LOCKSS on LINUX
CentOS6 Installation Manual
08/22/2013
1
Table of Contents
Overview ........................................................................................... 3
LOCKSS Hardware ........................................................................... 5
Installation Checklist........................................................................ 6
BIOS Settings.................................................................................... 9
Installation ...................................................................................... 10
Firewall Configuration.................................................................... 24
LOCKSS Daemon Configuration................................................... 26
Accessing LOCKSS........................................................................ 32
Appendix A: Netmask CIDR Translations ................................... 34
Please read these instructions carefully – if you have any questions,
contact us by email at [email protected] – we are here to
support you through this process.
2
Overview
This document explains how to install and maintain the LOCKSS software on a dedicated
Linux system.
The LOCKSS team has created a downloadable Linux netinstall CD based on the CentOS
Linux distribution (see http://www.centos.org for more information about CentOS). The
LOCKSS Net Install CD uses a Kickstart file that automates several parts of the Linux
installation to produce a configuration appropriate for LOCKSS. It creates a disk
partitioning layout utilizing software RAID when possible, selects a recommended set of
Linux packages, and configures the Linux environment for the LOCKSS daemon.
LOCKSS Networks
A LOCKSS box belongs to a LOCKSS network. Each LOCKSS network has specific
preservation goals. The document covers the installation of a LOCKSS box in the Global
LOCKSS Network (GLN).
The instructions in this manual apply to all LOCKSS boxes regardless of which LOCKSS
network they will be a part of. As required, notes for LOCKSS networks (other than the
GLN) will be represented in boxes like this:
Private LOCKSS Network (PLN)
This document describes the configuration for a Global LOCKSS Network (GLN).
Private LOCKSS Network (PLN) installations have a few minor configuration
differences which will be indicated in a yellow colored box like this one.
3
Document Structure
This document has a preparation phase and an installation phase. You should complete
the entire preparation phase before attempting the installation.
Preparation Phase
1. Hardware – Choosing a real or virtual hardware configuration to run the LOCKSS
software on Linux.
2. Installation Checklist – Gathering information about your site and downloading
the installation software.
Installation Phase
3. BIOS Settings – Checking your SATA compatibility and system power settings in
your LOCKSS box BIOS.
4. Installation - Installing the Linux operating system and the LOCKSS software
using the LOCKSS Net Install CD.
5. Firewall Configuration – Setting up the Linux firewall to limit SSH access to your
LOCKSS box.
6. LOCKSS Daemon Configuration – Configuring LOCKSS for your site.
7. Accessing LOCKSS – Connecting to the Web Administrative UI.
8. Maintenance – Setting up automatic updates for Linux and LOCKSS software.
4
LOCKSS Hardware
The CentOS 6 LOCKSS CD uses the 64-bit version of CentOS Basic Server installation
package. It will not work on older hardware that only runs 32-bit architecture. We
recommend installing LOCKSS on a dedicated workstation, server or virtual machine
with the following characteristics:
•
•
•
A 64-bit capable x86 Intel compatible dual-core CPU. A quad-core CPU is
preferred.
A minimum of 8GB of memory
A bootable CD or DVD drive
Hard disk capacity is perhaps the most important part of a LOCKSS box. The amount of
disk space you need is dependant upon which LOCKSS network you intend to join and
how much of the available content in the LOCKSS network you intend to preserve. Over
time you should expect that your LOCKSS box will fill its disk capacity.
The LOCKSS Linux installation will attempt to partition your disks using software RAID
(if you have two or more disks), which improves the availability of your LOCKSS box by
storing your data redundantly across multiple hard disks. In some cases the use of
software RAID is inappropriate and a modified installation method should be used.
You are encouraged to review your hardware configuration and ask any questions you
might have prior to installation by contacting the LOCKSS team over email at [email protected]
Standalone Servers: You should choose a solution that can host many separate drives.
A typical LOCKSS box will have 4 hard drives. Modern 2U servers can hold 8 or 12
hard drives – these are preferable because they can use more disks.
Virtual Servers: Virtual servers normally use an SAN or other type of network storage
device. If these devices are configured with Hardware RAID, the automatic software
RAID configuration should not be used. The CD will allocate 8GB on your virtual hard
disk for Linux, another 8GB for swap, and any remaining space will be used for data
filesystem(s).
Red Hat: If you prefer to use Red Hat instead of CentOS, you may obtain the necessary
media and license for you LOCKSS box and then integrate LOCKSS on top of Red Hat.
Contact the LOCKSS team by email at [email protected] for assistance.
5
Installation Checklist
You need to enter several pieces of information during the installation and configuration
of LOCKSS. Please collect all this information before you start the installation process
so it’s available when you need it.
