306
300
For more advanced configuration, see :ref:`Configuring IVLE
307
301
<ref-configuring-ivle>`.
305
Installing from an Ubuntu package
306
=================================
308
IVLE is packaged in `a Launchpad PPA <https://launchpad.net/~unimelb-ivle/+archive/production>`_,
309
providing a more managed installation and upgrade mechanism than a source
312
These instructions document the process to install a production-ready
313
multi-node IVLE cluster. They expect that you have three domain names:
314
one for the main IVLE web UI, one for the Subversion service, and one
315
for serving user files publicly.
318
By design the public domain may have arbitrary user-generated content
319
served. Because of this, it should not have any domain with sensitive
320
cookies as a suffix, including the main IVLE web UI. Be very careful
321
with your choice here.
327
All master and slave nodes need to have access to the IVLE PPA.
328
`Visit it <https://launchpad.net/~unimelb-ivle/+archive/production>`_ and
329
follow the installation instructions on all involved systems.
335
Setting up the database server
336
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
338
The master server runs the central IVLE PostgreSQL database. ::
340
sudo apt-get install postgresql
342
Ubuntu's default PostgreSQL configuration doesn't permit remote access,
343
so we need to tweak it to allow password access from our slave. In
344
``/etc/postgresql/8.3/main/postgresql.conf``, find the ``listen_addresses``
345
option, and ensure it is set to ``*``. In
346
``/etc/postgresql/8.3/main/pg_hba.conf`` add a line like the following to the
347
end. This example will allow any host in the ``1.2.3.4/24`` subnet to
348
authenticate with a password as the ``ivle`` user to the ``ivle`` database. ::
350
host ivle ivle 1.2.3.4/24 md5
352
Then restart PostgreSQL, and the slaves should be able to see the database. ::
354
sudo /etc/init.d/postgresql-8.3 restart
357
Installing and configuring IVLE
358
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
360
We can now install IVLE. The installation process will ask you a few questons.
361
Answer that this host is a **master**, let it generate a random usrmgt-server
362
secret, elect to manage the database with ``dbconfig-common``, and use a
365
sudo apt-get install ivle
367
Once that's done, we have a couple of additional configuration items to set:
368
the URLs discussed earlier. Open up ``/etc/ivle/ivle.conf``,
369
and replace ``public.ivle.localhost`` and ``svn.ivle.localhost`` with the
370
correct domain names.
372
Make sure you restart the ``usrmgt-server`` afterwards, or newly created users
373
may inherit the old domain names. ::
375
sudo /etc/init.d/usrmgt-server restart
378
Sharing data between the servers
379
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
381
As well as its relational database, IVLE has a data hierarchy on the
382
fileystem. Two part of this (``/var/lib/ivle/jails`` and
383
``/var/lib/ivle/sessions``) must be shared between the master and all of the
384
slaves. It doesn't matter how you achieve this, but a reasonable method is
385
described here: exporting over NFS from the master.
387
We'll first create a tree (``/export/ivle`` in this example, but it can be
388
whatever you want) to be exported to the slaves, move the existing data
389
directories into it, and symlink them back into place. ::
391
sudo mkdir /export/ivle
392
sudo mv /var/lib/ivle/{sessions,jails} /export/ivle
393
sudo ln -s /export/ivle/{sessions,jails} /var/lib/ivle
395
Next install an NFS server. ::
397
sudo apt-get install nfs-kernel-server
399
Now we can export the directory we created earlier across the network.
400
Add something like the following line to ``/etc/exports``. ``someslave``
401
should be replaced with the hostname, IP address, or subnet of your
404
/export/ivle someslave(rw,sync)
406
Make sure you inform the kernel of the new export. ::
414
The master serves Subversion repositories through Apache on the Subversion
415
domain name that was discussed above. ::
417
sudo cp /usr/share/doc/ivle/apache-svn.conf /etc/apache2/sites-available/ivle-svn
418
sudo a2ensite ivle-svn
420
Edit ``/etc/apache2/sites-available/ivle-svn``, ensuring that the
421
``ServerName`` matches your chosen domain name. Then reload Apache's
424
sudo /etc/init.d/apache2 reload
427
Setting up a jail environment
428
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
430
IVLE requires that a base jail be provided, on top of which all of the
431
individual user jails are constructed in order to safely execute user code.
433
We need to change some configuration options before we can build a working
434
jail. First set the mirror and Ubuntu release -- make sure you replace the
435
URL and release code name with an Ubuntu mirror and your Ubuntu release. ::
437
sudo ivle-config --jail/mirror http://url.to.mirror/ubuntu --jail/suite hardy
439
Now comes the ugly bit: we need to tell the jail builder where to get the
440
IVLE code that must be present in the jail. If you're using the production
441
PPA, the following ``/etc/ivle/ivle.conf`` snippet will work. If you're not,
442
you'll have to replace the ``extra_keys`` and ``extra_sources`` values ::
446
-----BEGIN PGP PUBLIC KEY BLOCK-----
449
mI0ES2pQKAEEANiscebT7+SFnvpN8nABcwT5nEV6psUOF8CcIIrz3iv6b6wA3lYd0DzbD7RD
450
fs1MNriEHHgqPF6EUhGrkk1165Oqi+lULdjgL0Fzi3GFvLV9F8+BtL3wt3+MM7YC+aTS1nhF
451
dQcPpnhNAJagW5gR4dIc4w87sNquxgCdJeJn/N3XABEBAAG0KkxhdW5jaHBhZCBVbml2ZXJz
452
aXR5IG9mIE1lbGJvdXJuZSBJVkxFIFBQQYi2BBMBAgAgBQJLalAoAhsDBgsJCAcDAgQVAggD
453
BBYCAwECHgECF4AACgkQVwp7ATtnautCMgP8C6PbLNyx9akgbiwhakFfGaEbxGFCo1EAUE7v
454
FgdelJSEkeQLAn4WoANpixuojNi++PEDis22S4tz+ZC6G0dRU9Pcc1bb4xUgphR83QTcufH7
455
5EagfTf5lLIWaLdg5f/NeuHHrKvwKvPVkNJ3ShQejFB/xWGpqe2Rr7Rscm9lT0Q=
457
-----END PGP PUBLIC KEY BLOCK-----
459
extra_packages = ivle-services,
460
extra_sources = deb http://ppa.launchpad.net/unimelb-ivle/production/ubuntu hardy main,
462
Now we can build the jail. This will download lots of packages, and install
463
a minimal Ubuntu system in ``/var/lib/ivle/jails/__base__``. ::
465
sudo ivle-buildjail -r
467
You should now have a functional master.