Difference between revisions of "Installation Manual for 2.17 on Oracle (and related) Linux"
Alex Jordan (talk | contribs) m |
Alex Jordan (talk | contribs) m |
||
Line 33: | Line 33: | ||
We assume that you have a user account myname with sudo privileges. |
We assume that you have a user account myname with sudo privileges. |
||
− | == Create wwadmin == |
||
− | |||
− | Create the wwadmin user and give that user a password that you store securely somehwere. Having a wwadmin user who is distinct from your personal user account will help in the future when others might take over management of the server, or assist with management. |
||
− | |||
− | $ sudo useradd wwadmin |
||
− | $ sudo passwd wwadmin |
||
− | |||
− | Give wwadmin some secure password. |
||
== Install MariaDB == |
== Install MariaDB == |
||
Line 186: | Line 178: | ||
$ sudo yum install npm |
$ sudo yum install npm |
||
+ | == Downloading the WeBWorK System Software and Problem Libraries == |
||
+ | |||
+ | Create the wwadmin user and give that user a password that you store securely somehwere. Having a wwadmin user who is distinct from your personal user account will help in the future when others might take over management of the server, or assist with management. |
||
+ | |||
+ | $ sudo useradd wwadmin |
||
+ | $ sudo passwd wwadmin |
||
+ | |||
+ | Give wwadmin some secure password. |
||
+ | |||
+ | We are finally at the point where we can start downloading and installing WeBWorK itself. We will use Git to download WeBWorK from Github. |
||
+ | |||
+ | $ cd /opt |
||
+ | $ sudo mkdir webwork |
||
+ | $ sudo chown wwadmin:wwadmin webwork |
||
+ | $ sudo su wwadmin |
||
+ | @ cd webwork |
||
+ | @ git clone <nowiki>https://github.com/openwebwork/webwork2.git</nowiki> |
||
+ | @ git clone <nowiki>https://github.com/openwebwork/pg.git</nowiki> |
||
+ | @ git clone <nowiki>https://github.com/openwebwork/webwork-open-problem-library.git</nowiki> |
||
+ | @ mkdir courses |
||
+ | @ mkdir libraries |
||
+ | @ mv webwork-open-problem-library libraries |
||
+ | |||
+ | '''Important Note'''. The above commands retrieve the main branch which gives the latest stable release of the software package (webwork2, pg, etc) with bug fixes. If a stable release newer than 2.17 exists, that will be downloaded and these instructions may be a little out of date. So it is a good idea to check before downloading. The best way to do that is to look at https://github.com/openwebwork/webwork2/blob/main/VERSION and https://github.com/openwebwork/pg/blob/main/VERSION. |
||
+ | |||
+ | === Set Up Model Course === |
||
+ | |||
+ | Now pull the model course from <code>webwork2</code> into <code>courses</code> |
||
+ | |||
+ | @ cd /opt/webwork/webwork2/courses.dist |
||
+ | @ cp *.lst /opt/webwork/courses/ |
||
+ | @ rsync -a modelCourse /opt/webwork/courses/ |
||
+ | |||
+ | === Setting Permissions === |
||
+ | |||
+ | The PG installation directory and files should be owned by <code>wwadmin</code> and not writable by other users: |
||
+ | |||
+ | @ cd /opt/webwork/pg |
||
+ | @ chmod -R u+rwX,go+rX . |
||
+ | |||
+ | Most WeBWorK directories and files should also be owned by <code>wwadmin</code> and not writable by other users: |
||
+ | |||
+ | @ cd /opt/webwork/webwork2 |
||
+ | @ chmod -R u+rwX,go+rX . |
||
+ | |||
+ | Certain data directories need to be writable by the web server. These are <code>DATA</code>, <code>courses</code>, <code>htdocs/tmp</code>, <code>logs</code>, and <code>tmp</code>. Now we make these directories that need to be writable by the web server have <code>apache</code> as their group. |
||
+ | |||
+ | First, stop acting as wwadmin. |
||
+ | |||
+ | @ exit |
||
+ | |||
+ | Now |
||
+ | |||
+ | $ sudo bash |
||
+ | # cd /opt/webwork/webwork2/ |
||
+ | # chgrp -R apache DATA ../courses htdocs/tmp logs tmp |
||
+ | # chmod -R g+w DATA ../courses htdocs/tmp logs tmp |
||
+ | # find DATA/ ../courses/ htdocs/tmp logs/ tmp/ -type d -a -exec chmod g+s {} \; |
||
+ | # chcon -R -t httpd_sys_rw_content_t DATA ../courses htdocs/tmp logs tmp |
||
+ | |||
+ | The <code>chcon</code> line is specific to SELinux to give the apache user certain privileges in those folders that are denied by default. Here is some more SELinux stuff to run. |
