====== CentOS Installation Guide ======
===== Information =====
^ispCP Version |1.0.7-rc1 |
^INSTALL Script|1.7 |
^Maintainer |motokochan Updated by ByteMe |
^Linux Distros |CentOS 5.5 i386 Tested |
^Last Update |09.25.2010 |
This installation of ispCP ω has three major sections: Pre-Install Preparation, Install, and Post-Install Configuration. The installation should take 30-60 minutes.
===== Notes =====
This documentation was written for CentOS 5, specifically 5.4. And updated for 5.5. While you might be able to install on earlier versions, you may encounter difficulties or differences. In addition, this guide uses the YUM tool to install packages. If you normally use a different tool, you will need to modify the instructions to fit your system.
The instructions are based on a minimum Server installation of CentOS with no optional packages marked during OS install. If you selected additional options during the install process, some extra server services may need to be disabled to avoid interfering with the packages used by ispCP ω.
The install instructions attempt to keep system changes to a minimum, so these instructions should also work under Red Hat Enterprise Linux 5. If you encounter differences, please notify the maintainer.
The install instructions should be done under the **__root__** account.
:!: **Warning** :!:
This documentation is undergoing rewriting. It may be inaccurate in some parts, or leave steps out. This note will be removed when the documentation has been brought back up to quality.
===== System Requirements =====
There is no must-have specification for systems running ispCP ω. The following are recommended minimums.
* Pentium III or K6-4 with 500 MHz
* 512 MB RAM
* 100 MB free disk space for ispCP ω itself
* A supported Linux distribution - this guide is for CentOS 5
Required software packages are listed in docs/CentOS/centos-packages.
===== 1. Pre-Install Preparation =====
==== 1.1 Make sure your OS is updated. ====
The very first thing you should do is make sure your base Linux install is fully updated. To do so, simply run yum update as root. If there was a kernel upgrade, you will want to reboot before continuing.
==== 1.2 Additional Software Repositories ====
The CentOS repositories do not include all the software needed to run icpCP ω. You will need to add two repositories to your system to install everything you need.
=== EPEL (Extra Packages for Enterprise Linux ===
EPEL contains most of the additional packages needed.
You should install this repository following [[http://fedoraproject.org/wiki/EPEL/FAQ#howtouse|the linked instructions]].
Or i386 command from link (quick install command):
su -c 'rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm'
=== Les RPM de Remi ===
Remi Collet maintains a repository of updated packages for Fedora and CentOS/RHEL. We need his repository to install updated PHP and MySQL packages as CentOS 5 comes with PHP 5.1 and we need PHP 5.2 at a minimum.
First, install the repository following [[http://blog.famillecollet.com/pages/Config-en|the linked instructions]].
Or i386 command from link (quick install command):
cd /etc/yum.repos.d
wget http://rpms.famillecollet.com/enterprise/remi.repo
wget http://rpms.famillecollet.com/RPM-GPG-KEY-remi
rpm --import RPM-GPG-KEY-remi
rm -f RPM-GPG-KEY-remi
The repository installs in a disabled state by default **__if__** using the linked instructions install. Even with the __quick install command__ you still will want to only include the packages we want from it. To do this, edit the file /etc/yum.repos.d/remi.repo. In the file, under the [remi] heading, change the value of enabled from 0 to 1, then add the following line at the bottom of that section:
includepkgs=mysql* php* sqlite*
=== RPMForge ===
RPMForge is needed for one package that none of the other repositories currently has.
First, install the repository following [[http://dag.wieers.com/rpm/FAQ.php#B2|the linked instructions]].
Or i386 command from link (quick install command):
rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
We do not want all the packages from RPMForge as it replaces a good deal of the system. To avoid this, edit the file /etc/yum.repos.d/rpmforge.repo. In the file, add the following line at the end:
includepkgs=postgrey clamav clamd amavisd-new clamav-data clamav-filesystem clamav-lib clamav-server-sysv zoo unrar lha ripole clamav-db
yum remove clamav-*
then install the following packages
yum install clamav clamd amavisd-new
Choose y and press enter if you get the following message:
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 217521f6
epel/gpgkey | 1.7 kB 00:00
Importing GPG key 0x217521F6 "Fedora EPEL " from /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
Is this ok [y/N]:
and run this commands :
mkdir -p /var/spamassassin/bayes
chown -R amavis. /var/spamassassin/bayes
In /etc/mail/spamassassin/local.cf add the following parameters at the bottom:
use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1
bayes_auto_learn_threshold_nonspam 1
bayes_auto_learn_threshold_spam 7.5
bayes_path /var/spamassassin/bayes/bayes
bayes_file_mode 0777
score FH_DATE_PAST_20XX 0
score DNS_FROM_OPENWHOIS 0
ok_languages all
ok_locales all
Install postfix:
yum install postfix
Then run the following command (fill out SSL cert info):
cd /etc/postfix
openssl req -x509 -nodes -days 1850 -newkey rsa:2048 -keyout privkey.pem -out cert.pem
change the service configuration:
chkconfig amavisd on
/etc/init.d/postfix restart
/etc/init.d/amavisd restart
==== 1.3 Non-Repository Software ====
There are a few pieces of software you will need to download individually that aren't in any major repositories.
