DebianEdu/CipUX/FromScratch
This quide is for developers or tester or people who would like to see the new feature of CipUX.
This page is divided into 2 sections:
- Debian-Edu (written by Jever)
- Debian (written by C14r)
The common sense of this page is, that the installation is described including building the packages from the SVN.
Debian Edu
Based on a fresh install of debian-edu daily-build etch-test (2006-12-28)
DO NOT USE THIS INSTRUCTION! -- Setuproutines are in rewriting progress --
THIS DOCUMENT WILL BE REWRITTEN SOON
Preliminaries
First we need to update and upgrade our server and then also need some more packages installed. Therefor the sources.list has to be edited for getting access to the mirrors out in the internet.
tjener:~# vim /etc/apt/sources.list # # deb cdrom:[Debian GNU/Linux edu _Etch_ - Unofficial i386 Binary-1 (20061228)]/ etch contrib local main non-free # delete the next following row #deb cdrom:[Debian GNU/Linux edu _Etch_ - Unofficial i386 Binary-1 (20061228)]/ etch contrib local main non-free deb http://security.debian.org/ etch/updates main contrib non-free #<---- uncomment this here ### Use (by uncommenting) either http or ftp, NOT both ### http based apt source: ---------------- deb http://ftp.debian.org/debian/ etch main contrib non-free #<---- uncomment this here deb http://ftp.skolelinux.org/skolelinux/ etch local #<---- uncomment this here ### ftp based apt source: ----------------- # deb ftp://ftp.debian.org/debian/ etch main contrib non-free # deb ftp://ftp.skolelinux.org/skolelinux/ etch local # # Volatile Sources, read http://volatile.debian.net/ for details # deb http://volatile.debian.net/debian-volatile etch/volatile main contrib non-free tjener:~# aptitude update tjener:~# aptitude upgrade
Now we can get the needed additional packages.
tjener:~# aptitude -r install devscripts pbuilder gnupg debarchiver debhelper lintian screen nmap libdate-calc-perl libquota-perl libtie-ixhash-perl libbit-vector-perl libcarp-clan-perl libfrontier-rpc-perl stunnel4 libcrypt-ssleay-perl libauthen-simple-perl libauthen-simple-pam-perl dialog python-subversion rcs subversion subversion-tools svn-buildpackage libterm-readkey-perl libcgi-formbuilder-perl tjener:~#
Adding an additional user
On a fresh installed debian-edu etch-test there is only user root, so we have to add a new one for later use at package building state. We can use any name we like, or if we want to become a developer we should register and take that name (Example: yourname-guest) for the check out.
tjener:~# cd /skole/tjener
tjener:/skole/tjener# adduser jever
Lege Benutzer »jever« an ...
Lege neue Gruppe »jever« (1000) an ...
Lege neuen Benutzer »jever« (1000) mit Gruppe »jever« an ...
Erstelle Home-Verzeichnis »/skole/tjener/home0/jever« ...
Kopiere Dateien aus »/etc/skel« ...
Enter new UNIX password:
Retype new UNIX password:
passwd: Kennwort erfolgreich geändert
Ändere Benutzerinformationen für jever
Geben Sie einen neuen Wert an oder ENTER für den Standardwert
Name []:
Raumnummer []:
Telefon geschäftlich []:
Telefon privat []:
Sonstiges []:
Sind die Informationen korrekt? [j/N] j
tjener:/skole/tjener# su jever
jever@tjener:/skole/tjener$
Creating directory structure and filling it with svn working copy
After adding our new user we create the directory structure for our working copy of the cipux svn. It seems to be a good place at /skole/tjener, because there is enough hdd-space.
jever@tjener:/skole/tjener$ mkdir daten jever@tjener:/skole/tjener$ cd daten jever@tjener:/skole/tjener/daten$ mkdir cipux-devel jever@tjener:/skole/tjener/daten$ cd cipux-devel
If done that, we can switch to the directory and checkout the repository.
- As developer we do (change LOGIN to our name, example: yourname-guest)
jever@tjener:/skole/tjener/daten/cipux-devel$ svn co svn+ssh://LOGIN@svn.debian.org/svn/cipux/trunk/cipux-core
we type serveral times our password ...
Password: A trunk/notifier A trunk/notifier/src A trunk/... Checked out revision 555. jever@tjener:/skole/tjener/daten/cipux-devel$
- OR as anonymous, we do:
svn co svn://svn.debian.org/svn/cipux/trunk/cipux-core A trunk/notifier A trunk/notifier/src A trunk/notifier/src/cipux_notifier.pl A trunk/notifier/src/etc ... A trunk/client/src/sbin/cipux_client.pl A trunk/client/Makefile Checked out revision 555.
