Defindit Docs and Howto Home
This page last modified: Apr 13 2011
keywords:tufts,taper,submission,agreement,builder,tool,catalyst,framework,perl,mysql
description:Installing and configuring the original Tufts TAPER Submission Agreement Builder Tool
title:Tufts TAPER SABT install
todo: add a section about editing wrapper to clean up hard coded tufts.edu URLs
How to install Tufts TAPER SABT
-------------------------------
http://sourceforge.net/projects/tutaper/
http://tutaper.svn.sourceforge.net/viewvc/tutaper/
# Forgot to record the original install command. Probably:
svn co https://tutaper.svn.sourceforge.net/svnroot/tutaper tutaper
# To run the web site, I only used the code in the production
# branch. I copied ./tutaper/production/TAPER/ to ~/public_html/
# although any web accessible directory should work.
# Catalyst is huge and it should be installed via yum and/or some
# bundle if possible. Installing via cpan is very time consuming, but
# if the Makefile.PL script works at least it is more or less
# automatic. Unfortunately, Makefile.PL does *not* work under Centos
# 5. The instructions below are for Fedora Linux (FC12). At one point
# during a lengthy cpan install I discovered Task::Catalyst which seems
# to include most of what Catalyst needs.
sudo su -l root
grep -i cpan yum_list.txt
yum -y install perl-CPAN
cd /home/mst3k/tutaper/production/TAPER/
perl Makefile.PL
ls
make
cpan
# After installing Fedora Linux, I always runt a
# "yum list all > yum_list.txt"
# because yum is sooo sloooow in checking the repo databases. When I
# need to know a package name, I grep the yum_list.txt.
grep -i catal yum_list.txt
yum -y install perl-Catalyst-Model-DBIC-Schema.noarch
# as mst3k
script/taper_server.pl
# an error
Base class package "Catalyst::Model::DBIC::Schema" is empty.
# You can run a command with an environment variable prefixing the
# command. I think taper_server.pl also understands -p 3030
TAPER_PORT=3030 script/taper_server.pl
# Don't edit Auth.pm, but the idea is amusing, and it sort of
# works. You could force the authentication conditional to true with 1
# || $c->authentication, but don't do that. Instead add
# userid/password combos to the taper.conf as shown below.
cd /home/mst3k/tutaper/production/TAPER
emacs lib/TAPER/Controller/Auth.pm
# Opps. No MySQL db. I wonder how we create that?
[error] DBIx::Class::ResultSet::search(): DBI Connection failed: DBI
connect('taper','root',...) failed: Can't connect to local MySQL
server through socket '/var/lib/mysql/mysql.sock' (2) at
/usr/local/lib/perl5/site_perl/5.10.0/DBIx/Class/Storage/DBI.pm line
1257
# yum install mysql (or whatever). Before using mysql we have to set
# or reset the mysql root password. By default TAPER connects as root
# with no password. You'll have to edit one of the TAPER source files
# to set a password. Yes, you can set up mysql with no root password,
# and the TAPER mysql login is actually 'root', but don't go
# there. Just do the extra steps and add some proper security.
# The steps below also include building the TAPER sql database. You'll
# need the taper.sql file which I got from the original directory
# where I unpacked TAPER.
> cd tutaper
> find . -name 'taper*.sql' -ls
1221515 8 -rw-r--r-- 1 mst3k users 4921 Nov 29 15:35 ./trunk/sql/taper.sql
1336815 8 -rw-r--r-- 1 mst3k users 4921 Nov 29 15:35 ./production/sql/taper.sql
>
# No password yet, so -p is not needed. Every account needs a
# password, especially root. You must "flush privileges" for the new
# password to take effect. I quit the mysql shell and start again
# just to make sure the privs changed.
mysql -u root
update mysql.user set password=password('foo') where user='root';
flush privileges;
quit;
mysql -u root -p
create database taper;
use taper;
source taper.sql;
show tables;
# The output:
+-----------------+
| Tables_in_taper |
+-----------------+
| office |
| role |
| rsa |
| ssa |
| user |
| user_office |
| user_role |
+-----------------+
7 rows in set (0.00 sec)
