Defindit Docs and Howto Home

This page last modified: Apr 13 2011
description:Installing and configuring the original Tufts TAPER Submission Agreement Builder Tool
title:Tufts TAPER SABT install

todo: add a section about editing wrapper to clean up hard coded URLs

How to install Tufts TAPER SABT

# Forgot to record the original install command. Probably:
svn co tutaper 

# To run the web site, I only used the code in the production
# branch. I copied ./tutaper/production/TAPER/ to ~/public_html/
# although any web accessible directory should work.

# Catalyst is huge and it should be installed via yum and/or some
# bundle if possible. Installing via cpan is very time consuming, but
# if the Makefile.PL script works at least it is more or less
# automatic. Unfortunately, Makefile.PL does *not* work under Centos
# 5. The instructions below are for Fedora Linux (FC12). At one point
# during a lengthy cpan install I discovered Task::Catalyst which seems
# to include most of what Catalyst needs.

sudo su -l root
grep -i cpan yum_list.txt 
yum -y install perl-CPAN
cd /home/mst3k/tutaper/production/TAPER/
perl Makefile.PL 

# After installing Fedora Linux, I always runt a 
# "yum list all > yum_list.txt"
# because yum is sooo sloooow in checking the repo databases. When I
# need to know a package name, I grep the yum_list.txt.

grep -i catal yum_list.txt 
yum -y install perl-Catalyst-Model-DBIC-Schema.noarch

# as mst3k

# an error
Base class package "Catalyst::Model::DBIC::Schema" is empty.

# You can run a command with an environment variable prefixing the
# command. I think also understands -p 3030

TAPER_PORT=3030 script/ 

# Don't edit, but the idea is amusing, and it sort of
# works. You could force the authentication conditional to true with 1
# || $c->authentication, but don't do that. Instead add
# userid/password combos to the taper.conf as shown below.

cd /home/mst3k/tutaper/production/TAPER
emacs lib/TAPER/Controller/

# Opps. No MySQL db. I wonder how we create that?
[error] DBIx::Class::ResultSet::search(): DBI Connection failed: DBI
connect('taper','root',...) failed: Can't connect to local MySQL
server through socket '/var/lib/mysql/mysql.sock' (2) at
/usr/local/lib/perl5/site_perl/5.10.0/DBIx/Class/Storage/ line

# yum install mysql (or whatever). Before using mysql we have to set
# or reset the mysql root password. By default TAPER connects as root
# with no password. You'll have to edit one of the TAPER source files
# to set a password. Yes, you can set up mysql with no root password,
# and the TAPER mysql login is actually 'root', but don't go
# there. Just do the extra steps and add some proper security.

# The steps below also include building the TAPER sql database. You'll
# need the taper.sql file which I got from the original directory
# where I unpacked TAPER.

> cd tutaper
> find . -name 'taper*.sql' -ls
1221515    8 -rw-r--r--   1 mst3k    users        4921 Nov 29 15:35 ./trunk/sql/taper.sql
1336815    8 -rw-r--r--   1 mst3k    users        4921 Nov 29 15:35 ./production/sql/taper.sql

# No password yet, so -p is not needed.  Every account needs a
# password, especially root. You must "flush privileges" for the new
# password to take effect. I quit the mysql shell and start again
# just to make sure the privs changed.

mysql -u root
update mysql.user set password=password('foo') where user='root';
flush privileges;
mysql -u root -p
create database taper;
use taper;
source taper.sql;
show tables;

# The output:

| Tables_in_taper |
| office          | 
| role            | 
| rsa             | 
| ssa             | 
| user            | 
| user_office     | 
| user_role       | 
7 rows in set (0.00 sec)

# While we are in the db, we need to do some mysql admin tasks.

# The non-root user *must* have two mysql accounts as you'll see
# below. Postgres handles this much better.


# It is necessary to have both accounts for monty to be able to
# connect from anywhere as monty. Without the localhost account, the
# anonymous-user account for localhost that is created by
# mysql_install_db would take precedence when monty connects from the
# local host. As a result, monty would be treated as an anonymous
# user. The reason for this is that the anonymous-user account has a
# more specific Host column value than the 'monty'@'%' account and
# thus comes earlier in the user table sort order. (user table sorting
# is discussed in Section 5.4.4, \u201cAccess Control, Stage 1:
# Connection Verification\u201d.)

create user 'taper'@'localhost' identified by 'foobarbaz';
grant all privileges on *.* to 'taper'@'localhost' with grant option;
create user 'taper'@'%' identified by 'foobarbaz';
grant all privileges on *.* to 'taper'@'%' with grant option;
select host,user,password from mysql.user;

# The output:

| host                  | user  | password         |
| localhost             | root  | 7a8cd9854ef31c3c | 
|  | root  | 7a8cd9854ef31c3c | 
|             | root  | 7a8cd9854ef31c3c | 
| localhost             |       |                  | 
|  |       |                  | 
| %                     | taper | 0654d346211e7caf | 
6 rows in set (0.00 sec)

flush privileges;
mysql -u taper taper -p
select * from user;

# The output:

Empty set (0.00 sec)

# Insert one user to be the first TAPER admin.

insert into user (username,first_name,last_name,is_dca) values ('mst3k','Merry', 'Terry',1);

# Go fix the TAPER source to use a non-root user and password.

cd ./lib/TAPER/Model/
emacs -nw
                    schema_class => 'TAPER::Schema',
                    connect_info => [

# Test any mysql userid and privilege changes by adding a new TAPER
# user from the TAPER web pages, which reads and writes the db. (At
# least I'm fairly certain it reads and writes the db.)

