Science Portal
Instructions for version 3 of Plone
http://almasw.hq.eso.org/almasw/bin/view/Archive/PortalInstallationInstructions#Default_Plone_Installation
NRAO-Specific installation process
For quality assurance, we perform two-stage installation: first to a test server, then to the production server.
1. Login to host rhel-vmware-alma
2. cd /opt/services/src/repos/UserPortal.cvsimport
3. Login to CVS:
export CVSROOT=:pserver:readonly@almacm01.aoc.nrao.edu:2401/project2/CVS
cvs login
1read0nly
4. import the latest code from the ALMA CVS into GIT:
git cvsimport -v -d $CVSROOT -C . ARCHIVE/UserPortal
5. clone the JAO codebase into a local NRAO git repository using the current date:
cd /opt/services/src/repos/
git clone
UserPortal.cvsimport
UserPortal-2011-04-21 (or whatever is the current date)
cd
UserPortal-2011-04-21
Install the portal to the test server
(Steps 0 through 2 are not applicable for
NAASC)
0) Checkuot the
UserPortal from the ALMA cvs:
cvs co ARCHIVE/UserPortal
1) cd ARCHIVE/UserPortal
2) export PATH=/opsw/util/bin:$PATH
3) /opt/services/syncd/python-2.4.6/bin/python2.4 bootstrap.py
(NOTE This should be a python of the 2.4 series, the latest is 2.4.6. Plone is not compatible to any later version)
(Step 4 not applicable for
NAASC)
4) export ORACLE_HOME=/usr/lib/oracle/11.2/client64/lib/
export ORACLE_HOME=/opsw/util/oracle_instantclient
(NOTE This obviously means that the Oracle instantclient has to be installed in
that location! The installation of the Oracle instantclient is part of the NGAS
installation. There is a script 'install_instantclient.sh) in the
ARCHIVE/NGAS/Installation/ngasSys/common module which carries out the installation,
but requires that the path /opsw/util exists. Depending on the architecture of the
target OS, 32 or 64 bit, this script also requires the appropriate Oracle tar file,
which can also be found in the same module under CVS)
(This is a work-around - it IS applicable for NAASC)
cp ../../repos/cx_Oracle-5.0.4-py2.4-linux-x86_64.egg eggs/
5) bin/buildout -N
(NOTE: You have to be on-line to perform the buildout, there are a lot of components
downloaded from the web and then compiled and installed.
wait!! There will be a number of errors and warnings which can usually be ignored
At the end of a successful buildout you should see the following lines:
==
Installing omelette.
omelette: (While processing egg cx-Oracle) Package 'cx_Oracle' is zipped. Skipping.
omelette: (While processing egg elementtree) Package 'elementtree' is zipped. Skipping.
omelette: (While processing egg demjson) Package 'demjson' is zipped. Skipping.
omelette: (While processing egg simplejson) Package 'simplejson' is zipped. Skipping.
omelette: (While processing egg python-openid) Package 'openid' is zipped. Skipping.
==
6) cp src/Extensions/* parts/instance/Extensions/.
- (NOTE
- This step will eventually be removed and the scripts installed during the buildout. If buildout is run again this step has to be repeated as well!)
===
Startup of the UserPortal on the test host
1. bin/instance fg
2. check for proper functioning by browsing to
http://rhel-vmware-alma:9080/asa
3. setup NRAO logos
Installation on production host
1. login to jerrylee
2. clone the test installation from rhel-vmware-alma.
cd /opt/services/src/repos/
git clone ssh://ksharp@rhel-vmware-alma/opt/services/src/repos/UserPortal-2011-04-21
3. bin/buildout -N
4. cd
UserPortal-2011-04-21
5. test the prod install on port 9080
bin/instance fg
test the site at
http://jerrylee:9080/asa
stop the test instance
6. change the port number to 9081
vim ./parts/instance/etc/zope.conf
7. stop the old production service
sudo /etc/init.d/plone stop
8. unlink the old version
unlink /opt/services/UserPortal
9. link the new version
ln -s /opt/services/src/repos/UserPortal-2011-04-21
UserPortal
10. start the new production service
sudo /etc/init.d/plone start
Instructions from Alvaro Aguirre for version 4 of Plone:
#########################################################################################
# I forgot to say.........To install the portal configurations go to Site Setup > Add-ons and activate the
# 'ALMA Portal Policy 0.1', this will automatically configure ldap, oracle connection,registration, science queries, etc...
##########################################################################################
Hi guys,
I have uploaded to CVS, under ARCHIVE/SciencePortal the Plone 4 version of the SP/UP Portal.
Installation Instructions:
(I will upload these instructions on the wiki page. There is a README file with the instructions also)
Main Features:
- all general configuration in one file, buildout.cfg
- cache support using varnish
- ZODB backup support
- Zeoserver (for load balancing)
- pdf text indexing (soon Word)
- production configuration
- single sign out
Changelog:
- plone.app.ldap was totally removed due this was an unnecessary product.
- collective.castle was removed and replaced with anz.casclient that has a better support for CAS 2.0, single sign out included.
- The theme has not been installed yet, because plone 4 has a tableless theme that is a better start point to design a new theme from the scratch and I prefer to wait until we get the new requirements.
- some very minor changes were necessary in some products because of python 2.6 and the new zope version used.
Pre-requisites:
OS: Red Hat Enterprise Linux Server release 5.6 (Tikanga)
OS libraries:
yum install libxml2-devel
yum install libxslt2-devel
yum install openssl
yum install openssl-devel
yum install openldap-devel
yum install libjpeg-devel
yum install zlib-devel
yum install freetype-devel
yum install pcre-devel
yum install poppler-utils
Oracle Instant Client:
- Download from: http://www.oracle.com/technetwork/database/features/instant-client/index-100365.html
- unzip the client in some directory.
