[LON-CAPA-admin] System upgrade: moving users over?

Lars Jensen ljensen at mail.tmcc.edu
Sat May 16 01:54:05 EDT 2009


Hi Stuart and Stefan,

After trying a fresh-install on my CentOS test server i have come to
the same dead end: I can login, but after login, there are no roles or
courses available. User information is not available either, and
password cannot be changed. The lonUsers directory tree has the
correct ownership, which is www:www, so I'm not sure what's going on.
The users I'm login as are all internally authenticated.

The lonUsers/ and res/ directories were copied over from a server
running suse 10.2, and I changed ownership of both these trees to
www:www on the new server.

Any ideas how to fix this?

Lars.

On Thu, May 14, 2009 at 4:19 PM, Lars Jensen <ljensen at mail.tmcc.edu> wrote:
> Hi Stuart,
>
> Before I upgrade the to CentOS, I'm testing the upgrade on another
> (standalone) system. The new test-system has a different IP and dns
> than the production server. Is it a problem to test on a server with a
> different name?
>
> When trying to access the login page, I always get the following screen first:
>
>
>
> The LearningOnline Network with CAPA
> This LON-CAPA server is temporarily not available for login.
>
> Please attempt to login to one of the following servers:
>
> Then when I click "Refresh" in the browser, I get the normal login
> page. It looks first like everything works normal when I login as dc1,
> but when I try to modify a user I know should exist, the user fields
> come up blank. I'm wondering whether it has to do with the database?
> It is as if the new server is not "seeing" the users...
>
> On the new server, I started he install of CentOS using the directions
> at install.lon-capa.org. Is this the correct procedure? Should I do
> step 6? Do I need to set a mysql password, or is this taken care of by
> copying over the httpd directory from the old server?
>
> At what point should I copy over the old httpd directory?
>
> Should I set up the dc as a file system user before or after copying over httpd?
>
> Thanks,
> Lars.
>
> On Thu, May 14, 2009 at 3:37 PM, Stuart Raeburn <raeburn at msu.edu> wrote:
>> Lars,
>>
>> When switching between SuSE and Fedora/CentOS distros, because of the
>> different encryption algorithms you would need to create the user and group
>> accounts (with the same uids and gids as they had on the original system)
>> from the command line.  That said this only applies to filesystem
>> authenticated users, of which there should only be a few.  Although
>> filesystem authentication (or "UNIX" auth) is still supported in LON-CAPA,
>> in more recent releases it is not available via the web GUI as an option to
>> assign to new users or an authentication type to which existing users can be
>> changed.  As Stefan pointed out, the one filesystem authenticated user you
>> would typically have in a recently created LON-CAPA domain is a Domain
>> Coordinator (if created using the make_domain_coordinator.pl script.
>>
>> The fact that the user can login indicates that authentication is not the
>> issue in this particular case.  It seems it is more likely to be a
>> permissions issue (i.e., the www user can not read the contents of the
>> user's roles.db file, e.g.,  in /home/httpd/lonUsers/tmcc/l/j/e/ljensen) or
>> an architecture change (e.g., 32 bit to 64 bit) if you have changed
>> hardware, between the old installation and the new.  If this is a 32 bit ->
>> 64 bit issue, as described at: http://loncapa.org/hardwareupgrade.html,
>> there is a LON-CAPA script which can be used to copy the db files.
>>
>> The fact that login was possible indicates that the www user was able to
>> view the contents of, for example,
>> /home/httpd/lonUsers/tmcc/l/j/e/ljensen/passwd which contains information
>> about the the authentication type.  Is other information (e.g., from the
>> user's environment.db file - full name, etc., displayed on the roles page
>> which reports  "Currently no active roles or courses"?
>>
>> Stuart Raeburn
>> MSU LON-CAPA group
>>
>> Quoting Lars Jensen <ljensen at tmcc.edu>:
>>
>>> Hi Stefan,
>>>
>>> Thanks for the reply. The problem is that I'm going from suse to
>>> Centos, and apparently it is not possible to just copy over the
>>> password fils - see comment on the page you referred me to:
>>>
>>> "Transfer /etc/passwd, /etc/shadow, /etc/group, /etc/gshadow from the
>>> old machine to the new one
>>>
>>> Warning: this does not work if you go from Fedora to SUSE or vice
>>> versa, since these distributions use different encryption algorithms.
>>> If you switch distributions, you need to make the file-system-based
>>> LON-CAPA users from the command line."
>>>
>>> Two years ago, we went from Fedora to Suse, and we managed to transfer
>>> the users fine. Unfortunately, I don't remember how we transferred the
>>> users, but I recall a similar problem to the one I'm seeing here.
>>>
>>> Lars.
>>>
>>> Stefan Bisitz wrote:
>>>>
>>>> Hi Lars,
>>>>
>>>> I guess that the host entries somewhere in the system are not all
>>>> correctly configured. But before starting to search please have a look
>>>> at:
>>>> http://loncapa.org/hardwareupgrade.html
>>>>
>>>> Your questions should be answered there. If not, please tell so the site
>>>> can be updated.
>>>>
>>>> By the way, creation of a new domain coordinator is not necessary.
>>>> Follow the steps carfully and you'll get your whole old system on the
>>>> new one.
>>>>
>>>> Stefan Bisitz
>>>>
>>>>
>>>> On 13.05.2009, 21:14 -0700, Lars Jensen wrote:
>>>>>
>>>>> Hi everyone,
>>>>>
>>>>> We're preparing for a system upgrade of our lon-capa system. We're
>>>>>  moving from suse to CentOS 5.3. I moved the /home/httpd directory  over and
>>>>> I created the domain coordinator. How do I move the users  over? When I
>>>>> login as a user, I get a "Currently no active roles  or courses" message.
>>>>>
>>>>> Lars.
>>
>>
>>
>> _______________________________________________
>> LON-CAPA-admin mailing list
>> LON-CAPA-admin at mail.lon-capa.org
>> http://mail.lon-capa.org/mailman/listinfo/lon-capa-admin
>>
>




More information about the LON-CAPA-admin mailing list