Child pages
  • Server OS and Third Party Software Setup - 5.0.7

This space has moved to IU's Confluence.
It is located at https://uisapp2.iu.edu/confluence-prd/display/iulV3/

Skip to end of metadata
Go to start of metadata

Server OS and Third Party Software Setup

How to setup the server including OS installation, third party software and components installations.

Contents

Requirements

Needed to install Variations:

  • Linux server with root access
  • 2 or 3 static IP addresses - This is to avoid a conflict on port 80. One address is for the Darwin Streaming Server and one for the Apache webserver. A third IP address can be used to refer to the server in general and for RMI traffic. The following directions assume three static IP addresses have been created and will be used in the manner specified above.

OS and 3rd-Party Software Installation

As _root_ user

Perform the following installation steps as root or sudo

Linux

  • Install your choice of Linux distribution.
    Indiana University currently runs Variations on RedHat Enterprise Linux 4 (RHEL 4). Derivatives of it such as Centos or White Box will be very similar, but for other distributions, the filenames and/or procedures may be different.
    • RHEL 4
      • Use the default packages when installing.
      • Enable the firewall, but leave ssh open.
      • Set up your RedHat Network subscription, and update to latest release:
        up2date -uf --nox
      • Install the compiler:
        up2date -i gcc
      • Install gd-progs
        up2date -i gd-progs
      • Install the development packages:
        for n in gd freetype libjpeg libpng xorg-x11 libxml2 libxslt; do
           up2date -i $n-devel
        done
        
    • This installation has also been tested on Fedora 10, the current free and open source Linux distribution tat forms the basis for Red Hat Enterprise Linux. Installation with RedHat Enterprise Linux 5 (RHEL 5) should be the same as Fedora 10.
      • Ensure the packages described above for the RHEL 4 installation are installed.
        For Fedora 10 use yum install package-name instead of up2date.
  • If the installation process requires the establishment of a non-root user account (Fedora does), this can be the "dmlserv" user that is required further on in the installation. ( Variations Administration User Account Creation )
  • Ensure that hostname -i returns the numeric IP address and not the host name.
    • If hostname -i returns the host name, edit /etc/hosts to put the IP and hostname in a separate line entry.
      Example /etc/hosts
      # Do not remove the following line, or various programs
      # that require network functionality will fail.
      127.0.0.1       localhost.localdomain localhost
      129.12.345.67   taishan.dlib.indiana.edu taishan
      ::1             localhost6.localdomain6 localhost6
      

Network Alias Devices

  • Create Network Alias Devices
    • These IP addresses will be used for the Variations3 webserver and Darwin streaming server. They must be on the same network as the machine's address. The NETMASK and BROADCAST variables below will be the same as their counterparts in /etc/sysconfig/network-scripts/ifcfg-eth0.
    • Create an Network Device for the webserver by creating /etc/sysconfig/network-scripts/ifcfg-eth0:0 with this content:
      DEVICE=eth0:0
      IPADDR=Variations webserver IP address
      NETMASK=Variations webserver netmask
      BROADCAST=Variations webserver broadcast address
      ONBOOT=yes
      
    • Create a Network Device for the streaming server by creating /etc/sysconfig/network-scripts/ifcfg-eth0:1 with this content:
      DEVICE=eth0:1IPADDR=_Darwin streaming IP address
      NETMASK=Darwin streaming netmask
      BROADCAST=Darwin streaming broadcast address
      ONBOOT=yes
      
    • Bring up the new devices to verify they are configured correctly:
      ifup eth0:0
      ifup eth0:1
      You will need to do this only once, since they will be brought up when the machine is rebooted.

Firewall Configuration

If a firewall is in place, it is important that the following ports be left open:

  • 22 (for SSH)
  • 80 (for Apache)
  • 139 (for Samba - if requested)
  • 443 (for Apache)
  • 554 (for Darwin Streaming Server)
  • 1099 (for RMI registry)
  • 1100 (for the logging server)
  • 6970-6999 UDP (for Darwin Sreaming Server)
  • 49930, 49931, 49932 (for RMI servers, i.e., Variations servers and lease managers).
    These RMI port numbers are configurable, and can be set in the file: dml/conf/server/dmlserver.xml .

Configuration update script:
This shell script will create the open ports, save the configuration, and restart the firewall.
RH-Firewall-1-INPUT is the rule used by RHEL. Examine the contents of /etc/sysconfig/iptables and adapt this script as necessary for your installation contents. The "if needed" lines commented out were not needed for RHEL-4.7, but should be checked if needed for your installation.
The echo feedback will provide progress diagnosis for any problems from mis-typed code.