- Create symbolic links
-
- ln -s libocci.so.11.1 libocci.so
- ln -s libclntsh.so.11.1 libclntsh.so
- Set LD_LIBRARY_PATH pointing to the install client directory
The installation of the python libraries has been distributed in 3 levels, although everything (cx_oracle, ldap, etc) can be installed by buildout, I preferred to separate the installation by context.
ie:
Level 1: python + oracle support + ldap support + pil
Level 2: sand-boxed python installation.
Level 3: zope + plone + varnish
Installation Process:
- Python 2.6
-
- wget http://www.python.org/ftp/python/2.6.6/Python-2.6.6.tar.bz2
- tar -xvjf Python-2.6.6.tar.bz2
- cd Python-2.6.6
- ./configure --prefix=/your-preferred-directory/
- make
- make install
- PIL Installation
-
- wget http://effbot.org/downloads/Imaging-1.1.6.tar.gz
- tar xvfz Imaging-1.1.6.tar.gz
- cd Imaging-1.1.6
- /your-preferred-directory/bin/python setup.py install
- Easy Install
-
- wget http://peak.telecommunity.com/dist/ez_setup.py
- /your-preferred-directory/bin/python ez_setup.py
- Ldap
-
- /your-python/easy_install python-ldap
- Oracle
-
- export ORACLE_HOME=/oracle-install-client-directory/
- /your-python/easy_install cx_oracle
- Sandbox
-
- /your-python/easy_install virtualenv
- Create the specific environment for your installation
-
- your-preferred-directory/bin/virtualenv /home/scienceportal/zope/env1 (this is the directory where zope and plone will be finally installed)
- cd /home/scienceportal/zope/env1/
- source bin/activate (this activates the sandbox)
- Zope + Plone
-
- download the portal from ARCHIVE/SciencePortal
- python/bootstrap.py
- Edit the buildout.cfg file with the information for your specific ARC, please read the instructions in the buildout file.
- rubn/buildout
- have a coffee....
Starting the portal in production mode
After running buildout, Zope will be installed and a new Plone site called 'portal' will be automatically created.
To run zope execute:
bin/plonectl start
This command will start 3 processes
zeoserver at port 8082
client1 at port 8080
client2 at port 8081
You can see the portal going to:
http://:8080/portal
or
http://:8081/portal
If you want to use the varnish cache proxy execute
bin/varnish-instance
Varnish uses the port 9080, so you will access to the portal going to
http://:9080/portal
Example: http://webdev.sco.alma.cl:9080/portal (visible only using JAO VPN)
Debug mode
To run the portal in debug mode, you have to start zeoserver instance executing:
bin/zeoserver start
then, start one of the clients in foreground mode
ex: bin/client1 fg
Future changes
- There will be other changes mainly related to specific ARC configurations (logos, links, theme,mailhost, etc). All these changes are configured using plone profiles.
Currently, in the asa.policy product exists one profile called 'default', but it will be necessary to split this profile in three different ones.
The idea is to do this after we are clear about the new requirements coming from the science portal WG.
- Sellenium tests will be added
Cheers,
Alvaro.
Downloading the OT Tool via FTP
cd /home/almascience.nrao.edu/content/almaot/
ksharp@trinity:~$ ftp ftp.roe.ac.uk
Connected to spider.roe.ac.uk.
220 (vsFTPd 2.0.7)
Name (ftp.roe.ac.uk:ksharp): anonymous
331 Please specify the password.
Password: ksharp@nrao.edu
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd pub
250 Directory successfully changed.
ftp> cd ab
250 Directory successfully changed.
ftp> bin
200 Switching to Binary mode.
ftp> get
(remote-file) almaot-cycle0rc4-for-na.tgz
(local-file) almaot-rc4.tgz
local: almaot-rc4.tgz remote: almaot-cycle0rc4-for-na.tgz
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for almaot-cycle0rc4-for-na.tgz (521897055 bytes).
226 File send OK.
521897055 bytes received in 51.06 secs (9980.9 kB/s)
ftp> quit
221 Goodbye.
Un-tar the OT tool in place.
Code-signing the application files
This procedure must be performed by Mike Hatz or Josh Malone
Summary from Josh:
In order to run in Java's "tusted" domain, the ALMA OT needs to be signed. Currently, the OT is signed with an untrusted (self-signed) certificate from the "ALMA OT Group" in order to get Java to allow it to run in the trusted domain. (Note: the trust of the certificate and the trust of the code are different.) When running the OT, users are presented with a security warning and must elect to trust the OT code publisher manually.
The NRAO (NA ARC) is in the process of purchasing a Java code-signing certificate from a well-known certificate vendor. This certificate will allow NRAO to sign the OT's Java "jar" files so that an end-user's Java runtime will not present any security warnings and will trust the OT code without requiring confirmation from the end-user. It is my belief that each ARC that distributes the OT will need its own signing certificate corresponding to server name that hosts the OT downloads (In other words, the NRAO cannot sign an OT for any other ARC).
Once we have obtained this signing certificate, it will be necessary for the OT releases to be send to NRAO Charlottesville CIS so that a trusted sysadmin can sign the code prior to it being placed on the server for distribution. In order to protect the security and integrity of the signing model, only a limited number of trusted admins should be granted access to the signing certificate.
Although this places an additional step in the process of releasing a version of the OT, the process will be streamlined as much as possibly to avoid release delays. There will be no technical limit to the number of releases we can sign with the certificate, nor to the frequency of releases.
Once we have received the certificate and tested the signing and release process, more technical details will be provided.
-- KellySharp - 2011-04-06