Automated Web Based Installation for Ubuntu Server
From Zivios Wiki
This howto explains installing release bundles of the Zivios Master Service
Contents |
Supported Platforms
- Ubuntu Hardy Server 8.04
- Ubuntu Gutsy Server 7.10 (untested -- should work however. Please report success at zivios-discuss@lists.zivios.org)
Domain Name Service Requirements
The Zivios installer will work off an IP address. However, the services that Zivios configures (Kerberos, Certificate Authority, etc.) require proper name resolution. It is highly recommended that you configure DNS for the hostname you are working with.
Extraction
(Skip this step if setting up a developer environment using the dev bundle and continue following this document till Zivios Web Panel Setup)
Download the latest Zivios package and copy it to your server at: /usr/local/src/
Note: the zivios package (e.g. zivios-0.5.1.tar.bz2) MUST be saved in /usr/local/src. Currently, the web based installer does not allow the option of specifying where the source folder is. If this is a problem, simply create a symlink from your actual source directory to /usr/local/src/.
Please note the zivios-0.5.1.tar.bz2 is used as a reference name for the bundle release, change according to your package version.
To extract Zivios web panel:
cd /usr/local/src/ tar jxvf zivios-0.5.1.tar.bz2
Preparation
Your Ubuntu server installation should be absolutely minimal. Barring SSHd, no additional packages should be installed at this stage. For the purpose of this setup, we are working with the following hostname and IP address:
- hostname : master.zivios.net
- IP address : 192.168.0.31
Note: it is a requirement that you use a sub-domain as your hostname. This does not mean that your LDAP basedn, kerberos realm or mail domain has to be master.yourdomain, it means quite simply that Zivios will be served from an apache virtual host called: master.yourdomain.
Also: the sub-domain does not need to be "master", it can be anything you like. If you are confused about this, please ask on the zivios-discuss mailing list or on the IRC channel before proceeding.
Ensure your system is updated via:
apt-get update apt-get dist-upgrade
reboot (if required or recommended by the Operating System)
The following base packages are required to run the master web service:
apt-get install apache2 libapache2-mod-php5 php5-curl php5-gd php5-imap php5-ldap php5-mcrypt \ php5-mysql php5-xmlrpc mcrypt mysql-server-5.0 mysql-client-5.0 build-essential ssl-cert less \ bzip2 xml-core lsb-release file libssl-dev libldap2-dev ntp memcached python python-ldap \ python-pyopenssl python-twisted php5-memcache ca-certificates make
Note: You will be prompted for a password for the MySQL root user. Please note this password down.
Installing Pre-requisites
Install libnss-ldap
The libnss-ldap package requires some information which we already have. Simply follow the example:
Our primary domain name for this demo installation is zivios.net. This makes our LDAP base-DN: dc=zivios,dc=net. The base-DN is your "Base Distinguished Name", which is made up of your "Domain Components".
Server URI: ldap://127.0.0.1
Make sure the URI is ldap:// and not ldapi:///
Distinguished name of search base: (for example) dc=zivios,dc=net
Make sure the search base MATCHES the prefix of the database you will be using, if your domain name is zivios.net then your search base would be set to dc=zivios,dc=net
LDAP Version to Use: 3
Make local root Database admin: No
Does the LDAP database require login: No
apt-get install libnss-ldap ... enter your answers.
Install Heimdal and Openldap Dependencies
As the web based process requires certain prerequisites to be in place for auto-compilation to succeed, we need to installed required libraries accordingly. For debian based systems, this is quite simple.
apt-get build-dep heimdal apt-get build-dep slapd
Enable Memcached
Zivios uses memcached to accelerate common lookups. Zivios cannot work without memcached enabled.
- Enable the PHP Memcached extension. This must be done manually.
You must edit /etc/php5/apache2/conf.d/memcache.ini and uncomment the line to enable memcached:
extension=memcache.so
- Start Memcached. The Zivios Panel WILL NOT WORK without a running memcached
/etc/init.d/memcached start
Configuring the Web Service
Let's first configure the web service and the required virtual host before we kick-start the web based installer.
PHP Configuration
Edit the file: /etc/php5/apache2/php.ini, making the following changes to the variables below:
display_errors = Off log_errors = On max_execution_time = 300 # 5 mins memory_limit = 128M
Save the file and quit the editor.
Apache Configuration
a2enmod rewrite
Edit the file /etc/apache2/ports.conf
Make the following changes:
Listen 192.168.0.31:80
NameVirtualHost 192.168.0.31:80
<IfModule mod_ssl.c>
Listen 192.168.0.31:443
NameVirtualHost 192.168.0.31:443
</IfModule>
Save the file and quit the editor.
We will now configure the default virtual host. Edit the file: /etc/apache2/sites-available/default
Remove all contents of this file and edit and paste the vhost section below. Be sure to edit the marked (BOLD) areas with your IP and HOSTNAME
<VirtualHost 192.168.0.31:80>
ServerAdmin zadmin@zivios.net
ServerName master.zivios.net
DocumentRoot /var/www/vhosts/zpanel/web
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/vhosts/zpanel/web>
RewriteEngine on
RewriteRule .* index.php
php_flag magic_quotes_gpc off
php_flag register_globals off
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
<Directory /var/www/vhosts/zpanel/web/public>
RewriteEngine off
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ErrorLog /var/www/vhosts/zpanel/application/log/error.log
LogLevel warn
CustomLog /var/www/vhosts/zpanel/application/log/access.log combined
ServerSignature On
</VirtualHost>
Save the file and quit the editor.
