![[LWN Logo]](/images/lc.png) |
|
![[Timeline]](/images/Included.png) |
Date: Mon, 19 Jun 2000 12:22:05 +0200
To: SuSE Linux Mailing List suse-linux-e <suse-linux-e@suse.com>
From: Eric Maryniak <e.maryniak@pobox.com>
Subject: [SLE] Step-by-step installation of Zope (2.1.7) on SuSE Linux 6.3
Dear list,
(Bcc-ed, so e-mail addresses don't appear on the html pages of
web-searchable mailing list, to: Jeff Rush, Piotr Kozbial,
Amos Latteier, Jules Allen, and some friends and collegues)
Please find below a detailed step-by-step description of the procedure
that I used to install Zope 2.1.7 under SuSE Linux 6.3 and 6.4.
Included are:
o Setup with existing web server (ic. Apache) in /opt/zope
o Apache rewrite rules for any static content and virtual hosts
o Start/Kill rc script according to SuSE Linux standards
Should you decide to use it somehow (of course at your own risk ;-),
I'd welcome any thoughts, comments and bug fixes you might have.
I have tried to do my best at testing the various pieces of software
and config setup's, and studied all docu to the best of my knowledge,
but real Zope and SuSE Linux experts should have a final say on this.
* Background/rationale.
Some time ago I asked if anybody got Zope running on SuSE Linux
and what setup was chosen and why (ZServer or Apache, and if Apache,
FastCGI, PCGI, Proxy, ...). I received very helpful e-mail from
Piotr and from Jeff, whose Red Hat rpm's and notes on:
http://starship.python.net/crew/jrush/Zope/Zope216.html
are also very informative. Furthermore, I studied the various howto's
and other docu about SuSE on the Zope site, http://www.zope.org/
With all this info, however, I wasn't really satisfied, because:
a) I didn't like the setup in many cases from a security point of view
(I'm not a security expert, but I do know, it's generally not a good
idea to run a service as root).
b) Jeff's RPM's proved to be too Red Hat specific and failed to install
properly on SuSE Linux 6.3 and 6.4 (in my case anyway), v2.1.6 gave:
an 'rpm -i Zope-2.1.6-1.i386.rpm Zope-pcgi-2.1.6-1.i386.rpm' outputs:
error: failed dependencies:
python-devel is needed by Zope-2.1.6-1
/sbin/chkconfig is needed by Zope-2.1.6-1
Note that SuSE does not have a separate 'python-devel' package and
that /sbin/chkconfig does not exist in SuSE, it is Red Hat specific...
Imho it's Linux distro idiosyncracies like this that may be a serious
problem to desktop end user acceptance of Linux.
You can force an install with 'rpm -i --nodeps', but, eh, my 32 Mb SuSE
Linux 6.4 system at home gave:
execution of script failed
Segmentation fault
Anyways, Zope was extracted, which allowed me to study Jeff's setup.
It's unfortunate that Jeff's rpm's did not work on SuSE because he has
done a remarkable job (including a lot of Zope bug fixes!).
c) The Zope howto's, and there are several, are sometimes a little
outdated, incomplete or conflicting.
So, I realized that the lazy rpm days were over and decided to dive into
it --- deeply as it turned out ;-)
First I decided on the setup to use, because:
a) we already have a lot of "static" html pages, which are to be gradually
zope-ed, but not right away
b) thus, zope should not become / (and the static pages /static) right
away, because a lot of people have bookmarked the old url's (solved by
using Zope on an internal virtual host, migrating pages, and making
the internal zope host the external)
c) on some pages we want to use ssl (which works fine with apache but
not with Zope ZServer).
d) and have apache as primary server, so the logging (visitor statistics)
can be kept unified.
It would seem, judging from Guy Davis' (recent) notes:
http://www.zope.org/Members/guy_davis/install_routes/
that Apache+Zope via PCGI was the best way (at least for the relative
novice): "... My Solution - After a couple of days and with much help,
I was able to get Zope working with Apache through PCGI. All the other
methods had drawbacks or didn't work for me, so I'd have to recommend
PCGI for Apache users. ...".
So please find my...
===========================================================================
Installation of Zope (2.1.7) on SuSE Linux 6.3 and 6.4, step-by-step
Eric Maryniak <e.maryniak@pobox.com>, 2000-06-16.
