EPN2020-RI/
DaCHs for EPN-TAP Installation



Draft 0.11
08/11/2015




EC Grant agreement n°653208

AUTHORS

  1. Pierre Le Sidaner
  2. DIO / OV, Observatoire de Paris
  3. Baptiste Cecconi
  4. CDPP / LESIA, Observatoire de Paris / CNRS
  5. Stéphane Erard
  6. LESIA, Observatoire de Paris / CNRS
  7. Renaud Savalle
  8. DIO / OV, Observatoire de Paris
  9. Deimleitner Markus
  10. University of Heidelberg
  11. Paul Sladen

?

Introduction

This document presents the full installation procedure to set up data distribution server with an EPN-TAP service. We propose here to set up three interfaces on the same physical server (using two servername): a standard web server (Apache) to serve data files, a tool to have access statistics (using AWStats), and a DaCHS server to provide the virtual observatory interfaces (including a TAP service). The webserver front end will give access to data, usage statistics and a TAP interface. The various endpoints will be:
http://yourservername.domain.name/cgi-bin/awstats.pl?config=yourservername Access Statistic interface

http://yourservername.domain.name/data your data accessible on the web
http://yourservername2.domain.name DaCHS server interface
Section 2 describes the Debian distribution installation. Section 3 describes the installation of DaCHS and its configuration. Section 4 describes the installation and configuration of AWStat. Section 5 describes the configuration of the Apache server.

Debian Stable (Jessie) Installation

DaCHS (Data Center Helper Suite) must be installed on a fresh Debian Stable distribution. The current installation image for this distribution is available here:
https://www.debian.org/distrib/netinst#smallcd.
In this example, we used the following ISO image:
debian-8.2.0-amd64-netinst.iso
The installation demonstration is done on a Virtual Box guest computer. This virtual machine is emulating an AMD 64bits processor based system. On boot the Debian installation ISO image is mounted and the system boots from it. On the first screen (Fig. 2.1), select "Install". The next screen are used to configure the system:





Fig. 2.1Fig. 2.2

Fig. 2.3Fig. 2.4

Fig. 2.5Fig. 2.6

Fig. 2.7Fig. 2.8

Fig. 2.9Fig. 2.10

Fig. 2.11Fig. 2.12

Fig. 2.13Fig. 2.14

Fig. 2.15Fig. 2.16

Fig. 2.17Fig. 2.18

Fig. 2.19Fig. 2.20

DaCHS Installation and Configuration

There are several ways to install DaCHS as presented by his author in [1]. For DaCHs installation you need an Debian Stable distribution, at this time Jessie (see Section 2).

Install DaCHS framework

On the server, log with the regular user created during installation (either on the computer itself, or remotely with ssh). The first thing is to install and set up the sudo command, which allows a user to issue commands with root rights. Use the su command to log as root, and type the root password.
user@yourservername:~$ su
Password:
Install the sudo package:
root@yourservername:/home/user# apt-get install sudo
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
sudo
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 850 kB of archives.
After this operation, 2,694 kB of additional disk space will be used.
Get:1 http://ftp.fr.debian.org/debian/ jessie/main sudo amd64 1.8.10p3-1+deb8u2 [850 kB]
Fetched 850 kB in 0s (1,110 kB/s)
Selecting previously unselected package sudo.
(Reading database ... 33745 files and directories currently installed.)
Preparing to unpack .../sudo_1.8.10p3-1+deb8u2_amd64.deb ...
Unpacking sudo (1.8.10p3-1+deb8u2) ...
Processing triggers for systemd (215-17+deb8u2) ...
Processing triggers for man-db (2.7.0.2-5) ...
Setting up sudo (1.8.10p3-1+deb8u2) ...
Processing triggers for systemd (215-17+deb8u2) ...
Set up rights for your regular user to use the sudo command:
root@yourservername:/home/user# adduser "user" sudo
Adding user `user' to group `sudo' ...
Adding user user to group sudo
Done.
You have now the log out from your root shell and your regular user shell. Once you log back in with the regular user, you will be able to use the sudo command.
The repository source list must be updated to include DaCHS packages. Edit the file /etc/apt/sources.list with your preferred command line editor, for instance, you can use the pico editor (useful short cuts: ^O to save, ^X to quit):
user@yourservername:~$ sudo pico /etc/apt/sources.list
Add the following lines at the end of file (see Fig. 3.1):

  1. DaCHS repository
    deb http://vo.ari.uni-heidelberg.de/debian stable main
    deb-src http://vo.ari.uni-heidelberg.de/debian stable main