=== Courier-IMAP ===
Michael Fleming maintains RPMs of Courier-IMAP at his website, thatfleminggent.com.
You will need to download the latest RPMs of courier-imap, courier-authlib, and courier-authlib-userdb from his site at the following locations:
* i386 (32-bit): http://www.thatfleminggent.com/packages/centos/5/i386/repoview/system_environment.daemons.group.html
Or i386 (quick download command):
cd /tmp
wget http://www.thatfleminggent.com/packages/centos/5/i386/courier-authlib-0.63.0-1.el5.mf.i386.rpm
wget http://www.thatfleminggent.com/packages/centos/5/i386/courier-authlib-userdb-0.63.0-1.el5.mf.i386.rpm
wget http://www.thatfleminggent.com/packages/centos/5/i386/courier-imap-4.8.0-1.el5.mf.i386.rpm
* x86_64 (64-bit): http://www.thatfleminggent.com/packages/centos/5/x86_64/repoview/system_environment.daemons.group.html
=== policyd-weight ===
RPMs for policyd-weight can be found at the [[http://sourceforge.net/projects/policyd-weight/files/|project's SourceForge Files area]]
Or i386 (quick download command):
cd /tmp
wget http://superb-sea2.dl.sourceforge.net/project/policyd-weight/policyd-weight/0.1.15%20beta-3/policyd-weight-0.1.15dev3-1.noarch.rpm
==== 1.4 Disabling SELinux ====
SELinux will need to be disabled if it is enabled. To disable, from root run:
setenforce 0
Next edit the file /etc/selinux/config and change the value of SELINUX to disabled.
nano /etc/selinux/config
Change the line:
SELINUX=enforcing
To:
SELINUX=disabled
Time to reboot to be sure it is disabled:
(from root):
reboot
==== 1.5 Extract ispCP ω Archive ====
If you have not already, download the icpCP ω package and extract it. Once extracted, change into the directory to prepare for the next steps.
Download ispCP ω 1.0.7-rc1:
cd /tmp
wget http://softlayer.dl.sourceforge.net/project/ispcp/ispCP%20Omega/ispCP%20Omega%201.0.7%20RC1/ispcp-omega-1.0.7-rc1.tar.bz2
Extract ispCP ω 1.0.7-rc1:
tar -xvjf ispcp-omega-1.0.7-rc1.tar.bz2
==== 1.5 Installing Packages ====
A list of packages required by this software are located in docs/CentOS/centos-packages and can be used to easily install them.
Switch to ispCP 1.0.7-rc1 ω directory:
cd /tmp/ispcp-omega-1.0.7
Start the install:
yum install `cat ./docs/CentOS/centos-packages`
There is also one Perl package you will need to install as there are no RPMs for it.
This is as simple as running the following command from root (If you haven't ran CPAN before, you will be prompted for manual configuration. Choose NO and the install will contine):
perl -MCPAN -e 'install Term::ReadPassword'
Next, install all of the Courier and the policyd RPMs you downloaded earlier.
You can use the following commands to install them:
cd /tmp
rpm -Uvh courier-* policyd-weight-*
==== 1.6 Removing Unneeded Packages ====
CentOS installs Sendmail by default, but icpCP ω uses Postfix. Simply run the command
yum -y remove sendmail to remove Sendmail and have Centos switch to the Postfix which was just installed.
==== 1.7 Configuring Services ====
Courier needs a user and group account configured to run, and the following commands run as root will create them:
groupadd -g 3000 courier
And then:
useradd -u 3000 -c 'Courier Mail Server' -d /dev/null -g courier -d /bin/false courier
You may get the following warning which can be ignored:
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
MySQL will also need to be configured. First, make sure it is running. If it is not, you can run the command service mysqld start to start it. Now, run the command
mysql_fix_privilege_tables
mysql_secure_installation and set the root password and other options. Remember the root password you set, it will be needed later.
As one last thing, we need to clean out Apache's conf.d directory for the new configuration files that will be installed. Simply run the following command to move the existing conf.d directory to a backup location:
mv /etc/httpd/conf.d /etc/httpd/conf.d-disabled
==== 1.8 BIND DNS ====
icpCP ω keeps domain configuration in a file named named-ispcp.conf. We need to link that to named.conf for the DNS service to start. We also need to make a few links for zones to be managed correctly. Simply run the following commands:
mv /var/named/data /var/named/data-disabled
ln -s /var/named/chroot/var/named/data /var/named/data
echo 'include "/etc/named-ispcp.conf";' >> /var/named/chroot/etc/named.conf
===== 2. Installation =====
For the following process, you will need to be in your extracted icpCP ω directory, the MySQL service will need to be running, and you will want to run all commands as root.
