This page last modified: Apr 13 2011
keywords:tufts,taper,submission,agreement,builder,tool,catalyst,framework,perl,mysql description:Installing and configuring the original Tufts TAPER Submission Agreement Builder Tool title:Tufts TAPER SABT install todo: add a section about editing wrapper to clean up hard coded tufts.edu URLs How to install Tufts TAPER SABT ------------------------------- http://sourceforge.net/projects/tutaper/ http://tutaper.svn.sourceforge.net/viewvc/tutaper/ # Forgot to record the original install command. Probably: svn co https://tutaper.svn.sourceforge.net/svnroot/tutaper tutaper # To run the web site, I only used the code in the production # branch. I copied ./tutaper/production/TAPER/ to ~/public_html/ # although any web accessible directory should work. # Catalyst is huge and it should be installed via yum and/or some # bundle if possible. Installing via cpan is very time consuming, but # if the Makefile.PL script works at least it is more or less # automatic. Unfortunately, Makefile.PL does *not* work under Centos # 5. The instructions below are for Fedora Linux (FC12). At one point # during a lengthy cpan install I discovered Task::Catalyst which seems # to include most of what Catalyst needs. sudo su -l root grep -i cpan yum_list.txt yum -y install perl-CPAN cd /home/mst3k/tutaper/production/TAPER/ perl Makefile.PL ls make cpan # After installing Fedora Linux, I always runt a # "yum list all > yum_list.txt" # because yum is sooo sloooow in checking the repo databases. When I # need to know a package name, I grep the yum_list.txt. grep -i catal yum_list.txt yum -y install perl-Catalyst-Model-DBIC-Schema.noarch # as mst3k script/taper_server.pl # an error Base class package "Catalyst::Model::DBIC::Schema" is empty. # You can run a command with an environment variable prefixing the # command. I think taper_server.pl also understands -p 3030 TAPER_PORT=3030 script/taper_server.pl # Don't edit Auth.pm, but the idea is amusing, and it sort of # works. You could force the authentication conditional to true with 1 # || $c->authentication, but don't do that. Instead add # userid/password combos to the taper.conf as shown below. cd /home/mst3k/tutaper/production/TAPER emacs lib/TAPER/Controller/Auth.pm # Opps. No MySQL db. I wonder how we create that? [error] DBIx::Class::ResultSet::search(): DBI Connection failed: DBI connect('taper','root',...) failed: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) at /usr/local/lib/perl5/site_perl/5.10.0/DBIx/Class/Storage/DBI.pm line 1257 # yum install mysql (or whatever). Before using mysql we have to set # or reset the mysql root password. By default TAPER connects as root # with no password. You'll have to edit one of the TAPER source files # to set a password. Yes, you can set up mysql with no root password, # and the TAPER mysql login is actually 'root', but don't go # there. Just do the extra steps and add some proper security. # The steps below also include building the TAPER sql database. You'll # need the taper.sql file which I got from the original directory # where I unpacked TAPER. > cd tutaper > find . -name 'taper*.sql' -ls 1221515 8 -rw-r--r-- 1 mst3k users 4921 Nov 29 15:35 ./trunk/sql/taper.sql 1336815 8 -rw-r--r-- 1 mst3k users 4921 Nov 29 15:35 ./production/sql/taper.sql > # No password yet, so -p is not needed. Every account needs a # password, especially root. You must "flush privileges" for the new # password to take effect. I quit the mysql shell and start again # just to make sure the privs changed. mysql -u root update mysql.user set password=password('foo') where user='root'; flush privileges; quit; mysql -u root -p create database taper; use taper; source taper.sql; show tables; # The output: +-----------------+ | Tables_in_taper | +-----------------+ | office | | role | | rsa | | ssa | | user | | user_office | | user_role | +-----------------+ 7 rows in set (0.00 sec) # While we are in the db, we need to do some mysql admin tasks. # The non-root user *must* have two mysql accounts as you'll see # below. Postgres handles this much better. # http://dev.mysql.com/doc/refman/5.1/en/adding-users.html # It is necessary to have both accounts for monty to be able to # connect from anywhere as monty. Without the localhost account, the # anonymous-user account for localhost that is created by # mysql_install_db would take precedence when monty connects from the # local host. As a result, monty would be treated as an anonymous # user. The reason for this is that the anonymous-user account has a # more specific Host column value than the 'monty'@'%' account and # thus comes earlier in the user table sort order. (user table sorting # is discussed in Section 5.4.4, \u201cAccess Control, Stage 1: # Connection Verification\u201d.) create user 'taper'@'localhost' identified by 'foobarbaz'; grant all privileges on *.* to 'taper'@'localhost' with grant option; create user 'taper'@'%' identified by 'foobarbaz'; grant all privileges on *.* to 'taper'@'%' with grant option; select host,user,password from mysql.user; # The output: +-----------------------+-------+------------------+ | host | user | password | +-----------------------+-------+------------------+ | localhost | root | 7a8cd9854ef31c3c | | aims.lib.example.edu | root | 7a8cd9854ef31c3c | | 127.0.0.1 | root | 7a8cd9854ef31c3c | | localhost | | | | aims.lib.example.edu | | | | % | taper | 0654d346211e7caf | +-----------------------+-------+------------------+ 6 rows in set (0.00 sec) flush privileges; quit; mysql -u taper taper -p select * from user; # The output: Empty set (0.00 sec) # Insert one user to be the first TAPER admin. insert into user (username,first_name,last_name,is_dca) values ('mst3k','Merry', 'Terry',1); quit; # Go fix the TAPER source to use a non-root user and password. cd ./lib/TAPER/Model/ emacs -nw TAPERDB.pm __PACKAGE__->config( schema_class => 'TAPER::Schema', connect_info => [ 'dbi:mysql:taper', 'taper', 'foobarbaz' ], ); # Test any mysql userid and privilege changes by adding a new TAPER # user from the TAPER web pages, which reads and writes the db. (At # least I'm fairly certain it reads and writes the db.) # After this, login to taper as mst3k, "DCA TAPER Tools", "Manage # Users", "Click here to add a new user." This adds the new user to # the database. If you don't do this, a user can login, but they get # the "You are logged in but you aren't approved" or something like # that. # Edit taper.conf and change ldap stuff to use a user auth store in # the conf file. This is based on the Catalyst authentication CPAN docs. <authentication> default_realm local <realms> <local> <credential> class Password password_field password password_type clear </credential> <store> class Minimal <users> <mst3k> password="foobarbaz" </mst3k> </users> </store> </local> </realms> </authentication> # quick command line test for TAPER. (No. Catalyst apps require # mod_perl or mod_fastcgi.) taper w/apache or at command line. HTTP_HOST=localhost REMOTE_ADDR=aims.lib.example.edu SERVER_PORT=80 script/taper_cgi.pl REQUEST_METHOD=GET HTTP_HOST=localhost REMOTE_ADDR=aims.lib.example.edu SERVER_PORT=80 script/taper_cgi.pl # If you have Apache httpd running with UserDir enabled and user # public_html is allowed to ExecCGI, then you can probably use a URL # like the one below to run TAPER. I've only got one virtual host and # it is devoted to a Rails application. I suppose I should ask our # hostmaster for another hostname, but for now I'm perfectly happy # hosting out of a public_html directory. The script taper_cgi.pl is # very, very slow apparently due to the Catalyst overhead. Yes, the # second URL has