>
-<SPAN LANG="zxx">&lt;/Location&gt;
</SPAN></PRE><P LANG="en-US" CLASS="western">
+<PRE LANG="zxx" CLASS="western" STYLE="margin-left: 1.25cm">&lt;Location
/&gt;
+ <SPAN LANG="zxx">AuthType Kerberos </SPAN>
+ <SPAN LANG="zxx">KrbAuthoritative On </SPAN>
+ <SPAN LANG="zxx">KrbMethodNegotiate On </SPAN>
+ <SPAN LANG="zxx">KrbMethodK5Passwd On </SPAN>
+ <SPAN LANG="zxx">KrbAuthRealms IDOK.CH </SPAN>
+ <SPAN LANG="zxx">KrbVerifyKDC On </SPAN>
+ <SPAN LANG="zxx">Krb5KeyTab /etc/idok_server.keytab </SPAN>
+ <SPAN LANG="zxx">KrbSaveCredentials Off </SPAN>
+<SPAN LANG="zxx">&lt;/Location&gt; </SPAN></PRE><P LANG="en-US"
CLASS="western">
Note that the keytab file <CODE
CLASS="western">/etc/idok_server.keytab</CODE>
is required to authenticate the server (or service) to the Kerberos
infrastructure. Both Apache and JAAS need to do this before they can

Modified: trunk/doc/INSTALL.odt
==============================================================================
Binary files. No diff available.


  • [idok-commit] idok commit r768 - in trunk: . doc, AFS account Roman Geus, 02/27/2008

Archive powered by MHonArc 2.6.19.

Top of Page