Home page: http://pobox.com/~e.maryniak/
This is a detailed step-by-step description of the procedure that I used
to install Zope 2.1.7 under SuSE Linux 6.3 and 6.4. Included are:
o Setup with existing web server (ic. Apache) in /opt/zope
o Apache rewrite rules for any static content and virtual hosts
o Start/Kill rc script according to SuSE Linux standards
To install Zope 2.1.7 (dated 2000-06-15) on SuSE Linux 6.3 or 6.4 with
the existing Apache web server (httpd) using Persistent CGI (PCGI),
log in as root or become root ('su - root') and follow the steps below.
I have tried to setup Zope with security in mind, but since this is not
my field of expertise I welcome feedback there!
Notes:
- The 'bash' shell is assumed.
- The Unix shell prompt for root is '# ' and '$ ' for normal users.
- I use here-documents (those 'cat << ...' thingies) frequently in the
copy & pastable Unix commands below. You may want to familiarize
yourself with this rather neat (ba)sh feature first ('man bash' ;-)
Important last note:
- Shortly after I downloaded Zope 2.1.7, which was basically 2.1.6 with
security fixes, the Zope maintainers pulled version 2.1.7 in favor of
a so-called "hot fix" product, please see:
http://www.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert/
so please read "2.1.6" in the rest of this document for "2.1.7" and
apply this hot fix after you have concluded all the steps below.
Step 1/8. Verify python 1.5.2 is installed
==========================================
First verify that your are running Python version 1.5.2:
# rpm -q python
You should get something like 'python-1.5.2-97'.
Alternatively, simply run Python ('python').
Somewhere in the welcome blurp, the version number is hidden :-)
Note that, unlike Red Hat, there is no 'python-devel' SuSE package.
Step 2/8. Extract the Zope source
=================================
Important: see the "Important last note" above about the version 2.1.6
and 2.1.7 issue.
Download the Zope 2.1.7 source from:
http://www.zope.org/Products/Zope/2.1.7/
and store it in directory:
/usr/src/packages/SOURCES/
This document describes the installation and configuration of Zope
version 2.1.7 (dated 2000-06-15), but it may also work for newer
(and perhaps older) versions.
Be sure to download the _source_ tarball (Zope-x.y.z-src.tgz), not a
binary distribution for some specific operating system.
Extract the Zope 2.1.7 source (a gnuzipped tarball) and rename the Zope
directory to /opt/zope:
# cd /opt
# tar zxvf /usr/src/packages/SOURCES/Zope-2.1.7-src.tgz
# mv Zope-2.1.7-src /opt/zope
Note that '/opt/zope' is also the directory to unpack any additional Zope
products (zproducts) in, that you might be installing later.
Enter the Zope directory and perhaps have a look at the Zope documentation.
You may notice that the files have a funny ownership, but you may safely
leave that for now (it is fixed in a later step).
# cd /opt/zope
# less README.txt doc/INSTALL.txt doc/*.txt
Step 3/8. Build Zope (PCGI with existing web server setup)
==========================================================
Build Zope to use PCGI with an existing web server (Apache in our case),
hence use the 'w_pcgi.py' script:
# cd /opt/zope
# python w_pcgi.py
Write down the generated Zope superuser password!
The user account info is stored in file '/opt/zope/access' which must
have file permission 0600 (but we will come to security settings in the
next steps).
You can always change the Zope administrator (superuser) password later
on the command line (this is explained in section "Zope administration").
Step 4/8. Fix file permissions and ownerships of the Zope tree
==============================================================
After unpacking, the Zope tree (/opt/zope) has a few peculiarities.
The ownership is uid 506 and group id is 'users'. Furthermore, some
directories are group writable. The building process did not fix this.
Bring the files more in line with other SuSE program directories, which
are often root:root and 0755 for directories c.q. 0644 for files at most.
Make the 'var' directory (/opt/zope/var) writable for wwwrun:nogroup,
which is the uid:gid the Apache web server runs as, so Zope.cgi (called
by httpd) can write logging info, program pid's and the Zope database
itself (Data.fs) there. The 'access' file is also fixed:
# chown -Rh root:root /opt/zope
# chmod -R og-w /opt/zope
# chown -R wwwrun:nogroup /opt/zope/var
# chmod 0600 /opt/zope/access
# chown wwwrun:nogroup /opt/zope/access
Next, change the 'start' script (save a backup first), to make sure the Zope
server is started as user wwwrun:nogroup, just like the Apache web server
(option '-u' is used for this). Also remove the debug option ('-D').
