|
⇤ ← Revision 1 as of 2008-10-21 07:21:33
Size: 3000
Comment:
|
Size: 4729
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 8: | Line 8: |
* JeOS used to be distributed as an .iso file, just like all the other flavors of Ubuntu, but now one uses [https://help.ubuntu.com/community/JeOSVMBuilder vmbuilder]; this is nice, except that it only supports KVM or Xen. I already know VirtualBox, so I'm using that -- if you know how to get Sage running under KVM or Xen, let us know. For this project, it's enough to use the [http://cdimage.ubuntu.com/jeos/releases/hardy/release/ Hardy CD image for JeOS]; Hardy is a long-term release, so we get security updates for the server version until 2013. |
* JeOS used to be distributed as an .iso file, just like all the other flavors of Ubuntu, but now one uses [https://help.ubuntu.com/community/JeOSVMBuilder vmbuilder]; this is nice, except that it only supports KVM or Xen. I already know !VirtualBox, so I'm using that -- if you know how to get Sage running under KVM or Xen, let us know. For this project, it's enough to use the [http://cdimage.ubuntu.com/jeos/releases/hardy/release/ Hardy CD image for JeOS]; Hardy is a long-term release, so we get security updates for the server version until 2013. |
| Line 16: | Line 15: |
| * `wget`: for downloading new Sage releases * `elinks` or another text-based browser: just in case * `dtach`: like screen, but only does one window and no terminal emulation. This is all we need, and it's much smaller than screen * `unattended-upgrades` so security updates get installed...unattended. |
* `wget`: for downloading new Sage releases. * `elinks` or another text-based browser: just in case. * `dtach`: like screen, but only does one window and no terminal emulation. This is all we need, and it's much smaller than screen: http://dtach.sourceforge.net/ * `unattended-upgrades` so security updates get installed automatically. |
| Line 21: | Line 20: |
| * `gcc` and so you can do "`%cython`" in the notebook. (Do you need g++ too?) | * `gcc` and so you can do "`%cython`" in the notebook. (Do you need g++ and make too?) * I installed `mailx` (which pulls in exim) so that when cron jobs run, you can get mail about them. You could get by without this. * I installed a couple of the packages recommended by `cron`: `checksecurity`, `lockfile-progs`, `logrotate`. |
| Line 23: | Line 24: |
| Now, on the host, we'll set up port forwarding so the server is accessible from the outside world. I suppose we could do bridging and so on, but I don't really know how to set it up, and besides we only want two open ports going to the Sage server. | |
| Line 24: | Line 26: |
| more to come | On the host, pick a port to forward to port 22 on the Sage server so we can ssh into the server. I'm using 2222. Do: {{{ VBoxManage setextradata "$VMNAME" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/HostPort" 2222 VBoxManage setextradata "$VMNAME" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/GuestPort" 22 VBoxManage setextradata "$VMNAME" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/Protocol" TCP }}} Naturally you should replace `$VMNAME` with the name you gave your virtual machine, and if you want to use something else than 2222, replace that too. You can also change the "ssh" between "Config" and "Protocol" if you like; it's just a bit of text that identifies the service. Now choose a port where people will access the server, say 8000, and do a similar thing: {{{ VBoxManage setextradata "$VMNAME" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/sage/HostPort" 8000 VBoxManage setextradata "$VMNAME" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/sage/GuestPort" 8000 VBoxManage setextradata "$VMNAME" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/sage/Protocol" TCP }}} Now inside the VM, we'll create some unprivileged users. First, though, I created a `sageusers` group |
These are some notes on using [http://www.ubuntu.com/products/whatisubuntu/serveredition/jeos JeOS] -- which stands for "Just Enough Operating System" -- and virtualization software to create a (hopefully) secure Sage server. I'm using [http://www.virtualbox.org/ VirtualBox] and a Ubuntu host.
This is intended for a server that you build and administer yourself; it's not the same as the VMWare image we distribute, which is intended "for the masses". I'm assuming you have experience with Linux administration and using virtualization software.
Preliminaries
* I'm using VirtualBox OSE, version 2.0.2. I prefer the OSE version partially because I have a tiny free-software-zealot streak, but mostly because I'm lazy, and the open source edition gets packaged and maintained for Ubuntu. This means I can manage the VirtualBox packages along with all my other Ubuntu packages without even adding a "deb" line to my sources.list. * JeOS used to be distributed as an .iso file, just like all the other flavors of Ubuntu, but now one uses [https://help.ubuntu.com/community/JeOSVMBuilder vmbuilder]; this is nice, except that it only supports KVM or Xen. I already know VirtualBox, so I'm using that -- if you know how to get Sage running under KVM or Xen, let us know. For this project, it's enough to use the [http://cdimage.ubuntu.com/jeos/releases/hardy/release/ Hardy CD image for JeOS]; Hardy is a long-term release, so we get security updates for the server version until 2013.
Setup
I installed JeOS under VirtualBox. This was no trouble. I recommend separating the root partition and the /home partition, so that if some idiot fills up the disk (accidentally or otherwise), the VM will still run. The OS, including the packages we're going to install, along with Sage takes up about 2.1 gigabytes; I'd allocate about 4 gigs for the root partition and maybe another 4 for /home. I used "sageadm" for the user I created during installation; we'll create more users later. Once the VM was running, I installed some new packages. Some of these aren't totally essential; use your own judgement.
openssh-server: so we can administer the machine remotely. (The commercial version of VirtualBox includes an RDP server, but that's more than what we need here.)
wget: for downloading new Sage releases.
elinks or another text-based browser: just in case.
dtach: like screen, but only does one window and no terminal emulation. This is all we need, and it's much smaller than screen: http://dtach.sourceforge.net/
unattended-upgrades so security updates get installed automatically.
imagemagick so the animate() command works. This pulls in about 150 megs of libraries, including some X libraries (for font support); this may seem like overkill, but we're going to install Sage, which is about 1.7 gigabytes. Disk usage is not a huge concern for us.
gcc and so you can do "%cython" in the notebook. (Do you need g++ and make too?)
I installed mailx (which pulls in exim) so that when cron jobs run, you can get mail about them. You could get by without this.
I installed a couple of the packages recommended by cron: checksecurity, lockfile-progs, logrotate.
Now, on the host, we'll set up port forwarding so the server is accessible from the outside world. I suppose we could do bridging and so on, but I don't really know how to set it up, and besides we only want two open ports going to the Sage server.
On the host, pick a port to forward to port 22 on the Sage server so we can ssh into the server. I'm using 2222. Do:
VBoxManage setextradata "$VMNAME" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/HostPort" 2222 VBoxManage setextradata "$VMNAME" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/GuestPort" 22 VBoxManage setextradata "$VMNAME" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/Protocol" TCP
Naturally you should replace $VMNAME with the name you gave your virtual machine, and if you want to use something else than 2222, replace that too. You can also change the "ssh" between "Config" and "Protocol" if you like; it's just a bit of text that identifies the service. Now choose a port where people will access the server, say 8000, and do a similar thing:
VBoxManage setextradata "$VMNAME" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/sage/HostPort" 8000 VBoxManage setextradata "$VMNAME" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/sage/GuestPort" 8000 VBoxManage setextradata "$VMNAME" "VBoxInternal/Devices/pcnet/0/LUN#0/Config/sage/Protocol" TCP
Now inside the VM, we'll create some unprivileged users. First, though, I created a sageusers group