Coricopat journal log

April | May | June | July | August | September | October | To do...

April 2000
DONE New Sun Enterprise 220R server arrived. Unpack and locate in room 39. Request IP address. Set up terminal. Get serial cable. Terminal and serial cable will be used for Sparky/NetTrail server when coricopat moves to machine room.
DONE Install Solaris 2.6 because it is the version currently supported by the AFS web security pack that I will install later. The two disks have been partitioned as follows: 
    Disk     GB		Mounted on
    disk1    5.6	/
             2		/var
    	     1		/swap

    disk2    8.7	/usr/vice/cache (for AFS)
DONE Install Sun's list of recommended patches for Solaris 2.6. They all install correctly except for:
DONE Set up DNS following these instructions.

May 2000
DONE Install in machine room. Found temporary shelf space next to an available network jack. Final destination will be in a new rack (to be bought).
DONE Request new IP addresses. After some confusion to determine whether any jacks were already live, I got a new IP address, and virtual addresses as well. The ethernet address of the Sun 220R is 8:0:20:c9:e3:17. The IP addresses are: 
  coricopat	128.114.129.71
  coricopat0	128.114.129.72	for www2.ucsc.edu
  coricopat1	128.114.129.78	for people.ucsc.edu
  coricopat2	128.114.129.79	for nettrail.ucsc.edu
DONE Reset host IP address in /etc/hosts, reboot.
DONE Install AFS following these instructions. Formatting the AFS cache took over 24 hours, so I've re-partitioned the 2nd disk into two 4 GB partitions (plus a small extra), and ran the AFS cache on both of them, so that if one becomes corrupted the other one could be swapped in on a moment's notice by unmounting it, and swapping names, then remounting the other one (see /etc/vfstab. Formatting the resized AFS cache took a few hours.

June 2000
DONE Order the AFS Web Security Pack from IBM/Transarc.
DONE Debug Toshio's web registration program. I found the typos which prevented it from working. I also simplified it, since with the secure server there will no longer be a need to save temporary information in local files on the web server (with encryption and file management, no less). Also I removed the quiz at the front (could be reimplemented as a separate program). Also changed some of the "folksy/cute" language it used to communicate with students.

July 2000
DONE Get and install Solaris 2.6 versions of gcc-2.95.2, libstdc++-2.8.1, Perl-5.005_03, GNU make-3.76.1, and GNU tar-1.12 from Sunfreeware.com.
DONE Get and install Netscape 4.73 to read documentation on local file system.
DONE Get and install PHP 4.
DONE Get and install mySQL.
DONE Get and install rsaref (free for non-commercial users), openssl, and mod_ssl for secure Apache.
DONE Get and install Apache following these instructions (local copy).
DONE Test Apache, SSL Apache, mySQL, PHP, and PHP with mySQL. All seem to work fine. I've self-issued a custom server certificate. But it will be better to use a certificate from a certificate Authority (CA), so that people do not get the warnings about the self issued certificate. Netscape and MS-IE have always recognized Verisign as a CA. Thawte as a CA is only recognized by Netscape 3+ and MS-IE 3.01+. Some older browsers may need to have their certificate renewed.
DONE Configure Apache to serve unit web lockers from AFS space.
DONE Set up /etc/init.d/rc.local (and linked to /etc/rc3.d/S99rc.local), so that Apache restarts automatically.
DONE Request virtual host names personal.ucsc.edu and people.ucsc.edu for coricopat1 from scnet.
DONE Configure server for multihosting: www2.ucsc.edu, people.ucsc.edu, nettrail.ucsc.edu in both Apache and Solaris (FAQ, and John's notes). In the /etc directory, create the files hostname.hme:1 for coricopat0, hostname.hme:2 for coricopat2, hostname.hme:3 for coricopat2, and add all the names and IP addresses in the /etc/hosts file. And give the commands: 
  /sbin/ifconfig hme:1 128.114.129.72 up
  /sbin/ifconfig hme:2 128.114.129.78 up
  /sbin/ifconfig hme:3 128.114.129.79 up
to bring everything up without having to restart the web server.
DONE Create new AFS web lockers for www2 and people in /afs/cats.ucsc.edu/www so that it is possible to work on them without requiring access to the web server itself. Users in the cats-www group/list can do so by logging in their usual CATS accounts. I'll need to work on the new home pages. I've temporarily copied the unit and individual pages directories into them.
DONE Begin a list of differences between the old and the new server (so far mostly caused by splitting server into separate virtual servers).
DONE Create home page for people.ucsc.edu. Modify webdir.pl script in /afs/cats/www/cstaff/adm/webdir to create the new required URLs for individual home page. Made it work for both www2 and people.
DONE Create script (in /usr/local/bin/getpasswordfile) to merge global AFS password file with local password file rejecting entries already existing in local password file. Set up cron job to run scripts every night. This enables the ~username syntax in URLs (enabled only for the people.ucsc.edu virtual server). Note that this may break when using the AFS Web Security Pack (?).

