[triangle-zpug] New ZEO with mount points script

Edmund Moseley edmund at unc.edu
Mon Jul 10 15:16:00 CEST 2006

Thanks a lot Chris,

This will certainly be very useful.


Quoting Chris Calloway <cbc at unc.edu>:

> I think I already posted this a couple of times. But Rob and Edmund 
> asked me to post this again.
> Jim Allman and I had a one day mini-sprint to work on Plone 
> deployment. The product of this was a script I use to create:
> 1) a ZEO instance
> 2) Any number of named mount points in the ZODB (each good for 
> contained it's own Plone site in it's own .fs file, but sharing a 
> common Products directory with all other Plone sites in the ZODB)
> 3) a single ZClient instance with processor affinity for SMP boxes
> 4) Plone installed in Products directory for all ZClients
> The script is temporarily here:
> http://trizpug.org/Members/cbc/mkzeowmp.txt/
> I have it shown there with a txt extension so you can read it online. 
> You can remove that extension or make it .sh as is your preference. 
> It just needs to be owned and executed by the zope instance owner as 
> discussed further below.
> You can read and understand the script, or you can look at the feeble 
> and verbose explanations I have provided below. I cannot support this 
> script at this time, so don't ask too many questions.
> The purpose of this script was to get around a lot of security 
> deficiencies in many ZEO recipes I've seen. The idea is that the 
> Python and Zope code bases can be owned by root, like any other 
> system software. The Zope instances directories can be owned by 
> another Linux user, which you can trust to Zope admins without 
> allowing them to change the Python or Zope code bases. That is, you 
> can allow a Zope admin to add products and external methods without 
> allowing them access to the rest of the box. Zope will run as still 
> another Linux user which cannot change the Zope instance, especially 
> not the Products or Extensions directories. This Zope running user 
> can only write to the ZODB and the logs. This Zope running user 
> should not even have a Linux login. And there is yet another user, a 
> Zope user which is the Zope instance owner in the Zope root acl_users 
> folder in the ZMI (not a Linux user).
> You must run this script as the owner of the Zope instance code (and 
> the script enforces that), which is explained below. The script will 
> create everything and then run ZEO and the ZClient to create all the 
> log files and ZODB files with the correct owners and permissions. You 
> then have to hit Ctl-C to stop the foregrounded ZEO and hunt for the 
> ZClient process (with ps -Af) and kill it (with a default SIGTERM). 
> Then some instructions for starting zeoctl and zopectl appear. You 
> should run zeoctl and zopectl as root. They will switch users to the 
> correct zope run user at the appropriate time. Zeoctl and zopectl are 
> normally run automatically as service scripts (with chkconfig) but I 
> have not done anything to put them into chkconfig form yet. You can 
> grab the RPM and look for proper chkconfig scripts or look at some of 
> the other instance creation script packages around. At least three 
> other people have presented instance creations scripts to TriZPUG.
> This script is not in its final form. It is provided for 
> instructional purposes only. I'm not recommending that you do this. 
> I'm sure there are better ways of doing this with all the instance 
> creation scripts out there but I don't have the time to reverse 
> engineer or test them. But this script does work for me. I'd like to 
> add the ability to create more ZClients, to turn off processor 
> affinity for SMP, to add more mount points on the fly, to add more 
> ZClients on the fly, to create dummy ZODB and log files with the 
> correct owner and permissions so we don't need to run zeoctl or 
> zopectl in the foregrond and Ctl-C out to make them, and several 
> other things.
> You should be able to add more mount points on the fly by lookiing at 
> zeo.conf and zope.conf. You should be able to add more ZClients on 
> the fly by running mkzopeinstance.
> Like Joel says, please do not make fun of my bash scripting. I am not 
> a bash programmer. And I am by no means a sed expert.
> You will need an install of Python 2.3.5 with PIL installed in it, 
> and a the Zope code base (the code which allows you to create Zope 
> instances) installed, in order to use this script. These are simple 
> confiure/make/make (alt)install procedures described in the READMEs 