LOCKSS box basic network
information
Value
Fully Qualified Hostname
IP address
Netmask (CIDR format)
Gateway IP address
Primary DNS IP address
Secondary DNS IP address
LOCKSS box advanced
network information
External NAT IP Address (if
applicable)
Proxy Server IP Address (if
applicable)
Proxy Port for Configuration
URL (if applicable)
Value
LOCKSS box email information Value
Mail relay hostname
Mail relay username (if
applicable)
Mail relay password (if
applicable)
LOCKSS Administrator email
address
6
User network(s) accessing the
LOCKSS Web Administrative
UI
Value
network 1 (CIDR format)
network 2 (CIDR format)
network 3 (CIDR format)
passwords
root password (Linux – 6
character minimum)
Web Administrative UI
username
Web Administrative UI
password
Value
lockss
Private LOCKSS Network (PLN)
PLN users must enter these values during LOCKSS daemon configuration. These values
should be provided by your PLN administrator.
LOCKSS Daemon
Item
Configuration
URL
Preservation
group(s)
Value
7
Software Download – LOCKSS Net Install CD
Download and burn the LOCKSS Net Install CD image to a blank CD. The link to the
CD image is published on the LOCKSS installation page located here:
http://www.lockss.org/support/build-a-lockss-box/
Contact the LOCKSS support team before you start
Please contact the LOCKSS support team by email at [email protected]
indicating you are preparing to start the installation. Please include the following
information in your email:
-
the IP address of your LOCKSS box (your IP address must be registered with the
central LOCKSS props server)
indicate if there is an external firewall between your LOCKSS box and the
Internet - we’ll need to provide you with firewall rules to add to your external
firewall.
8
BIOS Settings
Reboot your LOCKSS box and enter your system BIOS. If you are unsure how to enter
your system BIOS, consult your system manual or manufacturer. You are also welcome
to email us at [email protected] and we will try to help.
In the BIOS, check the following settings and change them if necessary:
•
If you have SATA disks, check that SATA compatibility is set to AHCI (or
"RAID") and not IDE-compatible or PATA emulation. Some BIOS systems may
instead indicate a “native” or “normal” or “compatibility” mode for the SATA
controller – always choose the SATA mode that is “native” or “normal”. (The
compatibility mode on a SATA controller is provided in BIOS for older operating
systems that do not support SATA directly)
•
Check that the power setting is set to 'Restore to previous state' -- this allows the
LOCKSS box to automatically resume normal operation when power is restored
after a power failure.
9
Installation
Put the LOCKSS Net Install CD in the LOCKSS box CD drive, then power on the
LOCKSS box. If the LOCKSS box doesn’t boot the CD, you may need to hit a boot
order key (such as F12) during power-up to change the boot order.
This is the first screen you’ll see when booting:
Hit the Enter key on your keyboard to boot from the first “Recommended” option.
NOTE: The “Manual Setup” does not do automatic disk partitioning. It is used for
reinstallating CentOS or overriding Software RAID configuration on a multiple disk
server. Please contact the LOCKSS support team by email at [email protected] for assistance with using this.
10
Many lines of text will scroll down the screen – it will be 10 to 40 seconds before the
next screen comes up:
Choose your language. The mouse does not work – you must use the up arrow and down
arrow keys on your keyboard to select your language. Then hit the Enter key on your
keyboard to accept your choice.
11
Choose your keyboard type. You can use the up arrow and down arrow keys on your
keyboard to select your language. Then hit the Enter key on your keyboard to accept
your choice.
12
Configure TCP/IP. You will make several changes on this screen. To begin, hit the
down arrow key on your keyboard twice to move the red cursor to “Manual
configuration” under “Enable IPv4 support”, and then hit the space bar on your keyboard
to select it. Then hit the down arrow key on the keyboard one more time to move the red
cursor to “Enable IPv6 Support” and hit the space bar on the keyboard to turn off all IPv6
support. Then hit the down arrow key on the keyboard one last time so the OK button is
highlighted.
13
Compare your screen to the picture above – they should be identical. Press the Enter key
on the keyboard to proceed.
14
Manual TCP/IP Configuration. Use up/down arrows to move between fields, use
left/right arrows to move within each field. Referring back to the Installation Checklist
you filled out earlier:
•
•
•
•
put the IP Address from the Installation Checklist in the first field of the IPv4
address
put the Netmask (CIDR format) from the Installation Checklist in the second field
of the IPv4 address
put the Gateway IP address from the Installation Checklist in the Gateway field
put the Primary DNS IP address from the Installation Checklist in the Name
Server field
Finally, hit the down arrow key to highlight the OK button.
15
Compare your screen to the picture above. The values in the fields will be different, but
the pattern should look the same. Press the Enter key on the keyboard to proceed.
