wiki:ServerIntro

Version 74 (modified by Christian Beer, 11 years ago) (diff)

update to boinc-v2.git

Setting up a BOINC server

Hardware

For experimentation and debugging, you can use almost any computer as a BOINC server. Before deploying a project more widely, make sure that your server has adequate performance, availability, and security. Some factors:

  • Your Internet connection should have adequate performance and reliability. Your server must have a static IP address.
  • Your server should have good CPU speed(dual Xeon or Opteron), at least 2 GB of RAM, and at least 40 GB of free disk space. For a high-traffic project, use a machine with 8 GB of RAM or more, and 64-bit processors.
  • Do whatever you can to make it highly reliable (UPS power supply, RAID disk configuration, hot-swappable spares, temperature-controlled machine room, etc.).
  • Put it behind a firewall; allow access via port 80 (HTTP) and optionally 443 (HTTPS).
  • Make it secure; turn off any unneeded network services, especially those that use plaintext passwords (like FTP or Telnet).

Info on increasing capacity and reliability is here.

Another approach - which eliminates both hardware and software issues - is to deploy a BOINC server on the Amazon Elastic Computing Cloud.

Software

There are several ways to deploy the BOINC server software:

  • The easiest way to set up a BOINC server is to use a BOINC server VM that we've created for that purpose, with all the necessary software already installed. You can run this virtual machine using the VMWare player on any Intel-based computer (Windows, Linux, or Mac OS X). If you take this approach, skip the rest of this page.
  • Debian and Ubuntu offer the boinc-server-maker package to create BOINC project more easily on local or remote machines. This ongoing effort, described on their Wiki aims at full compatibility with the BOINC Virtual Machine. If anyone is interested in helping maintaining a boinc-server package for Debian, please contact David Anderson. Again, if you take this approach, skip the rest of this page.
  • You can use any Unix system as a BOINC server; we recommend using a recent Linux release. Disable SELinux. General instructions are given below, followed by a [#cookbook-debian40 a cookbook for setting up a BOINC server on a Debian 4.0 system].

Installing the BOINC server on Unix

Groups and permissions

BOINC server programs run as two different users:

  • The scheduler and file upload handler are CGI programs, so they run as the same user as the web server (on Fedora this is user 'apache'; on Debian it's 'www-data').
  • BOINC daemons run as whoever created the project (let's say user 'boincadm', group 'boinc'). Do not run BOINC daemons (or anything else) as root.

By default, the directories created by user apache are not world-writable. This causes problems: for example, when the file upload handler creates a directory in the upload hierarchy, it's owned by (apache, apache), and the file deleter (which runs as boincadm) won't be able to delete the files there.

To solve this problem, edit /etc/group so that apache belongs to group boinc, i.e. the line:

boinc:x:566:

becomes:

boinc:x:566:apache

(Apache will need to be stopped/restarted for this to take effect.)

Both boincadm and apache should have umasks that allow group read and write. The place to set this depends on what distribution is used. Normaly you can use a umask of 0002 or 0007.

When you create a BOINC project using make_project, the critical directories are owned by boincadm and have the set-GID bit set; this means that any directories or files created by apache in those directories will have group boinc (not group apache). The BOINC software makes all directories group read/write. Thus, both apache and boinc will have read/write access to all directories and files, but other users will have no access.

To fix permissions on an existing project, do:

chmod 02770 upload
chmod 02770 html/cache
chmod 02770 html/inc
chmod 02770 html/languages
chmod 02770 html/languages/compiled
chmod 02770 html/user_profile

You may also need to change the ownership of these directories and all their subdirectories to boincadm/boinc. If you're running several projects on the same server and want to isolate them from each other, you can create a different user and group for each project, and add apache to all of the groups.

When serving your project files from Apache, note that all directories up to and including the html directory must have execute permissions. For example, if you use make_project to create the project template in your home directory, your home directory must have 711 permissions as opposed to the default of 700. If this is not corrected, you will receive a 403 Forbidden error when attempted to browse to your project page. See [http://httpd.apache.org/docs/1.3/misc/FAQ.html#forbidden more information on dealing with Apache permissions problems].