||
+ | |||
+ | # yum install policycoreutils-python-utils |
||
+ | # semanage fcontext -a -t httpd_sys_content_t '/opt/webwork(/.*)?' |
||
+ | # semanage fcontext -a -t httpd_sys_rw_content_t '/opt/webwork/courses(/.*)?' |
||
+ | # semanage fcontext -a -t httpd_sys_rw_content_t '/opt/webwork/webwork2/logs(/.*)?' |
||
+ | # semanage fcontext -a -t httpd_sys_rw_content_t '/opt/webwork/webwork2/htdocs/tmp(/.*)?' |
||
+ | # setsebool -P httpd_can_sendmail 1 |
||
+ | # setsebool -P httpd_can_network_connect on |
||
+ | # restorecon -vFR /opt |
||
+ | |||
+ | We also want to allow httpd to send pings during startup, which means we have to tell SELinux that's okay too. |
||
+ | Create a new file called <code>my-ping.te</code> in wwadmin's home folder. |
||
+ | |||
+ | # vim /home/wwadmin/my-ping.te |
||
+ | |||
+ | Paste the following into the empty file: |
||
+ | |||
+ | module my-ping 1.0; |
||
+ | |||
+ | require { |
||
+ | type httpd_t; |
||
+ | class icmp_socket create; |
||
+ | class rawip_socket { create getopt setopt write read }; |
||
+ | class capability net_raw; |
||
+ | } |
||
+ | |||
+ | #============= httpd_t ============== |
||
+ | allow httpd_t self:capability net_raw; |
||
+ | allow httpd_t self:icmp_socket create; |
||
+ | allow httpd_t self:rawip_socket { create getopt setopt write read }; |
||
+ | |||
+ | Exit and save the file, then compile and install the policy: |
||
+ | # checkmodule -M -m -o my-ping.mod /home/wwadmin/my-ping.te |
||
+ | # semodule_package -o my-ping.pp -m my-ping.mod |
||
+ | # semodule -X 300 -i my-ping.pp |
||
+ | |||
+ | |||
+ | It is convenient to give WeBWorK administrators access to the five directories mentioned above as well, so they can perform administrative tasks such as removing temporary files, creating and editing courses from the command line, managing logs, and so on. We will add our user, <code>wwadmin</code>, to the apache group. Run the command |
||
+ | |||
+ | # usermod -a -G apache wwadmin |
||
+ | # exit |
||
+ | |||
+ | === Compile color.c === |
||
+ | |||
+ | $ cd /opt/webwork/pg/lib/chromatic |
||
+ | $ sudo yum install gcc |
||
+ | $ sudo su wwadmin |
||
+ | @ gcc color.c -o color |
||
+ | You may see some warning messages which you can safely ignore. |
||
== More to come; this page is under construction == |
== More to come; this page is under construction == |
Revision as of 18:23, 10 September 2022
Contents
- 1 Under Construction
Under Construction
These instructions cover the installation of WeBWorK 2.17 from scratch onto an Oracle Linux 8 server. These instructions might work on related Linux distributions, but here and there the details may differ. It may help to cross-reference with other OS-specific installation guides at Manual Installation Guides.
If you are just upgrading WeBWorK, especially if you already have existing WeBWorK courses, see Upgrading WeBWorK from 2.16 to 2.17.
OS Users
These instructions reference four OS users.
- You should have a personal account with sudo privileges. These instructions will use "myname" as the name of that user.
- root
- apache
- wwadmin (we will create below)
It can be critical that you act as whatever user these instructions tell you to act as at each step. Do not act as root unless specifically instructed to.
Furthermore, when you will need to act as root, either use sudo su
or sudo <command>
as the instructions say. In certain places, actually switching users to root with sudo su
or entering a root shell when a mere sudo someCommand
was indicated will result in bad things that will not become apparent until later in the installation.
Notation
Now some comments on notation we will be using. We will use <key>
to indicate that you should press a specific key (e.g. <Enter>
, <Tab>
, <F12>
, etc.). Sometimes we will also use e.g. <wwadmin password>
to indicate you have to enter the wwadmin password.
- Code blocks that begin with
$
should be run as myname. - Code blocks that begin with
#
should be run as root (via either a root shell or switching users to root withsudo su
). - Code blocks that begin with
@
should be run as wwadmin (for which you can usesudo su wwadmin
).
You are not intended to type the $
, or #
, or @
characters as part of the provided commands.