# After this, login to taper as mst3k, "DCA TAPER Tools", "Manage
# Users", "Click here to add a new user." This adds the new user to
# the database. If you don't do this, a user can login, but they get
# the "You are logged in but you aren't approved" or something like
# that.

# Edit taper.conf and change ldap stuff to use a user auth store in
# the conf file. This is based on the Catalyst authentication CPAN docs.

    default_realm local
                class Password
                password_field password
                password_type clear
		class Minimal

# quick command line test for TAPER. (No. Catalyst apps require
# mod_perl or mod_fastcgi.) taper w/apache or at command line.

HTTP_HOST=localhost SERVER_PORT=80 script/


# If you have Apache httpd running with UserDir enabled and user
# public_html is allowed to ExecCGI, then you can probably use a URL
# like the one below to run TAPER. I've only got one virtual host and
# it is devoted to a Rails application. I suppose I should ask our
# hostmaster for another hostname, but for now I'm perfectly happy
# hosting out of a public_html directory. The script is
# very, very slow apparently due to the Catalyst overhead. Yes, the
# second URL has a trailing / (slash).

# If you get "Page not found" then you probably forgot the trailing
# slash. This interesting URL format is due to Catalyst.

# The line below probably runs the server with verbose debugging
# output. Probably useful if your installation isn't quite running
# right.

perl -MCarp=verbose script/ -p 3030

# I don't think I did any of the stuff below. This probably comes from
# some web page on how to reset the root password for mysql.

[root@tull ~]# man mysqld_safe 
[root@tull ~]# mysqld_safe --init-file=mysql_reset.sql
101201 11:29:44 mysqld_safe Logging to '/var/log/mysqld.log'.
101201 11:29:44 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
101201 11:29:49 mysqld_safe mysqld from pid file /var/run/mysqld/ ended
[root@tull ~]# /etc/init.d/mysqld start
Starting MySQL:                                            [  OK  ]
[root@tull ~]# cat mysql_reset.sql
UPDATE mysql.user SET Password=PASSWORD('foo') WHERE User='root';
[root@tull ~]# 

# Now that TAPER runs with the script it is time to
# get it running under Apache httpd with mod_fcgid. TAPER was not
# intended to use mod_perl and it works very poorly. There are rumors
# that mod_fastcgi is deprecated. Since I have to run TAPER on both a
# Fedora Core Linux server and a Centos Linux server I chose mod_fcgid
# which has yum packages.

# On Centos I installed the fcgi package. I didn't install this on
# Fedora Linux and I'm pretty sure fcgi is not required.

sudo su -l root
yum -y install mod_fcgid

# Now you'll have a file /etc/httpd/conf.d/fcgid.conf. If you have
# Centos, then you have the old version of this file. It works fine,
# but the commant should read:

# Use FastCGI to process .fcg .fcgi & .fpl scripts as long as
# mod_fastcgi is not already doing this. mod_fcgid and mod_fastcgi
# conflict with each other.

# If not mod_fastcgi then use fcgid-script for various fastcgi related
# file extensions.

cd /etc/httpd/conf/
# make a backup of httpd.conf
emacs httpd.conf
# Add the lines below, modified for your server. Note that I'm running
# Rubymatica via mod_passenger and that config is here as well. This
# should be everything you need in httpd.conf for Rubymatica, TAPER,
# and the donor survey.

# ... clip ...
# Use name-based virtual hosting.

# NOTE: NameVirtualHost cannot be used without a port specifier 
# (e.g. :80) if mod_ssl is being used, due to the nature of the
# SSL protocol.

# The modern way is each vhost is :80 with a different ServerName.

NameVirtualHost *:80

LoadModule passenger_module /opt/ruby-enterprise-1.8.7-2011.03/lib/ruby/gems/1.8/gems/passenger-3.0.5/ext/apache2/
PassengerRoot /opt/ruby-enterprise-1.8.7-2011.03/lib/ruby/gems/1.8/gems/passenger-3.0.5
PassengerRuby /opt/ruby-enterprise-1.8.7-2011.03/bin/ruby

<VirtualHost *:80 >
    # be sure to point to 'public'!
    DocumentRoot /home/mst3k/am_ruby/public

    # setenv RailsEnv production

    # Based on config/environment.rb the var is all caps, with underscore
    setenv RAILS_ENV production

    # default is 3
    setenv PassengerLogLevel 5
    setenv PassengerUseGlobalQueue on
    setenv RailsFrameworkSpawnerIdleTime 0
    setenv RailsAppSpawnerIdleTime 0

