Monday, October 31, 2005

Install a real boinc server on ubuntu (breezy badger)

This howto will try to explain step by step how to install a boinc server on ubuntu.

Install Ubuntu



  1. Get the ubuntu distribution and tip a CD, you can get the CD on http://www.ubuntu.com/download/. When the installation runs, write server (it will install only the minimum for the installation).
  2. When you start Ubuntu you have some editors: nano pico, ... If you want to use a new one:
    sudo apt-get install emacs21
  3. Now we set where the server will download packages, With your editor, edit the file /etc/apt/sources.list. You have to be logged as root to edit this file. In the file, comment the first line (with a #) and uncomment the lines where it defines the universe repository. Some hints are written on the file. It should be easy to modify.
  4. Install ssh. We can the access from an other computer to the system.
    sudo apt-get install ssh
  5. Now you have a small server that can be accessed from another computer.


Installing necessary stuff

In this step, we will install everything that can be used by boinc.
  1. First we have to install gcc,g++, automake, autoconf,... These files will be used to compile boinc:
    sudo apt-get install gcc g++ automake1.9 autoconf make

  2. Now, we install an apache server with mysql, with php and phpmyadmin, and openssl:
    sudo apt-get install phpmyadmin apache2 mysql-server
    libmysqlclient12-dev python-mysqldb php4-gd
    libapache2-mod-auth-mysql libssl-dev

  3. You will certainly get an error when you want to add an avatar on the server: unknown function image antialias. Comment the line where it appears and it should be ok.
  4. Modify the password of the mysql database. You can do it with phpmyadmin: go on $ip-adress/phpmyadmin and write as login root and without password. Then modify the password.

  5. Go on /etc/apache2/apache2.conf and add the line:
    DefaultType application/octet-stream
    It will avoid getting all the time a signature verification error.


  6. Modify /etc/group in sort that apache2 runs as boincadm (or like as you want...). Replace
    www-data:x:33:
    with
    www-data:x:33:$admin

  7. Add these two lines to the beginning of the apache start script (called apachectl, usually in /usr/sbin on linux):

    umask 2
    export umask

  8. restart apache2:

    /etc/init.d/apache2 restart

  9. We remove the database and put it into an other file, edit the file /etc/mysql/my.cnf and replace the line:
    datadir                = /var/lib/mysql

    with
    datadir                = mynewdir


  10. Be sure that the user "mysql" has all access to this directory. Move the databases (they are in /var/lib/mysql):
    sudo mv /var/lib/mysql/mydatabase mynewdir/

    You have to restart mysql:
    /etc/init.d/mysqld restart

  11. Install CVS:
    sudo apt-get install cvs

Install Boinc


Okay, now let's start.

  1. checkout the boinc server:
    cvs -d :pserver:anonymous:@alien.ssl.berkeley.edu:/home/cvs/cvsroot checkout -r stable boinc

    The boinc files will be installed in the boinc directory, you can put this directory where you want, let us just call this directory $boinc.

  2. Go into the $boinc directory, and start _autosetup:
    ./_autosetup

  3. Check that everything is okay and that we are going to install the server only:
    ./configure --disable-client 
    Everything should be okay, if you have some errors, you certainly forgot to install one element.

  4. Compile it:
    make 
  5. Install boinc:
    sudo make install

Create a project



  1. First, we create keys... Go into a directory named keys and run:
    crypt_prog -genkey 1024 code_sign_private code_sign_public
    crypt_prog -genkey 1024 upload_private upload_public
    It creates two 1024 bits keys

  2. Then we create the project:

    tools/make_project
    --project_root <path>
    --db_user <database_user>
    --db_passwd <database_password>
    --key_dir <key_directory>
    --url_base <url_base>
    <short_name> <long_name>

    From now on the <path> will be called $project. It is within that are all the important files and <short_name> is now $project_name.

  3. We have to configure apache2 in sort that it displays the website: copy the file $project/$project_name.httpd.conf in /etc/apaches/sites-available. symlink (the ln command)it in sites-enabled and restart apache:

    /etc/init.d/apache2 restart




Set the security


Theorically everything is fine, there remains one thing: remove access to ops for not authenticated users: We will do it with htaccess:

  1. Create the directory $project usernames

  2. Change the rights on it:

    chmod 711 usernames


  3. Go in the directory and create a new user that will have access to the ops web page:

    htpasswd -c .htpasswd <your_name>



  4. It will create a file .htpasswd. You can remove entry within, or add new ones with

    htpasswd .htpasswd <your_name>

    without the "-c"


  5. In the same directory, create a file named ".htaccess". Deny access from the web: create a new file and write within:

    AuthGroupFile /dev/null
    AuthName "DO NOT think to access this file"
    AuthType Basic

    deny from all


  6. Go in $project/html/ops and create a file .htaccess, We will give access only to people who are in the .htpasswd:


  7. AuthName "administration access"
    AuthUserFile PATH_TO_.HTPASSWD
    AuthGroupFile /dev/null
    AuthType Basic

    <limit GET POST>
    require valid-user
    </Limit>


  8. Now you are able to go to the main page without password. But if you want to go into the ops page, you have to give a password

  9. You can now remove the protection in $project/html/ops/cancel_wu_action.php look of the string:

    if (1) {
    echo "
    WARNING! Make sure the html/ops directory is password-protected,
    then edit html/ops/cancel_wu_action.php by hand to remove this message.
    ";
    exit();
    }

    Invert the condition. You are now able to cancel workunits

  10. We will now deny access to most of the ports:

    sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT
    sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
    sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
    sudo iptables -A INPUT -j DROP

    In that case, only ssh,http and ssl are accessible from the outside and you can get some message from port 25.