# While we are in the db, we need to do some mysql admin tasks.
# The non-root user *must* have two mysql accounts as you'll see
# below. Postgres handles this much better.
# http://dev.mysql.com/doc/refman/5.1/en/adding-users.html
# It is necessary to have both accounts for monty to be able to
# connect from anywhere as monty. Without the localhost account, the
# anonymous-user account for localhost that is created by
# mysql_install_db would take precedence when monty connects from the
# local host. As a result, monty would be treated as an anonymous
# user. The reason for this is that the anonymous-user account has a
# more specific Host column value than the 'monty'@'%' account and
# thus comes earlier in the user table sort order. (user table sorting
# is discussed in Section 5.4.4, \u201cAccess Control, Stage 1:
# Connection Verification\u201d.)
create user 'taper'@'localhost' identified by 'foobarbaz';
grant all privileges on *.* to 'taper'@'localhost' with grant option;
create user 'taper'@'%' identified by 'foobarbaz';
grant all privileges on *.* to 'taper'@'%' with grant option;
select host,user,password from mysql.user;
# The output:
+-----------------------+-------+------------------+
| host | user | password |
+-----------------------+-------+------------------+
| localhost | root | 7a8cd9854ef31c3c |
| aims.lib.example.edu | root | 7a8cd9854ef31c3c |
| 127.0.0.1 | root | 7a8cd9854ef31c3c |
| localhost | | |
| aims.lib.example.edu | | |
| % | taper | 0654d346211e7caf |
+-----------------------+-------+------------------+
6 rows in set (0.00 sec)
flush privileges;
quit;
mysql -u taper taper -p
select * from user;
# The output:
Empty set (0.00 sec)
# Insert one user to be the first TAPER admin.
insert into user (username,first_name,last_name,is_dca) values ('mst3k','Merry', 'Terry',1);
quit;
# Go fix the TAPER source to use a non-root user and password.
cd ./lib/TAPER/Model/
emacs -nw TAPERDB.pm
__PACKAGE__->config(
schema_class => 'TAPER::Schema',
connect_info => [
'dbi:mysql:taper',
'taper',
'foobarbaz'
],
);
# Test any mysql userid and privilege changes by adding a new TAPER
# user from the TAPER web pages, which reads and writes the db. (At
# least I'm fairly certain it reads and writes the db.)
# After this, login to taper as mst3k, "DCA TAPER Tools", "Manage
# Users", "Click here to add a new user." This adds the new user to
# the database. If you don't do this, a user can login, but they get
# the "You are logged in but you aren't approved" or something like
# that.
# Edit taper.conf and change ldap stuff to use a user auth store in
# the conf file. This is based on the Catalyst authentication CPAN docs.
<authentication>
default_realm local
<realms>
<local>
<credential>
class Password
password_field password
password_type clear
</credential>
<store>
class Minimal
<users>
<mst3k>
password="foobarbaz"
</mst3k>
</users>
</store>
</local>
</realms>
</authentication>
# quick command line test for TAPER. (No. Catalyst apps require
# mod_perl or mod_fastcgi.) taper w/apache or at command line.
HTTP_HOST=localhost REMOTE_ADDR=aims.lib.example.edu SERVER_PORT=80 script/taper_cgi.pl
REQUEST_METHOD=GET HTTP_HOST=localhost REMOTE_ADDR=aims.lib.example.edu SERVER_PORT=80 script/taper_cgi.pl
# If you have Apache httpd running with UserDir enabled and user
# public_html is allowed to ExecCGI, then you can probably use a URL
# like the one below to run TAPER. I've only got one virtual host and
# it is devoted to a Rails application. I suppose I should ask our
# hostmaster for another hostname, but for now I'm perfectly happy
# hosting out of a public_html directory. The script taper_cgi.pl is
# very, very slow apparently due to the Catalyst overhead. Yes, the
# second URL has a trailing / (slash).
http://aims.lib.example.edu/~mst3k/TAPER/script/taper_cgi.pl/auth/login
http://aims.lib.example.edu/~mst3k/TAPER/script/taper_cgi.pl/
# If you get "Page not found" then you probably forgot the trailing
# slash. This interesting URL format is due to Catalyst.
# The line below probably runs the server with verbose debugging
# output. Probably useful if your installation isn't quite running
# right.
perl -MCarp=verbose script/taper_server.pl -p 3030
# I don't think I did any of the stuff below. This probably comes from
# some web page on how to reset the root password for mysql.
[root@tull ~]# man mysqld_safe
[root@tull ~]# mysqld_safe --init-file=mysql_reset.sql
101201 11:29:44 mysqld_safe Logging to '/var/log/mysqld.log'.
