[LON-CAPA-admin] System upgrade: moving users over?
Stuart Raeburn
raeburn at msu.edu
Sat May 16 08:16:22 EDT 2009
Lars,
Yes, 64 bit on the production server and 32 bit on the testing server
explains the behavior you report. The GDBM roles.db files (and other
.db files in LON-CAPA) created in 64 bit on the production machine are
not readable by the 32 bit GDBM routines installed on the testing
server. Consequently, the user appears to have no roles on the
testing server.
At MSU we use a custom GDBM installed on a testing 32 bit machine
which can work with the format of .db files generated on a 64 bit
machine. I can send you the rpm (with instructions) offlist. Of
course, if you have a 64 bit testing machine available, you could use
that instead to experiment with SuSE -> CentOS migration, and avoid
the architecture-dependent GDBM issue which you have encountered.
Stuart Raeburn
MSU LON-CAPA group
Quoting Lars Jensen <ljensen at mail.tmcc.edu>:
> Hi Stuart,
>
> This just came to my mind: My test server is 32 bit, while my
> production server is x86_64. Could this be why I see no roles? Is thre
> ay way of convrting back to 32 bit while testing?
>
> Lars.
>
> On Fri, May 15, 2009 at 10:54 PM, Lars Jensen <ljensen at mail.tmcc.edu> wrote:
>> Hi Stuart and Stefan,
>>
>> After trying a fresh-install on my CentOS test server i have come to
>> the same dead end: I can login, but after login, there are no roles or
>> courses available. User information is not available either, and
>> password cannot be changed. The lonUsers directory tree has the
>> correct ownership, which is www:www, so I'm not sure what's going on.
>> The users I'm login as are all internally authenticated.
>>
>> The lonUsers/ and res/ directories were copied over from a server
>> running suse 10.2, and I changed ownership of both these trees to
>> www:www on the new server.
>>
>> Any ideas how to fix this?
>>
>> Lars.
>>
>> On Thu, May 14, 2009 at 4:19 PM, Lars Jensen <ljensen at mail.tmcc.edu> wrote:
>>> Hi Stuart,
>>>
>>> Before I upgrade the to CentOS, I'm testing the upgrade on another
>>> (standalone) system. The new test-system has a different IP and dns
>>> than the production server. Is it a problem to test on a server with a
>>> different name?
>>>
>>> When trying to access the login page, I always get the following
>>> screen first:
>>>
>>>
>>>
>>> The LearningOnline Network with CAPA
>>> This LON-CAPA server is temporarily not available for login.
>>>
>>> Please attempt to login to one of the following servers:
>>>
>>> Then when I click "Refresh" in the browser, I get the normal login
>>> page. It looks first like everything works normal when I login as dc1,
>>> but when I try to modify a user I know should exist, the user fields
>>> come up blank. I'm wondering whether it has to do with the database?
>>> It is as if the new server is not "seeing" the users...
>>>
>>> On the new server, I started he install of CentOS using the directions
>>> at install.lon-capa.org. Is this the correct procedure? Should I do
>>> step 6? Do I need to set a mysql password, or is this taken care of by
>>> copying over the httpd directory from the old server?
>>>
>>> At what point should I copy over the old httpd directory?
>>>
>>> Should I set up the dc as a file system user before or after
>>> copying over httpd?
>>>
>>> Thanks,
>>> Lars.
>>>
>>> On Thu, May 14, 2009 at 3:37 PM, Stuart Raeburn <raeburn at msu.edu> wrote:
>>>> Lars,
>>>>
>>>> When switching between SuSE and Fedora/CentOS distros, because of the
>>>> different encryption algorithms you would need to create the user
>>>> and group
>>>> accounts (with the same uids and gids as they had on the original system)
>>>> from the command line. That said this only applies to filesystem
>>>> authenticated users, of which there should only be a few. Although
>>>> filesystem authentication (or "UNIX" auth) is still supported in LON-CAPA,
>>>> in more recent releases it is not available via the web GUI as an
>>>> option to
>>>> assign to new users or an authentication type to which existing
>>>> users can be
>>>> changed. As Stefan pointed out, the one filesystem authenticated user you
>>>> would typically have in a recently created LON-CAPA domain is a Domain
>>>> Coordinator (if created using the make_domain_coordinator.pl script.
