Jump to: navigation, search

Contents

[edit] Introduction

This page explains how to install and maintain the LOCKSS software on a Linux system. This is the recommended way to run LOCKSS.

We recommend installing the LOCKSS software on a dedicated real or virtual machine running an RPM-based Linux distribution, such as CentOS. This installation method replaces the OpenBSD CD, which is being phased out.

This page will guide you step by step through:

  1. choosing a real or virtual hardware configuration to run the LOCKSS software,
  2. preparing the machine,
  3. installing the operating system and the LOCKSS software,
  4. and configuring both the network and the machine to use it.

This process makes use of a Kickstart file, which automates several parts of the installation to produce a configuration appropriate for LOCKSS. It supplies a recommended partitioning layout utilizing software RAID when possible. It will also select a recommended set of packages and configure the CentOS environment for the LOCKSS daemon.

Automatic disk layouts only work for machines with between one and four disks of the same capacity or with multiples of three or four disks of the same capacity. If your box has an unsupported number of disks or contains disks of differing capacity, please contact the LOCKSS team by writing to Image:EmailLockssSupportBold.gif.

[edit] Hardware

A machine to run LOCKSS requires as a minimum:

  • An Intel compatible CPU running at, at least 1GHz. LOCKSS has had success with low power, dual core Intel Atom 330 CPUs commonly found in netbooks.
  • At least 1GB of memory; 2GB is strongly recommended.
  • A bootable CD or DVD drive
  • A disk with enough space. Though as little as 250GB can be enough to get started, those interested in preserving all content in the Global LOCKSS Network should keep in mind that currently it will require roughly 1.3TB of space and is steadily growing; at least 2TB of disk is strongly recommended. Although both parallel ATA (PATA) and serial ATA (SATA) drives are supported, PATA is obsolete and new disks are becoming scarce. Some adjustment of BIOS settings may be needed to handle SATA drives.

It is often possible to meet these requirements by reusing older machines, and we normally recommend this as being the most cost-effective way to deploy a LOCKSS box.

We strongly advise buying low-cost hardware such as desktops or small, 1U servers. For normal use the LOCKSS system neither requires nor benefits from expensive enterprise-grade hardware.

Institutions with access to virtual machine (VM) instances may run their LOCKSS box within a VM, as long as the resources dedicated to the VM match or exceed the hardware requirements stated above. The LOCKSS team recommends VMWare products.

Although the LOCKSS software will function correctly with only one disk drive, recovering from a fault that loses the entire disk will take a long time, especially if the drive contained terabytes of content. We strongly recommend configurations with three or four drives all the same size. This allows the system to configure itself with software RAID, and thus continue to function between the time a disk fails and the time it has been restored.

[edit] Pre-Installation

  1. Reboot your box and enter your system BIOS. If you are unsure how to enter your system BIOS, consult your system manual or manufacturer. In the BIOS, ensure that:

    • If you have SATA disks, that SATA compatibility is set to AHCI (or "RAID") and not IDE-compatible or PATA emulation.
    • The power setting is set to 'Restore to previous state' -- this will allow the box automatically to resume normal operation when power is restored after a power failure.

  2. Download and burn the CentOS 5.5 Net Install CD from the following URL:

    http://www.lockss.org/centos/iso/lockss-netinstall-5.5-1.iso

    To verify that you have downloaded the image correctly, compare using either the SHA1 or MD5 hash below:

    SHA1: cf0737fa81290c6fb3b2f2e7dc1da1dcca83f9c8

    MD5: 0eebe0af54fdbffb00bb1f5ad2d56574

    Note: Running a 64-bit (x86_64) version of CentOS provides no advantages and in fact, decreases the performance of a machine. Use the 32-bit (i386) version even if your box is capable of 64-bit instructions.

[edit] Installation

  1. Starting The Installer Boot your system with the CD. At the "boot:" prompt, press Enter.
  2. Language and Keyboard Layout Use the on-screen windows to select your language and keyboard layout.
  3. Network Configuration (Installer) Use the on-screen windows to configure your primary network adapter for use during the install. LOCKSS requires your machine to be configured with a static IP address. If your network uses a DHCP server, it must assign your machine a static configuration based on the network adapter's MAC address. Once your network is correctly configured, the installer will retrieve components necessary to proceed with the install and load the graphical interface.
  4. Disk Layout and Partitioning Check 'Review and modify partitioning layout' then click 'Next'. In the next window, a recommended layout will be displayed if your box has between one and four disks of the same capacity or if your box has multiples of three or four disks of the same capacity. In this case, review the disk layout and click 'Next' if the layout is sane. If you have an unusual number of disks or have disks of differing capacity, contact LOCKSS support at Image:EmailLockssSupportBold.gif. If you know what you're doing, a step by step guide to configuring your disks manually is available here: Manual Disk Partitioning With Linux.
  5. Boot Loader Configuration The default GRUB boot loader configuration should be accepted. Advanced users may optionally configure a boot password, multiboot configuration or modify kernel options.
  6. Network Configuration (System) If the network this machine will run on is different from the network used to install CentOS, enter the updated network configuration then click 'Next'. If it is not different, simply click 'Next'.
  7. Timezone Click inside the map to the point closest to your location or use the drop-down menu to select your region's timezone. Then check 'System clock uses UTC' -- the system will be automatically configured to sync with a time server via NTP. When finished, proceed by clicking 'Next'.
  8. Setting Your Root Password Use the on screen interface to enter your root password (minimum of six characters) and keep the password in a safe place. Click 'Next' when finished.
  9. Package Selection A minimal set of packages has been selected for install by LOCKSS. You may use this screen to select additional packages you would like installed. In particular:

    • Installing a graphical interface is discouraged since the machine will not need much direct interaction and due to the large number of packages that are installed, possible security risks and RAM use. Nevertheless, a graphical interface may be installed by following these instructions: first install Gnome (or KDE) by going into the 'Desktop Environments' category and check marking 'GNOME Desktop Environment'. Next, go into the 'Base System' category, in the right column, check mark 'X Window System'.