Be sure to fully copy and paste the cat command, ie. upto and including
the end-of-script (_EOS) marker or just start an editor and copy the stuff
between 'cat << ...' and '_EOS':
# mv /opt/zope/start /opt/zope/start.orig
# cat <<'______EOS' > /opt/zope/start
#! /bin/sh
reldir=`dirname $0`
PYTHONHOME=`cd $reldir; pwd`
export PYTHONHOME
exec /usr/bin/python $PYTHONHOME/z2.py -u wwwrun "$@"
______EOS
# chown root:root /opt/zope/start
# chmod 0711 /opt/zope/start
Create a symlink from /var/log/zope to /opt/zope/var, so you can use a
'tail -f /var/log/zope/*.log /var/log/httpd*log /var/log/httpd/*log' to
monitor zope and web log files:
# ln -s /opt/zope/var /var/log/zope
Finally, verify that there are no setuid or setgid files (always a safe
precaution):
# find /opt/zope \
-type f \( -perm -04000 -o -perm -02000 \) -exec ls -lg {} \;
Step 5/8. Create a cgi-bin directory for Zope.cgi
=================================================
Create a special cgi-bin directory for Zope.cgi, because the default
cgi-bin directory does not allow cgi scripts to execute ('Options None'
in /etc/httpd/httpd.conf of SuSE Linux 6.3 and 6.4).
Instead of adding an 'Options +ExecCGI' to the generic cgi-bin directory
and thus possibly creating a security hole, we therefore create a special
zope-cgi-bin directory (and add 'ExecCGI' later, when we edit the Apache
config file).
Use the same ownership (root:root) and permission (0755) as the other
cgi-bin directory:
# mkdir /usr/local/httpd/zope-cgi-bin
# chown root:root /usr/local/httpd/zope-cgi-bin
# chmod 0755 /usr/local/httpd/zope-cgi-bin
For the <VirtualHost> virtual.yourdomain.tld, do
(note: a base directory '/home/www/<virtual-host>' is assumed in the rest
of this document for all your virtual hosts, if any):
# mkdir /home/www/virtual.yourdomain.tld/zope-cgi-bin
# chown root:root /home/www/virtual.yourdomain.tld/zope-cgi-bin
# chmod 0755 /home/www/virtual.yourdomain.tld/zope-cgi-bin
Copy Zope.cgi to the specially created zope cgi-bin directory:
# cp -p /opt/zope/Zope.cgi /usr/local/httpd/zope-cgi-bin/.
For the <VirtualHost> 'virtual.yourdomain.tld', do:
# cp -p /opt/zope/Zope.cgi /home/www/virtual.yourdomain.tld/zope-cgi-bin/.
Make sure Zope.cgi has the same ownership (root:root) and permission (0755)
as the cgi scripts in /usr/local/httpd/cgi-bin/.
Step 6/8. Configure Apache for Zope with PCGI
=============================================
Now that Zope is built and installed, we have to configure the Apache web
server (httpd) so that Zope can be used (via PCGI). Furthermore, we want to
make sure Zope is started after a system reboot.
We already copied Zope.cgi to the cgi-bin directory.
As always, begin with making a copy of the Apache config file in case you
need to rollback:
# cp -p /etc/httpd/httpd.conf /etc/httpd/httpd.conf.bak
First add an entry for the zope-cgi-bin directory we created above.
Either do this globally, or for specific virtual hosts (in our case for
the <VirtualHost> 'virtual.yourdomain.tld').
In the Apache web server configuration file (/etc/httpd/httpd.conf) locate
'ScriptAlias /cgi-bin/' and '<Directory "/usr/local/httpd/cgi-bin">' and
add the zope-cgi-bin entries (add the '==> Add this' piece).
