[LON-CAPA-cvs] cvs: doc /build scientific7_install.frag

raeburn raeburn at source.lon-capa.org
Wed Mar 17 13:03:32 EDT 2021 

raeburn		Wed Mar 17 17:03:32 2021 EDT

  Modified files:              
    /doc/build	scientific7_install.frag 
  Log:
  Scientific Linux 7 installation 
   - Either firewalld or iptables can be used with LON-CAPA 2.11.3.
   - SELinux configuration
  
  
Index: doc/build/scientific7_install.frag
diff -u doc/build/scientific7_install.frag:1.3 doc/build/scientific7_install.frag:1.4
--- doc/build/scientific7_install.frag:1.3	Tue Mar  9 13:49:36 2021
+++ doc/build/scientific7_install.frag	Wed Mar 17 17:03:32 2021
@@ -84,27 +84,50 @@
        IP address.  When configuring your network card, be sure to unselect
        the DHCP option and enter in your network information.</dd>
    <dt>Software</dt>
-   <dd>Click the "Customize Now" radio button and for a minimal install uncheck all packages except "Base" in the Base System category.  If you leave other packages checked in any of the other categories, you'll need additional ISO CDs.</dd>
+   <dd>Click the "Customize Now" radio button and select a minimal install.
 </dl>
 <p>
 Finish installing your server, reboot it, and log in as root.
 </p>
 <h3>Firewall and SELinux Configuration</h3>
 <p>
-The first time you log-in, the Setup Agent will be displayed. (If you exit it early you can enter it again by running the command
+Starting with LON-CAPA 2.11.3 you have the option of using either firewalld or iptables to
+manage the Firewall on your CentOS 7 server/VM, as both are compatible with LON-CAPA's
+port management.</p>
+<p>Enable access to standard web server ports (i.e., http and https) as follows, if
+using firewalld::</p>
+<pre>
+systemctl enable firewalld
+systemctl start firewalld
+firewall-cmd --zone=public --permanent --add-service=http
+firewall-cmd --zone=public --permanent --add-service=https
+firewall-cmd --reload
+</pre>
+<p>If you prefer to use the traditional iptables package instead of the default firewalld,
+you will need to install iptables-services, disable firewalld, enable iptables, and then
+use the system-config-firewall-tui tool to configure the Firewall.
 </p>
 <pre>
-setup
+yum install iptables-services
+systemctl mask firewalld
+systemctl enable iptables
+systemctl enable ip6tables
+systemctl stop firewalld
+systemctl start iptables
+systemctl start ip6tables
 </pre>
 <p>
-This tool should be used to configure the Firewall and SELinux.
+Install the system-config-firewall-tui package and configure the Firewall.
 </p>
+<pre>
+yum install system-config-firewall-tui
+system-config-firewall-tui
+</pre>
 <ol>
   <li>Select Security Level: Enabled, and Customize, to allow
       incoming: SSH (remote login), WWW (HTTP) and secure WWW
       (HTTPS).
   </li>
-  <li>Set SELinux to Disabled.</li>
   <li>Select OK, and then Quit</li>
 </ol>
 
@@ -128,6 +151,7 @@
 Retrieve the scientific_loncapa_yum.conf file from the LON-CAPA install site:
 </p>
 <pre>
+yum install wget
 wget http://install.loncapa.org/versions/scientific/7/scientific7_loncapa_yum.conf
 </pre>
 <p>
@@ -159,6 +183,23 @@
 <tr><td>sl-security/x86_64</td><td>Scientific Linux 7x - x86_64 - security updates</td></tr>
 </table>
 
+<h3>Configure SELinux</h3>
+<p>
+The default Scientific Linux 7 installation includes SELinux enabled. Until such time as an SELinux security policy has been created for LON-CAPA, SELinux should be disabled.
+Retrieve the loncapa_selinux_config file from the LON-CAPA install site:
+</p>
+<pre>
+wget http://install.loncapa.org/versions/scientific/7/loncapa_selinux_config
+</pre>
+<p>
+Install the selinux config file
+</p>
+<pre>
+mv /etc/selinux/config /etc/selinux/config.backup
+mv loncapa_selinux_config /etc/selinux/config
+reboot
+</pre>
+
 <h2>5. <a name="ilc">Installing LON-CAPA</a></h2>
 <h3>Import the LON-CAPA encryption key</h3>
 <pre>rpm --import http://install.loncapa.org/versions/scientific/RPM-GPG-KEY-loncapa</pre>
@@ -259,7 +300,7 @@
 To configure and install LON-CAPA, execute the following commands:
 </p>
 <pre>
-cd /root/loncapa-X.Y.Z     (X.Y.Z should correspond to a version number like '2.11.1')
+cd /root/loncapa-X.Y.Z  (X.Y.Z should correspond to a version number like '2.11.1')
 ./UPDATE
 </pre>
 <p>
@@ -288,7 +329,7 @@
 </p>
 <pre>
 /etc/init.d/loncontrol start
-/etc/init.d/httpd start
+systemctl start httpd
 </pre>
 <p>
 If you receive warnings when starting the httpd about missing perl modules,

More information about the LON-CAPA-cvs mailing list