EPN2020-RI/
DaCHs for EPN-TAP Installation



Draft 0.11
08/11/2015




EC Grant agreement n°653208

AUTHORS

1. Pierre Le Sidaner
2. DIO / OV, Observatoire de Paris
3. Baptiste Cecconi
4. CDPP / LESIA, Observatoire de Paris / CNRS
5. Stéphane Erard
6. LESIA, Observatoire de Paris / CNRS
7. Renaud Savalle
8. DIO / OV, Observatoire de Paris
9. Deimleitner Markus
10. University of Heidelberg
11. Paul Sladen

?

Introduction

This document presents the full installation procedure to set up data distribution server with an EPN-TAP service. We propose here to set up three interfaces on the same physical server (using two servername): a standard web server (Apache) to serve data files, a tool to have access statistics (using AWStats), and a DaCHS server to provide the virtual observatory interfaces (including a TAP service). The webserver front end will give access to data, usage statistics and a TAP interface. The various endpoints will be:
http://yourservername.domain.name/cgi-bin/awstats.pl?config=yourservername Access Statistic interface

http://yourservername.domain.name/data your data accessible on the web
http://yourservername2.domain.name DaCHS server interface
Section 2 describes the Debian distribution installation. Section 3 describes the installation of DaCHS and its configuration. Section 4 describes the installation and configuration of AWStat. Section 5 describes the configuration of the Apache server.

Debian Stable (Jessie) Installation

DaCHS (Data Center Helper Suite) must be installed on a fresh Debian Stable distribution. The current installation image for this distribution is available here:
https://www.debian.org/distrib/netinst#smallcd.
In this example, we used the following ISO image:
debian-8.2.0-amd64-netinst.iso
The installation demonstration is done on a Virtual Box guest computer. This virtual machine is emulating an AMD 64bits processor based system. On boot the Debian installation ISO image is mounted and the system boots from it. On the first screen (Fig. 2.1), select "Install". The next screen are used to configure the system:

• Language used for the installation process, and for the system, once installed (Fig. 2.2): Select "English"
• Location of the installation (Fig. 2.3): Select your country.
• Locale used for the installation (Fig. 2.4): Select "en-US.UTF-8"
• Keyboard map: Select your keyboard map.
• Hostname for this computer (Fig. 2.5): Type your hostname (here "dachs")
• Domain name for this computer (Fig. 2.6): Type your domain name (here "obspm.fr")
• Root password (Fig. 2.7): Enter root password (pick a password, which is not easy to guess and don't forget it!)
• Main user (Fig. 2.8): Enter Full Name, user name and password.
• Disk configuration (Fig. 2.9): Select "Use entire disk"
• Select Disk to partition (Fig. 2.10): Select the main disk (there should be only one).
• Partition Scheme (Fig. 2.11): Select "All files in one partition"
• Confirmation of partition set up (Fig. 2.12): Select "Finish partioning and write changes to disk"
• Configuration of package manager (Fig. 2.13): Select a mirror close to your place.
• Proxy configuration (Fig. 2.14): if needed enter the proxy information to go on internet.
• Configuring popularity-contest (Fig. 2.15): This is up to you (here "no" is selected)
• Software selection (Fig. 2.16): Select a minimal set of package, namely "web server", "ssh server", "standard system utilities". Note that no desktop environment is selected here. As a server, only shell access is necessary.
• Installation of GRUB boot loader, part 1 (Fig. 2.17): Select "yes"
• Installation of GRUB boot loader, part 2 (Fig. 2.18): Select the newly created partition.
• Installation completion (Fig. 2.19): Select "continue" to finish installation and reboot.
• Reboot (Fig. 2.20).

Fig. 2.1Fig. 2.2

Fig. 2.3Fig. 2.4

Fig. 2.5Fig. 2.6

Fig. 2.7Fig. 2.8

Fig. 2.9Fig. 2.10

Fig. 2.11Fig. 2.12

Fig. 2.13Fig. 2.14

Fig. 2.15Fig. 2.16

Fig. 2.17Fig. 2.18

Fig. 2.19Fig. 2.20

DaCHS Installation and Configuration

There are several ways to install DaCHS as presented by his author in [1]. For DaCHs installation you need an Debian Stable distribution, at this time Jessie (see Section 2).

Install DaCHS framework

On the server, log with the regular user created during installation (either on the computer itself, or remotely with ssh). The first thing is to install and set up the sudo command, which allows a user to issue commands with root rights. Use the su command to log as root, and type the root password.
user@yourservername:~$ su
Password:
Install the sudo package:
root@yourservername:/home/user# apt-get install sudo
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
sudo
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 850 kB of archives.
After this operation, 2,694 kB of additional disk space will be used.
Get:1 http://ftp.fr.debian.org/debian/ jessie/main sudo amd64 1.8.10p3-1+deb8u2 [850 kB]
Fetched 850 kB in 0s (1,110 kB/s)
Selecting previously unselected package sudo.
(Reading database ... 33745 files and directories currently installed.)
Preparing to unpack .../sudo_1.8.10p3-1+deb8u2_amd64.deb ...
Unpacking sudo (1.8.10p3-1+deb8u2) ...
Processing triggers for systemd (215-17+deb8u2) ...
Processing triggers for man-db (2.7.0.2-5) ...
Setting up sudo (1.8.10p3-1+deb8u2) ...
Processing triggers for systemd (215-17+deb8u2) ...
Set up rights for your regular user to use the sudo command:
root@yourservername:/home/user# adduser "user" sudo
Adding user `user' to group `sudo' ...
Adding user user to group sudo
Done.
You have now the log out from your root shell and your regular user shell. Once you log back in with the regular user, you will be able to use the sudo command.
The repository source list must be updated to include DaCHS packages. Edit the file /etc/apt/sources.list with your preferred command line editor, for instance, you can use the pico editor (useful short cuts: ^O to save, ^X to quit):
user@yourservername:~$ sudo pico /etc/apt/sources.list
Add the following lines at the end of file (see Fig. 3.1):

