Changes between Version 57 and Version 58 of ServerIntro


Ignore:
Timestamp:
Oct 8, 2010, 1:56:41 AM (12 years ago)
Author:
Ageless
Comment:

correcting language, adding link.

Legend:

Unmodified
Added
Removed
Modified
  • ServerIntro

    v57 v58  
    22
    33= Setting up a BOINC server = #ServerIntro
    4 
    54== Hardware ==
    6 
    7 For experimentation and debugging, you can use almost any computer as a BOINC server.
    8 Before deploying a project more widely,
    9 make sure that your server has adequate performance, availability, and security.
    10 Some factors:
     5For experimentation and debugging, you can use almost any computer as a BOINC server. Before deploying a project more widely, make sure that your server has adequate performance, availability, and security. Some factors:
     6
    117 * Your Internet connection should have adequate performance and reliability.  Your server must have a static IP address.
    128 * Your server should have good CPU speed(dual Xeon or Opteron), at least 2 GB of RAM, and at least 40 GB of free disk space.  For a high-traffic project, use a machine with 8 GB of RAM or more, and 64-bit processors.
     
    1511 * Make it secure; turn off any unneeded network services, especially those that use plaintext passwords (like FTP or Telnet).
    1612
    17 Info on increasing capacity and reliability is [MultiHost here].
    18 
    19 Another approach - which eliminates both hardware and software issues - is to
    20 deploy a BOINC server on the [CloudServer Amazon Elastic Computing Cloud].
     13Info on increasing capacity and reliability is [wiki:MultiHost here].
     14
     15Another approach - which eliminates both hardware and software issues - is to deploy a BOINC server on the [wiki:CloudServer Amazon Elastic Computing Cloud].
    2116
    2217== Software ==
    23 
    2418There are several ways to deploy the BOINC server software:
    2519
    26  * The easiest way to set up a BOINC server is to use a [VmServer BOINC server VM] that we've created for that purpose, with all the necessary software already installed. You can run this virtual machine using the [http://www.vmware.com/download/player/ VMWare player] and any Intel-based computer (Windows, Linux, or Mac OS X).  If you take this approach, skip the rest of this page.
     20 * The easiest way to set up a BOINC server is to use a [wiki:VmServer BOINC server VM] that we've created for that purpose, with all the necessary software already installed. You can run this virtual machine using the [http://www.vmware.com/download/player/ VMWare player] on any Intel-based computer (Windows, Linux, or Mac OS X).  If you take this approach, skip the rest of this page.
    2721
    2822 * A BOINC server package is available for [http://wiki.debian.org/BOINC/Server Debian]. If anyone is interested in helping maintaining a boinc-server package for Debian, please contact [[T(MailHide|pkg-boinc-devel mailing list|k=01DcXFH1P8cFLSDzIkmj5Z9A==&c=xLJ3Vs4jGjPEMhQUlAORIMssfyWsPVJMsYbkm_MGpkMWajpOBmWoSZKi_KXPiqPa)]].
     
    3327=== Groups and permissions === #permissions
    3428BOINC server programs run as two different users:
     29
    3530 * The scheduler and file upload handler are CGI programs, so they run as the same user as the web server (on Fedora this is user '`apache`'; on Debian it's '`www-data`').
    36  * BOINC daemons runs as whoever created the project (let's say user '`boincadm`', group '`boinc`'). '''Do not run BOINC daemons (or anything else) as root'''.
    37 
    38 By default, the directories created by user `apache` are not world-writable. This causes problems: for example, when the file upload handler creates a directory in the [DirHierarchy upload hierarchy], it's owned by (`apache`, `apache`), and the [FileDeleter file deleter] (which runs as `boincadm`) won't be able to delete the files there.
     31 * BOINC daemons run as whoever created the project (let's say user '`boincadm`', group '`boinc`'). '''Do not run BOINC daemons (or anything else) as root'''.
     32
     33By default, the directories created by user `apache` are not world-writable. This causes problems: for example, when the file upload handler creates a directory in the [wiki:DirHierarchy upload hierarchy], it's owned by (`apache`, `apache`), and the [wiki:FileDeleter file deleter] (which runs as `boincadm`) won't be able to delete the files there.
    3934
    4035To solve this problem, edit `/etc/group` so that `apache` belongs to group `boinc`, i.e. the line:
     