August 2000
DONE Adapt U. of Michigan gettoken routine to get AFS tokens on new (non-Athena) server. Could possibly be used to run web server with AFS tokens.
DONE Install swish-e version 1.3.2 (latest stable release). Since the format of the swish index file has changed, I had to compile it for both Solaris and SunOS, so that current searches will keep working. This version uses regex which is not available in SunOS: I got regex 0.12 (latest version) from the GNU ftp site, and compiled it before compiling swish-e on SunOS. The Solaris version was installed in /usr/local/bin.
DONE Reindex all the unit indexes in /afs/cats/www/search/swish. The new version requires more disk space (had to increase the quota in the search locker), and more CPU time (had to increase ticket/token lifetime on bombalurina).
DONE Incorporate John's K5 routines in web registration program, and move its reg_stubs libraries to bombalurina.
DONE Update dircampus cgi-bin script to use CGI and LDAP modules (ldapsearch command doesn't exist on the new server).
DONE Update dircats cgi-bin script to use CGI module.

September 2000
DONE Set up separate logs for each virtual server, wrote rotate_log.pl log rotation script, and set up weekly log rotation via crontab on coricopat.
DONE Finalize register.pl program with John's help. Update student account registration web page.
DONE Set up password.pl program with John's help. Update password change web page.
DONE Move logs generated by cgi-bin scripts into their own subdirectory /usr/local/httpd/logs/cgi-bin on both coricopat and bombalurina. Create link between /usr/local/apache and /usr/local/httpd on coricopat.
DONE Create registerlog.pl program to analyze account registration logs.

October 2000
DONE Modify dircampus.pl and dircats.pl to use new log format using ISO formatted dates, and have results appear on the same page as the query.
DONE Adapt rotate_logs.pl script to rotate cgi-bin logs on bombalurina (do not restart server since it is done by another program). Set up weekly crontab on bombalurina.
DONE Submit prereq for UPS and rack for at least 2 Suns 220R (web and mail servers). Oops, no rack wanted, just UPS: APC Smart-UPS SU3000RM3U.
DONE Set up robots.txt files to prevent marauding robots on coricopat and also on people, nettrail, and www2 virtual servers.
TODO Modify mailform.pl program to use CGI.pm and new ISO formatted dates in its logs. Incorporate new reply page as requested by PIO.
DONE Redirect home page directory to people.ucsc.edu server. Notify pioweb@cats to change their directory page as well.

To do...
TODO Check if System errors reported in the web reg logs are due to time synchronization problems between bombalurina and oscar. Time lag cannot be greater than 10 seconds. reg_svr log file on oscar should have unable to decode message - need to check time messages.
TODO Insert no-caching metatags in register.pl, as was done with phonepac.pl.
TODO Syslog error messages from getpasswordfile script.
TODO Set up Apache to restart in SSL mode: how do you handle SSL pass phrase?
TODO Set up Apache to run as AFS authenticated user.
TODO Set up mySQL servers to restart automatically when machine is rebooted.
TODO Disable the following services following the recommendation from Sun for ISPs: 


  

  TODO
  Install new sendmail.

  

  TODO
  Install SSH.

  

  TODO
  Install AFS web security pack.

  

  TODO
  Install mod_perl.

  

  TODO
  Notify web authors.

  

  TODO
  Install web logs.

  

  TODO
  Duplicate crontab jobs running nightly or weekly bombalurina:
  unit search indexes (nightly), pageindex CATS web pages(nightly),
  others(?).

  

  TODO
  Install Legato backup client.

  

  TODO
  Set up new Apache server that is Athena-aware (angus/other netbsd?) for
  secure account server.  Modify register program to work with it.

  

  TODO
  Review cgi-bin scripts:
  websearch,
  webreport,
  issplog,
  ...

  

  

  Phase 2

  

  TODO
  cgiwrap/suEXEC.

  

  TODO
  FrontPage Extensions.