==== 2.1 Upgrade perl-version ====
There are some errors when trying to install that require perl-version 0.74 or higher. Here we will install the needed package before running the next steps.
Use the following to make sure no older perl-version packages are installed:
yum remove perl-version
Next download and install the perl-version package needed to run the setup:
cd /tmp
For an i386 package:
wget http://packages.sw.be/perl-version/perl-version-0.82-1.el5.rf.i386.rpm
For an x86_64 package:
wget http://packages.sw.be/perl-version/perl-version-0.82-1.el5.rf.x86_64.rpm
Now install the package we just downloaded:
rpm -ivh perl-version*
==== 2.2 Confirming Settings ====
Look over configs/centos/ispcp.conf and adjust any values to match your server.
==== 2.3 Building the software and Installing to the Staging Area ====
To build the software, simply run the command:
cd /tmp/ispcp-omega-1.0.7
make -f Makefile.centos
The software will be built for CentOS and the install structure will be staged at /tmp/ispcp.
==== 2.3 Installing icpCP ω ====
If you have not yet, now is a good time to make backups of your server. The following steps make fundamental changes to your system configuration.
To install icpCP ω from the staging area, run the following commands:
cp -RLf /tmp/ispcp/* /
Now that the files are copied, we need to configure icpCP ω. To configure things, simply run the following commands:
cd /var/www/ispcp/engine/setup
perl ispcp-setup
:!: **Note:** During setup, you will be asked if you are using fastcgi or fcgid. You will want to choose the option for fcgid (shortcut key "f" on the prompt).
===== 3. Post-Install Configuration =====
Now that icpCP ω is installed, we have to configure a few services still.
==== 3.1 Postfix and SASL Authentication ====
We need to create the SASL database for authenticating mail users and configure SASL authenitcation. First, we create the SASL database with the following commands:
touch /etc/sasldb2
mkdir -p /var/spool/postfix/etc
cp /etc/sasldb2 /var/spool/postfix/etc
To allow authentication, edit /usr/lib/sasl2/smtpd.conf and replace the contents with the following:
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
==== 3.2 Configure Apache HTTPd ====
The Apache webserver needs to be configured to read website configuration in the directory /etc/httpd/vhosts/. To establish this, run the following command:
echo 'include vhosts/*.conf' >> /etc/httpd/conf/httpd.conf
:!: **Note:** I ran into a problem where that command was adding 2 entries into the httpd.conf file. If you complete this setup and end up with a blank Apache server page you will need to manually edit the /etc/httpd/conf/httpd.conf and scroll down to the bottom and remove on of the 2 entries:
Change this:
include vhosts/*.conf
include vhosts/*.conf
to just this:
include vhosts/*.conf
==== 3.3 Configure Postgrey ====
By default, Postgrey runs on a socket. We want it to run on port 60000. Edit the file /etc/init.d/postgrey and change the line:
OPTIONS="--unix=$SOCKET"
to
OPTIONS="--unix=$SOCKET --inet=60000"
==== 3.4 Setting Services to Run on Boot ====
Several services need to be set to run on boot. To do this, run the following commands:
chkconfig --level 345 httpd on
chkconfig --level 345 mysqld on
chkconfig --level 345 ispcp_network on
chkconfig --level 345 ispcp_daemon on
chkconfig --level 345 amavisd on
chkconfig --level 345 named on
chkconfig --level 345 proftpd on
chkconfig --level 345 postgrey on
chkconfig --level 345 spamassassin on
chkconfig --level 345 policyd-weight on
If you want to start the services without a reboot, run the following commands:
service httpd start
service mysqld start
service ispcp_network start
service ispcp_daemon start
service amavisd start
service named start
service proftpd start
service postgrey start
service spamassassin start
service policyd-weight start
==== 3.5 Cleaning up permissions ====
The default permissions for the temporary directory of the control panel need to be adjusted. Please run the following command:
chmod 775 /var/www/ispcp/gui/phptmp
==== 3.6 Deleting the icpCP ω Staging Environment ====
Once you have things working properly, you might want to delete the staging environment for icpCP ω. To do so, run the following command:
rm -Rf /tmp/ispcp
==== 3.7 Open needed ports ====
You will need to open ports to the services you plan to use. For me the easiest way was to edit the iptable file and add the ports needed. To do this you will need to edit the /etc/sysconfig/iptables and add the ports.
Add the lines below above the "-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited" line. If you add them below the reject line the ports will not open:
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 143 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 993 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 995 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 465 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 53 -j ACCEPT
Next restart iptabes:
/etc/init.d/iptables restart