|
The purpose of this document is to provide comprehensive
information on how to prepare Linux and Unix servers for the installation of H-Sphere
components by the Positive Software team or by customers themselves.
It covers the following topics:
Please also read the following:
Note: We don't install H-Sphere on live servers and we
don't take responsibility if your functional services go down
during the H-Sphere installation.
Preferred Operating Systems
Before requesting H-Sphere installation, make sure
to install one of the following operating systems:
a) RedHat Linux 7.2, 7.3
b) RedHat Enterprise Linux up to v.3.0
(WS,
ES,
AS)
c) CentOS 3.1
d) FreeBSD 4.8 and 4.9 (not recommended for the CP server)
We also recommend that you read a
related discussion
in our forum.
HDD Partitioning
H-Sphere is installed to the /hsphere directory. It
can be located on any partition, preferably other than root, and
a symlink to this directory is created, e.g.:
# mkdir -p /home/hsphere
# ln -s /home/hsphere /hsphere
The ideal solution, however, is to dedicate a partition
solely to H-Sphere files and mount it as /hsphere. As the result,
you should have at least two partitions, / and /home.
Having only one partition can cause certain problems. For instance,
if disk quota gets damaged, you cannot repair it without server
reboot and fsck check in the single user mode.
One Server Installation
If you are installing H-Sphere to one box, make sure to
have at least two IPs available, because some features (like OpenSRS)
require at least two DNS servers.
Also, note that on one server installations the postgresql hosting
feature isn't included, because of the H-Sphere system database.
If you are going to install H-Sphere to one box, consider
the following example for a computer with 20 GB HDD:
/root partition 0.5 - 1.5 GB (/etc, /tmp, /root)
/usr 1.5 - 3 GB
/var 3 - 5 GB - used for mail and MySQL files
/hsphere (or /home) - the remaining disk space for H-Sphere installation
and hosting: the more users, the more disk space is required. If
you want to have SiteStudio, it will also be installed onto this
partition. However, this will require at least 512 RAM and a 500MHz processor.
In addition, you can create a separate mail partition
for the H-Sphere mail system. Its size will depend on your mail
quotas for users and the number of mailboxes.
Multiple Server Installation
If you have three boxes, it is recommended to put your
control panel on a separate box. Consider the following partitioning
scheme for a three-server configuration:
1) Control Panel:
The partitioning requirements are the same as those for the
operating system. This box will have the H-Sphere control panel,
system database, and SiteStudio.
2) Web + DNS2:
/ -500 MB - /etc, /tmp, /root
/usr -3GB
/var -3GB
/hsphere - takes the rest of the space and is the biggest partition
3) Mail + DNS1 + MySQL+PostgreSQL:
/ -500 MB
/usr -3GB
/var - takes the rest of the space for mail and MySQL files.
There are no more requirements to partitioning the servers, just
make sure there is enough disk space to store user and other H-Sphere
data.
Required Components and Configuration
Prior to the installation, make sure your server has
the following:
OpenSSH
- Install OpenSSH package on each H-Sphere box.
You can use standard RPMs under Linux or packages under FreeBSD.
Usually, the standard Linux and FreeBSD installations contain
the OpenSSH package, you can use it without any restrictions.
However, we recommend to update the package to the last version.
SSH keys need to be configured under the cpanel user.
- To enable Permit Root Login, open file /etc/ssh/sshd_config
and uncomment the line:
PermitRootLogin yes
Make sure PermitRootLogin is set to yes. Then restart SSH:
/etc/rc.d/init.d/sshd restart
- Make sure that the .ssh directory has permissions 700
and the authorized_keys and authorized_keys2
files have permissions 600.
- Enable the OpenSSH daemon start at server startup.
- Start the OpenSSH daemon.
Disk Quota
Enable the disk quota feature on each H-Sphere web server. There is no need to enable it
on other servers. To enable disk quota:
- Log in as root.