Building packages out of svn working copy
All seems fine, so we can build our wanted packages out of the downloaded svn trunk.
jever@tjener:/skole/tjener/daten/cipux-devel$ cd trunk jever@tjener:/skole/tjener/daten/cipux-devel$ cd cipux-core jever@tjener:/skole/tjener/daten/cipux-devel$ export LC_ALL=C jever@tjener:/skole/tjener/daten/cipux-devel$ export LANG=C jever@tjener:/skole/tjener/daten/cipux-devel/trunk/cipux-core$ svn-buildpackage -rfakeroot --svn-verbose --svn-lintian fakeroot debian/rules clean || debian/rules clean dh_testdir dh_testroot rm -f build-arch-stamp build-indep-stamp #CONFIGURE-STAMP# /usr/bin/make clean make[1]: Entering directory `/skole/tjener/daten/cipux-devel/trunk/cipux-core' ... jever@tjener:/skole/tjener/daten/cipux-devel/trunk/cipux-core$ cd ../../build-area jever@tjener:/skole/tjener/daten/cipux-devel/build-area$ ls -al insgesamt 29771 drwxr-xr-x 2 lehrer lehrer 1024 2006-12-10 19:55 . drwxr-xr-x 4 lehrer lehrer 1024 2006-12-10 19:33 .. -rw-r--r-- 1 lehrer lehrer 452 2006-12-10 19:34 cipux_3.2.11-1.dsc -rw-r--r-- 1 lehrer lehrer 7293 2006-12-10 19:55 cipux_3.2.11-1_i386.changes -rw-r--r-- 1 lehrer lehrer 17766471 2006-12-10 19:34 cipux_3.2.11-1.tar.gz -rw-r--r-- 1 lehrer lehrer 48872 2006-12-10 19:54 cipux-cat-web_3.2.11-1_all.deb -rw-r--r-- 1 lehrer lehrer 124300 2006-12-10 19:54 cipux-cat-webmin_3.2.11-1_all.deb -rw-r--r-- 1 lehrer lehrer 493026 2006-12-10 19:54 cipux-cibot_3.2.11-1_all.deb -rw-r--r-- 1 lehrer lehrer 11728 2006-12-10 19:54 cipux-client_3.2.11-1_all.deb -rw-r--r-- 1 lehrer lehrer 22494 2006-12-10 19:54 cipux-common_3.2.11-1_all.deb -rw-r--r-- 1 lehrer lehrer 11816164 2006-12-10 19:54 cipux-deploy_3.2.11-1_all.deb -rw-r--r-- 1 lehrer lehrer 11250 2006-12-10 19:54 cipux-notifier_3.2.11-1_all.deb -rw-r--r-- 1 lehrer lehrer 6500 2006-12-10 19:54 cipux-profile_3.2.11-1_all.deb -rw-r--r-- 1 lehrer lehrer 27048 2006-12-10 19:54 cipux-rpc_3.2.11-1_all.deb -rw-r--r-- 1 lehrer lehrer 13488 2006-12-10 19:54 cipux-samba_3.2.11-1_all.deb lehrer@tjener:/skole/tjener/daten/cipux-devel/build-area$
remark from h01ger: this page is correct, sorry. just the html view is/was confusing 
I added a linebreak above now to make it clearer..
Doing some configuration before installing the deb's
Backing up the LDAP Server
tjener:/# /etc/init.d/slapd stop
tjener:/# mkdir -p /skole/backup
tjener:/# tar cvzf /skole/backup/tmp_backup_ldap.tar.gz /var/lib/ldap
tjener:/# /etc/init.d/slapd start
tjener:/# /etc/init.d/slapd stop
tjener:/# /etc/init.d/slapd start
- Check if the LDAP server starts
Installing the first deb's
- To get the first deb's installed do the following:
tjener:/skole/tjener/daten/cipux-devel/build-area# dpkg -i cipux-common_3.2.11-1_all.deb Wähle vormals abgewähltes Paket cipux-common. (Lese Datenbank ... 81609 Dateien und Verzeichnisse sind derzeit installiert.) Entpacke cipux-common (aus cipux-common_3.2.11-1_all.deb) ... Richte cipux-common ein (3.2.11-1) ... tjener:/skole/tjener/daten/cipux-devel/build-area# dpkg -i cipux-cibot_3.2.11-1_all.deb Wähle vormals abgewähltes Paket cipux-cibot. (Lese Datenbank ... 81624 Dateien und Verzeichnisse sind derzeit installiert.) Entpacke cipux-cibot (aus cipux-cibot_3.2.11-1_all.deb) ... Richte cipux-cibot ein (3.2.11-1) ...