Tuning your boinc server


This step will explain some hints to modify the look of the server and some other useless things:

  1. Go into the file $project/html/project/project.inc. This file contains the constants used in the server: the url, the project name, ... Modify it.

  2. you can see in the file that you can define the css file, the file is in $project/html/user/ . You should modify it to have the same colors as your site.
  3. You have to change rights to different directories: $project/html/user_profile/images has to be apache read/write accesible.
  4. The owner of $project/upload has to be apache



Setting the forum


Now, we will set the forum and the message boards.
  1. Simply edit the file $project/html/ops/create_forums.php, and then run it into your server.
  2. Install php-cli: It is the php command-line:

    sudo apt-get install php-cli


  3. Edit the file /etc/php/php-cli/php.ini and uncomment the lines:

    ;extension=mysql.so
    ;extensio=gd.so
  4. You can add all the extensions you need...

  5. Edit $project/html/ops/update_profile_pages.php and $project/html/ops/update_uotd.php. In the first line: replace with the path to the php executable:

    #!/usr/local/bin/php

    becomes

    #!/usr/bin/php



  6. Now, create a small script:

    #!/bin/sh
    cd $project/html/ops;
    ./update_profile_pages.php
    ./update_uotd.php


  7. Try to run the script to be sure it is running: You should have some warning...

  8. Create a cron job: Create a file and write within:

    5,10,15,20,25,30,35,40,45,50,55 * * * * $project/update.sh

  9. You have to create some images in the directory $project/html/user/img/:head_20.png rate_negative.png unread_post.png and rate_positive.png




Create the project


Now, we will add a new application on the server. go into $project directory:


  1. Copy the file $boinc/tools/project.xml into $project/project.xml

  2. Modify the file, you add your application.

  3. inform the server that some elements have been modified:

    bin/xadd


  4. From now on, we will consider that $app is the application name, $version is the version number of your application and $platform the target platform.

  5. Create a directory $app in $project/apps. Then a directory called $project/apps/$app/$app_$version_$platform

  6. Put your executable and all the files in the new directory

  7. Sign every file:

    crypt_prog -sign executable key > signature_file

    the signature_file should have the same name as the executable with an extension .sig.

  8. Do the same for every other files that have to be sent.

  9. Update Boinc:

    bin/update_versions

  10. From now on, it depends on the generator, validator, assimilator you decide to use.

10 Comments:

Anonymous angrykeyboarder said...

Hummm...

I just did sudo apt-get install boinc-manager and was done.

I'm now on thee Ubuntu team for Rosetta@home.

7:09 PM  
Anonymous Marco Paga said...

I really like this detailed description. Helped me a lot to get started.

8:31 AM  
Anonymous Anonymous said...

angrykeyboarder, the instructions above are for installing a boinc server. boinc-manager is a gui front end to the boinc client software.

3:14 AM  
Anonymous Anonymous said...

Thanks a lot sir,your description might help us to move forward with our work.
Thank you

2:13 AM  
Anonymous Hei said...

Dear Breezy,
I can't edit the files........It said I don't have the permission.

4:01 AM  
Anonymous JanHgm said...

This was an excellent piece of work for two years ago but now with Ubuntu 7.10 (Gutsy) it seems to be outdated.
I hope the author is willing to post an update soon.
Keep up the good work..!
(Posted 14 Dec 2007)

4:29 PM  
Anonymous Anonymous said...

I have installed BOINC on Fedora 7.10. User BOINCADM, project name: cplan
(cd /home/boincadm/boinc/tools
./make_project --test_app cplan)
When i used firefox and typed: http://localhost/cplan/ in URL, it errors:
Forbidden

You don't have permission to access /cplan/ on this server.
Please tell me why???
Although i changed permission of this folder:
chmod 755 cplan
...............
Thank you so much!

6:56 PM  
Blogger María Inés Mays said...

Hello, I just set a boinc server, I wonder if you have simple program that cant use to test the server.

Thanks
María Mays

3:08 PM  
Anonymous Anonymous said...

Hi I can also use yum with many software packages in line right?

yum install soft1 soft2 just to replace sudo in Fedora?

10:13 AM  
Anonymous file extension xls said...

Wonderful designing layout of the blog, i totally impressed with that post so thanks for sharing this post.

10:44 PM  

Post a Comment

<< Home