1. DaCHS repository
   deb http://vo.ari.uni-heidelberg.de/debian stable main
   deb-src http://vo.ari.uni-heidelberg.de/debian stable main
   
   Fig. 3.1
   Add the key to use the repository:
   user@yourservername:~$ wget -qO - http://docs.g-vo.org/archive-key.asc | sudo apt-key add -
   Get the latest debian packages:
   user@yourservername:~$ sudo apt-get update
   user@yourservername:~$ sudo apt-get upgrade
   After these first steps, start the installation:
   user@yourservername:~$ sudo apt-get install gavodachs-server

   Basic DaCHS Configuration

   We will use only a basic configuration for DaCHS, allowing Only the minimum for Dachs to work, port number, definition. The full configuration including registry is optional in the next paragraph
   because we use dachs in a non common way:
   user@yourservername:~$ sudo cp /var/gavo/etc/trustedquery /var/gavo/etc/untrustedquery
   Create a file /etc/gavo.rc using your preferred editor (for instance pico):
   user@yourservername:~$ sudo pico /etc/gavo.rc
   Insert the following content in that file:
   [general]
   rootDir: /var/gavo
   maintainerAddress: vo.paris@obspm.fr
   [web]
   bindAddress:
   serverPort: 8080
   serverURL: http://127.0.0.1
   preloadRDs: rr/q
   [ivoa]
   authority: vopdc.obspm.fr
   In this file, replace 127.0.0.1 by your server name and vopdc.obspm.fr by you own authority ID that you will create during the registration of your service. If this is not ready at this time, you may modify it later when your have registered your service with IVOA. replace vo.paris@obspm.fr by an email of technical maintainer of the service, use generic address if possible
   Finally restart DaCHS server:
   gavo serve restart
   

   AWStat Installation and Configuration

   Install AWStats
   apt-get install awstats
   
    Configure AWStats to use apache log file combined www-yourservername_access.log in apache dir (define in next paragraph). Also eliminate queries comming from monitoring server nagios (145.238.187.13)
    in /etc/awstats/ create awstats.yourservername.conf containing
   LogFile="/var/log/apache2/www-yourservername_access.log.log"
   LogType=W
   LogFormat=4
   LogSeparator=" "
   SiteDomain="yoursservername.yourdomain"
   HostAliases="www.myserver.com localhost 127.0.0.1 REGEX[mydomain\.(net|org)$]"
   DNSLookup=1
   DirData="/var/lib/awstats"
   DirCgi="/cgi-bin"
   DirIcons="/awstats-icon"
   AllowToUpdateStatsFromBrowser=0
   AllowFullYearView=2
   EnableLockForUpdate=0
   DNSStaticCacheFile="dnscache.txt"
   DNSLastUpdateCacheFile="dnscachelastupdate.txt"

   SkipDNSLookupFor=""

   AllowAccessFromWebToAuthenticatedUsersOnly=0

   AllowAccessFromWebToFollowingAuthenticatedUsers=""

   AllowAccessFromWebToFollowingIPAddresses=""

   CreateDirDataIfNotExists=0

   BuildHistoryFormat=text

   BuildReportFormat=html

   SaveDatabaseFilesWithPermissionsForEveryone=0

    PurgeLogFile=0

   ArchiveLogRecords=0
   KeepBackupOfHistoricFiles=0
   DefaultFile="index.php index.html"
   SkipHosts="145.238.187.13"
   SkipUserAgents=""
   SkipFiles=""
   SkipReferrersBlackList=""
   OnlyHosts=""
   OnlyUserAgents=""
   OnlyUsers=""
   OnlyFiles=""
   

   Apache Configuration

   
   Apache should already be installed during initial configuration, otherwise :
   apt-get install apache2
   Install the mod_proxy_html module:
   apt-get install libapache2-mod-proxy-html
   Enable ModProxy:
   a2enmod proxy proxy_http proxy_html
   Edit the Apache default for using AWSTATS
   
   pico /etc/apache2/sites-enabled/000-default.conf
   just before </VirtualHost> add : 
   

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

     <Directory "/usr/lib/cgi-bin">

                   Options FollowSymLinks

                   AddHandler cgi-script  .pl

                   AllowOverride None

                   Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch

                   Order allow,deny

                   Allow from all

      </Directory>

    Then you must configure apache to redirect yourservername2.domain.name to dachs that run on 8080 port. you must add a new config file in /etc/apache2/sites-enable yourservername2.conf containing

    <VirtualHost yourservername2.domain.name:80>
   
           ServerAdmin pierre.lesidaner@obspm.fr
           ServerName yourservername2.domain.name
           ServerAlias yourservername2
           ProxyRequests off
           <Location />
              ProxyPass http://localhost:8080/
              ProxyPassReverse http://localhost:8080/
           </Location>
   
           ErrorLog ${APACHE_LOG_DIR}/www-yourservername_error.log
           CustomLog ${APACHE_LOG_DIR}/www-yourservername_access.log combined
   </VirtualHost>
   
   
   
   

         Restart Apache2:

         service apache2 restart