Assumptions
We assume that you already have Oracle (or a closely related Linix distribution) installed, but that you haven't done much with yet.
We assume that you have a user account myname with sudo privileges.
Install MariaDB
After logging in to your server:
$ sudo yum install mariadb-server mariadb-connector-c mariadb-connector-c-devel
Answer y
if it asks if this is OK. (For the remainder of these instructions, such trivial details might be omitted.) Now fire it up.
$ sudo systemctl enable mariadb $ sudo systemctl start mariadb
Check that it is active with
$ sudo systemctl status mariadb
Now secure the server.
$ sudo mysql_secure_installation
This asks you for the database root password, which is nothing at this point. You should just hit <Enter>
. Next there are five questions. Answer as indicated:
- Set root password? n
- Remove anonymous users? n
- Disallow root login remotely? Y
- Remove test database and access to it? Y
- Reload privilege tables now? Y
Test that things work:
$ sudo mysql
You should see something close to:
Welcome to the MariaDB monitor. Commands end with ; or \g. ... ... ... MariaDB [(none)]>
Now lets check the MariaDB users. To see the users, do the following
MariaDB> SELECT user,authentication_string,plugin,host FROM mysql.user;
You should see a table with only three users: root, root and root, each with a different host.
Now exit MariaDB
MariaDB> exit Bye $
Check perl version
The Oracle distribution used for this installation write-up has perl 5.26.3. Check if perl is installed and what its version is.
$ perl --version
Apache 2 and mod_perl
Install apache (httpd) and mod_perl.
$ sudo yum install httpd $ sudo yum install mod_perl $ sudo yum install libapreq2
Enable httpd service.
$ sudo systemctl enable httpd.service
Now enable the MPM-prefork module (and disable the MPM-event module)
$ sudo vim /etc/httpd/conf.modules.d/00-mpm.conf
Uncomment the mpm_prefork_module statement and comment out the mpm_event_module
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so #LoadModule mpm_event_module modules/mod_mpm_event.so
Next we add configuration files that will add the mod_perl and Apache request modules.
$ sudo vim /etc/httpd/conf.modules.d/02-perl.conf
Add the line LoadModule perl_module modules/mod_perl.so
and save the file.
$ sudo vim /etc/httpd/conf.modules.d/apreq.conf
Add the line LoadModule apreq_module modules/mod_apreq2.so
and save the file.
Then we configure Apache with our basic server info
$ sudo vim /etc/httpd/conf/httpd.conf
Uncomment and change the server name:
ServerName yourserverhost.edu
And finally, we need to make sure that the shared libraries have been properly identified
$ sudo ldconfig -v
You should now be able to start up the httpd service
$ sudo systemctl start httpd
Check its status just to confirm it's up.
$ sudo systemctl status httpd
For this installation write-up, the server's fully qualified domain name was already set up. You can confirm if this is the case for you by running:
$ hostname; hostname --fqdn
If your server's fully qualified domain name is not yet set up, run the command
$ sudo hostnamectl set-hostname <webwork>
where of course you should replace <webwork> by whatever your server's name is.
Again, you can check these settings by running the commands
$ hostname; hostname --fqdn
The first gives the server's fully qualified domain name (e.g. webwork.mydepartment.myschool.edu) and the second the server's name (e.g. webwork).
Note that if your server can not find its fully qualified domain name, certain tools may not start.
Now restart Apache
$ sudo systemctl restart httpd
and test your server by connecting to your server from a web browser using the fully qualified domain name. You should see the Apache 2 Test Page indicating that Apache is running.
Install LaTeX
The Oracle/RHEL package for texlive is likely to be a few years out of date, so we will install texlive directly. At the time of this installation write-up, the current version is 2022. In the steps that follow, replace "2022" with whatever is current. Note the very last option --paper=letter
is only if you actually want letter to be the default paper size. Leave that off if you would like it to be A4.
$ cd /tmp # working directory of your choice $ sudo yum install wget $ wget https://mirror.ctan.org/systems/texlive/tlnet/install-tl-unx.tar.gz $ zcat install-tl-unx.tar.gz | tar xf - $ cd install-tl-*/ $ sudo perl ./install-tl --no-interaction --paper=letter
This could take a while because it is a full installation. A full installation is probably unnecessary, but now that WeBWorK can use LaTeX to make images, it's simpler to just go ahead and install everything so you are not surprised later by a missing package.
Now you might want to clean up the installation files.
$ cd .. $ sudo rm -r install-tl*
Install some graphics packages and npm
Some graphics tools were installed with our new LaTeX installation: dvipng and dvisvgm. We need a few more.