16
This screen should be briefly visible. If it stays up for a 10 to 20 seconds and is replaced
by a blank screen for 3-5 minutes and then shows an error message stating it was “Unable
to retrieve” (see screen below) then there was a problem configuring the network.
If you see this screen, then power off your LOCKSS box by pressing and holding in the power button until
it goes off, then check that the network wiring is good, and then start again from the beginning, taking extra
care when you are filling in the network information.
17
Install information is now downloading. You might see this screen flash by or it may
stay up for up for as long as 10 minutes – the length of time this screen is visible depends
on how fast the Internet is working at your LOCKSS box location.
18
We have entered the graphical part of the installation. Now your mouse should work,
and you should start using it.
1) Click on the white box that says “System clock uses UTC”. A check mark should
appear inside the box.
2) Set your time zone by choosing the location closest to you from the list of locations
(it’s a very long list). OR you may click with your mouse on the map in the part of world
where your LOCKSS box is located, and choose a city (one of the dots) that is closest to
you and in your time zone.
19
Ensure that the checkbox next to “System clock uses UTC” is checked and that the
correct time zone is set for your LOCKSS box location.
Press the Next button
20
This is the root password screen. Enter the root password you indicated in the
Installation Checklist. The password should not be easy to guess. You’ll need to enter it
twice – the characters will not appear as you type them.
After entering your password twice, click on the Next button.
Please note the root password in a safe place; only you have this information!
21
A Centos Installation screen will appear. First it will indicate that it is formatting your
filesystems, and then it will tell you what package it is installing. A progress bar tracks
the installation. After the last package is installed and the progress bar is full, you’ll see a
message that says “Running post-install scripts”.
The entire process can take anywhere from 10 minutes to 60 minutes, depending on the
speed of your LOCKSS box and its internet connection.
If you see this screen, contact [email protected] to get help removing your existing partitions.
This is a safety measure to prevent you from accidentally wiping out an existing system.
22
Remove the LOCKSS CentOS Installation CD from your CD drive, and then click on the
Reboot button to complete the CentOS installation and reboot your LOCKSS box.
23
Firewall Configuration
The LOCKSS daemon requires that port 9729 is accessible to the internet. Ports 22,
8080, and 8081 are used to administrate and monitor the LOCKSS box.
The following steps will limit who can access Port 22 (SSH access).
Step 1: Log in to the LOCKSS box as root. You will have to give the password you set
during installation.
Step 2: type “/etc/lockss/lockss-config-iptables” and hit the enter key. This is what
you’ll see:
Step 3: Enter the “networks accessing LOCKSS” you listed in the Installation Checklist
section and hit enter. If you have more than one network to add, put a space between
each network, and don’t worry when the line wraps on your screen. Hit the enter key
when you are done.
24
Step 4: The next question asks you if the LOCKSS support team should be allowed
access into your LOCKSS box. The recommended answer is “Y” (for Yes).
Step 5: type “service iptables restart” and hit the enter key. This loads the firewall
configuration you just created into your LOCKSS box.
Step 6: Test an SSH connection from a remote PC to the LOCKSS box that is on one of
your administrative networks to make sure you can still get in. If possible, test a SSH
connection from somewhere else that is not on one of the networks you listed – you
should not be able to connect.
25
LOCKSS Daemon Configuration
The LOCKSS daemon requires several configuration values from the Installation
Checklist you prepared earlier. Example input is shown in the examples below – your
input values will be different.
Step 1: Log in to the LOCKSS box as root.
Step 2: We need to know how many data storage areas the Linux Installation allocated
for LOCKSS. Type “ls –d /cache*” and hit the enter key. Here’s example output:
In this example we see two data storage areas - /cache0 and /cache1. Record your result
somewhere – you’ll need this information soon.
Step 3: type “/etc/lockss/hostconfig” and hit the enter key. This is what you’ll see:
The Fully Qualified Hostname from your Installation Checklist should appear in the
brackets. Press the enter key to accept the value.
Step 4: The IP address from your Installation Checklist should appear in the brackets.
Press the enter key to accept the value.
26
Step 5: If you listed an External NAT IP address for your LOCKSS box in the
Installation Checklist, you should enter Y to this question, and then enter the External
NAT IP address when prompted. If your LOCKSS box network does not use NAT, then
just press the enter key to accept the default value of “N”.
Step 6: Indicate which network you will use to initially access the Web Administrative
UI by entering LOCKSS access network 1 from the Installation Checklist. The network
listed in brackets is the network that your LOCKSS box is on – this network
automatically has access to the Web Administrative UI. You will be able to add all the
additional networks you have listed in the Installation Checklist inside the Web
Administrative UI.