Zivios Web Panel Setup
(Skip this step if setting up a developer environment using the dev bundle, Following instructions in Using the Zivios Bazaar Branch before continuing)
rm /var/www/index.html
mkdir /var/www/vhosts/
cd /usr/local/src/
cp -R zivios-0.5.1/zivios /var/www/vhosts/zpanel
chown -R www-data:www-data /var/www/vhosts/zpanel
find /var/www/vhosts/zpanel -type d -exec chmod 750 {} \;
find /var/www/vhosts/zpanel -type f -exec chmod 640 {} \;
Before we restart apache, we add the user to the ssl-cert group and provision for SUDO access.
adduser www-data ssl-cert
Install libssh2 and php-ssh2
SSH2 is required to enable zivios agents on remote computers. This is used by Zivios when adding a server to install and configure a Zivios agent on them.
It is required that you use libssh2-0.14 for this purpose (provided with Zivios). Newer versions seem not to work properly with the php5-ssh2 extension
- Copy the required packages over for compilation:
cd /usr/local/src tar zxvf zivios-0.5.1/spkgs/libssh2-0.14.tar.gz tar zxvf zivios-0.5.1/spkgs/ssh2-0.10.tgz
- Compile libssh
cd libssh2-0.14 ./configure make all install
- Install PHP5 module development package:
apt-get install php5-dev
- Compile the php5-ssh2 extension
cd /usr/local/src/ssh2-0.10 phpize ./configure make make install
- Enable the php-ssh extension:
edit /etc/php5/apache2/php.ini and add the following line to the end of the file (alongside other enabled extensions):
extension=ssh2.so
www-data Sudo Access for installation
For the web server to be able to install or compile software, access is required via SUDO. For this purpose, we will TEMPORARILY be giving full root access to the web server by adding it to the 'sudo' group and configuring SUDO to allow full access without a password to the www-data user.
Again, this is a temporary step and will be reverted at the end of the installation.
Edit the file: /etc/sudoers (execute 'visudo' as root)
Uncomment the following line:
%sudo ALL=NOPASSWD: ALL
Save the file and quit the editor.
adduser www-data sudo chmod 700 /root su - www-data sudo ls /root exit
If the above command does not provide a directory listing for /root, then your sudo configuration did not work. Please retrace your steps and ensure sudo is configured properly and working for the sudo group as required.
Note: When people tell you "it's stupid to run a web server as root", they are absolutely right. You should NEVER be running a web service with root user privileges. We introduced this temporary step only to ease the installation process. You must ensure that SUDO provisioning for the www-data group is removed completely and the sudoers file has no trace of the modifications we made.
You will be reminded of these steps at the end of the installation process.
Restart apache via:
/etc/init.d/apache2 restart
Ensure that the web service is listening to only port 80 of the given IP address:
apache2ctl -t -D DUMP_VHOSTS
Create Temporary Extract Folder
We will only run commands via SUDO where it is unavoidable. For all other purposes, we will extract, compile and configure software as the web user. To do this:
mkdir /usr/local/src/zvcompile chown www-data:www-data /usr/local/src/zvcompile
Web Based Installation
At this point we're ready for the web based installer to take over for the most part. The web installer compiles Openldap, a few ldap modules, heimdal and bind automatically. As such it may take it a while to complete. In the future we would have packages for these but currently compilation is the approach we have taken.
if you get stuck at any point, let us know on the mailing list: zivios-discuss@lists.zivios.org
Point your browser to: http://virtual_host and continue the installation on-line (for this installation example, our virtual host is: http://master.zivios.net)
Post Installation Checklist
After the web based installation, you will want to take care of the following steps:
Remove SUDO access for Web User
To revert changes, simply edit /etc/sudoers again, comment out the line:
#%sudo ALL=NOPASSWD: ALL
Save the file and quit the editor. Then run:
deluser www-data sudo /etc/init.d/apache2 restart
Enable services to auto-start on boot, with slapd starting first:
NOTE: The step below is only required for Zivios verison 0.5.0. The installer from Zivios version 0.5.1 onwards automatically adds the correct runlevels for the supplied scripts.
update-rc.d zvslapd defaults 16 80 update-rc.d zvbind defaults update-rc.d zvheimdal defaults update-rc.d ziviosagent defaults
Try it out!
To get a basic understanding of how IDM in Zivios works. Please check out:
Troubleshooting
A list of common problems and fixes can be found below:
Problem: While going through the web-based install, you receive an "Error Code 531: Could not add Zivios Ldif to cn=config".
Answer: The server can't resolve the FQDN. To fix this...
vi /etc/hostname
Change the name to your FQDN in the file. For example,
master.zivios.org
Edit the hosts file...
vi /etc/hosts
Add your IP and FQDN to the file.
192.168.1.5 master.zivios.org master