    4439}}}
    4540becomes:
     41
    4642{{{
    4743boinc:x:566:apache
     
    4945(Apache will need to be stopped/restarted for this to take effect.)
    5046
    51 Both `boincadm` and `apache` should have umasks that allow group read and write.
     47Both `boincadm` and `apache` should have [http://www.slackwiki.org/Permissions_and_Umasks umasks] that allow group read and write.
     48
    5249{{{
    5350#!comment That umask thing needs to be clarified; I had to go see an old version of GroupPermissions to see how umasks were set. Umasks are "inverted", that makes them hard to understand (they mark permissions to UNset).
    5451}}}
    55 
    56 When you create a BOINC project using [MakeProject make_project], the critical directories are owned by `boincadm` and have the set-GID bit set; this means that any directories or files created by `apache` in those directories will have group `boinc` (not group `apache`). The BOINC software makes all directories group read/write. Thus, both `apache` and `boinc` will have read/write access to all directories and files, but other users will have no access.
     52When you create a BOINC project using [wiki:MakeProject make_project], the critical directories are owned by `boincadm` and have the set-GID bit set; this means that any directories or files created by `apache` in those directories will have group `boinc` (not group `apache`). The BOINC software makes all directories group read/write. Thus, both `apache` and `boinc` will have read/write access to all directories and files, but other users will have no access.
    5753
    5854To fix permissions on an existing project, do:
     
    6662chmod 02770 html/user_profile
    6763}}}
    68 
    6964You may also need to change the ownership of these directories and all their subdirectories to `boincadm/boinc`.  If you're running several projects on the same server and want to isolate them from each other, you can create a different user and group for each project, and add `apache` to all of the groups.
    7065
     
    7267
    7368=== Installing BOINC software === #installing
    74  * Download and install the needed [SoftwarePrereqsUnix software prerequisites].
    75  * [SourceCode Download] the BOINC software.
    76  * [BuildSystem Configure and build] the BOINC software.
     69 * Download and install the needed [wiki:SoftwarePrereqsUnix software prerequisites].
     70 * [wiki:SourceCode Download] the BOINC software.
     71 * [wiki:BuildSystem Configure and build] the BOINC software.
    7772
    7873=== Operating system configuration === #OS-config
     
    9186 * You'll need to back up your database. Generally this requires stopping the project, making a copy or snapshot, and restarting. An example is [//mysql_backup.txt here].
    9287 * BOINC gets MySQL compiler and linker flags from a program called `mysql_config` which comes with your MySQL distribution. This sometimes references libraries that are not part of your base system installation, such as `-lnsl` or `-lnss_files`. You may need to install additional packages (often you can use something called 'mysql-dev' or 'mysql-devel') or fiddle with Makefiles.
    93  * MySQL can be the bottleneck in a BOINC server. To optimize its performance, read about [MysqlConfig configuring MySQL for BOINC].
     88 * MySQL can be the bottleneck in a BOINC server. To optimize its performance, read about [wiki:MysqlConfig configuring MySQL for BOINC].
    9489 * [//mysql_cluster.txt Notes on running MySQL on a cluster].
    9590
     
    10499DefaultType application/octet-stream
    105100}}}
    106 
    107101To limit denial-of-service attacks, we recommend turning off directory indexing by adding `-Indexes` to the [http://httpd.apache.org/docs/2.0/mod/core.html#options Options] directive.
    108102
    109 Make sure that the filename extensions used by your application or data files
    110 aren't handled in undesired way by Apache.
    111 For example, if some of your files have a '.map' extension,
    112 remove the line
     103Make sure that the filename extensions used by your application or data files aren't handled in undesired way by Apache. For example, if some of your files have a '.map' extension, remove the line
     104
    113105{{{
    114106AddHandler imap-file map
     