===> For the global configuration:
[---- Begin file (fragment): /etc/httpd/httpd.conf ----]
# ... Notes about ScriptAlias ...
ScriptAlias /cgi-bin/ "/usr/local/httpd/cgi-bin/"
# ... The regular cgi-bin directory:
<Directory "/usr/local/httpd/cgi-bin">
# ... with very restrictive 'Options None' ...
</Directory>
# ==> Add this:
# Zope.cgi is located in it's own zope-cgi-bin, because ExecCGI
# permission is needed, which is not (by default) enabled in SuSE
# Linux 6.3 and 6.4 for the regular cgi-bin directory.
ScriptAlias /zope-cgi-bin/ "/usr/local/httpd/zope-cgi-bin/"
<Directory "/usr/local/httpd/zope-cgi-bin">
AllowOverride None
Options None
Options +ExecCGI
Order allow,deny
Allow from all
</Directory>
# ==> End: zope-cgi-bin <==
[------ End file (fragment): /etc/httpd/httpd.conf ----]
===> For the <VirtualHost> 'virtual.yourdomain.tld' configuration:
[---- Begin file (fragment): /etc/httpd/httpd.conf ----]
# ... Notes about ScriptAlias ...
ScriptAlias /cgi-bin/ "/home/www/virtual.yourdomain.tld/cgi-bin/"
# ... The regular cgi-bin directory:
<Directory "/home/www/virtual.yourdomain.tld/cgi-bin">
# ... with very restrictive 'Options None' ...
</Directory>
# ==> Add this:
# Zope.cgi is located in it's own zope-cgi-bin, because ExecCGI
# permission is needed, which is not (by default) enabled in SuSE
# Linux 6.3 and 6.4 for the regular cgi-bin directory.
ScriptAlias /zope-cgi-bin/ "/home/www/virtual.yourdomain.tld/zope-cgi-bin/"
<Directory "/home/www/virtual.yourdomain.tld/zope-cgi-bin">
AllowOverride None
Options None
Options +ExecCGI
Order allow,deny
Allow from all
</Directory>
# ==> End: zope-cgi-bin <==
[------ End file (fragment): /etc/httpd/httpd.conf ----]
Next configure Apache to pass authentication headers to Zope.
Add these lines to the _bottom_ of the Apache web server configuration file
(/etc/httpd/httpd.conf) and/or to the _bottom_ of every virtual host you
might have (enclosed in <VirtualHost>) and that you want to use Zope for
(in our case for the <VirtualHost> 'virtual.yourdomain.tld').
Note that mod_rewrite must be loaded (default it is in SuSE Linux 6.3/6.4).
===> For the global configuration:
[---- Begin file (fragment): /etc/httpd/httpd.conf ----]
# Zope PCGI.
# Final rewrite rules to ensure that '/' is served by Zope.
# These must be the _last_ lines in the Apache httpd.conf file, or,
# if that is appropiate, at the bottom of every <VirtualHost> you
# wish to use Zope for. The order of the rules is significant!
# To facilitate the migration of static content (*.html files in
# /usr/local/httpd/htdocs) into Zope, it is served as /static/.
RewriteEngine on
# Remove the next 2 rules if migration of static content is done or
# if you start with Zope from scratch and do not have html files yet.
RewriteRule ^/static/(.*) /usr/local/httpd/htdocs/$1 [l]
RewriteRule ^/cgi-bin/(.*) /usr/local/httpd/cgi-bin/$1 \
[e=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]
# Ensure the documentroot '/' is served by Zope and Apache passes
# authentication headers to Zope as well. Zope.cgi is located in it's
# own /zope-cgi-bin/ directory for security reasons ('Options +ExecCGI').
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) /usr/local/httpd/zope-cgi-bin/Zope.cgi$1 \
[e=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]
[------ End file (fragment): /etc/httpd/httpd.conf ----]
===> For the <VirtualHost> 'virtual.yourdomain.tld' configuration:
[---- Begin file (fragment): /etc/httpd/httpd.conf ----]