    • International LOCKSS users may prefer to have CentOS support their language. This may be done by choosing your language in the 'Languages' category. For more details, see the Red Hat Enterprise Linux International Language Support Guide

    Click 'Next' to proceed.

  10. Install Process The screen will notify you that the install log will be saved to /root/install.log and that an Anaconda Kickstart file has been saved to /root/anaconda-ks.cfg. To begin the install, click 'Next'. The install will take between 20 minutes and an hour, depending on your internet connection's bandwidth to the Stanford mirror. The system will also be configured with the LOCKSS daemon and LOCKSS yum repository. When the installation has completed, eject the CentOS net-install CD and click 'Reboot'.

[edit] Configuration

[edit] Firewall Configuration

Run the following post-install tasks as root.

  1. Iptables Configuration The LOCKSS daemon requires that port 9729 be open to the internet. Additionally, ports 22, 8080 and 8081 are used to administrate and monitor the LOCKSS box; these should be open only to your administrative subnet(s) and optionally, the LOCKSS subnet. Allowing the LOCKSS team at Stanford to access your LOCKSS box is highly recommended but not mandatory.
    1. Run the following command:

      /etc/lockss/lockss-config-iptables

    2. Type in the subnet(s) in CIDR notation that you would like to allow access to. Use a space between subnets to specify more than one.
    3. If you do not wish to allow access to the LOCKSS team at Stanford, type 'no' when prompted.
    4. When finished, you must reload the Iptables configuration for the changes to take effect:

      service iptables restart

[edit] Host Configuration

  1. LOCKSS Daemon Configuration To configure the LOCKSS daemon, run the following command:

    /etc/lockss/hostconfig

    Configuration will differ based on whether the machine is intended as part of the global LOCKSS network or one of many Private LOCKSS Networks (PLN). Use the following configuration only if the machine is to join the global LOCKSS network.

    The answers to the questions the script asks are below.
  • Fully qualified hostname (FQDN) of this machine. You need to assign this and let the LOCKSS team know what it is.
  • IP address of this machine. You need to assign this and let the LOCKSS team know what it is.
  • Initial subnet for admin UI access. The subnet (in CIDR notation) that will initially be granted access to the web-based administrative UI. The localhost is implicitly allowed. More IP addresses or subnets may be added later using the admin UI.
  • LCAP V3 protocol port. 9729 The TCP port at which this daemon will receive polling messages from peers. Do not change this.
  • Mail relay for this machine. If the machine is configured to handle mail, "localhost" should work. Otherwise, this should be the DNS name of an SMTP relay that will accept and relay mail from this machine. The script will also prompt for a username and password if the mail relay requires them.
  • E-mail address for administrator Occasional alerts may be sent to this address.
  • Path to java. /usr/bin/java Full path to java executable.
  • Java switches. Leave this blank.
  • Configuration URL. http://props.lockss.org:8001/daemon/lockss.xml
  • Preservation group(s). prod
  • Content storage directories. /cache0/gamma;/cache1/gamma;/cache2/gamma Modify this to include all the /cacheN directories created during installation. Multiple directories should be separated by semicolon.
  • Temporary storage directory. /cache0/gamma/tmp
  • User name for web UI administration. lockss
  • Password for web UI administration user admin. Supply a password

[edit] WebUI Administration

To administer your LOCKSS daemon, using a machine within the subnet you have allowed access from, point your browser to:

http://<lockss-hostname>:8081/

You will be prompted for your web UI administrator username and password specified during the LOCKSS daemon configuration.

[edit] Upgrading the LOCKSS daemon

[edit] Scheduling Automatic Upgrades

To have your LOCKSS box automatically check for and install upgrades to the LOCKSS daemon, enter: 

ln -s /etc/lockss/upgrade-lockss /etc/cron.daily/lockss

[edit] Manual LOCKSS Daemon Upgrade

To check for and install an available upgrade to the LOCKSS daemon, run:
yum upgrade lockss-daemon

[edit] Upgrading the Linux system

With the Linux platform, you are responsible for ensuring that the system was current with relevant operating system updates and configured correctly to minimize vulnerabilities. We recommend that you:

  1. Configure the system to automatically maintain itself current with the Linux distribution.
  2. Avoid enabling any inessential services on the physical or virtual machine running the LOCKSS daemon.

[edit] Scheduling Automatic Upgrades

Recommended: To have your LOCKSS box automatically check for and install all available package upgrades (including the LOCKSS daemon) daily and clean up old packages weekly run these commands as root: 

chkconfig yum-cron on
service yum-cron start

[edit] Manual Upgrades

To check for and install all available package updates for the system (including the LOCKSS daemon) enter this command as root: 

yum upgrade
Retrieved from "http://download2.lockss.org/lockss/Installing_LOCKSS"