a trailing / (slash). http://aims.lib.example.edu/~mst3k/TAPER/script/taper_cgi.pl/auth/login http://aims.lib.example.edu/~mst3k/TAPER/script/taper_cgi.pl/ # If you get "Page not found" then you probably forgot the trailing # slash. This interesting URL format is due to Catalyst. # The line below probably runs the server with verbose debugging # output. Probably useful if your installation isn't quite running # right. perl -MCarp=verbose script/taper_server.pl -p 3030 # I don't think I did any of the stuff below. This probably comes from # some web page on how to reset the root password for mysql. [root@tull ~]# man mysqld_safe [root@tull ~]# mysqld_safe --init-file=mysql_reset.sql 101201 11:29:44 mysqld_safe Logging to '/var/log/mysqld.log'. 101201 11:29:44 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql 101201 11:29:49 mysqld_safe mysqld from pid file /var/run/mysqld/mysqld.pid ended [root@tull ~]# /etc/init.d/mysqld start Starting MySQL: [ OK ] [root@tull ~]# cat mysql_reset.sql UPDATE mysql.user SET Password=PASSWORD('foo') WHERE User='root'; FLUSH PRIVILEGES; [root@tull ~]# # Now that TAPER runs with the taper_script.pl script it is time to # get it running under Apache httpd with mod_fcgid. TAPER was not # intended to use mod_perl and it works very poorly. There are rumors # that mod_fastcgi is deprecated. Since I have to run TAPER on both a # Fedora Core Linux server and a Centos Linux server I chose mod_fcgid # which has yum packages. # On Centos I installed the fcgi package. I didn't install this on # Fedora Linux and I'm pretty sure fcgi is not required. sudo su -l root yum -y install mod_fcgid # Now you'll have a file /etc/httpd/conf.d/fcgid.conf. If you have # Centos, then you have the old version of this file. It works fine, # but the commant should read: # Use FastCGI to process .fcg .fcgi & .fpl scripts as long as # mod_fastcgi is not already doing this. mod_fcgid and mod_fastcgi # conflict with each other. # If not mod_fastcgi then use fcgid-script for various fastcgi related # file extensions. cd /etc/httpd/conf/ # make a backup of httpd.conf emacs httpd.conf # Add the lines below, modified for your server. Note that I'm running # Rubymatica via mod_passenger and that config is here as well. This # should be everything you need in httpd.conf for Rubymatica, TAPER, # and the donor survey. # ... clip ... # Use name-based virtual hosting. # NOTE: NameVirtualHost cannot be used without a port specifier # (e.g. :80) if mod_ssl is being used, due to the nature of the # SSL protocol. # The modern way is each vhost is :80 with a different ServerName. # http://httpd.apache.org/docs/current/vhosts/name-based.html NameVirtualHost *:80 LoadModule passenger_module /opt/ruby-enterprise-1.8.7-2011.03/lib/ruby/gems/1.8/gems/passenger-3.0.5/ext/apache2/mod_passenger.so PassengerRoot /opt/ruby-enterprise-1.8.7-2011.03/lib/ruby/gems/1.8/gems/passenger-3.0.5 PassengerRuby /opt/ruby-enterprise-1.8.7-2011.03/bin/ruby <VirtualHost *:80 > ServerName aims.lib.virginia.edu # be sure to point to 'public'! DocumentRoot /home/mst3k/am_ruby/public # setenv RailsEnv production # Based on config/environment.rb the var is all caps, with underscore setenv RAILS_ENV production # default is 3 setenv PassengerLogLevel 5 setenv PassengerUseGlobalQueue on setenv RailsFrameworkSpawnerIdleTime 0 setenv RailsAppSpawnerIdleTime 0 <Directory /home/mst3k/am_ruby/public > # relax Apache security settings AllowOverride all # MultiViews must be turned off Options -MultiViews AuthUserFile /home/mst3k/.htpasswd AuthGroupFile /dev/null AuthName Rubymatica AuthType Basic require valid-user </Directory> </VirtualHost> # Settings for TAPER. Must have mod_fcgid. See also conf.d/fcgid.conf # http://blog.hjksolutions.com/articles/2007/07/19/catalyst-deployment-with-apache-2-and-mod_fcgid <IfModule