    116108from httpd.conf
    117109
    118 Apache has a default request size limit of 1 MB.
    119 If your project is likely to exceed this
    120 (large output files, large scheduler request messages)
    121 increase this, e.g. to 128 MB:
     110Apache has a default request size limit of 1 MB. If your project is likely to exceed this (large output files, large scheduler request messages) increase this, e.g. to 128 MB:
     111
    122112{{{
    123113LimitXMLRequestBody 134217728
     
    125115}}}
    126116=== PHP notes === #PHP-notes
    127 
    128  * By default, BOINC uses PHP's `mail` function to send email to participants.
    129    This uses sendmail. If this doesn't work, you can use [http://phpmailer.sourceforge.net/ PHPMailer] instead,
    130    which is a very flexible mail-sending mechanism. To do this:
    131   * Download PHPMailer and put it under PROJECT/html/inc/phpmailer
    132    (i.e. the files class.smtp.php and class.phpmailer.php should be in that directory).
    133   * Set the following variables in your PROJECT/html/project/project.inc file (substitute your own values):
     117 * By default, BOINC uses PHP's `mail` function to send email to participants. This uses sendmail. If this doesn't work, you can use [http://phpmailer.sourceforge.net/ PHPMailer] instead, which is a very flexible mail-sending mechanism. To do this:
     118   * Download PHPMailer and put it under PROJECT/html/inc/phpmailer (i.e. the files class.smtp.php and class.phpmailer.php should be in that directory).
     119   * Set the following variables in your PROJECT/html/project/project.inc file (substitute your own values):
    134120{{{
    135121$USE_PHPMAILER = true;
     
    139125
    140126=== Common problems === #common-problems
    141 
    142 After adding a new user,
    143 you have to check if the home directory was created. Sometimes you have to manually create it.
     127After adding a new user, you have to check if the home directory was created. Sometimes you have to manually create it.
     128
    144129{{{
    145130$ mkdir /home/{username}
    146131$ chown {username}:{username} /home/{username}
    147132}}}
    148 The link /usr/bin/gcc that points to the currently used compiler could be missing.
    149 This could lead to errors when running the make command.
    150 Especially when trying to compile the graphical part of the API you need the /usr/bin/g++ link
    151 (make gives a warning that it couldn't find GL/GLU/GLUT although it is installed).
    152 So you have to create the symbolic links, depending on your gcc and g++ version, first.
     133The link /usr/bin/gcc that points to the currently used compiler could be missing. This could lead to errors when running the make command. Especially when trying to compile the graphical part of the API you need the /usr/bin/g++ link (make gives a warning that it couldn't find GL/GLU/GLUT although it is installed). So you have to create the symbolic links, depending on your gcc and g++ version, first.
     134
    153135{{{
    154136$ ln -s /usr/bin/gcc-4.11 /usr/bin/gcc
    155137$ ln -s /usr/bin/g++-4.11 /usr/bin/g++
    156138}}}
    157 At newer linux distributions you can’t login as user root.
    158 Instead there is a user notroot with whom you can login, but you won’t have root privileges.
    159 If an application or script needs root privileges,
    160 you are forced to enter the password you entered during the installation.
    161 In the console window you can get root privileges with the su (Debian) or sudo (Ubuntu, Fedora) command also.
    162 Note the single quotes around the command when using su -c !
     139At newer linux distributions you can’t login as user root. Instead there is a user notroot with whom you can login, but you won’t have root privileges. If an application or script needs root privileges, you are forced to enter the password you entered during the installation. In the console window you can get root privileges with the su (Debian) or sudo (Ubuntu, Fedora) command also. Note the single quotes around the command when using su -c !
     140
    163141{{{
    164142$ su -c {'command'}
     