- Insert the usrquota directive (userquota for FreeBSD) into the /etc/fstab file
for the corresponding partition. On Linux, it must look similar to this:
LABEL=/hsphere /hsphere ext2 defaults,usrquota 1 1
On FreeBSD, it must look similar to this:
LABEL=/hsphere /hsphere ext2 defaults,userquota 1 1
- Execute the following commands:
quotaoff /partition_with_userquota_enabled
mount -o remount /partition_with_userquota_enabled (Linux only, skip this line with FreeBSD)
rm -rf /partition_with_userquota_enabled/aquota.user /partition_with_userquota_enabled/quota.user
quotacheck /partition_with_userquota_enabled
quotaon /partition_with_userquota_enabled
If quotacheck returns this error:
quotacheck: Cannot get quotafile name for /dev/xxx
Do the following:
1) # touch /partition_with_userquota_enabled/aquota.user
2) # quotacheck -m /partition_with_userquota_enabled
and ignore the message:
"quotacheck: WARNING - Quotafile /partition_with_userquota_enabled/aquota.user was probably truncated.
Can't save quota settings..."
3) quotaon /partition_with_userquota_enabled
- FreeBSD web server installations: Enable disk quota in the kernel configuration.
Also, in /etc/default/rc.conf set:
enable_quotas="YES"
Root Partitions: we don't recommend enabling the disk quota feature on root partitions.
Use other partitions for this! Therefore, we advise not to place H-Sphere files on the root partition.
Quotacheck: quota versions can have some differences on different OSs.
You may need to execute the quotacheck command with some additional parameters.
Please read the command manual before performing this action.
Ports
In your firewall settings, open the following ports in both directions and
specify the connection type - tcp or udp or both.
We need that firewall be configured by our customers.
PIX firewall doesn't work correctly with H-Sphere and SiteStudio, because
it doesn't allow servers within one H-Sphere cluster to communicate by external IPs, which is critical
for both products.
| Port |
Usage |
CP Server |
Web Server |
Mail Server |
DNS Server |
MySQL Server |
PGSQL Server |
Real Server |
Windows Server |
MS SQL Server |
| 20 |
FTP-DATA |
tcp |
tcp |
|
|
|
|
|
tcp |
|
| 21 |
FTP |
tcp |
tcp |
|
|
|
|
|
tcp |
|
| 22 |
SSH |
tcp |
tcp |
tcp |
tcp |
tcp |
tcp |
tcp |
|
|
| 25 |
SMTP |
|
|
tcp |
|
|
|
|
tcp |
|
| 53 |
DNS |
|
|
|
tcp and udp * |
|
|
|
|
|
| 80 |
HTTP |
|
tcp |
tcp |
|
|
|
tcp |
tcp |
tcp |
| 110 |
POP |
|
|
tcp |
|
|
|
|
|
|
| 143 |
IMAP |
|
|
tcp |
|
|
|
|
|
|
| 443 |
HTTPS |
|
tcp |
|
|
|
|
|
tcp |
|
| 587 |
submission |
|
|
tcp |
|
|
|
|
|
|
| 873 |
RSYNC |
tcp between H-Sphere servers |
tcp between H-Sphere servers |
tcp between H-Sphere servers |
tcp between H-Sphere servers |
tcp between H-Sphere servers |
tcp between H-Sphere servers |
tcp between H-Sphere servers |
tcp between H-Sphere servers |
tcp between H-Sphere servers |
| 1433 |
MS SQL |
|
|
|
|
|
|
|
tcp |
tcp |
| 1922 |
IMAGEMAKER |
tcp for localhost only |
|
|
|
|
|
|
|
|
| 3306 |
MySQL |
|
|
|
|
tcp |
|
|
tcp |
|
| 3389 |
Terminal Service |
|
|
|
|
|
|
|
tcp |
tcp |
| 5432 |
Postgres |
|
|
|
|
|
tcp |
|
tcp |
|
| 5631 |
pcAnywhere |
|
|
|
|
|
|
|
tcp (optional) |
tcp (optional) |
| 8007 |
Apache JServ |
tcp for localhost only |
|
|
|
|
|
|
|
|
| 8080 |
HTTP |
tcp |
|
|
|
|
|
|
|
|
| 8443 |
SSL |
tcp |
|
|
|
|
|
|
|
|
| 55000 |
OpenSRS |
tcp (if used) |
|
|
|
|
|
|
|
|
| 10125 |
SOAP** |
tcp between H-Sphere servers |
|
|
|
|
|
|
tcp |
tcp |
* For highest security, open:
- udp permanently;
- tcp worldwide during H-Sphere installation and post-installation tests;
- tcp between H-Sphere DNS servers permanently.
