Difference between revisions of "Install Seon on SLES11"

From Seon
Jump to: navigation, search
(PAM authentification)
 
(12 intermediate revisions by the same user not shown)
Line 9: Line 9:
 
== Add repository ==
 
== Add repository ==
 
For PHP functionality (network socket and Posix support) you need to add a new repository:
 
For PHP functionality (network socket and Posix support) you need to add a new repository:
  zypper addrepo http://download.opensuse.org/repositories/server:/php/SLE_11/ PHP_SLE11
+
  root$ zypper addrepo http://download.opensuse.org/repositories/server:/php/SLE_11/ PHP_SLE11
  
 
== Install requried packages ==
 
== Install requried packages ==
 
Install all needed software (based on a minimal installation, many of these packages may already be installed):
 
Install all needed software (based on a minimal installation, many of these packages may already be installed):
  zypper install apache2-mod_php5 php-bz2 php-mysql php-xmlreader php-xsl php-zip php-zlib \
+
  root$ zypper install apache2-mod_php5 php-bz2 php-mysql php-xmlreader php-xsl php-zip php-zlib \
 
  php5-sockets php5-posix mysql vim iputils zip samba-winbind yast2-kerberos-client glibc-locale glibc-i18ndata libxslt
 
  php5-sockets php5-posix mysql vim iputils zip samba-winbind yast2-kerberos-client glibc-locale glibc-i18ndata libxslt
  
=== Accept repository key ===
+
=== Accept repository key (english) ===
After having added the new repository (see above), you will have to accept its key permanently (with selection "<code>a</code>"):
+
After having added the new repository (see above), you will have to accept its key permanently (with selection "<code>a</code>" for "''always''"):
 
<pre>
 
<pre>
 
New repository or package signing key received:
 
New repository or package signing key received:
Line 28: Line 28:
  
 
Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?] (r): a
 
Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?] (r): a
 +
</pre>
 +
 +
=== Accept repository key (german) ===
 +
After having added the new repository (see above), you will have to accept its key permanently (with selection "<code>i</code>" for "''immer''"):
 +
<pre>
 +
Neuen Signierungsschlüssel für Repository oder Paket erhalten:
 +
Schlüssel-ID: 6FBE9844DDCD7F1A
 +
Schlüsselname: server:php OBS Project <server:php@build.opensuse.org>
 +
Schlüsselfingerabdruck: A7775E2A3428A096CB5050606FBE9844DDCD7F1A
 +
Schlüssel erstellt: Sa 02 Mär 2013 06:17:15 CET
 +
Schlüssel läuft ab: Mo 11 Mai 2015 07:17:15 CEST (expires in 19 days)
 +
Repository: PHP_SLE11
 +
 +
Wollen Sie den Schlüssel (a)bweisen, ihm (t)emporär oder (i)mmer vertrauen? [a/t/i/?] (a): i
 
</pre>
 
</pre>
  
 
== Change PHP configuration ==
 
== Change PHP configuration ==
Edit the file as root.
+
Edit the file as root:
 
  /etc/php5/apache2/php.ini
 
  /etc/php5/apache2/php.ini
 
Change the following configuration values to these values:
 
Change the following configuration values to these values:
Line 39: Line 53:
 
== Start services ==
 
== Start services ==
 
For the installation, you need Apache and MySQL up and running:
 
For the installation, you need Apache and MySQL up and running:
  service apache2 start
+
  root$ service apache2 start
  service mysql start
+
  root$ service mysql start
  
 
== Change the distribution ==
 
== Change the distribution ==
  chown seon /srv/www/htdocs/
+
  root$ chown seon /srv/www/htdocs/
  mkdir /opt/seon
+
  root$ mkdir /opt/seon
  chown seon /opt/seon
+
  root$ chown seon /opt/seon
  chgrp users /etc
+
  root$ chgrp users /etc
  chmod g+w /etc
+
  root$ chmod g+w /etc
  chgrp users /var/log/apache2/
+
  root$ chgrp users /var/log/apache2/
  
 
== Running the installation script ==
 
== Running the installation script ==
 
Download and run the shell installer for Seon:
 
Download and run the shell installer for Seon:
  cd /tmp
+
  seon$ cd /tmp
  wget http://www.seon.de/fileadmin/downloads/seon3_full_pe_Linux-x86-64-MySQL.sh
+
  seon$ wget http://www.seon.de/fileadmin/downloads/seon3_full_pe_Linux-x86-64-MySQL.sh
  sh ./seon3_full_pe_Linux-x86-64-MySQL.sh
+
  seon$ sh ./seon3_full_pe_Linux-x86-64-MySQL.sh
Answer all question according to your needs (possible changed, see above)
+
Answer all question according to your needs (possible changed, see above), the defaults should match your environment if the default is used.
 +
 
