[triangle-zpug] New ZEO with mount points script
cbc at unc.edu
Fri Jul 7 00:05:17 CEST 2006
I think I already posted this a couple of times. But Rob and Edmund
asked me to post this again.
Jim Allman and I had a one day mini-sprint to work on Plone deployment.
The product of this was a script I use to create:
1) a ZEO instance
2) Any number of named mount points in the ZODB (each good for contained
it's own Plone site in it's own .fs file, but sharing a common Products
directory with all other Plone sites in the ZODB)
3) a single ZClient instance with processor affinity for SMP boxes
4) Plone installed in Products directory for all ZClients
The script is temporarily here:
I have it shown there with a txt extension so you can read it online.
You can remove that extension or make it .sh as is your preference. It
just needs to be owned and executed by the zope instance owner as
discussed further below.
You can read and understand the script, or you can look at the feeble
and verbose explanations I have provided below. I cannot support this
script at this time, so don't ask too many questions.
The purpose of this script was to get around a lot of security
deficiencies in many ZEO recipes I've seen. The idea is that the Python
and Zope code bases can be owned by root, like any other system
software. The Zope instances directories can be owned by another Linux
user, which you can trust to Zope admins without allowing them to change
the Python or Zope code bases. That is, you can allow a Zope admin to
add products and external methods without allowing them access to the
rest of the box. Zope will run as still another Linux user which cannot
change the Zope instance, especially not the Products or Extensions
directories. This Zope running user can only write to the ZODB and the
logs. This Zope running user should not even have a Linux login. And
there is yet another user, a Zope user which is the Zope instance owner
in the Zope root acl_users folder in the ZMI (not a Linux user).
You must run this script as the owner of the Zope instance code (and the
script enforces that), which is explained below. The script will create
everything and then run ZEO and the ZClient to create all the log files
and ZODB files with the correct owners and permissions. You then have to
hit Ctl-C to stop the foregrounded ZEO and hunt for the ZClient process
(with ps -Af) and kill it (with a default SIGTERM). Then some
instructions for starting zeoctl and zopectl appear. You should run
zeoctl and zopectl as root. They will switch users to the correct zope
run user at the appropriate time. Zeoctl and zopectl are normally run
automatically as service scripts (with chkconfig) but I have not done
anything to put them into chkconfig form yet. You can grab the RPM and
look for proper chkconfig scripts or look at some of the other instance
creation script packages around. At least three other people have
presented instance creations scripts to TriZPUG.
This script is not in its final form. It is provided for instructional
purposes only. I'm not recommending that you do this. I'm sure there are
better ways of doing this with all the instance creation scripts out
there but I don't have the time to reverse engineer or test them. But
this script does work for me. I'd like to add the ability to create more
ZClients, to turn off processor affinity for SMP, to add more mount
points on the fly, to add more ZClients on the fly, to create dummy ZODB
and log files with the correct owner and permissions so we don't need to
run zeoctl or zopectl in the foregrond and Ctl-C out to make them, and
several other things.
You should be able to add more mount points on the fly by lookiing at
zeo.conf and zope.conf. You should be able to add more ZClients on the
fly by running mkzopeinstance.
Like Joel says, please do not make fun of my bash scripting. I am not a
bash programmer. And I am by no means a sed expert.
You will need an install of Python 2.3.5 with PIL installed in it, and a
the Zope code base (the code which allows you to create Zope instances)
installed, in order to use this script. These are simple
confiure/make/make (alt)install procedures described in the READMEs for
Python and Zope. The Zope code base must be executable by the Zope
instance owner. This is usually the case for any user, so you normally
don't need to worry about it. My Python and Zope code bases are normally
*owned* by root, but executable by any user.
At the top of the script, you will see a bunch of variables which need
to be customized to your box:
So obviously, you tell the script through these variables:
1) PYTHON_BASE = Where your Python lives
2) ZOPE_BASE = Where your Zope code base lives
3) ZOPE_INSTANCES = Where you'd like Zope instances to be created
4) ZOPE_MANAGER = What Linux user (with a login) you'd like to own the
Zope instance. This user must already be created. You can usually do
this (as root) with something like:
/usr/sbin/useradd zopemanager -m -G users,wheel -s /bin/bash
5) ZOPE_OWNER = What Zope user you'd like to be the Owner of the Zope
instance. This is the user with which you will initially log into the
Zope root ZMI.
6) ZOPE_RUNNER = What Linux user (a system user without a login) you
like to run Zope. This user must already be created. You can usually do
this (as root) with something like:
/usr/sbin/adduser -r -g zopemanager -s /sbin/nologin zoperunner
7) ZEO_NAME = What the name of your zeo directory in the instance is
(probably doesn't need to change)
8) ZCLIENT_NAME = What the base name of the zclient directories is
(probably doesn't need to change)
9) ZCLIENT_INSTANCE = What the suffix to ZCLIENT_NAME should be for the
first ZClient instance (probably doesn't need to change). The idea is
for this to be a number and for it to increment in a later script
improvement. So your first ZClient instance will be names zclient0, the
second zclient1, and so on.
10) PLONE_TARBALL_URI_PATH = Where to go fetch you Plone tarball with
wget. This might be better to be some place local rather than plone.org
if you run this script a lot.
11) PLONE_TARBALL_URI_FILE = The name of the Plone tarball
12) PLONE_TARBALL_URI_EXT = The Plone tarball extension (probably
doesn't need to change)
So once you customize all that, you can run the script (as ZOPE_MANAGER)
prod \ # the name of your instance directory in ZOPE_INSTANCES
9099 \ # the port number of your ZEO server
1000 \ # the base for the http and webdav port in zope.conf
8080 \ # the http port base
1980 \ # the webdav port base (for Enfold Deskop)
2 \ # the CPU on which to run the first ZClient (starts with 1)
seacoos trizpug \ # any number of
whitehouse unitednations illuminati \ # names for mount points
This will give you a ZEO server running on port 9099, an http port
running on 9080, and a webdav port running on 2980.
I recommend creating a production instance on one set of ports and a
test instance on another set of ports. Your development instance should,
of course, be run on your laptop or desktop.
To get usage information, just run mkzeowmp without arguments and get:
usage: mkzeowmp instance_name \
[list of mount point names separated by spaces]*
The first time you log into Zope as ZOPE_OWNER, add a "ZODB Mount
Point." You will see all your mount points listed and checked. Check
"add folders." Click on "save." All you mount points will be created.
You can go look in ZOPE_INSTANCES/INSTANCE_NAME/ZEO_NAME/var on the
filesystem and see a separate .fs file for each mount point. You can go
in each mount point folder in the ZMI and create a Plone site. All the
data for that Plone site will be in a separate .fs file in the ZODB.
office: 17-6 Venable Hall phone: (919) 962-4323
mail: Campus Box #3300, UNC-CH, Chapel Hill, NC 27599
More information about the triangle-zpug