101201 11:29:44 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
101201 11:29:49 mysqld_safe mysqld from pid file /var/run/mysqld/mysqld.pid ended
[root@tull ~]# /etc/init.d/mysqld start
Starting MySQL: [ OK ]
[root@tull ~]# cat mysql_reset.sql
UPDATE mysql.user SET Password=PASSWORD('foo') WHERE User='root';
FLUSH PRIVILEGES;
[root@tull ~]#
# Now that TAPER runs with the taper_script.pl script it is time to
# get it running under Apache httpd with mod_fcgid. TAPER was not
# intended to use mod_perl and it works very poorly. There are rumors
# that mod_fastcgi is deprecated. Since I have to run TAPER on both a
# Fedora Core Linux server and a Centos Linux server I chose mod_fcgid
# which has yum packages.
# On Centos I installed the fcgi package. I didn't install this on
# Fedora Linux and I'm pretty sure fcgi is not required.
sudo su -l root
yum -y install mod_fcgid
# Now you'll have a file /etc/httpd/conf.d/fcgid.conf. If you have
# Centos, then you have the old version of this file. It works fine,
# but the commant should read:
# Use FastCGI to process .fcg .fcgi & .fpl scripts as long as
# mod_fastcgi is not already doing this. mod_fcgid and mod_fastcgi
# conflict with each other.
# If not mod_fastcgi then use fcgid-script for various fastcgi related
# file extensions.
cd /etc/httpd/conf/
# make a backup of httpd.conf
emacs httpd.conf
# Add the lines below, modified for your server. Note that I'm running
# Rubymatica via mod_passenger and that config is here as well. This
# should be everything you need in httpd.conf for Rubymatica, TAPER,
# and the donor survey.
# ... clip ...
# Use name-based virtual hosting.
# NOTE: NameVirtualHost cannot be used without a port specifier
# (e.g. :80) if mod_ssl is being used, due to the nature of the
# SSL protocol.
# The modern way is each vhost is :80 with a different ServerName.
# http://httpd.apache.org/docs/current/vhosts/name-based.html
NameVirtualHost *:80
LoadModule passenger_module /opt/ruby-enterprise-1.8.7-2011.03/lib/ruby/gems/1.8/gems/passenger-3.0.5/ext/apache2/mod_passenger.so
PassengerRoot /opt/ruby-enterprise-1.8.7-2011.03/lib/ruby/gems/1.8/gems/passenger-3.0.5