>>>>
>>>> The fact that the user can login indicates that authentication is not the
>>>> issue in this particular case. It seems it is more likely to be a
>>>> permissions issue (i.e., the www user can not read the contents of the
>>>> user's roles.db file, e.g., in
>>>> /home/httpd/lonUsers/tmcc/l/j/e/ljensen) or
>>>> an architecture change (e.g., 32 bit to 64 bit) if you have changed
>>>> hardware, between the old installation and the new. If this is a
>>>> 32 bit ->
>>>> 64 bit issue, as described at: http://loncapa.org/hardwareupgrade.html,
>>>> there is a LON-CAPA script which can be used to copy the db files.
>>>>
>>>> The fact that login was possible indicates that the www user was able to
>>>> view the contents of, for example,
>>>> /home/httpd/lonUsers/tmcc/l/j/e/ljensen/passwd which contains information
>>>> about the the authentication type. Is other information (e.g., from the
>>>> user's environment.db file - full name, etc., displayed on the roles page
>>>> which reports "Currently no active roles or courses"?
>>>>
>>>> Stuart Raeburn
>>>> MSU LON-CAPA group
>>>>
>>>> Quoting Lars Jensen <ljensen at tmcc.edu>:
>>>>
>>>>> Hi Stefan,
>>>>>
>>>>> Thanks for the reply. The problem is that I'm going from suse to
>>>>> Centos, and apparently it is not possible to just copy over the
>>>>> password fils - see comment on the page you referred me to:
>>>>>
>>>>> "Transfer /etc/passwd, /etc/shadow, /etc/group, /etc/gshadow from the
>>>>> old machine to the new one
>>>>>
>>>>> Warning: this does not work if you go from Fedora to SUSE or vice
>>>>> versa, since these distributions use different encryption algorithms.
>>>>> If you switch distributions, you need to make the file-system-based
>>>>> LON-CAPA users from the command line."
>>>>>
>>>>> Two years ago, we went from Fedora to Suse, and we managed to transfer
>>>>> the users fine. Unfortunately, I don't remember how we transferred the
>>>>> users, but I recall a similar problem to the one I'm seeing here.
>>>>>
>>>>> Lars.
>>>>>
>>>>> Stefan Bisitz wrote:
>>>>>>
>>>>>> Hi Lars,
>>>>>>
>>>>>> I guess that the host entries somewhere in the system are not all
>>>>>> correctly configured. But before starting to search please have a look
>>>>>> at:
>>>>>> http://loncapa.org/hardwareupgrade.html
>>>>>>
>>>>>> Your questions should be answered there. If not, please tell so the site
>>>>>> can be updated.
>>>>>>
>>>>>> By the way, creation of a new domain coordinator is not necessary.
>>>>>> Follow the steps carfully and you'll get your whole old system on the
>>>>>> new one.
>>>>>>
>>>>>> Stefan Bisitz
>>>>>>
>>>>>>
>>>>>> On 13.05.2009, 21:14 -0700, Lars Jensen wrote:
>>>>>>>
>>>>>>> Hi everyone,
>>>>>>>
>>>>>>> We're preparing for a system upgrade of our lon-capa system. We're
>>>>>>> moving from suse to CentOS 5.3. I moved the /home/httpd
>>>>>>> directory over and
>>>>>>> I created the domain coordinator. How do I move the users over? When I
>>>>>>> login as a user, I get a "Currently no active roles or
>>>>>>> courses" message.
>>>>>>>
>>>>>>> Lars.
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> LON-CAPA-admin mailing list
>>>> LON-CAPA-admin at mail.lon-capa.org
>>>> http://mail.lon-capa.org/mailman/listinfo/lon-capa-admin
>>>>
>>>
>>
>
> _______________________________________________
> LON-CAPA-admin mailing list
> LON-CAPA-admin at mail.lon-capa.org
> http://mail.lon-capa.org/mailman/listinfo/lon-capa-admin
>
More information about the LON-CAPA-admin
mailing list