# Zope PCGI with at the of <VirtualHost> 'virtual.yourdomain.tld.
# Final rewrite rules to ensure that '/' is served by Zope.
# These must be the _last_ lines in the Apache httpd.conf file, or,
# if that is appropiate, at the bottom of every <VirtualHost> you
# wish to use Zope for. The order of the rules is significant!
# To facilitate the migration of static content (*.html files in
# /home/www/virtual.yourdomain.tld/htdocs) into Zope, it is served as /static/.
RewriteEngine on
# Remove the next 2 rules if migration of static content is done or
# if you start with Zope from scratch and do not have html files yet.
RewriteRule ^/static/(.*) /home/www/virtual.yourdomain.tld/htdocs/$1 [l]
RewriteRule ^/cgi-bin/(.*) /home/www/virtual.yourdomain.tld/cgi-bin/$1 \
[e=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]
# Ensure the documentroot '/' is served by Zope and Apache passes
# authentication headers to Zope as well. Zope.cgi is located in it's
# own /zope-cgi-bin/ directory for security reasons ('Options +ExecCGI').
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) /home/www/virtual.yourdomain.tld/zope-cgi-bin/Zope.cgi$1 \
[e=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]
[------ End file (fragment): /etc/httpd/httpd.conf ----]
Notes:
a) The order of the rules is important and allows you to keep static html
files (default in directory entry <Directory "/usr/local/httpd/htdocs">)
and have them served as:
http://www.yourhost.tld/static/*
which allows a gradual zope-ing of your static content into Zope served
content. In this setup Zope serves the root (http://www.yourhost.tld/).
If, however, you start from scratch and do not have old static content,
remove RewriteRule's '^/static/(.*)' and '^/cgi-bin/(.*)'.
b) Note the intentional omission of trailing slashes in the last rule.
If you use '^/(.*)' and 'Zope.cgi/$1' instead of '^(.*)' and 'Zope.cgi$1',
respectively, you would have trouble deleting objects in the root folder.
Furthermore, all html served by Zope would have an extra slash at the
beginning ('//index.html' etc.), as can be verified by inspecting the log
file '/opt/zope/var/Z2.log'.
c) Replace '/usr/local/httpd/htdocs/' and/or '/usr/local/httpd/cgi-bin/'
with appropiate locations if you changed SuSE's defaults and/or added
virtual hosts for which you use Zope as well.
d) If your Apache server does not support line splitting with '\', then
every Rewrite* statement must be on one (1) line.
e) The last character in some RewriteRule's ('[l]', ',l]') is the letter l,
not the digit 1.
You may restart Apache at this moment, just to verify that the httpd.conf
is parsed ok, but realize that Zope is not running yet! If you want to be
on the safe side, goto the next step.
If you do want to restart Apache, keep a sharp lookout on the log files
with 'tail -f' in a separate window:
# tail -f /var/log/httpd.access_log /var/log/httpd/*
and then restart the Apache server:
# rcapache restart
Undo the changes (using the backup '/etc/httpd/httpd.conf.bak') if strange
things happen.
Step 7/8. Create start/stop Zope rc script and verify Zope
==========================================================
Using the rc skeleton script, /sbin/init.d/skeleton, as a starting point,
create the Zope rc script, listed next.
Be sure to fully copy and paste the cat command, ie. upto and including
the end-of-script (_EOS) marker or just start an editor and copy the stuff
between 'cat << ...' and '_EOS':