PassengerRuby /opt/ruby-enterprise-1.8.7-2011.03/bin/ruby
<VirtualHost *:80 >
ServerName aims.lib.virginia.edu
# be sure to point to 'public'!
DocumentRoot /home/mst3k/am_ruby/public
# setenv RailsEnv production
# Based on config/environment.rb the var is all caps, with underscore
setenv RAILS_ENV production
# default is 3
setenv PassengerLogLevel 5
setenv PassengerUseGlobalQueue on
setenv RailsFrameworkSpawnerIdleTime 0
setenv RailsAppSpawnerIdleTime 0
<Directory /home/mst3k/am_ruby/public >
# relax Apache security settings
AllowOverride all
# MultiViews must be turned off
Options -MultiViews
AuthUserFile /home/mst3k/.htpasswd
AuthGroupFile /dev/null
AuthName Rubymatica
AuthType Basic
require valid-user
</Directory>
</VirtualHost>
# Settings for TAPER. Must have mod_fcgid. See also conf.d/fcgid.conf
# http://blog.hjksolutions.com/articles/2007/07/19/catalyst-deployment-with-apache-2-and-mod_fcgid
<IfModule mod_fcgid.c>
Alias /taper/static /home/mst3k/public_html/TAPER/root/static
<Location /taper/static>
# http://hostname/taper/static/images/leftside_photo_34x342.jpg
SetHandler default-handler
</Location>
Alias /taper /home/mst3k/public_html/TAPER/script/taper_fastcgi.pl/
<Location /taper>
Options ExecCGI
Order allow,deny
Allow from all
AddHandler fcgid-script .pl
</Location>
</IfModule>
# end of httpd.conf
# as root
/etc/init.d/httpd restart
exit
# Access TAPER via a URL that has /taper as the apparent document root.
# http://aims.lib.virginia.edu/taper/
# mod_fcgid knows to run taper_fastcgi.pl due to the Alias above
# combined with the "AddHandler fcgid-script .pl" in the Location
# directive for /taper.
# On the other hand /taper/static is using the default handler, aka
# whatever Apache httpd would normally do. This is good because things
# like images are simply loaded via httpd without the Catalyst overhead.
# The script is running from /home/mst3k/public_html/TAPER/script (the
# dir containing taper_fastcgi.pl) and it tried to mkdir run/session/b
# in that dir. However, suexec apparently doesn't work with mod_fcgid,
# so it fails. "chmod -R go+w ./run"
[Tue Apr 12 15:36:16 2011] [warn] [client 128.143.166.245] mod_fcgid: stderr: [error] Caught exception in engine "mkdir run/session/b: Permission denied at /usr/local/lib/perl5/site_perl/5.10.0/Cache/FileBackend.pm line 222", referer: http://aims.lib.virginia.edu/taper/auth/login
# Do the chmod as a normal user, not root. See output of id:
> id
uid=522(mst3k) gid=100(users) groups=100(users)
cd ~/public_html/TAPER/script
chmod -R go+w ./run
# Or put this in your VirtualHost directive:
# This works to run scripts from anywhere in document root as a
# non-apache user. Coexists fine with mod_passenger and
# mod_fcgi. If you want a Rails or Catalyst app to run as a
# non-apache user, you'll probably have to use a directory in /var/www.
Alias /test /var/www/html/test
SuexecUserGroup mst3k users
<Directory /var/www/html/test >
Options ExecCGI
</Directory>
# This version of TAPER is essentially a beta release, and has a
# couple of small issues. The images are hard coded to come from a
# server at tufts.edu.
# I copied ./TAPER/root/lib/wrapper to ./TAPER/root/lib/wrapper.dist
# and then changed the img src in wrapper.dist to something that is
# easy to search and replace like %%images/yadayada.jpg. To make a
# "working" version simply copy wrapper.dist to wrapper and do the
# substitutions. Here is an example
# src="/taper/static/images/tufts_logo_226x78.jpg". You'll need to
# download the images with wget or curl. I put my images in
# ./TAPER/root/static/images
> pwd
/home/mst3k/public_html/TAPER/root/static/images
> ls -l
total 132
-rw-r--r-- 1 mst3k users 341 2011-04-07 15:53 bg_190x15.jpg
-rw-r--r-- 1 mst3k users 3826 2011-03-28 16:39 btn_120x50_built.png
-rw-r--r-- 1 mst3k users 3681 2011-03-28 16:39 btn_120x50_built_shadow.png
-rw-r--r-- 1 mst3k users 3862 2011-03-28 16:39 btn_120x50_powered.png
-rw-r--r-- 1 mst3k users 3673 2011-03-28 16:39 btn_120x50_powered_shadow.png
-rw-r--r-- 1 mst3k users 2517 2011-03-28 16:39 btn_88x31_built.png
-rw-r--r-- 1 mst3k users 2274 2011-03-28 16:39 btn_88x31_built_shadow.png
-rw-r--r-- 1 mst3k users 2542 2011-03-28 16:39 btn_88x31_powered.png
-rw-r--r-- 1 mst3k users 2304 2011-03-28 16:39 btn_88x31_powered_shadow.png
-rw-r--r-- 1 mst3k users 13710 2011-03-28 16:39 catalyst_logo.png
-rw-r--r-- 1 mst3k users 43032 2011-04-07 15:53 dca__17.jpg
-rw-r--r-- 1 mst3k users 10573 2011-04-07 15:53 leftside_photo_34x342.jpg
-rw-r--r-- 1 mst3k users 817 2011-04-07 15:53 logo_bottom_226x26.jpg
-rw-r--r-- 1 mst3k users 488 2011-04-07 15:53 site_header_bottom.jpg
-rw-r--r-- 1 mst3k users 6653 2011-04-07 15:53 site_header_top.jpg
-rw-r--r-- 1 mst3k users 7110 2011-04-07 15:53 tufts_logo_226x78.jpg
>