Installing BOINC software

Operating system configuration

Some parts of the BOINC server (the feeder and scheduling server) use shared memory. Hosts where these run must have shared memory enabled, with a maximum segment size of at least 32 MB. How to do this depends on the operating system; read [http://developer.postgresql.org/docs/postgres/kernel-resources.html Managing Kernel Resources on PostgreSQL manual] for more information.

MySQL notes

  • After installing and running the server, grant permissions for the 'db_user' account (usually boincadm). The 'db_name' is usually the short name of the project. The credentials (db_user, db_name, db_passwd) are stored in the project's config.xml. All MySQL accounts should be password protected, especially root.
    mysql -u root
    CREATE USER 'db_user'@'localhost' IDENTIFIED BY 'db_passwd';
    GRANT CREATE,DROP ON *.* TO 'db_user'@'localhost'
    GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,REFERENCES,INDEX,ALTER,CREATE TEMPORARY TABLES, LOCK TABLES ON  `db_name`.* TO 'db_user'@'localhost';
    

Existing projects should change the permissions accordingly by first revoking all rights and grant with the above example. The user 'nobody' means the account under which Apache runs (may be different on your machine) which does not need access anymore.

mysql -u root
REVOKE ALL PRIVILEGES ON  *.* FROM  'db_user'@'localhost';
REVOKE ALL PRIVILEGES ON  *.* FROM  'db_user';
REVOKE ALL PRIVILEGES ON  *.* FROM  'nobody'@'localhost';
REVOKE ALL PRIVILEGES ON  *.* FROM  'nobody';

After creating a project you should also revoke the global DROP and CREATE permission for your 'db_user' like this:

REVOKE ALL PRIVILEGES ON *.* FROM 'db_user'@'localhost';
REVOKE GRANT OPTION ON * . * FROM 'db_user'@'localhost';
GRANT USAGE ON *.* TO 'db_user'@'localhost';
  • Set your PATH environment variable to include MySQL programs (typically /usr/local/mysql and /usr/local/mysql/bin).
  • You'll need to back up your database. Generally this requires stopping the project, making a copy or snapshot, and restarting. An example is here.
  • BOINC gets MySQL compiler and linker flags from a program called mysql_config which comes with your MySQL distribution. This sometimes references libraries that are not part of your base system installation, such as -lnsl or -lnss_files. You may need to install additional packages (often you can use something called 'mysql-dev' or 'mysql-devel') or fiddle with Makefiles.
  • MySQL can be the bottleneck in a BOINC server. To optimize its performance, read about configuring MySQL for BOINC.
  • Notes on running MySQL on a cluster.

MySQLclient notes

  • Configure mysql with the --enable-thread-safe-client switch.
  • Set your LD_LIBRARY_PATH to refer to the correct library.

Apache notes

In httpd.conf, set the default MIME type as follows (otherwise you'll get file upload signature verification errors):

DefaultType application/octet-stream

To limit denial-of-service attacks, we recommend turning off directory indexing by adding -Indexes to the Options directive.

Make sure that the filename extensions used by your application or data files aren't handled in undesired way by Apache. For example, if some of your files have a '.map' extension, remove the line

AddHandler imap-file map

from httpd.conf

Apache has a default request size limit of 1 MB. If your project is likely to exceed this (large output files, large scheduler request messages) increase this, e.g. to 128 MB:

LimitXMLRequestBody 134217728
LimitRequestBody 134217728

PHP notes

  • By default, BOINC uses PHP's mail function to send email to participants. This uses sendmail. If this doesn't work, you can use PHPMailer instead, which is a very flexible mail-sending mechanism. To do this:
    • Download PHPMailer and put it under PROJECT/html/inc/phpmailer (i.e. the files class.smtp.php and class.phpmailer.php should be in that directory).
    • Set the following variables in your PROJECT/html/project/project.inc file (substitute your own values):
      $USE_PHPMAILER = true;
      $PHPMAILER_HOST = "xxx.xxx.xxx";
      $PHPMAILER_MAILER = "smtp";
      

Common problems

After adding a new user, you have to check if the home directory was created. Sometimes you have to manually create it.

