Page History

EPN2020-RI

EUROPLANET2020 Research Infrastructure 

H2020-INFRAIA-2014-2015 

Grant agreement no: 654208 

Document: VESPA-

Date: 04 Apr 2017 

Responsible WP Leader: OBSPARIS / Stéphane Erard 

Table of Contents1.

1. Introduction

This document presents the installation procedure to set up data distribution server for VESPA. We propose here to set up three service interfaces on the same physical server (and the same public IP address): a standard web server (Apache) to serve data files, a tool to have access statistics (using AWStats), and a DaCHS server to provide the Virtual Observatory (VO) interfaces (including a TAP service). Two server names have to be set up: one for the data access and the statistics, and the other for the VO access:

• http://my_servername.my_domain  VO interface 
• http://my_servername.my_domain:8080  Data repository and usage statistic service

Section 2 describes the Debian distribution installation. Section 3 describes the installation of DaCHS and its configuration. Section 4 describes the installation and configuration of AWStatAWStats. Section 5 describes the configuration of the Apache server and of DNS.

Further configuration of the VO interface is described in the second part of the tutorial.

In order to prepare the installation, here is a table to be filled with the parameters of you installation:

(1) This should be a generic address, rather than a specific person address. 
(2) Read the Service Identifier page when filling these lines. Note that this specific item do not contain "ivo://" at the beginning.

2. Debian Stable (Jessie) Installation

DaCHS (Data Center Helper Suite) must be installed on a fresh Debian Stable distribution .

2.1 Install virtualization software

sudo apt-get install virtualbox

2.2 Download Debian

 The current installation image for this distribution is available here: https://www.debian.org/distrib/netinst#smallcd (under Small CDs or USB sticks). In this example, we used the following ISO image: debian-8.6.0-amd64-netinst.iso. 

2.3 Virtual machine installation

2.4 Network configuration

2.5 Debian installation

Step	Screenshot	Configuration
Installation selection		Select "Install"
Language used for the installation process, and for the system, once installed		Select " English "
Location of the installation		Select your country
Locale used for the installation		Select "en-US.UTF-8"
Keyboard map			Select your keyboard map
Hostname for this computer		Type the hostname (here "voparis-test-bc") Info replace by <<my_servername>>
Domain name for your institute		Type the domain name (here "obspm.fr") Info replace by <<my_domain>>
Root password		Enter root password (pick a password, which is not easy to guess and don't forget it!)
Main user configuration		Enter Full Name, user name and password In the following, <<my_user>> will refer to the login of this user, you will need a user account.
Disk configuration		Select "Use entire disk"
Select Disk to partition		Select the main disk (there should be only one).
Partition Scheme		Select "All files in one partition"
Confirmation of partition set up		Select "Finish partioning and write changes to disk"
write partition to disk		select <Yes>
Configuration of package manager		Select a mirror close to your place
Proxy configuration		If needed enter the proxy information to go on internet (if your internet access is via a proxy, otherwise leave it blank).
Configuring popularity-contest		This is up to you (here "No" is selected)
Software selection		Select a minimal set of package, namely "web server", "ssh server", "standard system utilities". Note that no desktop environment is selected here. As a server, only shell access is necessary. Info For package selection/unselection, use the "space" key. Info In basic configuration, we do not select any desktop environment, but it is possible to do so, it makes you more confident. Warning If you don't load any desktop environment, you must make sure that your server is reachable through ssh. This may imply configuration on the virtualization software and on the DNS server of your institution.
Installation of GRUB boot loader, part 1		Select "yes"
Installation of GRUB boot loader, part 2		Select the newly created partition.
Installation completion		Select "continue" to finish installation and reboot.
Reboot		Go to next section

From now, it is recommended to access to your server through ssh:

ssh -p 2222 <<my_user>>@localhost

ssh <<my_user>>@<<my_servername>>.<<my_domain>>

And you don't need to use the guest interface anymore.

Now you will be able (and you should) to use copy-paste along the tutorial.

sudo nano /etc/default/keyboard

3. Install and configure sudo 

On the server, login with the <<my_user>> user created during installation (either on the computer itself, or remotely with ssh). 

The first thing is to install and set up the sudo command, which allows a user to issue commands with root rights. Use the su command to log as root, and type the root password. 

su

Install the sudo package: 

apt-get install sudo 

Set up rights for your regular user to use the sudo command: 

adduser "<<my_user>>" sudo

You have now the log out from your root shell:

exit

and your regular user shell:

exit

(this will disconnect your ssh connection, so you have to connect again)

Now you will be able to use the sudo command. 

4. Apache Configuration

Connect to the server with ssh. Apache should already be installed during initial configuration, otherwise :

sudo apt-get install apache2

Enable ModCGI:

sudo a2enmod cgid

Update the default Apache port to 8080 instead of 80 by changing the /etc/apache2/ports.conf  file, using your preferred command line editor, for instance, you can use the pico editor (useful short cuts: ^O to save, ^X to quit):

(sometimes you have to check the line NameVirtualHost *:8080 in ports.conf and <VirtualHost *:8080> in /etc/apache2/sites-available/default)

sudo pico /etc/apache2/ports.conf

Modify the first line containing the  Listen  command and replace the port number:

Listen 8080

Then restart Apache2:

sudo service apache2 restart

You can check that your regular web server is running connecting to the URL:  http://<<my_servername>>.<<my_domain>>:8080/. You should see a standard splash page:

Fig. 4.1: View of the Apache server web default welcome page.