#!/bin/bash
echo Starting iptables-update..
#
# --- delete terminal REJECTS
echo -- delete existing terminal REJECTs
# - (if needed) iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
# - (if needed) iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited
iptables -D RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
#
# (if needed) echo -- add terminal jumps from INPUT and FORWARD to RH-Firewall-1-INPUT
# (if needed) iptables -A INPUT -j RH-Firewall-1-INPUT
# (if needed) iptables -A FORWARD -j RH-Firewall-1-INPUT
#
echo -- add rules for RH-Firewall-1-INPUT
echo - tcp rules
for n in 22 80 139 443 554 1099 1100 49930 49931 49932; do
   iptables -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport $n -j ACCEPT
done
echo - udp rules
for (( n = 6970 ; n <= 6999 ; n++ )); do
   iptables -A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport $n -j ACCEPT
done
#
echo -- add terminal REJECT for RH-Firewall-1-INPUT
iptables -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
#
echo -- save a copy of the previous iptables file
cp -u /etc/sysconfig/iptables /etc/sysconfig/iptables.prev
#
echo -- save out current internal iptables def to iptables file
/etc/init.d/iptables save
#
echo -- restart iptables service off the current iptables file
/sbin/service iptables restart

echo ..end of iptables-update.

Java

Install Java:

  • Download the latest JavaSE 1.6 SDK -rpm.bin Package from Sun.
    IU is currently running Java version 1.6.0_12.
  • Run:
    sh jdk-6u16-linux-i586-rpm.bin
    and accept the license agreement.
  • Install the RPM:
    rpm -Uvh jdk-6u16-linux-i586.rpm
  • Create /etc/profile.d/java.sh with this content:
    export JAVA_HOME=_/usr/java/jdk1.6.0_16
    export PATH=$JAVA_HOME/bin:$PATH
    

    Check that your JAVA_HOME location and version matches your installation

  • Modify the file $JAVA_HOME/jre/lib/security/java.policy by adding the lines listed below to the grant block. Modify the IP addresses and machine names to those of the machine for your Variations server. These additions are necessary to get the Variations servers to work. For example:

    Example IP

    Server

    Example DNS Name

    129.79.184.181

    Variations Webserver (device eth0:0)

     

    129.79.184.188

    host machine (device eth0)

    Server1.dlib.indiana.edu

    permission java.net.SocketPermission "129.79.184.181:80",     "connect,resolve";
    permission java.net.SocketPermission "Server1.dlib.indiana.edu", "resolve";
    permission java.net.SocketPermission "129.79.184.188:1024-",  "connect,accept,resolve";
    permission java.util.PropertyPermission "dml.client.url.userguidebase", "read";
    permission java.util.PropertyPermission "dml.leaseManager.*", "read";
    permission java.util.PropertyPermission "dml.login.loginHandler", "read";
    permission java.util.PropertyPermission "user.dir", "read";
    permission java.util.PropertyPermission "variations2.dir", "read";
    permission java.io.FilePermission "<<ALL FILES>>", "read,execute";
    permission java.io.FilePermission "/home/dmlserv/content/-", "read,execute,delete";
    permission java.io.FilePermission "/home/dmlserv/public_html/score-leases/-", "read,execute,delete";
    permission java.lang.RuntimePermission "setFactory";
    

Apache

  • Install Apache HTTP Server. http://httpd.apache.org/ Install version 2.0.52 or later. Certain parts of Variations require a web server to handle html web pages and cgi-bin scripts.
    • RHEL 4
      • Apache 2.0.52 is installed by default on RedHat Enterprise Linux 4.
    • Fedora 10 / RHEL 5
      • Check for installation of apache:
        yum list httpd
      • If needed, install apache:
        yum install httpd
    • Append the following lines to your apache configuration file /etc/httpd/conf/httpd.conf:
      #
      # Variations specific configuration
      #
      ScriptAlias /variations/cgi-bin/ "/home/dmlserv/public_html/cgi-bin/"
      
      <Directory "/home/dmlserv/public_html/cgi-bin">
          AllowOverride All
          Options FollowSymLinks
          Order allow,deny
          Allow from all
      </Directory>
      
      Alias /variations/ "/home/dmlserv/public_html/"
      
      <Directory "/home/dmlserv/public_html">
          AllowOverride All
          Options FollowSymLinks
          Order allow,deny
          Allow from all
      </Directory>
      
    • Set the webserver to listen to the network alias.
      In the file /etc/httpd/conf/httpd.conf, change the line:
      Listen 80
      
      to the line:

      Listen your-Variations-webserver-IP-address:80

      where your-Variations-webserver-IP-address is the IP you assigned to eth0:0.
    • Set the webserver to start automatically at boot:
      chkconfig httpd on
    • Start the server now:
      service httpd start

      Note that Apache is still listening to :443 on all hosts with this configuration.