$ mkdir /home/{username}
$ chown {username}:{username} /home/{username}

The link /usr/bin/gcc that points to the currently used compiler could be missing. This could lead to errors when running the make command. Especially when trying to compile the graphical part of the API you need the /usr/bin/g++ link (make gives a warning that it couldn't find GL/GLU/GLUT although it is installed). So you have to create the symbolic links, depending on your gcc and g++ version, first.

$ ln -s /usr/bin/gcc-4.11 /usr/bin/gcc
$ ln -s /usr/bin/g++-4.11 /usr/bin/g++

At newer linux distributions you can’t login as user root. Instead there is a user notroot with whom you can login, but you won’t have root privileges. If an application or script needs root privileges, you are forced to enter the password you entered during the installation. In the console window you can get root privileges with the su (Debian) or sudo (Ubuntu, Fedora) command also. Note the single quotes around the command when using su -c !

$ su -c {'command'}
$ sudo {command}

If you have problems executing the sudo command, you have to add the user to the /etc/sudoers file. To edit this file just use this command:

$ sudo visudo

In this file you have to add another line after the line for notroot. You can use this:

{username} ALL=(ALL) ALL

Cookbook for Debian 6.0

Please follow these recipes only for your basic orientation. The Debian landscape has changed a lot over since Debian 4.0. You can inspect the build and runtime dependencies of the boinc-server-maker package here and the latter more graphically also here.

Install software prerequisites

Common packages for building BOINC (based on Software prerequisites (Unix/Linux)):

m4
make
dh-autoreconf
pkg-config
git
vim

packages needed for BOINC server:

libapache2-mod-php5
mysql-server-5.1
libmysqlclient-dev
php5-mysql
php5-cli
php5-gd
phpmyadmin
python
python-mysqldb
libssl-dev

packages needed for BOINC libraries (including graphics):

freeglut3-dev
libxmu-dev
libxi-dev
libjpeg62-dev

packages needed for BOINC client and manager (in addition to libraries): [not finished yet!]

libssl-dev
libcurl4-openssl-dev
libxss-dev
libnotify-dev
libxcb-atom1-dev
libsqlite3-dev

optional packages for a graphical desktop manager

kdebase
kde-guidance
synaptic
iceweasel
xserver-org

This list contains all necessary packages for the BOINC server and the client components. At first startup, these packages should be installed with aptitude. The graphical desktop manager is optional, but makes the configuration of the server a bit easier. The list contains no security packages to secure your server! Please ask your system administrator or read a good Linux book on how to secure your server against attacks.

Hint: You can search packages within aptitude by pressing the '/' key.

Create a new BOINC user account

The best way to create the boinc user is during installation when you are asked for name and password of the main user. Enter 'boincadm', or a name of your choice, as login name. In this cookbook I will refer to this useraccount as 'boincadm'.

When installation is finished please login as the user created during installation. If you have installed a graphical desktop manager please open a text console (Konsole or xterm).

Next step is to add the 'www-data' user (apache webserver) to the group of the newly created user:

$ usermod -G -a boincadm www-data

Configuration of the MySQL server

Create a new MySQL database user account.

$ mysql -h localhost -u root -p
> GRANT ALL ON *.* TO 'boincadm'@'localhost';
> SET PASSWORD FOR 'boincadm'@'localhost'=''; 

The permissions can be limited to project database only, later; Defining an empty password simplifies the installation, can be changed later.

You can also set this using the phpmyadmin interface available through http://{server-IP}/phpmyadmin

Download the BOINC source code

The latest development version can be obtained with:

$ cd ~
$ git clone git://boinc.berkeley.edu/boinc-v2.git boinc-src

To update the source code just go into the main directory and enter:

$ cd ~/boinc-src
$ git pull

A stable client version can be obtained from BOINC website. Hint: Normally you won't need a self-compiled client,

NOTE: Tags are only for client software, always checkout the latest version for the server!

Compiling BOINC source code

Enter the following commands into the console window:

$ cd ~/boinc-src
$ ./_autosetup
$ ./configure --disable-client --disable-manager
$ make