Populate the LDAP Server
- Change the LDAP database by setting up the according CipUX structures. This is the most challenging task in the process and may not be easily reversible! Execute the following command:
tjener:/usr/lib/cipux/sbin# ./cipux_setup -s
- If an error occurs during the run of cipux_setup, you should correct it. If it is not obvious what error occurred and how to solve it, you might run:
tjener:/usr/lib/cipux/sbin# ./cipux_maint_diagnostic
Install the other CipUX Packages
Install cipux-rcp
tjener:/skole/tjener/daten/cipux-devel/build-area# dpkg -i cipux-rpc_3.2.11-1_all.deb
Install cipux-cat-web
- For installing cipux-cat-web we have to enable ssl support for the apache2 webserver. Therefor we first have to create a certificate and edit the default server site of tjener's apache2. First we create a new folder. Then we change into it. There we create our certificates, which are neceassary for using our apache2 with ssl. After that we edit some confs and restart our apache.
tjener:/etc/apache2/# mkdir ssl tjener:/etc/apache2/# cd ssl tjener:/etc/apache2/ssl/# openssl req -new -x509 -nodes -out tjener.crt -keyout tjener.key Generating a 1024 bit RSA private key ..........................++++++ ....++++++ writing new private key to 'tjener.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:DE State or Province Name (full name) [Some-State]:Nordrhein-Westfalen Locality Name (eg, city) []:Bielefeld Organization Name (eg, company) [Internet Widgits Pty Ltd]:jever's testcenter Organizational Unit Name (eg, section) []:IT Common Name (eg, YOUR name) []:Jürgen Leibner Email Address []:juergen@leibner-net.de tjener:/etc/apache2/ssl# l insgesamt 3 -rw-r--r-- 1 root root 1415 2006-12-16 21:32 tjener.crt -rw-r--r-- 1 root root 891 2006-12-16 21:32 tjener.key
- Now when we have got the certificates we need, we can go ahead to edit the confs. First we do:
tjener:/etc/apache2/ssl/# cd .. tjener:/etc/apache2/# echo -n 'Listen 443' > ports.conf
- Then we edit the default site configuration file.
tjener:/etc/apache2/# vim sites-enabled/000-default
NameVirtualHost *
<VirtualHost *>
ServerAdmin webmaster@localhost
SSLEngine On <---- Put this in here
SSLCipherSuite HIGH:MEDIUM <---- Put this in here
SSLCertificateFile /etc/apache2/ssl/tjener.crt <---- Put this in here
SSLCertificateKeyFile /etc/apache2/ssl/tjener.key <---- Put this in here
DocumentRoot /var/www/
<Directory />
...
- Now we can restart our apache2 and test if https function well with:
tjener:/etc/apache2/# /etc/init.d/apache2 restart * Forcing reload of web server (apache2)... [ ok ] tjener:/etc/apache2/#
You can test it by typing in your browser: https://tjener/ It asks you to accept the certificate and to verify it. If you accept, it shows you the default site. At this point all is ready for install cipux-cat-web. So we can now install it.
tjener:/skole/tjener/daten/cipux-devel/dpkg -i cipux-cat-web_3.2.11.dfsg1-1_all.deb
Fetch your browser again and type in https://tjener/cipux/cat/ There should be the loginscreen. You might now want to login with cipadmin and his password.
...
.. to be continued soon after having a pizza and a beer (jever)
Debian
CipUX from scratch for (plain) Debian etch for devlopers
Preliminaries
- working debian etch
- internet connection
- ping machine-name should work
- do not use a domain
Step Through Guide
(1) create cipux dir
root@etch: mkdir -p /home/cipux
(2) add user and group
root@etch: groupadd cipdevel
root@etch: useradd -d /home/cipdevel -g cipdevel -s /bin/bash -m cipdevel
(3) install needed software
root@etch: export LANG=C
root@etch: aptitude update
root@etch: aptitude install subversion svn-buildpackage debhelper libterm-readkey-perl liblocale-po-perl lintian
(4) become cipdevel
root@etch: su - cipdevel
cipdevel@etch: export LANG=C
(5) check out the SVN
cipdevel@etch: svn co svn+ssh://LOGIN@svn.debian.org/svn/cipux/trunk/cipux-core
enter 2x or more time 
your password on alioth.debian.org
(6) Build the packages
cipdevel@etch: cd /home/cipdevel/cipux-core
cipdevel@etch: svn-buildpackage -rfakeroot --svn-verbose --svn-lintian
(7) Build small repository
copy this script to /home/cipdevel and run this script from this directory
#!/bin/bash export LANG=C export LC_ALL=C if [ -d $HOME/debs ]; then rm -rf $HOME/debs fi mkdir $HOME/debs && cp -a $HOME/build-area/* $HOME/debs && echo '' > $HOME/override.txt && cd $HOME && dpkg-scanpackages debs override.txt |gzip -f9 > debs/Packages.gz
add as root this to you /etc/apt/sources.list
deb file:/home/cipdevel debs/
(8) Install LDAP
Developer should install the LDAP seperately, to ensure that it will not be remove, if CipUX is removed. Make also a bakcup of you database.