5. DaCHS Installation and Configuration

There are several ways to install DaCHS as presented by his author in [1]. For DaCHs installation you need an Debian Stable distribution, at this time Jessie (see Section 2).

Install DaCHS framework

The repository source list must be updated to include DaCHS packages. Edit the file /etc/apt/sources.list: 

sudo pico /etc/apt/sources.list 

Add the following line at the end of file (see Fig. 3.1):

deb http://vo.ari.uni-heidelberg.de/debian beta main

Fig. 3.1: Adding GAVO/DaCHS repository into  /etc/apt/sources.list 

  Add the key to use the repository:

wget -qO - http://docs.g-vo.org/archive-key.asc | sudo apt-key add -

  Get the latest debian packages:

sudo apt-get update
sudo apt-get upgrade 

 After these first steps, start the installation:

sudo apt-get install gavodachs-server

In order to safely install the various components of the server, we now turn off the Apache web server (we will configure it later):

sudo apachectl stop

Initial DaCHS Configuration

We now configure DaCHS so that the server can run. The registry and data services configuration will be done in the second part of the tutorial.

As we are using DaCHS in a non secure configuration, we need to disable some features: 

sudo cp /var/gavo/etc/trustedquery /var/gavo/etc/untrustedquery 

Create a file /etc/gavo.rc using your preferred editor (for instance pico): 

sudo pico /etc/gavo.rc 

Insert the following content in that file : 

[general]
rootDir: /var/gavo 
maintainerAddress: <<maintainer_email>>
[web]
bindAddress:
serverPort: 8000
serverURL: http://127.0.0.1:8000
sitename: <<server_title>>
corsOriginPat: http.*
logFormat: combined
[ivoa]
authority: <<authority-ivo-name>>

[general]
rootDir: /var/gavo 
maintainerAddress: <<maintainer_email>>
[web]
bindAddress:
serverPort: 80
serverURL: http://<<my_servername>>.<<my_domain>>
sitename: <<server_title>>
corsOriginPat: http.*
logFormat: combined
[ivoa]
authority: <<authority-ivo-name>>

In this file, replace http://<<my_servername>>.<<my_domain>>  by your actual server name,  <<server_title>> by server title and <<authority-ivo-name>> by your own authority name that you will create during the registration of your service (e.g., at Observatoire de Paris, our authority name is vopdc.obspm). If this is not ready at this time, you may modify it later when your have registered your service with IVOA. The << maintainer_email>>  field is the contact of the technical maintainer of the service, use a generic address if possible.

If you want to add your institute logo on the DaCHS server instead of the default GAVO logo, you have to prepare three PNG files, with width of 200, 120 and 50 pixels, and the following respective names logo_big.png, logo_medium.png and logo_tiny.png. These files should be placed in the /var/gavo/web/nv_static/img/ directory (you will have to create the img/ directory if necessary).

sudo mkdir /var/gavo/web/nv_static/img

The image transfer can be done with the following command, on the server you have prepared your images:

cd /your/local/path/to/img
scp -P 2222 logo_big.png logo_medium.png logo_tiny.png <<my_user>>@127.0.0.1:~ 

cd /your/local/path/to/img
scp logo_big.png logo_medium.png logo_tiny.png <<my_user>>@<<my_servername>>.<<my_domain>>:~ 

This command has copied to your images on the home account of the DaCHS server. Then you have to copy them in the right directory, on your DaCHS server:

cd ~
sudo mkdir /var/gavo/web/nv_static/img
sudo chown dachsroot:gavo /var/gavo/web/nv_static/img
sudo cp logo_big.png logo_medium.png logo_tiny.png /var/gavo/web/nv_static/img/.

Finally start Apache and DaCHS servers:

sudo apachectl start
sudo gavo serve start

You can check that your server is running by connecting to the server with a web browser, using the server URL:

You should see the following welcome page:

Fig. 3.2: View of the welcome DaCHS server.

6.

AWStats Installation and Configuration including Apache

Install AWStats:

sudo apt-get install awstats 

Apache Configuration for AWStats

AWStats is a script, which must be enabled in the Apache default configuration file.

Edit the file /etc/apache2/sites-enabled/000-default.conf:

sudo pico /etc/apache2/sites-enabled/000-default.conf

Replace the entire file content by the following lines ( ctrl-K to cut/delete a line on Pico):

<VirtualHost *:8080>


       ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
       <Directory "/usr/lib/cgi-bin">
               Options FollowSymLinks
               AddHandler cgi-script  .pl
               AllowOverride None
               Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
               Order allow,deny
               Allow from all
       </Directory>

       ErrorLog ${APACHE_LOG_DIR}/error.log
       CustomLog ${APACHE_LOG_DIR}/access.log combined


</VirtualHost>

Configuration of AWStats

We configure here AWStats to use the DaCHS and Apache log files and eliminate queries coming from monitoring server at ObsParis.