** SOAP (Simple Object Access Protocol) serves data communication between Control panel and Windows servers in H-Sphere 2.4 Beta 6 and higher.
DNS Server
If your DNS server is using bind 8.x, it can be
upgraded to run with H-Sphere, but old domains would still have to
be managed by hand. Please agree your DNS server upgrade with
our installation team.
* As of now we don't provide support for Reverse DNS configuration.
gcc Compiler
Make sure you have gcc compiler installed on each box.
compat3x package
On FreeBSD 4.X servers, make sure to have the compat3x package installed
for compatibility with 3.x. To diagnose if your compat3x is missing, run
/stand/sysinstall
and then go to Configure -> Distributions
Now that you have prepared the servers, you can proceed to
H-Sphere installation or
request installation by Psoft.
Remove Impeding Packages
Uninstall the following standard packages that come with OS installations.
H-Sphere installation package will set up replacement packages.
| RedHat Linux |
FreeBSD |
Apache (RH all versions):
rpm -e --nodeps `rpm -qa|grep -i httpd`
PgSQL, MySQL (RH all versions):
rpm -e --nodeps `rpm -qa|grep -i sql`
JAVA, JDK, JRE (RH all versions):
rpm -e --nodeps `rpm -qa|grep -i java`
rpm -e --nodeps `rpm -qa|grep -i jdk`
rpm -e --nodeps `rpm -qa|grep -i jre`
Kaffe (RH 7.1, 7.2):
rpm -e --nodeps `rpm -qa|grep -i kaffe`
JAKARTA (RH ES, WS, AS):
rpm -e --nodeps `rpm -qa|grep -i jakarta`
BIND (RH all versions):
rpm -e --nodeps `rpm -qa|grep -i bind|grep -v ypb`
Rsync (RH all versions):
rpm -e --nodeps --quiet `rpm -qa|grep -i rsync`
XFree86 (RH all versions):
rpm -e --nodeps `rpm -qa|grep -i XFree86-libs`
rpm -e --nodeps `rpm -qa|grep -i XFree86-xfs`
rpm -e --nodeps `rpm -qa|grep -i XFree86-Xvfb`
rpm -e --nodeps `rpm -qa|grep -i XFree86-base-fonts`
rpm -e --nodeps `rpm -qa|grep -i XFree86-font-utils`
Other RPMs (only RH ES, WS, AS):
Hesiod
rpm -e --nodeps `rpm -qa|grep -i hesiod`
Gettext
rpm -e --nodeps `rpm -qa|grep -i gettext`
ispell/aspell/pspell:
rpm -e --nodeps --quiet `rpm -qa|grep -i spell`
After the RPMs have been removed, run:
rpm --rebuilddb
|
Apache:
pkg_delete -f `pkg_info|grep -i apache`
PgSQL, MySQL:
pkg_delete -f `pkg_info|grep -i sql`
JAVA, JDK, JRE:
pkg_delete -f `pkg_info|grep -i java`
pkg_delete -f `pkg_info|grep -i jdk`
pkg_delete -f `pkg_info|grep -i jre`
BIND:
pkg_delete -f `pkg_info|grep -i bind|grep -v ypb`
Rsync:
pkg_delete -f `pkg_info|grep -i rsync`
|
|