    166144}}}
    167145If you have problems executing the sudo command, you have to add the user to the /etc/sudoers file. To edit this file just use this command:
     146
    168147{{{
    169148$ sudo visudo
    170149}}}
    171150In this file you have to add another line after the line for notroot. You can use this:
     151
    172152{{{
    173153{username} ALL=(ALL) ALL
    174154}}}
    175 
    176155== Cookbook for Debian 4.0 == #cookbook-debian40
    177 
    178156=== Install software prerequisites === #cookbook-prereq
    179 
    180 Common packages for building BOINC (based on [SoftwarePrereqsUnix Software prerequisites (Unix/Linux)]):
     157Common packages for building BOINC (based on [wiki:SoftwarePrereqsUnix Software prerequisites (Unix/Linux)]):
     158
    181159{{{
    182160m4
     
    193171}}}
    194172packages needed for BOINC server:
     173
    195174{{{
    196175apache2-mpm-prefork
     
    207186}}}
    208187packages needed for BOINC client:
     188
    209189{{{
    210190libssl-dev
     
    227207}}}
    228208optional packages for a graphical desktop manager
     209
    229210{{{
    230211kdebase
     
    234215xserver-org
    235216}}}
    236 
    237 This list contains all necessary packages for the BOINC server and the client components. At first startup, these packages should be installed with aptitude. The graphical desktop manager is optional, but makes the configuration of the server a bit easier.
    238 The list contains no security packages to secure your server! Please ask your system administrator or read a good Linux book on how to secure your server against attacks.
     217This list contains all necessary packages for the BOINC server and the client components. At first startup, these packages should be installed with aptitude. The graphical desktop manager is optional, but makes the configuration of the server a bit easier. The list contains no security packages to secure your server! Please ask your system administrator or read a good Linux book on how to secure your server against attacks.
    239218
    240219Hint: You can search packages within aptitude by pressing the '/' key.
     
    245224'''With KDE:'''
    246225
    247  Go to ‘K-Menu’ -> ‘Settings’ -> ‘System Administration’ -> ‘User Management’, claim administrative privileges
    248 
    249  Create a new user, for example: boincadm
    250 
    251  After that go to the ‘Groups’ tab and add the user ‘www-data’ to the group ‘boincadm’.
     226  Go to ‘K-Menu’ -> ‘Settings’ -> ‘System Administration’ -> ‘User Management’, claim administrative privileges
     227
     228  Create a new user, for example: boincadm
     229
     230  After that go to the ‘Groups’ tab and add the user ‘www-data’ to the group ‘boincadm’.
    252231
    253232'''Without a Graphical Desktop Manager:'''
     
    257236$ usermod -G boincadm www-data
    258237}}}
    259 
    260238Logout and login again as user boincadm if this is done.
    261239
     
    264242
    265243Define a new MySQL root password.
     244
    266245{{{
    267246$ mysqladmin -h localhost -u root password mysqlrootpw {or own}
    268247}}}
    269248Create a new MySQL database user account.
     249
    270250{{{
    271251$ mysql -h localhost -u root -p
     
    273253> SET PASSWORD FOR 'boincadm'@'localhost'='';
    274254}}}
    275 The permissions can be limited to project database only, later;
    276 Defining an empty password simplifies the installation, can be changed later.
     255The permissions can be limited to project database only, later; Defining an empty password simplifies the installation, can be changed later.
    277256
    278257=== Download the BOINC source code === #cookbook-download-code
    279 
    280258The latest development version can be obtained with:
     259
    281260{{{
    282261$ cd ~
     
    284263}}}
    285264To update the source code just go into the main directory and enter:
     265
    286266{{{
    287267$ cd ~/boinc
     
    289269}}}
    290270A stable '''client''' version can be obtained with the following commands:
     271
    291272{{{
    292273$ cd ~
     
    299280=== Compiling BOINC source code === #cookbook-compiling
    300281Enter the following commands into the console window:
     282
    301283{{{
    302284$ cd ~/boinc