Apache statistics

Go into the /etc/awstats directory and open a new file for edition:

cd /etc/awstats
sudo pico awstats.conf

In this file, edit the following lines (search by keyword - ctrl-W on Pico - : LogFile, LogFormat, etc) and replace by the proposed content:

LogFile

LogFile="/usr/share/awstats/tools/logresolvemerge.pl /var/log/apache2/access.log* |"

LogFormat

LogFormat=1

SiteDomain

SiteDomain="<<my_servername>>.<<my_domain>>"

HostAliases

HostAliases="localhost 127.0.0.1 <<my_domain>>"

DNSLookup

DNSLookup=2

AllowFullYearView

AllowFullYearView=3

SkipHosts

SkipHosts="145.238.187.13 145.238.187.29 145.238.193.18"

The VESPA technical team plan to monitor the status of all VESPA servers using a Nagios server. Its hits should be removed from the statistics. This is the purpose of the line starting with SkipHosts.

The Apache2 log files must also be readable by AWStats scripts. First we modify the permissions of Apache2 log files. Those permissions are defined in the /etc/logrotate.d/apache2 file. We have to modify the line starting with the create command by:

	create 644 root adm

If you need to fix permissions of already existing log files, the following commands will fix the Apache2 log permissions:

sudo chmod 644 /var/log/apache2/access.log*
sudo chmod 755 /var/log/apache2

DaCHS statistics

Staying in the /etc/awstats directory, copy the file awstats.conf to awstats.dachs.conf:

sudo cp awstats.conf awstats.dachs.conf
sudo pico awstats.dachs.conf

In this file, edit the following lines (search by keyword - ctrl-W on Pico - : LogFile, LogFormat, etc):

LogFile

LogFile="/usr/share/awstats/tools/logresolvemerge.pl /var/gavo/logs/web.log* |"

LogFormat

LogFormat="%other %other %other %host %other %other %time1 %methodurl %code %bytesd %refererquot %uaquot"

URLWithQuery

URLWithQuery=1

First create a file containing the calling sequence to AWStats: 

cd /usr/local/bin
sudo pico run_awstats

In this file, input the three following lines: 

#!/bin/bash
/usr/bin/perl /usr/lib/cgi-bin/awstats.pl -config=dachs -update
/usr/bin/perl /usr/lib/cgi-bin/awstats.pl -config=apache -update

Finally, change the access control configuration for this file:

sudo chmod 777 run_awstats

A task can then be added to the crontab of your system using :

sudo crontab -e

Add those lines at the end of the file:

0 0 * * * www-data /usr/local/bin/run_awstats 2>/dev/null

Select an editor.  To change later, run 'select-editor'.
  1. /bin/nano        <---- easiest
  2. /usr/bin/vim.tiny

Choose 1-2 [1]: 

Run AWStats

sudo /usr/local/bin/run_awstats

Access AWStats

The AWStats reports are available at:

• http://my_servername.my_domain:8080/cgi-bin/awstats.pl?config=dachs  
• http://my_servername.my_domain:8080/cgi-bin/awstats.pl?config=apache

Figure 5.1 shows a screenshot of the AWStats monitoring page.

Fig 5.1: View of the AWStats monitoring page.

7. Allowing up external access to database

In order to connect to the PostgreSQL (PgSQL) database that is used by DaCHS, you can either set up an SSH tunnel or configure DaCHS server to allow external access to the database:

Method A: By opening an SSH tunnel

From your host:

ssh <<my_user>>@127.0.0.1 -p 2222 -L 5432:127.0.0.1:5432

Then leave the console open during the tutorial.

Method B: By configuring DaCHS server

On the DaCHS server, you have to edit 2 files (pg_hba.conf and postgresql.conf). The first file is used to set up which range of IP have access, with which user and what role. Open the file:

sudo pico /etc/postgresql/9.4/main/pg_hba.conf

and at the end of the file add the following line:

host	all		gavoadmin	0.0.0.0/0	md5

The second file is used to configure which IP range the database is listening to for queries. Open the file:

sudo pico /etc/postgresql/9.4/main/postgresql.conf

and modify the line containing the "listen_addresses" directive:

listen_addresses = '*'

The PgSQL database as well as DaCHS must now be restarted:

sudo /etc/init.d/postgresql restart
sudo gavo serve restart

8. Setting up pgAdmin (optional)

Installation

pgAdmin aims to provide a graphical interface to view and manage a database. We will use this tool on section Setting up an EPN-TAP service. If you don't want to install pgAdmin on you computer, you can however use psql commands instead.

First, install pgAdmin on your host machine. If you are on Debian based distribution:

sudo apt-get install pgadmin3

Compiled sources are also available for MacOS and Windows.

Configuration

Check for the gavo user password:

cat /var/gavo/etc/feed

Now start pgAdmin, then click on Add a connection to a server (power socket icon) and fill the fields as the following:

Checking installation

Now you should be able to see your database: