Installation Manual for 2.17 on Oracle (and related) Linux

From WeBWorK_wiki
Revision as of 13:05, 11 September 2022 by Alex Jordan (talk | contribs)
Jump to navigation Jump to search

Under Construction

These instructions cover the installation of WeBWorK 2.17 from scratch onto an Oracle Linux 8 server. These instructions might work on related Linux distributions, but here and there the details may differ. It may help to cross-reference with other OS-specific installation guides at Manual Installation Guides.

If you are just upgrading WeBWorK, especially if you already have existing WeBWorK courses, see Upgrading WeBWorK from 2.16 to 2.17.

Preliminaries

Read this section before getting started.

OS Users

These instructions reference four OS users.

  • You should have a personal account with sudo privileges.
  • root
  • apache
  • wwadmin

When you get started, root and your personal user account should be present. It can be critical that you act as whatever user these instructions tell you to act as at each step. Do not act as root unless specifically instructed to.

Furthermore, when you will need to act as root, use sudo bash, sudo su, or sudo <command> exactly as the instructions say. In certain places, actually switching users to root when a mere sudo someCommand was indicated can result in bad things that will not become apparent until later in the installation.

Notation

  • Code blocks that begin with $ should be run with your personal user account (which we assume has sudo privileges).
  • Code blocks that begin with # should be run as root (via either a root shell or switching users to root with sudo su).
  • Code blocks that begin with @ should be run as wwadmin (for which you can use sudo su wwadmin).

You are not intended to type the $, or #, or @ characters as part of the provided commands.

Assumptions

We assume that you already have Oracle installed (or a closely related Linux distribution) but that you haven't done much with yet.

We assume that you have a personal user account with sudo privileges.

Check perl version

The Oracle distribution used for this installation write-up has perl 5.26.3. Check if perl is installed and what its version is.

$ perl --version

If you have a different version, that could be OK and you can try to continue. But if you run into obstacles, it is possible that the perl version is responsible. The Installation Manual for 2.16 on RHEL8 installs a custom version of perl for this reason, and you may need to do that.

MariaDB

Installation

After logging in to your server:

$ sudo yum install mariadb-server mariadb-connector-c mariadb-connector-c-devel

Answer y if it asks if this is OK. (For the remainder of these instructions, such trivial details might be omitted.) Now fire it up.

$ sudo systemctl enable mariadb
$ sudo systemctl start mariadb

Check that it is active with

$ sudo systemctl status mariadb

Now secure the server.

$ sudo mysql_secure_installation

This asks you for the database root password, which is nothing at this point. You should just hit <Enter>. Next there are five questions. Answer as indicated:

  • Set root password? n
  • Remove anonymous users? n
  • Disallow root login remotely? Y
  • Remove test database and access to it? Y
  • Reload privilege tables now? Y

Test that things work:

$ sudo mysql

You should see something close to:

Welcome to the MariaDB monitor.  Commands end with ; or \g.
...
...
...

MariaDB [(none)]> 

Now lets check the MariaDB users. To see the users, do the following

MariaDB> SELECT user,authentication_string,plugin,host FROM mysql.user;

You should see a table with only three users: root, root and root, each with a different host.

Now exit MariaDB

MariaDB [(none)]> exit
Bye
$

WeBWorK user and database

WeBWorK uses a single database, called webwork, for all courses. We will create the webwork database now. We also need to create a database user named webworkWrite and supply a password for that user. Use some secure password generator to generate a password that has no special characters. (Special characters in a database password sometimes cause trouble.) Write down this password because we will need it later.

In the steps below, we use dAtAbAsE_pAsSwOrD for this password. The obnoxious casing is to help you remember to replace that with what your actual password is.

$ sudo mysql 
MariaDB [(none)]> CREATE DATABASE webwork;
MariaDB [(none)]> CREATE USER 'webworkWrite'@'localhost' IDENTIFIED BY 'dAtAbAsE_pAsSwOrD';
MariaDB [(none)]> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, ALTER, DROP, LOCK TABLES ON webwork.* TO 'webworkWrite'@'localhost';
MariaDB [(none)]> exit
Bye
$ 

where as we said replace dAtAbAsE_pAsSwOrD with the password you generated.

And again, hold on to this password. We will need to enter it into a WeBWorK configuration file later.


Apache 2 and mod_perl

Installation

Install apache (httpd) and mod_perl.

$ sudo yum install httpd mod_perl libapreq2 perl-libapreq2

Enable httpd service.

$ sudo systemctl enable httpd.service


Configuration Changes

Now enable the MPM-prefork module (and disable the MPM-event module)

$ sudo vim /etc/httpd/conf.modules.d/00-mpm.conf

Uncomment the mpm_prefork_module statement and comment out the mpm_event_module

LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
#LoadModule mpm_event_module modules/mod_mpm_event.so

After the line with "LoadModule mpm_prefork_module", add the lines:

<IfModule mpm_prefork_module>
    # For WeBWorK a rough rule of thumb is 5 MaxRequestWorkers per 1 GB of memory
    MaxRequestWorkers         5
    MaxConnectionsPerChild    50
</IfModule>

where you should set MaxRequestWorkers depending on the amount of memory your server has using the above rule of thumb. Note that for very busy servers, you should observe you memory usage and return here tto adjust the above settings as necessary. Save the file and quit.

Next we add configuration files that will add the mod_perl and Apache request modules.

$ sudo vim /etc/httpd/conf.modules.d/02-perl.conf

Add the line LoadModule perl_module modules/mod_perl.so and save the file.

$ sudo vim /etc/httpd/conf.modules.d/apreq.conf

Add the line LoadModule apreq_module modules/mod_apreq2.so and save the file.

Next we will make a few changes to Apache's default configuration. First, we back up the original.

$ sudo bash
# cd /etc/httpd/conf
# cp httpd.conf httpd.conf.bak
# vim httpd.conf

Near the end, before "Supplemental configuration", add the line:

Timeout 1200 

Also, uncomment and change the server name:

ServerName yourserverhost.edu

For this installation write-up, the server's fully qualified domain name was already set up. You can confirm if this is the case for you by running: hostname; hostname --fqdn. If your server's fully qualified domain name is not yet set up, run the command sudo hostnamectl set-hostname <webwork> where of course you should replace <webwork> by whatever your server's name is. Again, you can check these settings by running the commands hostname; hostname --fqdn. The first gives the server's fully qualified domain name (e.g. webwork.mydepartment.myschool.edu) and the second the server's name (e.g. webwork). Note that if your server can not find its fully qualified domain name, certain tools may not start.

Then save the file and quit.

Finally, we need to make sure that the shared libraries have been properly identified

$ sudo ldconfig -v

Testing

You should now be able to start up the httpd service

$ sudo systemctl start httpd

Check its status just to confirm it's up.

$ sudo systemctl status httpd

and test your server by connecting to your server from a web browser using the fully qualified domain name. You should see the Apache 2 Test Page indicating that Apache is running.


Install LaTeX

The Oracle/RHEL package for texlive is likely to be a few years out of date, so we will install texlive directly. At the time of this installation write-up, the current version is 2022. In the steps that follow, replace "2022" with whatever is current. Note the very last option --paper=letter is only if you actually want letter to be the default paper size. Leave that off if you would like it to be A4.

$ cd /tmp # working directory of your choice
$ sudo yum install wget
$ wget https://mirror.ctan.org/systems/texlive/tlnet/install-tl-unx.tar.gz
$ zcat install-tl-unx.tar.gz | tar xf -
$ cd install-tl-*/
$ sudo perl ./install-tl --no-interaction --paper=letter

This could take a while because it is a full installation. A full installation is probably unnecessary, but now that WeBWorK can use LaTeX to make images, it's simpler to just go ahead and install everything so you are not surprised later by a missing package.

Now you might want to clean up the installation files.

$ cd ..
$ sudo rm -r install-tl* 

Install some graphics packages and npm

Some graphics tools were installed with our new LaTeX installation: dvipng and dvisvgm. We need a few more.

$ sudo yum install gd-devel netpbm-progs ImageMagick

And we will need Node Package Manager, npm:

$ sudo yum install npm

Downloading the WeBWorK System Software and Problem Libraries

Create the wwadmin user and give that user a password that you store securely somehwere. Having a wwadmin user who is distinct from your personal user account will help in the future when others might take over management of the server, or assist with management.

$ sudo useradd wwadmin
$ sudo passwd wwadmin

Give wwadmin some secure password.

We are finally at the point where we can start downloading and installing WeBWorK itself. We will use Git to download WeBWorK from Github.

$ cd /opt
$ sudo mkdir webwork
$ sudo chown wwadmin:wwadmin webwork
$ sudo su wwadmin
@ cd webwork
@ git clone https://github.com/openwebwork/webwork2.git
@ git clone https://github.com/openwebwork/pg.git
@ git clone https://github.com/openwebwork/webwork-open-problem-library.git
@ mkdir courses
@ mkdir libraries
@ mv webwork-open-problem-library libraries 

Important Note. The above commands retrieve the main branch which gives the latest stable release of the software package (webwork2, pg, etc) with bug fixes. If a stable release newer than 2.17 exists, that will be downloaded and these instructions may be a little out of date. So it is a good idea to check before downloading. The best way to do that is to look at https://github.com/openwebwork/webwork2/blob/main/VERSION and https://github.com/openwebwork/pg/blob/main/VERSION.