> for Python and Zope. The Zope code base must be executable by the 
> Zope instance owner. This is usually the case for any user, so you 
> normally don't need to worry about it. My Python and Zope code bases 
> are normally *owned* by root, but executable by any user.
> At the top of the script, you will see a bunch of variables which 
> need to be customized to your box:
> PYTHON_BASE=/usr/local/opt/Python-2.3.5
> ZOPE_BASE=/usr/local/opt/Zope-2.8.7
> ZOPE_INSTANCES=/var/lib/Zope-2.8.7
> ZOPE_MANAGER=zopemgr
> ZOPE_OWNER=zopeown
> ZOPE_RUNNER=zoperun
> ZEO_NAME=zeo
> ZCLIENT_NAME=zclient
> PLONE_TARBALL_URI_PATH=http://plone.org/products/plone/releases/2.1.3/
> So obviously, you tell the script through these variables:
> 1) PYTHON_BASE = Where your Python lives
> 2) ZOPE_BASE = Where your Zope code base lives
> 3) ZOPE_INSTANCES = Where you'd like Zope instances to be created
> 4) ZOPE_MANAGER = What Linux user (with a login) you'd like to own 
> the Zope instance. This user must already be created. You can usually 
> do this (as root) with something like:
> /usr/sbin/useradd zopemanager -m -G users,wheel -s /bin/bash
> 5) ZOPE_OWNER = What Zope user you'd like to be the Owner of the Zope 
> instance. This is the user with which you will initially log into the 
> Zope root ZMI.
> 6) ZOPE_RUNNER = What Linux user (a system user without a login) you 
> like to run Zope. This user must already be created. You can usually 
> do this (as root) with something like:
> /usr/sbin/adduser -r -g zopemanager -s /sbin/nologin zoperunner
> 7) ZEO_NAME = What the name of your zeo directory in the instance is 
> (probably doesn't need to change)
> 8) ZCLIENT_NAME = What the base name of the zclient directories is 
> (probably doesn't need to change)
> 9) ZCLIENT_INSTANCE = What the suffix to ZCLIENT_NAME should be for 
> the first ZClient instance (probably doesn't need to change). The 
> idea is for this to be a number and for it to increment in a later 
> script improvement. So your first ZClient instance will be names 
> zclient0, the second zclient1, and so on.
> 10) PLONE_TARBALL_URI_PATH = Where to go fetch you Plone tarball with 
> wget. This might be better to be some place local rather than 
> plone.org if you run this script a lot.
> 11) PLONE_TARBALL_URI_FILE = The name of the Plone tarball
> 12) PLONE_TARBALL_URI_EXT = The Plone tarball extension (probably 
> doesn't need to change)
> So once you customize all that, you can run the script (as 
> ZOPE_MANAGER) like so:
> mkzeowmp \
>  prod    \ # the name of your instance directory in ZOPE_INSTANCES
>  9099    \ # the port number of your ZEO server
>  1000    \ # the base for the http and webdav port in zope.conf
>  8080    \ # the http port base
>  1980    \ # the webdav port base (for Enfold Deskop)
>  2       \ # the CPU on which to run the first ZClient (starts with 1)
>  seacoos trizpug                     \ # any number of
>  whitehouse unitednations illuminati \ # names for mount points
> This will give you a ZEO server running on port 9099, an http port 
> running on 9080, and a webdav port running on 2980.
> I recommend creating a production instance on one set of ports and a 
> test instance on another set of ports. Your development instance 
> should, of course, be run on your laptop or desktop.
> To get usage information, just run mkzeowmp without arguments and get:
> usage: mkzeowmp instance_name       \
>                 zeo_port            \
>                 zclient_port_base   \
>                 http_port           \
>                 webdav_port         \
>                 client_cpu_affinity \
>                 [list of mount point names separated by spaces]*
> The first time you log into Zope as ZOPE_OWNER, add a "ZODB Mount 
> Point." You will see all your mount points listed and checked. Check 
> "add folders." Click on "save." All you mount points will be created. 
> You can go look in ZOPE_INSTANCES/INSTANCE_NAME/ZEO_NAME/var on the 
> filesystem and see a separate .fs file for each mount point. You can 
> go in each mount point folder in the ZMI and create a Plone site. All 
> the data for that Plone site will be in a separate .fs file in the 
> -- 
> Sincerely,
> Chris Calloway
> http://www.seacoos.org
> office: 17-6 Venable Hall   phone: (919) 962-4323
> mail: Campus Box #3300, UNC-CH, Chapel Hill, NC 27599
> _______________________________________________
> triangle-zpug mailing list
> triangle-zpug at starship.python.net
> http://starship.python.net/mailman/listinfo/triangle-zpug

More information about the triangle-zpug mailing list