  • SELinux settings for Apache
    If SELinux is present and in enforcing mode, make the following boolean settings to allow browser access to cgi and user (dmlserv) home directores.
    setsebool -P httpd_enable_cgi=1
    setsebool -P httpd_enable_homedirs=1

MySQL

Variations uses a number of different databases for Metadata Schemas and Access Management. Currently Variations is configured to work with MySQL and will require that you set up these databases in the configuration of the Variations server. Linux distributions such as RedHat Enterprise 4 already come with the appropriate version of Mysql. If you are using another Linux distribution you may want to check that it has a compatible version of MySQL or download a more current version. For more information on the Variations database see the Databases page

MySQL v5 Incompatibility

MySQL v5 added a new reserved word of Condition.
Variations makes use of Condition as an object and table attribute.
Thus, Variations is currently (5.0.7) not compatible with MySQL version 5.

Installation Instructions

  • RHEL 4
    • mysql 4.1.20 is installed by default on RedHat Enterprise Linux 4.
    • Install the mysql-server package: up2date -i mysql-server
  • Fedora 10 / RHEL 5
    • To install, begin with downloading the 4.1.22-0 version of MySQL RPM packages appropriate to your installed variety of Linux. (distribution and 32 vs 64 bit architecture)
    • When installing the downloaded RPM packages, take care not to cause an update download and install of the current MySQL version. Use the rpm installer, not up2date or yum.
      Install the downloaded RPM packages with:
      rpm --install rpm-package-name
  • MySql has internal parameters specifying how long to keep a stale connection before dropping it. For interactive logons this is interactive_timeout and for non-interactive it is wait_timeout. Note that wait_timeout is set from interactive_timeout when the login is interactive. The default setting for these parameters is 8 hours (specified in seconds). After this time, the connection is dropped and cannot be reestablished without restarting the server. To fix this problem set both wait_timeout and interactive_timeout to 24 hours (86,400 seconds) in the MySql configuration file /etc/my.cnf under both the mysqld and mysqld_safe sections.
    wait_timeout=86400
    interactive_timeout=86400
    character_set_client=utf8
    character_set_server=utf8
    default-storage-engine=INNODB
    
    The default minimum length for words used in fulltext indexes is 4. This means that searches for words less than 4 characters will fail (e.g., "U2" or "Yes"). It is probably a good idea to reset this to 1 in the /etc/my.cnf file under both the mysqld and mysqld_safe sections. Also, MySQL has a default stopword file that excludes certain words from the text index, and it may exclude words that users might reasonably want to search on. Therefore, it may be best to turn this off by setting ft_stopword_file to "". For a list of MySQL default stop words, see http://dev.mysql.com/doc/refman/5.1/en/fulltext-stopwords.html. One can also set ft_stopword_file to the name of a file that contains a custom list of stop words.
    ft_min_word_len=1
    ft_stopword_file=""
    
    
  • Set mysql to start automatically at boot:
    chkconfig mysqld on
  • Download MySQL Connector/J database driver for Java (version 3.1 or later).
    • Put the file mysql-connector-java-5.0.4-bin.jar in the location _/usr/local/lib/_you can put this file in another location but will need to update the configuration file later.

Perl

  • Install Perl
    • RHEL 4
      • Perl 5.8.5 and the IO module are installed by default on RedHat Enterprise Linux 4.
    • Fedora 10 / RHEL 5
      • Perl 5.10.0 is the current install version.
      • Verify a current installation of perl with:
        yum install perl
      • Verify a current installation of perl-CPAN with:
        yum install perl-cpan (is not case sensitive)
  • Install other needed modules and packages

    Note that cpan is an online repository for perl modules and that installing modules from it may occasionally fail due to failed tests. In these situations, you can pass a flag to the cpan command that forces the installation. Your command should then look like cpan -fi module. Note when you do this so that you can be on the lookout for any issues that may arise as a result of these potentially buggy perl modules. You can update the perl modules when a new version is released by running the install command again.

    * Configure and update CPAN:
    cpan -i Bundle::CPAN Answer 'no' to manual configuration question.
  • Install the GD module:
    cpan -i GD Answer 'N' to "Build GIF support?", but use the default for all other questions.
  • Install the GD::Graph module:
    cpan -i GD::Graph
  • Install the CGI module:
    cpan -i CGI
  • Install the LWP module:
    cpan -i LWP
  • Install the Time::Local module:
    cpan -i Time::Local
  • Install the DateTime module:
    cpan -i DateTime
  • Install the XML::LibXML module:
    • For RHEL 4 and RHEL5, the newest version of XML::LibXML (1.70) is not compatible with the required version of XML::LibXSLT (see next module). Thus an older version of the perl module must be installed per the directions below..
      • Force installation of older version (1.69):
        cpan -fi P/PA/PAJAS/XML-LibXML-1.69.tar.gz
  • Install the XML::LibXSLT module:
    • For RHEL 4 and RHEL5, the newest version of XML::LibXSLT (1.63) is not compatible with the most recent version of libxslt (1.1.11) in the Red Hat repositories. Thus an older version of the perl module must be installed per the directions below..
      • Force installation of older version of XML::LibXSLT (1.62):
        cpan -fi P/PA/PAJAS/XML-LibXSLT-1.62.tar.gz