# cat <<'______EOS' > /sbin/init.d/zope
#! /bin/sh
# Copyright (c) 1995-2000 SuSE GmbH Nuernberg, Germany.
#
# Author: Eric Maryniak <e.maryniak@pobox.com>, 2000-06-16.
#
# /sbin/init.d/zope
#
# and symbolic links:
#
# /usr/sbin/rczope
# /sbin/init.d/rc2.d/K20apache
# /sbin/init.d/rc2.d/S20apache
# /sbin/init.d/rc3.d/K20apache
# /sbin/init.d/rc3.d/S20apache
#
# Zope rc start/stop script for SuSE Linux 6.3 and 6.4.
# The Zope base directory is assumed to be: /opt/zope
# More information about Zope at the Zope web site:
#
# http://www.zope.org/
#
. /etc/rc.config
# Determine the base and follow a runlevel link name.
base=${0##*/}
link=${base#*[SK][0-9][0-9]}
# Force execution if not called by a runlevel directory.
test $link = $base && START_ZOPE=yes
test "$START_ZOPE" = yes || exit 0
# The echo return value for success (defined in /etc/rc.config).
return=$rc_done
# The Zope base directory.
zope_base=/opt/zope
# The main Zope process id (Z2 pid) file.
# This should be /var/run under SuSE Linux.
# However, because the z2.py process is running as wwwrun and
# Z2.pid has ownership wwwrun, z2.py cannot write to /var/run.
# So we keep Zope's default (./var).
zope_pid=$zope_base/var/Z2.pid
# The Zope access file.
zope_access=$zope_base/access
# The Apache config file (if any).
apache_config=/etc/httpd/httpd.conf
case "$1" in
start)
## Start Zope with the Zope start script '/opt/zope/start',
## unless it is already running (checked with 'checkproc').
## If this fails, the echo return value is set appropriately.
echo -n "Starting service Zope (z2.py):"
checkproc -f $zope_pid /usr/bin/python 1>/dev/null 2>/dev/null
if [ $? -eq 0 ]; then
# Zope is still running. Do not start a second instance.
return=$rc_failed
else
# Zope is not running (anymore). It is safe to try to start.
( /opt/zope/start 2>/dev/null & ) || return=$rc_failed
fi
echo -e "$return"
;;
stop)
## Stop Zope with the Zope stop script '/opt/zope/stop'.
## If this fails, the echo return value is set appropriately.
echo -n "Shutting down service Zope (z2.py):"
/opt/zope/stop 2>/dev/null || return=$rc_failed
echo -e "$return"
;;
restart)
## Stop Zope and if that goes ok, start Zope.
## In either case, the echo return value is set appropriately.
$0 stop && $0 start || return=$rc_failed
;;
reload)
## Implement a reload as a restart, because the Zope scripts
## and Zope server do not seem to accept a SIGHUP signal to
## reread a (changed) configuration.
$0 stop && $0 start || return=$rc_failed
;;
status)
## Check Zope status with checkproc(8).
## If the process is running, checkproc exits with code 0.
echo -n "Checking for service Zope (z2.py): "
checkproc -f $zope_pid /usr/bin/python 1>/dev/null 2>/dev/null
[ $? -eq 0 ] && echo OK || echo No process
;;
probe)
## Probe for the necessity of a start, restart or reload and
## give out the argument which is required for the applicable
## action (if any). The idea is that you can always safely do:
## rczope `rczope probe`
## If there is nothing to do, or if there is an error condition,
## output will go to stderr, so the command will still work.
# Check Zope status with checkproc(8) and save the result.
checkproc -f $zope_pid /usr/bin/python 1>/dev/null 2>/dev/null
[ $? -eq 0 ] && zope_runs=1 || zope_runs=0
# Zope needs a restart if the access file has been changed.
# Thus, test if the access file is newer (-nt) than the pid file.
# First test if the access file is present and if Zope is running.
# Finally, also suggest a restart if the Apache configuration file,
# if present, is newer (ie. has changed) than the pid file.
# This is a conservative approach: most of the time a Zope restart
# is probably not necessary, but the RewriteCond-ition(s) and/or
# RewriteRule-(s) for Zope may have changed.
if [ ! -e $zope_access ]; then
echo "error: no access file ($zope_access); unable to probe." \
> /dev/stderr
elif [ ! -e $zope_pid ]; then
echo start
elif [ $zope_runs -eq 0 ]; then
echo start
elif [ $zope_access -nt $zope_pid ]; then
echo restart
elif [ -e $apache_config ]; then
if [ $apache_config -nt $zope_pid ]; then
echo restart
fi
fi
;;
*)
echo "Usage: $0 {start|stop|restart|reload|status|probe}" \
> /dev/stderr
exit 1
;;
esac
# Inform the caller verbosely and set an exit status as well.
test "$return" = "$rc_done" || exit 1
exit 0
______EOS
Next, fix permissions and ownerships:
# chmod 0744 /sbin/init.d/zope
# chown root:root /sbin/init.d/zope
And create symbolic links.
Also note the handy '/usr/sbin/rczope', which is SuSE specific.
You have an rc<service> for all services (rcapache, rcmysql, rcsmb, etc.).
I use it often, if not exclusively.
Number 20 is somewhat arbitrary, but Apache has 20 as well, so Zope will
be started shortly after Apache (/sbin/init.d/apache).
# cd /sbin/init.d/rc2.d && ln -s ../zope K20zope; \
cd /sbin/init.d/rc2.d && ln -s ../zope S20zope; \
cd /sbin/init.d/rc3.d && ln -s ../zope K20zope; \
cd /sbin/init.d/rc3.d && ln -s ../zope S20zope
# cd /usr/sbin && ln -s ../../sbin/init.d/zope rczope
I wonder why SuSE uses these relative links (../) so extensively; it has
probably to do with mount points when installing a new system (mount on
/mnt, so /sbin is /mnt/sbin).