    Fig. 3.1
    Add the key to use the repository:
    user@yourservername:~$ wget -qO - http://docs.g-vo.org/archive-key.asc | sudo apt-key add -
    Get the latest debian packages:
    user@yourservername:~$ sudo apt-get update
    user@yourservername:~$ sudo apt-get upgrade
    After these first steps, start the installation:
    user@yourservername:~$ sudo apt-get install gavodachs-server

    Basic DaCHS Configuration

    We will use only a basic configuration for DaCHS, allowing Only the minimum for Dachs to work, port number, definition. The full configuration including registry is optional in the next paragraph
    because we use dachs in a non common way:
    user@yourservername:~$ sudo cp /var/gavo/etc/trustedquery /var/gavo/etc/untrustedquery
    Create a file /etc/gavo.rc using your preferred editor (for instance pico):
    user@yourservername:~$ sudo pico /etc/gavo.rc
    Insert the following content in that file:
    [general]
    rootDir: /var/gavo
    maintainerAddress: vo.paris@obspm.fr
    [web]
    bindAddress:
    serverPort: 8080
    serverURL: http://127.0.0.1
    preloadRDs: rr/q
    [ivoa]
    authority: vopdc.obspm.fr
    In this file, replace 127.0.0.1 by your server name and vopdc.obspm.fr by you own authority ID that you will create during the registration of your service. If this is not ready at this time, you may modify it later when your have registered your service with IVOA. replace vo.paris@obspm.fr by an email of technical maintainer of the service, use generic address if possible
    Finally restart DaCHS server:
    gavo serve restart

    AWStat Installation and Configuration

    Install AWStats
    apt-get install awstats

     Configure AWStats to use apache log file combined www-yourservername_access.log in apache dir (define in next paragraph). Also eliminate queries comming from monitoring server nagios (145.238.187.13)
     in /etc/awstats/ create awstats.yourservername.conf containing
    LogFile="/var/log/apache2/www-yourservername_access.log.log"
    LogType=W
    LogFormat=4
    LogSeparator=" "
    SiteDomain="yoursservername.yourdomain"
    HostAliases="www.myserver.com localhost 127.0.0.1 REGEX[mydomain\.(net|org)$]"
    DNSLookup=1
    DirData="/var/lib/awstats"
    DirCgi="/cgi-bin"
    DirIcons="/awstats-icon"
    AllowToUpdateStatsFromBrowser=0
    AllowFullYearView=2
    EnableLockForUpdate=0
    DNSStaticCacheFile="dnscache.txt"
    DNSLastUpdateCacheFile="dnscachelastupdate.txt"

    SkipDNSLookupFor=""

    AllowAccessFromWebToAuthenticatedUsersOnly=0

    AllowAccessFromWebToFollowingAuthenticatedUsers=""

    AllowAccessFromWebToFollowingIPAddresses=""

    CreateDirDataIfNotExists=0

    BuildHistoryFormat=text

    BuildReportFormat=html

    SaveDatabaseFilesWithPermissionsForEveryone=0

     PurgeLogFile=0

    ArchiveLogRecords=0
    KeepBackupOfHistoricFiles=0
    DefaultFile="index.php index.html"
    SkipHosts="145.238.187.13"
    SkipUserAgents=""
    SkipFiles=""
    SkipReferrersBlackList=""
    OnlyHosts=""
    OnlyUserAgents=""
    OnlyUsers=""
    OnlyFiles=""

    Apache Configuration


    Apache should already be installed during initial configuration, otherwise :
    apt-get install apache2
    Install the mod_proxy_html module:
    apt-get install libapache2-mod-proxy-html
    Enable ModProxy:
    a2enmod proxy proxy_http proxy_html
    Edit the Apache default for using AWSTATS

    pico /etc/apache2/sites-enabled/000-default.conf
    just before </VirtualHost> add : 

     ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

      <Directory "/usr/lib/cgi-bin">

                    Options FollowSymLinks

                    AddHandler cgi-script  .pl

                    AllowOverride None

                    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch

                    Order allow,deny

                    Allow from all

       </Directory>

     Then you must configure apache to redirect yourservername2.domain.name to dachs that run on 8080 port. you must add a new config file in /etc/apache2/sites-enable yourservername2.conf containing

     <VirtualHost yourservername2.domain.name:80>

            ServerAdmin pierre.lesidaner@obspm.fr
            ServerName yourservername2.domain.name
            ServerAlias yourservername2
            ProxyRequests off
            <Location />
               ProxyPass http://localhost:8080/
               ProxyPassReverse http://localhost:8080/
            </Location>

            ErrorLog ${APACHE_LOG_DIR}/www-yourservername_error.log
            CustomLog ${APACHE_LOG_DIR}/www-yourservername_access.log combined
    </VirtualHost>



         Restart Apache2:

         service apache2 restart