Initial Prompt:
After entering LOCKSS access network 1:
Step 7: LCAP port, accept default by hitting the enter key.
Step 8: Proxy port, accept default by hitting the enter key.
Step 9: Web Administrative UI port, accept default by hitting the enter key.
27
Step 10: Enter Mail Relay hostname from the Installation Checklist.
After entering a mail relay hostname:
Step 11: If you listed a Mail relay username and password for your LOCKSS box in the
Installation Checklist, you should enter Y to this question, and then enter the username
and password when prompted. If your mail relay host does not need a username and
password, then just press the enter key to accept the default value of “N”.
Step 12: Enter the LOCKSS Administrator email address from the Installation Checklist
and press the enter key.
After entering an example LOCKSS Administrator email address:
Step 13: Path to java, accept default by pressing the enter key.
Step 14: Java switches, accept default by pressing the enter key.
28
Step 15: Configuration URL, accept default by pressing the enter key.
Private LOCKSS Network (PLN)
Do not accept the default value – enter the Configuration URL you listed in
the Installation Checklist and then press the enter key.
Step 16: If you listed a Proxy Server IP Address and a Proxy Port for Configuration URL
for your LOCKSS box in the Installation Checklist, you should enter them here (putting a
colon between the IP address and the port number) Otherwise you should just press the
enter key.
Step 17: Preservation group(s), accept the default by pressing the enter key.
Private LOCKSS Network (PLN)
Do not accept the default value – enter the Preservation group(s) you listed in
the Installation Checklist and then press the enter key.
29
Step 18: At the beginning of this section (Step 2) you recorded the names of the data
storage areas – we need that information now.
In our example earlier, we recorded two data storage areas, /cache0 and /cache1. To
derive our Content storage directories list, we append “/gamma” to each storage area,
then use a semicolon to separate the first storage area from the second.
After input:
NOTE: If you had only one storage area (/cache0) listed from Step 2, then you would
enter “/cache0/gamma” for this step.
Step 19: Temporary Storage Directory, accept default by pressing the enter key.
Step 20: Web Administrative UI username – input lockss and then press the enter key.
After input:
Step 21: Web Administrative UI password - you are asked to enter it twice. The
password will not be visible as you type. Make sure to remember this username and
password – you’ll use the Web Administrative UI to interact with the LOCKSS system.
30
Step 22: Compare your settings with your Installation Checklist. If it’s OK, press Y to
save the LOCKSS configuration you have just created. Otherwise, press N and you will
be taken back to the beginning.
Step 23: After confirming the configuration, you’ll be asked to confirm the creation of
your content storage directory(s), /var/log/lockss, and /cache0/gamma/tmp – answer Y to
all questions.
Step 24: (ONLY if you are not doing an OpenBSD Data Transition) Start the
LOCKSS daemon by typing “/etc/init.d/lockss start” and hit the enter key.
31
Accessing LOCKSS
The LOCKSS daemon starts automatically when the LOCKSS box is booted.
Go to the computer you want to use the Web Administrative UI from. Open an Internet
Browser, enter the Fully Qualified Hostname from your Installation Checklist into the
address bar, and then add on “:8081” to the end.
When you connect, you should be challenged for a username and password:
Enter the username as “lockss” and enter the Web Administrative UI password you listed
in the Installation Checklist. Click on the OK button, and you should see the Web
Administrative UI home page that looks something like this:
32
Congratulations!
You have finished the LOCKSS on Linux installation! We would be delighted to get
your feedback and any improvements you might suggest to us – please email your
comments to [email protected]
33
Appendix A: Netmask CIDR Translations
This Netmask Translation Table shows CIDR values and the equivalent dotted decimal
notation. You can find additional CIDR tools online by searching for “CIDR
Calculator.”
CIDR
/1
/2
/3
/4
/5
/6
/7
/8
/9
/10
/11
/12
/13
/14
/15
/16
/17
/18
/19
/20
/21
/22
/23
/24
/25
/26
/27
/28
/29
/30
/31
/32
Dotted Decimal Notation
128.0.0.0
192.0.0.0
224.0.0.0
240.0.0.0
248.0.0.0
252.0.0.0
254.0.0.0
255.0.0.0
255.128.0.0
255.192.0.0
255.224.0.0
255.240.0.0
255.248.0.0
255.252.0.0
255.254.0.0
255.255.0.0
255.255.128.0
255.255.192.0
255.255.224.0
255.255.240.0
255.255.248.0
255.255.252.0
255.255.254.0
255.255.255.0
255.255.255.128
255.255.255.192
255.255.255.224
255.255.255.240
255.255.255.248
255.255.255.252
255.255.255.254
255.255.255.255
34