root@etch: aptitude update
root@etch: aptitude install slapd
make a backup!
root@etch: /etc/init.d/slapd stop
root@etch: tar cvzf /root/ldap-backup-db.tgz /var/lib/ldap
root@etch: tar cvzf /root/ldap-backup-etc.tgz /etc/ldap
root@etch: /etc/init.d/slapd start
Check if this is running
root@etch: ps ax|grep slapd
20890 ? Ssl 0:00 /usr/sbin/slapd -g openldap -u openldap
20893 ttyp0 S+ 0:00 grep slap
- ibnss-ldap libpam-ldap
root@etch: aptitude install libnss-ldap libpam-ldap
Questions (libnss-ldap):
- - During installation of libnss-ldap, you will be ask for the URI.
ldap://127.0.0.1/
- - Distinguished name of the search base: (if you not have an hostname)
- Otherwise use slapcat to find that out.
dc=nodomain
- - LDAP version: 3
* LDAP account for root:
cn=admin,dc=nodomain
root@etch: cp /etc/nsswitch.conf /etc/nsswitch.conf.original
change the lines /etc/nsswitch.conf
passwd: compat group: compat shadow: compat
to
passwd: compat ldap group: compat ldap shadow: compat ldap
For this to work, you have to have a resolveable hostname
Questions (libpam-ldap):
- - LDAP account for root:
cn=admin,dc=nodomain
root@etch: aptitude install nscd
(9) Install CipUX
root@etch: aptitude update
root@etch: aptitude install cipux-common cipux-cibot
date > /etc/cipux/package/cipux-cibot export LANG=C export LC_ALL=C root@etch: /usr/share/cipux/sbin/cipux_setup -sD
Test with
id cipadmin
root@etch: aptitude install cipux-rpc
Test with (login cipadmin)
cipux_rpc
If you want to use cipux-cat-web
root@etch: aptitude install cipux-cat-web apache2
goto URL and login as cipadmin
http://localhost/cipux-cat-web
script for doing this automatically
#!/bin/bash export LANG=C export LC_ALL=C echo "install CipUX on debian etch" mkdir -p /home/cipux groupadd cipdevel useradd -d /home/cipdevel -g cipdevel -s /bin/bash -m cipdevel echo "enter new password for user cipdevel" passwd cipdevel aptitude update aptitude install ssh subversion svn-buildpackage debhelper libterm-readkey-perl liblocale-po-perl lintian ssh cipdevel@localhost "export LANG=C; svn co svn://svn.debian.org/svn/cipux/trunk/cipux-core" ssh cipdevel@localhost "export LANG=C; cd /home/cipdevel/cipux-core && svn-buildpackage -rfakeroot --svn-verbose --svn-lintian" ssh cipdevel@localhost "export LANG=C; export LC_ALL=C; if [ -d /home/cipdevel/debs ]; then rm -rf /home/cipdevel/debs; fi; mkdir /home/cipdevel/debs && cp -a /home/cipdevel/build-area/* /home/cipdevel/debs && echo '' > /home/cipdevel/override.txt && cd /home/cipdevel && dpkg-scanpackages debs override.txt |gzip -f9 > debs/Packages.gz" echo "deb file:/home/cipdevel debs/" >> /etc/apt/sources.list aptitude install slapd /etc/init.d/slapd stop tar cvzf /root/ldap-backup-db.tgz /var/lib/ldap tar cvzf /root/ldap-backup-etc.tgz /etc/ldap /etc/init.d/slapd start echo "Testing LDAP" ps ax|grep slapd aptitude install libnss-ldap libpam-ldap cp /etc/nsswitch.conf /etc/nsswitch.conf.original FILE=/etc/nsswitch.conf sed -i -e 's/passwd: compat/passwd: compat ldap/g' $FILE sed -i -e 's/group: compat/group: compat ldap/g' $FILE sed -i -e 's/shadow: compat/shadow: compat ldap/g' $FILE aptitude install nscd aptitude update aptitude install cipux-common cipux-cibot date > /etc/cipux/package/cipux-cibot /usr/share/cipux/sbin/cipux_setup -sD id cipadmin # uid=10008(cipadmin) gid=10008(cipadmin) groups=10008(cipadmin),... aptitude install cipux-rpc echo "login as cipadmin:" cipux_rpc aptitude install cipux-cat-web apache2 echo "goto URL http://localhost/cipux-cat-web"
on a virtual Etch:
real 12m20.235s user 0m59.636s sys 0m15.249s