Darwin

  • About
    The Darwin Streaming Server is an open-source RTP/RTSP server originally developed by Apple as the Quicktime Streaming Server. Darwin is capable of serving MOV and MP4 files that have been hinted for streaming. Variations will use this server to stream audio to the end users. For more information on how Variations' audio streaming works visit the Audio Streaming page. For more information about running Darwin see the Administrator's Guide.
  • Darwin Installation Instructions
    • Download and Install
      • Download Linux Package (for Fedora Core 4 or later, that's us) from:
        http://dss.macosforge.org/
        At that site, scroll down to Related Links at the bottom, and follow Previous releases.
        At the Previous Releases page, under Linux installer (v5.5.5), follow Streaming Server.
        At this point an Apple ID login or account creation, and license agreement is required before the download is started. Download to any tidy location. The download will install into proper standard locations.
      • Once downloaded, unpack it:
        tar -xzf DarwinStreamingSrvr5.5.5-Linux.tar.gz
      • Change location into the unpacked directory and invoke the installation script:
        ./Install
        • You will be prompted for an administrator user name and password.
      • Make the Darwin log path readable for Variations statistics scripts:
        chmod a+rx /var/streaming /var/streaming/logs
    • Installing Darwin as a Service
      To make Darwin start on boot and be accessible as a service in /etc/init.d/ follow these steps:
      • Download the init.d script to /etc/init.d/
      • Set permissions on the script:
        chmod 755 /etc/init.d/dss
      • Set dss to run as a service on boot:
        chkconfig dss on
      • At this point, you can start dss manually:
        /etc/init.d/dss start
        The dss script has five possible actions:
        /etc/init.d/dss option

        Option

        Action

        start

        Starts the server

        stop

        Stops the server

        status

        Provides current running status for streaminaadminserver and DarwinStreamingServer

        restart

        Does a stop and then a start

        condrestart

        If Darwin is running, does a stop and then a start

        reload

        Forces Darwin to reread configuration files without disconnecting users

    • Configuring Darwin
      First, edit /etc/streaming/streamingserver.xml to bind the streaming server to its assigned IP address:
      <PREF NAME="bind_ip_addr" >your streaming IP address</PREF>
      
      You will need to restart the Darwin Streaming Servers for this change to take effect.
      /etc/init.d/dss restart
      Point your browser to http://localhost:1220/ to access the Darwin management tool.

      If you do not have terminal access to this machine and port 1220 is not open, you can try forwarding an X connection through SSH: ssh -Y hostname. This approach requires that X11 is installed on both the server and client of the the SSH connection. Once connected launch the browser of your choice, ie: konquerer localhost:1220.

      The only settings that need to be changed for Variations are:
  • the Media Directory
    /home/dmlserv/content/streaming
  • enabling Port 80 streaming
    Port 80 streaming should be turned on as a fall back for the Variations client in case firewalls or NAT devices prevent it from receiving RTSP (TCP and UDP) traffic properly.

Variations Administration User Account Creation

  • Create dmlserv account.
    Set up dmlserv account on the server, with home directory of /home/dmlserv.
    • RHEL 4
      • Create the account:
        /usr/sbin/useradd -c "DML Server Account" dmlserv
      • Set the password:
        passwd dmlserv
      • Change the permissions on dmlserv's home directory:
        chmod a+rx /home/dmlserv
    • Fedora
      If the dmlserv user was created during the first boot process, then also
      • Change the permissions on dmlserv's home directory:
        chmod a+rx /home/dmlserv

Next Steps

You have just finished installing the all of the components needed to install and run the Variations server software. Proceed to the next step and install the Variations Server Software.
Back to the Administrators Guide Home Page

  • No labels

1 Comment

  1. An installation on Fedora-10 with SELinux enabled,
    required the following context changes
    run as root in dmlserv home directory:

    chcon -R user_u:object_r:user_home_t *
    chcon -R --type=httpd_sys_content_t conf
    chcon -R --type=httpd_sys_content_t content
    chcon -R --type=httpd_sys_content_t data
    chcon -R --type=httpd_sys_content_t public_html
    chcon -R --type=httpd_sys_script_exec_t public_html/cgi-bin

    per Chris Colvard and David E. Goldberg (Oberlin)