Set Up Model Course

Now pull the model course from webwork2 into courses

@ cd /opt/webwork/webwork2/courses.dist
@ cp *.lst /opt/webwork/courses/
@ rsync -a modelCourse /opt/webwork/courses/

Setting Permissions

The PG installation directory and files should be owned by wwadmin and not writable by other users:

@ cd /opt/webwork/pg
@ chmod -R u+rwX,go+rX .

Most WeBWorK directories and files should also be owned by wwadmin and not writable by other users:

@ cd /opt/webwork/webwork2
@ chmod -R u+rwX,go+rX .
@ exit

Certain data directories need to be writable by the web server. These are DATA, courses, htdocs/tmp, logs, and tmp. Now we make these directories that need to be writable by the web server have apache as their group.

$ sudo bash
# cd /opt/webwork/webwork2/
# chgrp -R apache DATA ../courses htdocs/tmp logs tmp
# chmod -R g+w DATA ../courses htdocs/tmp logs tmp
# find DATA/ ../courses/ htdocs/tmp logs/ tmp/ -type d -a -exec chmod g+s {} \;
# chcon -R -t httpd_sys_rw_content_t DATA ../courses htdocs/tmp logs tmp

The chcon line is specific to SELinux to give the apache user certain privileges in those folders that are denied by default. Here is some more SELinux stuff to run.

# yum install policycoreutils-python-utils
# semanage fcontext -a -t httpd_sys_content_t '/opt/webwork(/.*)?' 
# semanage fcontext -a -t httpd_sys_rw_content_t '/opt/webwork/courses(/.*)?'
# semanage fcontext -a -t httpd_sys_rw_content_t '/opt/webwork/webwork2/logs(/.*)?'
# semanage fcontext -a -t httpd_sys_rw_content_t '/opt/webwork/webwork2/htdocs/tmp(/.*)?'
# setsebool -P httpd_can_sendmail 1
# setsebool -P httpd_can_network_connect on
# restorecon -vFR /opt

We also want to allow httpd to send pings during startup, which means we have to tell SELinux that's okay too. Create a new file called my-ping.te in wwadmin's home folder.

# vim /home/wwadmin/my-ping.te

Paste the following into the empty file:

module my-ping 1.0;

require {
       type httpd_t;
       class icmp_socket create;
       class rawip_socket { create getopt setopt write read };
       class capability net_raw;
}

#============= httpd_t ==============
allow httpd_t self:capability net_raw;
allow httpd_t self:icmp_socket create;
allow httpd_t self:rawip_socket { create getopt setopt write read };

Exit and save the file, then compile and install the policy:

# checkmodule -M -m -o my-ping.mod /home/wwadmin/my-ping.te
# semodule_package -o my-ping.pp -m my-ping.mod
# semodule -X 300 -i my-ping.pp


It is convenient to give WeBWorK administrators access to the five directories mentioned above as well, so they can perform administrative tasks such as removing temporary files, creating and editing courses from the command line, managing logs, and so on. We will add our user, wwadmin, to the apache group. Run the command

# usermod -a -G apache wwadmin
# exit

Compile color.c

$ cd /opt/webwork/pg/lib/chromatic
$ sudo yum install gcc
$ sudo su wwadmin
@ gcc color.c -o color
@ exit

You may see some warning messages which you can safely ignore.

Configuring the Shell

To make working with WeBWorK easier, there are a couple of changes you can make to your shell environment.

Add the WeBWorK bin directory to your path. This will allow you to run WeBWorK command-line utilities without typing the full path to the utility. Go to your home directory and backup your .bashrc file

$ cd
$ cp .bashrc .bashrc.bak1

Now edit .bashrc. (Alternatively, these edits can be applied to /etc/profile, which will apply to all users.)

$ vim .bashrc

After the last line add the following three lines. But note that when we installed LaTeX earlier, it maybe landed in a different place. The "2022" and "x86_64-linux" might be different for you. You can run ls -la /usr/local/texlive/*/bin/*/pdflatex to identify the appropriate values.

export PATH=/usr/local/texlive/2022/bin/x86_64-linux:$PATH:/opt/webwork/webwork2/bin
export WEBWORK_ROOT=/opt/webwork/webwork2
export PG_ROOT=/opt/webwork/pg

Then save the file and Quit.

Close your Terminal Window and open a new one so the above changes take effect. You can check that they have by

$ echo $PATH
$ echo $WEBWORK_ROOT
$ echo $PG_ROOT

Checking Module Dependencies

WeBWorK includes a script called check_modules.pl (in the directory /opt/webwork/webwork2/bin) that verifies that the needed programs and Perl modules are installed on your system. Run this script to make sure you have installed the required programs and Perl modules.