    <Directory /home/mst3k/am_ruby/public >
       # relax Apache security settings
       AllowOverride all
       # MultiViews must be turned off
       Options -MultiViews

       AuthUserFile /home/mst3k/.htpasswd
       AuthGroupFile /dev/null
       AuthName Rubymatica
       AuthType Basic
       require valid-user


# Settings for TAPER. Must have mod_fcgid. See also conf.d/fcgid.conf

<IfModule mod_fcgid.c>
  Alias /taper/static /home/mst3k/public_html/TAPER/root/static

  <Location /taper/static>
    # http://hostname/taper/static/images/leftside_photo_34x342.jpg
    SetHandler default-handler

  Alias /taper /home/mst3k/public_html/TAPER/script/

  <Location /taper>
    Options ExecCGI
    Order allow,deny
    Allow from all
    AddHandler fcgid-script .pl

# end of httpd.conf

# as root

/etc/init.d/httpd restart

# Access TAPER via a URL that has /taper as the apparent document root.


# mod_fcgid knows to run due to the Alias above
# combined with the "AddHandler fcgid-script .pl" in the Location
# directive for /taper.

# On the other hand /taper/static is using the default handler, aka
# whatever Apache httpd would normally do. This is good because things
# like images are simply loaded via httpd without the Catalyst overhead.

# The script is running from /home/mst3k/public_html/TAPER/script (the
# dir containing and it tried to mkdir run/session/b
# in that dir. However, suexec apparently doesn't work with mod_fcgid,
# so it fails. "chmod -R go+w ./run"

[Tue Apr 12 15:36:16 2011] [warn] [client] mod_fcgid: stderr: [error] Caught exception in engine "mkdir run/session/b: Permission denied at /usr/local/lib/perl5/site_perl/5.10.0/Cache/ line 222", referer:

# Do the chmod as a normal user, not root. See output of id:

> id
uid=522(mst3k) gid=100(users) groups=100(users)

cd ~/public_html/TAPER/script
chmod -R go+w ./run

# Or put this in your VirtualHost directive:
    # This works to run scripts from anywhere in document root as a
    # non-apache user.  Coexists fine with mod_passenger and
    # mod_fcgi. If you want a Rails or Catalyst app to run as a
    # non-apache user, you'll probably have to use a directory in /var/www.

    Alias /test /var/www/html/test
    SuexecUserGroup mst3k users
    <Directory /var/www/html/test >
        Options ExecCGI

# This version of TAPER is essentially a beta release, and has a
# couple of small issues. The images are hard coded to come from a
# server at

# I copied ./TAPER/root/lib/wrapper to ./TAPER/root/lib/wrapper.dist
# and then changed the img src in wrapper.dist to something that is
# easy to search and replace like %%images/yadayada.jpg. To make a
# "working" version simply copy wrapper.dist to wrapper and do the
# substitutions. Here is an example
# src="/taper/static/images/tufts_logo_226x78.jpg". You'll need to
# download the images with wget or curl. I put my images in
# ./TAPER/root/static/images

> pwd
> ls -l
total 132
-rw-r--r-- 1 mst3k users   341 2011-04-07 15:53 bg_190x15.jpg
-rw-r--r-- 1 mst3k users  3826 2011-03-28 16:39 btn_120x50_built.png
-rw-r--r-- 1 mst3k users  3681 2011-03-28 16:39 btn_120x50_built_shadow.png
-rw-r--r-- 1 mst3k users  3862 2011-03-28 16:39 btn_120x50_powered.png
-rw-r--r-- 1 mst3k users  3673 2011-03-28 16:39 btn_120x50_powered_shadow.png
-rw-r--r-- 1 mst3k users  2517 2011-03-28 16:39 btn_88x31_built.png
-rw-r--r-- 1 mst3k users  2274 2011-03-28 16:39 btn_88x31_built_shadow.png
-rw-r--r-- 1 mst3k users  2542 2011-03-28 16:39 btn_88x31_powered.png
-rw-r--r-- 1 mst3k users  2304 2011-03-28 16:39 btn_88x31_powered_shadow.png
-rw-r--r-- 1 mst3k users 13710 2011-03-28 16:39 catalyst_logo.png
-rw-r--r-- 1 mst3k users 43032 2011-04-07 15:53 dca__17.jpg
-rw-r--r-- 1 mst3k users 10573 2011-04-07 15:53 leftside_photo_34x342.jpg
-rw-r--r-- 1 mst3k users   817 2011-04-07 15:53 logo_bottom_226x26.jpg
-rw-r--r-- 1 mst3k users   488 2011-04-07 15:53 site_header_bottom.jpg
-rw-r--r-- 1 mst3k users  6653 2011-04-07 15:53 site_header_top.jpg
-rw-r--r-- 1 mst3k users  7110 2011-04-07 15:53 tufts_logo_226x78.jpg