$ sudo yum install gd-devel netpbm-progs ImageMagick
And we will need Node Package Manager, npm:
$ sudo yum install npm
Downloading the WeBWorK System Software and Problem Libraries
Create the wwadmin user and give that user a password that you store securely somehwere. Having a wwadmin user who is distinct from your personal user account will help in the future when others might take over management of the server, or assist with management.
$ sudo useradd wwadmin $ sudo passwd wwadmin
Give wwadmin some secure password.
We are finally at the point where we can start downloading and installing WeBWorK itself. We will use Git to download WeBWorK from Github.
$ cd /opt $ sudo mkdir webwork $ sudo chown wwadmin:wwadmin webwork $ sudo su wwadmin @ cd webwork @ git clone https://github.com/openwebwork/webwork2.git @ git clone https://github.com/openwebwork/pg.git @ git clone https://github.com/openwebwork/webwork-open-problem-library.git @ mkdir courses @ mkdir libraries @ mv webwork-open-problem-library libraries
Important Note. The above commands retrieve the main branch which gives the latest stable release of the software package (webwork2, pg, etc) with bug fixes. If a stable release newer than 2.17 exists, that will be downloaded and these instructions may be a little out of date. So it is a good idea to check before downloading. The best way to do that is to look at https://github.com/openwebwork/webwork2/blob/main/VERSION and https://github.com/openwebwork/pg/blob/main/VERSION.
Set Up Model Course
Now pull the model course from webwork2
into courses
@ cd /opt/webwork/webwork2/courses.dist @ cp *.lst /opt/webwork/courses/ @ rsync -a modelCourse /opt/webwork/courses/
Setting Permissions
The PG installation directory and files should be owned by wwadmin
and not writable by other users:
@ cd /opt/webwork/pg @ chmod -R u+rwX,go+rX .
Most WeBWorK directories and files should also be owned by wwadmin
and not writable by other users:
@ cd /opt/webwork/webwork2 @ chmod -R u+rwX,go+rX .
Certain data directories need to be writable by the web server. These are DATA
, courses
, htdocs/tmp
, logs
, and tmp
. Now we make these directories that need to be writable by the web server have apache
as their group.
First, stop acting as wwadmin.
@ exit
Now
$ sudo bash # cd /opt/webwork/webwork2/ # chgrp -R apache DATA ../courses htdocs/tmp logs tmp # chmod -R g+w DATA ../courses htdocs/tmp logs tmp # find DATA/ ../courses/ htdocs/tmp logs/ tmp/ -type d -a -exec chmod g+s {} \; # chcon -R -t httpd_sys_rw_content_t DATA ../courses htdocs/tmp logs tmp
The chcon
line is specific to SELinux to give the apache user certain privileges in those folders that are denied by default. Here is some more SELinux stuff to run.
# yum install policycoreutils-python-utils # semanage fcontext -a -t httpd_sys_content_t '/opt/webwork(/.*)?' # semanage fcontext -a -t httpd_sys_rw_content_t '/opt/webwork/courses(/.*)?' # semanage fcontext -a -t httpd_sys_rw_content_t '/opt/webwork/webwork2/logs(/.*)?' # semanage fcontext -a -t httpd_sys_rw_content_t '/opt/webwork/webwork2/htdocs/tmp(/.*)?' # setsebool -P httpd_can_sendmail 1 # setsebool -P httpd_can_network_connect on # restorecon -vFR /opt
We also want to allow httpd to send pings during startup, which means we have to tell SELinux that's okay too.
Create a new file called my-ping.te
in wwadmin's home folder.
# vim /home/wwadmin/my-ping.te
Paste the following into the empty file:
module my-ping 1.0; require { type httpd_t; class icmp_socket create; class rawip_socket { create getopt setopt write read }; class capability net_raw; } #============= httpd_t ============== allow httpd_t self:capability net_raw; allow httpd_t self:icmp_socket create; allow httpd_t self:rawip_socket { create getopt setopt write read };
Exit and save the file, then compile and install the policy:
# checkmodule -M -m -o my-ping.mod /home/wwadmin/my-ping.te # semodule_package -o my-ping.pp -m my-ping.mod # semodule -X 300 -i my-ping.pp
It is convenient to give WeBWorK administrators access to the five directories mentioned above as well, so they can perform administrative tasks such as removing temporary files, creating and editing courses from the command line, managing logs, and so on. We will add our user, wwadmin
, to the apache group. Run the command
# usermod -a -G apache wwadmin # exit
Compile color.c
$ cd /opt/webwork/pg/lib/chromatic $ sudo yum install gcc $ sudo su wwadmin @ gcc color.c -o color
You may see some warning messages which you can safely ignore.