$ check_modules.pl apache2

You probably see a lot is missing, as indicated by **.

In the executables section, the only thing that should be missing is pdf2svg, which we will not be using. If you see LaTeX executables missing, check that you correctly added the path to LaTeX executables in PATH as described above. If anything else is missing in the executables section, check if it was explicitly mentioned already in this guide, and that you completed those steps of the guide. Otherwise, maybe it just did not come with your OS installation and you should install it. You can search using yum search someExecutable and if found, install it using yum install someExecutable.

Now we will install the missing perl modules. While writing this guide, this missing ones are the ones indicated in the command a few lines below. You might need to modify.

$ sudo perl -MCPAN -e shell

You might be prompted to auto-configure. Say yes. You should be in the cpan shell and see the prompt:

cpan[1]> 

Then run as follows, but compare the list of perl modules to the ones that were missing when you ran check_modules. Also, we are not using DBD::mysql even though that probably was missing. We are, however, going to need DBD::MariaDB, which was maybe not being checked for by check_modules. So include DBD::MariaDB, not DBD::mysql.

This may take a while! Keep an eye on it though because there may be occasional prompts asking if you want to conduct certain tests. Say yes to the tests unless you have a good reason not to.

cpan[1]> install Array::Utils CGI CGI::Cookie Class::Accessor Data::Dump Data::UUID Date::Format Date::Parse DateTime DBD::MariaDB DBI Email::Address::XS Email::Sender::Simple Email::Sender::Transport::SMTP Email::Stuffer Exception::Class File::Find::Rule GD HTML::Entities HTML::Scrubber HTML::Tagset HTML::Template HTTP::Async IO::Socket::SSL Iterator Iterator::Util JSON JSON::MaybeXS Locale::Maketext::Lexicon LWP::Protocol::https Net::IP Net::LDAPS Net::OAuth Net::SSLeay PadWalker Path::Class PHP::Serialization Pod::WSDL SOAP::Lite Statistics::R::IO String::ShellQuote Template Text::CSV Tie::IxHash Time::Zone Types::Serialiser UUID::Tiny XML::Parser XML::Parser::EasyTree XML::Simple XML::Writer XMLRPC::Lite YAML::XS Apache2::Request

At a certain point, you may see a prompt with a message about JSON::XS possibly not working with the version of perl we are using. For this write-up, the perl version is 5.26, and everything worked out fine.

You may see questions about the XS Stash module. You can answer yes.

You may see questions like "Do you want to install 'xml_...'. You can answer yes.

You might encounter this message:

 Your Perl is configured to link against libgdbm, 
 but libgdbm.so was not found.
 You could just symlink it to /lib64/libgdbm.so.6.0.0

I hit q and it was fine.

When it's all done, you can exit.

cpan[2]> exit
$

Now run check_modules.pl apache2 as before to see if something didn't work. You may see that Apache2::Request is found, but failed to load. This is probably OK. I believe it means that check_modules is missing some configuration detail that WeBWorK itself will have in place.

You might also see some warning messages like

Prototype mismatch: sub main::from_json: none vs ($@) at (eval 188) line 2.
Prototype mismatch: sub main::to_json: none vs ($@) at (eval 188) line 2.

This seems to be a known bug in libjson-perl and can be safely ignored.

Now we check that all necessary LaTeX packages have been installed.

$ check_latex

and look for missing packages (you can ignore "No file check_latex.aux."). If the script displays "Compilation Success!", then all is good!

Initialize WeBWorK config files

$ sudo su wwadmin
@ cd /opt/webwork/webwork2/conf
@ cp webwork.apache2.4-config.dist webwork.apache2.4-config
@ cp site.conf.dist site.conf

Now edit site.conf and enter your value for $server_root_url.

@ vim site.conf

After entering a value for $server_root_url as the comments in the file describe. save the file and exit.

@ cp localOverrides.conf.dist localOverrides.conf
@ exit
$ sudo ln -s /opt/webwork/webwork2/conf/webwork.apache2.4-config /etc/httpd/conf.d/webwork.conf

Copy WeBWorK's icon file favicon.ico to Apache's www directory.

$ sudo cp /opt/webwork/webwork2/htdocs/favicon.ico /var/www/html


Now stop and start apache.

$ sudo systemctl stop httpd
$ sudo systemctl start httpd

You should be able to visit WeBWorK in a web browser now, although it will show errors. In a web browser, visit http://server_root_url/webwork2, where server_root_url is what you used abovee in site.conf.

More to come; this page is under construction