Anyways, finish up with making /etc/rc.config (and thus YaST!) Zope aware
(do a grep first, to prevent multiple entries).
Be sure to fully copy and paste the grep/cat command, ie. upto and including
the end-of-script (_EOS) marker or just start an editor and copy the stuff
between 'grep ...' and '_EOS':
# grep -q START_ZOPE /etc/rc.config || cat <<'______EOS' >> /etc/rc.config
#
# Should Zope be started at bootup? (yes/no)
#
# Zope is the leading Open Source web application server.
# Zope enables teams to collaborate in the creation and management of
# dynamic web-based business applications such as intranets and portals.
# Zope makes it easy to build features such as site search, news,
# personalization, and e-commerce into your web applications.
# (Quoted from www.zope.org on 2000-06-14).
#
START_ZOPE=yes
______EOS
Now we can restart Apache and start Zope:
# rcapache restart
# rczope start
Simultaneously, keep a sharp lookout on the log files:
# tail -f /var/log/httpd.access_log /var/log/httpd/* /var/log/zope/*.log
Start a browser and see if you get the Zope welcome page!
If strange things happen, rollback to backupped configuration files or undo
changes.
Step 8/8. Zope administration
=============================
Once Zope is started, you can administer Zope with a locally started
frames-capable web browser (such as Netscape) from this URL:
http://localhost/manage
You may get a warning:
Alert!: Access without authorization denied -- retrying
But then the prompt:
Username for 'Zope' at server 'localhost': superuser
Password: XXXXXXXX
Alternatively, you can administer Zope from a non-local host, provided
the host is a member of the domain (*.yourdomain.tld) to which the access is
restricted.
Changing the Zope adminstrator password.
The Zope administrator account is used, amongst other things, to create
Zope users. One of the first things to do is change the password and add
domain restriction. You can change the Zope administrator ('superuser')
password from the command line with:
# /usr/bin/python /opt/zope/zpasswd.py /opt/zope/access
Use at least 8 characters for a password, of which at least two (2) should
be non-alfanumerical, and SHA encrypting:
[==== Begin dialog: /opt/zope/zpasswd.py (password change) ====]
Username: superuser
Password:
Vefify password:
Please choose a format from:
SHA - SHA-1 hashed password
CRYPT - UNIX-style crypt password
CLEARTEXT - no protection.
Encoding: sha
Domain restrictions: *.yourdomain.tld
[====== End dialog: /opt/zope/zpasswd.py (password change) ====]
You can now enter use the management screen to add users, etc.
The access file, /opt/zope/access, must be 0600 and wwwrun:nogroup, ie.
the same ownership as the web server (httpd), that, in our case, calls
the Zope.cgi wrapper.
After a password change, you need to restart Zope, as an 'rczope probe'
will tell you:
# rczope probe
restart
Shortcuts for restarting Zope and Apache are:
# rczope restart
# rcapache restart
Note that 'rczope' is a symlink to '/sbin/init.d/zope'.
Apart from the usual 'start', 'stop' and 'restart' signals, a status and
probing signal is also supported:
# rczope status
# rczope probe
The idea of a probe is that is it always safe to:
# rczope `rczope probe`
Installing additional Zope products (zproducts) is simply done by unpacking
them into the Zope base directory:
/opt/zope
Final trivia
============
After you have moved the static content (html files) into Zope, remove
the RewriteRule's '^/static/(.*)' and '^/cgi-bin/(.*)' in the Apache
config file (/etc/httpd/httpd.conf) and restart Apache.
Remove the html files themselves as well after verifying that they have
been incorporated into Zope succesfully.
Be sure not to remove the SuSE online help info: it is best to put that
in a virtual host.
===========================================================================
Bye-bye,
Eric Maryniak
--
Eric Maryniak <e.maryniak@pobox.com>
Home page: http://pobox.com/~e.maryniak/
University of Amsterdam, Department of Psychology.
Tel/Fax: +31 20 5256853/6391656. Internet: http://www.neuromod.org/
There's no future in time travel.
--
To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/