 +
== Securing distribution ==
 +
The permissions, which have been changed above, can be reverted to increase security:
 +
root$ chgrp root /etc
 +
root$ chmod 755 /etc
 +
 
 +
Optionally, change the permissions of the Apache logs directory:
 +
root$ chgrp root /var/log/apache2/
 +
 
 +
== PAM authentification ==
 +
If your Seon Webaccess users need PAM authentification (i.e. Microsoft Active Directory), then you need to:
 +
*change permissions of the binary:
 +
/opt/seon/bin/seonclientd
 +
Commands (executed as root):
 +
root$ chown root /opt/seon/bin/seonclientd
 +
root$ chmod +s /opt/seon/bin/seonclientd
 +
*Configure PAM authentification support, as indicated here: [[PAM configuration for Windows Active Directory]]

Latest revision as of 11:11, 21 April 2015

Assumptions

  • Your installation directory for Seon is
/opt/seon
  • The web interfaces will be installed in the default document root directory of Apache:
/srv/www/htdocs
  • The user running the installation is not "root", but "seon" with limited permissions
  • Firewalls and other security measurements are disabled or not installed. (If they are enabled, you have to change them on your own).

Add repository

For PHP functionality (network socket and Posix support) you need to add a new repository:

root$ zypper addrepo http://download.opensuse.org/repositories/server:/php/SLE_11/ PHP_SLE11

Install requried packages

Install all needed software (based on a minimal installation, many of these packages may already be installed):

root$ zypper install apache2-mod_php5 php-bz2 php-mysql php-xmlreader php-xsl php-zip php-zlib \
php5-sockets php5-posix mysql vim iputils zip samba-winbind yast2-kerberos-client glibc-locale glibc-i18ndata libxslt

Accept repository key (english)

After having added the new repository (see above), you will have to accept its key permanently (with selection "a" for "always"):

New repository or package signing key received:
Key ID: 6FBE9844DDCD7F1A
Key Name: server:php OBS Project <server:php@build.opensuse.org>
Key Fingerprint: A7775E2A3428A096CB5050606FBE9844DDCD7F1A
Key Created: Sat Mar  2 06:17:15 2013
Key Expires: Mon May 11 07:17:15 2015 (expires in 19 days)
Repository: PHP_SLE11

Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?] (r): a

Accept repository key (german)

After having added the new repository (see above), you will have to accept its key permanently (with selection "i" for "immer"):

Neuen Signierungsschlüssel für Repository oder Paket erhalten:
Schlüssel-ID: 6FBE9844DDCD7F1A
Schlüsselname: server:php OBS Project <server:php@build.opensuse.org>
Schlüsselfingerabdruck: A7775E2A3428A096CB5050606FBE9844DDCD7F1A
Schlüssel erstellt: Sa 02 Mär 2013 06:17:15 CET
Schlüssel läuft ab: Mo 11 Mai 2015 07:17:15 CEST (expires in 19 days)
Repository: PHP_SLE11

Wollen Sie den Schlüssel (a)bweisen, ihm (t)emporär oder (i)mmer vertrauen? [a/t/i/?] (a): i

Change PHP configuration

Edit the file as root:

/etc/php5/apache2/php.ini

Change the following configuration values to these values:

upload_max_filesize = 128M
post_max_size = 128M

Start services

For the installation, you need Apache and MySQL up and running:

root$ service apache2 start
root$ service mysql start

Change the distribution

root$ chown seon /srv/www/htdocs/
root$ mkdir /opt/seon
root$ chown seon /opt/seon
root$ chgrp users /etc
root$ chmod g+w /etc
root$ chgrp users /var/log/apache2/

Running the installation script

Download and run the shell installer for Seon:

seon$ cd /tmp
seon$ wget http://www.seon.de/fileadmin/downloads/seon3_full_pe_Linux-x86-64-MySQL.sh
seon$ sh ./seon3_full_pe_Linux-x86-64-MySQL.sh

Answer all question according to your needs (possible changed, see above), the defaults should match your environment if the default is used.

Securing distribution

The permissions, which have been changed above, can be reverted to increase security:

root$ chgrp root /etc
root$ chmod 755 /etc

Optionally, change the permissions of the Apache logs directory:

root$ chgrp root /var/log/apache2/

PAM authentification

If your Seon Webaccess users need PAM authentification (i.e. Microsoft Active Directory), then you need to:

  • change permissions of the binary:
/opt/seon/bin/seonclientd

Commands (executed as root):

root$ chown root /opt/seon/bin/seonclientd
root$ chmod +s /opt/seon/bin/seonclientd