Child pages
  • ADAGUC

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

CentOS (http://www.centos.org) is based on the same sources as Red Hat Enterprise Linux.
KNMI describes installation on Red Hat Linux here: http://dev.knmi.nl/projects/adagucserver/wiki/Installation
This recipe has been followed. In short it is repeated here.
Note: unless otherwise stated, the commands are (Bash) shell commands.

Setup prerequisites
  • Verify yum configuration for EPEL repository:

    [mylocalhost]# yum repolist

  • Install from EPEL repository (compiling netcdf and hdf5 is not needed in this case):

    [mylocalhost]# yum install gcc gcc-c++ mercurial libpng-devel zlib-devel libxml2-devel gd-devel netcdf-devel hdf5-devel proj-devel postgresql-devel udunits2-devel gdal-devel cairo-devel httpd postgresql-server libsqlite3x-devel

Note: somehow this install was not completed successfully because later on the compiler complained about missing dependencies. I just re-executed this yum install (with all packges listed) and after that all worked fine.

Compile ADAGUC server
  • Setup a directory structure for ADAGUC in /opt:

    /opt/adaguc/adagucviewer

    stores ADAGUC client/viewer related files and components

    /opt/adaguc/services

    stores ADAGUC server runtime related configuration, logs and optionally data

    /opt/adaguc/software

    tree with ADAGUC server source files; should not be present on a production environment

...

CentOS has a default Apache installation and this will be used for ADAGUC. Hence ownership of all files and directories involved is assigned explicitly to OS-user apache and OS-group apache (apache:apache).

  • get ADAGUC server source components from KNMI's Mercurial repository:

    [mylocalhost]# hg clone http://dev.knmi.nl/hg/adagucserver /opt/adaguc/software

  • start compile by executing compile.sh from /opt/adaguc/software directory. It could be necessary to set the executbale flag first:

    [mylocalhost]# chmod +x compile.sh

    [mylocalhost]# ./compile.sh

...

The Apache configuration needs some adaption. On CentOS the Apache configuration definition can be found in /etc/httpd/conf/httpd.conf. Adaptions/changes were made in the VirtualHost-section:

Code Block

<VirtualHost *:80>
        ServerAdmin webmaster@localhost

        DocumentRoot /opt/adaguc/adagucviewer/
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /opt/adaguc/adagucviewer/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /var/www/cgi-bin/
        <Directory "/var/www/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        AddHandler cgi-script .cgi

        ErrorLog /var/log/httpd/adaguc_error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/httpd/adaguc_access.log combined

</VirtualHost>

...

ADAGUC server requires a PostgreSQL RDBMS. PostgreSQL is not installed by default on CentOS. It should have been installed by the Setup prerequisites actions. I'm not sure why I (re)installed PostgreSQL here.

  • Install PostgreSQL

    [mylocalhost]# yum install postgresql.x86_64

  • Initialise database
    (PostgreSQL data directory : /var/lib/pgsql/data)

    [mylocalhost]# service postgresql initdb

  • If necessary change connection constraints in /var/lib/pgsql/data/pg_hba.conf.

    Code Block
    
    # TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
    
    # "local" is for Unix domain socket connections only
    local   all         all                               trust
    # IPv4 local connections:
    host    all         all         127.0.0.1/32          trust
    

...

[mylocalhost]# service postgresql reload

  • Enable PostgreSQL service startup at boot time

    [mylocalhost]# chkconfig postgresql on

  • Create ADAGUC database

    [mylocalhost]# su - postgres

    Start psql client:

    [mylocalhost]# psql

    and execute these SQL statements:

    Code Block
    
    create user adaguc password 'adaguc';
    create database mydemo with owner=adaguc;
    grant connect on database mydemo to adaguc;
    grant all on database mydemo to adaguc;
    

...

It was the initial idea to setup ADAGUC in a directory structure under /opt. Then here you will have the WMS configurations, the related CGI-script and optionally local data files close together. By means of file system privileges it is possible to allow non-root users to add, configure ADAGUC WMS.
However SELinux does not allow for Apache to execute CGI-bin scripts that are outside of /var/www/cgi-bin. The use of symbolic links in /var/www/cgi-bin does not change this.
On top of that it is also not allowed to call executables from CGI-bin scripts that are located outside of this path.
These SELinux constraints are configurable. However this has not been changes yet. A shortcut was followed in slacking the SELinux constraints from enforcing to permissive in /etc/sysconfig/selinux:

Code Block

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

...

The ADAGUC Viewer is a mix of JavaScript and PHP coding. Setup of the viewer on a web server is done as follows:

  • get ADAGUC viewer components from KNMI's Mercurial repository:

    [mylocalhost]# hg clone http://dev.knmi.nl/hg/adagucviewer /opt/adaguc

...