mod_fcgid.c> Alias /taper/static /home/mst3k/public_html/TAPER/root/static <Location /taper/static> # http://hostname/taper/static/images/leftside_photo_34x342.jpg SetHandler default-handler </Location> Alias /taper /home/mst3k/public_html/TAPER/script/taper_fastcgi.pl/ <Location /taper> Options ExecCGI Order allow,deny Allow from all AddHandler fcgid-script .pl </Location> </IfModule> # end of httpd.conf # as root /etc/init.d/httpd restart exit # Access TAPER via a URL that has /taper as the apparent document root. # http://aims.lib.virginia.edu/taper/ # mod_fcgid knows to run taper_fastcgi.pl due to the Alias above # combined with the "AddHandler fcgid-script .pl" in the Location # directive for /taper. # On the other hand /taper/static is using the default handler, aka # whatever Apache httpd would normally do. This is good because things # like images are simply loaded via httpd without the Catalyst overhead. # The script is running from /home/mst3k/public_html/TAPER/script (the # dir containing taper_fastcgi.pl) and it tried to mkdir run/session/b # in that dir. However, suexec apparently doesn't work with mod_fcgid, # so it fails. "chmod -R go+w ./run" [Tue Apr 12 15:36:16 2011] [warn] [client 128.143.166.245] mod_fcgid: stderr: [error] Caught exception in engine "mkdir run/session/b: Permission denied at /usr/local/lib/perl5/site_perl/5.10.0/Cache/FileBackend.pm line 222", referer: http://aims.lib.virginia.edu/taper/auth/login # Do the chmod as a normal user, not root. See output of id: > id uid=522(mst3k) gid=100(users) groups=100(users) cd ~/public_html/TAPER/script chmod -R go+w ./run # Or put this in your VirtualHost directive: # This works to run scripts from anywhere in document root as a # non-apache user. Coexists fine with mod_passenger and # mod_fcgi. If you want a Rails or Catalyst app to run as a # non-apache user, you'll probably have to use a directory in /var/www. Alias /test /var/www/html/test SuexecUserGroup mst3k users <Directory /var/www/html/test > Options ExecCGI </Directory> # This version of TAPER is essentially a beta release, and has a # couple of small issues. The images are hard coded to come from a # server at tufts.edu. # I copied ./TAPER/root/lib/wrapper to ./TAPER/root/lib/wrapper.dist # and then changed the img src in wrapper.dist to something that is # easy to search and replace like %%images/yadayada.jpg. To make a # "working" version simply copy wrapper.dist to wrapper and do the # substitutions. Here is an example # src="/taper/static/images/tufts_logo_226x78.jpg". You'll need to # download the images with wget or curl. I put my images in # ./TAPER/root/static/images > pwd /home/mst3k/public_html/TAPER/root/static/images > ls -l total 132 -rw-r--r-- 1 mst3k users 341 2011-04-07 15:53 bg_190x15.jpg -rw-r--r-- 1 mst3k users 3826 2011-03-28 16:39 btn_120x50_built.png -rw-r--r-- 1 mst3k users 3681 2011-03-28 16:39 btn_120x50_built_shadow.png -rw-r--r-- 1 mst3k users 3862 2011-03-28 16:39 btn_120x50_powered.png -rw-r--r-- 1 mst3k users 3673 2011-03-28 16:39 btn_120x50_powered_shadow.png -rw-r--r-- 1 mst3k users 2517 2011-03-28 16:39 btn_88x31_built.png -rw-r--r-- 1 mst3k users 2274 2011-03-28 16:39 btn_88x31_built_shadow.png -rw-r--r-- 1 mst3k users 2542 2011-03-28 16:39 btn_88x31_powered.png -rw-r--r-- 1 mst3k users 2304 2011-03-28 16:39 btn_88x31_powered_shadow.png -rw-r--r-- 1 mst3k users 13710 2011-03-28 16:39 catalyst_logo.png -rw-r--r-- 1 mst3k users 43032 2011-04-07 15:53 dca__17.jpg -rw-r--r-- 1 mst3k users 10573 2011-04-07 15:53 leftside_photo_34x342.jpg -rw-r--r-- 1 mst3k users 817 2011-04-07 15:53 logo_bottom_226x26.jpg -rw-r--r-- 1 mst3k users 488 2011-04-07 15:53 site_header_bottom.jpg -rw-r--r-- 1 mst3k users 6653 2011-04-07 15:53 site_header_top.jpg -rw-r--r-- 1 mst3k users 7110 2011-04-07 15:53 tufts_logo_226x78.jpg >
