CentOS Installation Guide

This installation of ispCP ω has three major sections: Pre-Install Preparation, Install, and Post-Install Configuration. The installation should take 30-60 minutes.

This documentation was written for CentOS 5, specifically 5.4. And updated for 5.5. While you might be able to install on earlier versions, you may encounter difficulties or differences. In addition, this guide uses the YUM tool to install packages. If you normally use a different tool, you will need to modify the instructions to fit your system.

The instructions are based on a minimum Server installation of CentOS with no optional packages marked during OS install. If you selected additional options during the install process, some extra server services may need to be disabled to avoid interfering with the packages used by ispCP ω.

The install instructions attempt to keep system changes to a minimum, so these instructions should also work under Red Hat Enterprise Linux 5. If you encounter differences, please notify the maintainer.

The install instructions should be done under the root account.

Warning This documentation is undergoing rewriting. It may be inaccurate in some parts, or leave steps out. This note will be removed when the documentation has been brought back up to quality.

There is no must-have specification for systems running ispCP ω. The following are recommended minimums.

• Pentium III or K6-4 with 500 MHz
• 512 MB RAM
• 100 MB free disk space for ispCP ω itself
• A supported Linux distribution - this guide is for CentOS 5

Required software packages are listed in docs/CentOS/centos-packages.

The very first thing you should do is make sure your base Linux install is fully updated. To do so, simply run

yum update

as root. If there was a kernel upgrade, you will want to reboot before continuing.

The CentOS repositories do not include all the software needed to run icpCP ω. You will need to add two repositories to your system to install everything you need.

EPEL contains most of the additional packages needed.

You should install this repository following the linked instructions.

Or i386 command from link (quick install command):

su -c 'rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm'

Remi Collet maintains a repository of updated packages for Fedora and CentOS/RHEL. We need his repository to install updated PHP and MySQL packages as CentOS 5 comes with PHP 5.1 and we need PHP 5.2 at a minimum.

First, install the repository following the linked instructions.

Or i386 command from link (quick install command):

cd /etc/yum.repos.d
wget http://rpms.famillecollet.com/enterprise/remi.repo
wget http://rpms.famillecollet.com/RPM-GPG-KEY-remi
rpm --import RPM-GPG-KEY-remi
rm -f RPM-GPG-KEY-remi

The repository installs in a disabled state by default if using the linked instructions install. Even with the quick install command you still will want to only include the packages we want from it. To do this, edit the file /etc/yum.repos.d/remi.repo. In the file, under the [remi] heading, change the value of enabled from 0 to 1, then add the following line at the bottom of that section:

includepkgs=mysql* php* sqlite*

RPMForge is needed for one package that none of the other repositories currently has.

First, install the repository following the linked instructions.

Or i386 command from link (quick install command):

rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

We do not want all the packages from RPMForge as it replaces a good deal of the system. To avoid this, edit the file /etc/yum.repos.d/rpmforge.repo. In the file, add the following line at the end:

includepkgs=postgrey clamav clamd amavisd-new clamav-data clamav-filesystem clamav-lib clamav-server-sysv zoo unrar lha ripole clamav-db

yum remove clamav-*

then install the following packages

yum install clamav clamd amavisd-new

Choose y and press enter if you get the following message:

warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 217521f6
epel/gpgkey                                                                      | 1.7 kB     00:00
Importing GPG key 0x217521F6 "Fedora EPEL <epel@fedoraproject.org>" from /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
Is this ok [y/N]:

and run this commands :

mkdir -p /var/spamassassin/bayes
chown -R amavis. /var/spamassassin/bayes

In /etc/mail/spamassassin/local.cf add the following parameters at the bottom:

use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1
bayes_auto_learn_threshold_nonspam 1
bayes_auto_learn_threshold_spam 7.5

bayes_path /var/spamassassin/bayes/bayes
bayes_file_mode 0777

score FH_DATE_PAST_20XX 0
score DNS_FROM_OPENWHOIS 0

ok_languages all
ok_locales all

Install postfix:

yum install postfix

Then run the following command (fill out SSL cert info):

cd /etc/postfix
openssl req -x509 -nodes -days 1850 -newkey rsa:2048 -keyout privkey.pem -out cert.pem

change the service configuration:

chkconfig amavisd on
/etc/init.d/postfix restart
/etc/init.d/amavisd restart

There are a few pieces of software you will need to download individually that aren't in any major repositories.

Michael Fleming maintains RPMs of Courier-IMAP at his website, thatfleminggent.com.

You will need to download the latest RPMs of courier-imap, courier-authlib, and courier-authlib-userdb from his site at the following locations:

• i386 (32-bit): http://www.thatfleminggent.com/packages/centos/5/i386/repoview/system_environment.daemons.group.html

Or i386 (quick download command):

cd /tmp
wget http://www.thatfleminggent.com/packages/centos/5/i386/courier-authlib-0.63.0-1.el5.mf.i386.rpm
wget http://www.thatfleminggent.com/packages/centos/5/i386/courier-authlib-userdb-0.63.0-1.el5.mf.i386.rpm
wget http://www.thatfleminggent.com/packages/centos/5/i386/courier-imap-4.8.0-1.el5.mf.i386.rpm

• x86_64 (64-bit): http://www.thatfleminggent.com/packages/centos/5/x86_64/repoview/system_environment.daemons.group.html

RPMs for policyd-weight can be found at the project's SourceForge Files area

Or i386 (quick download command):

cd /tmp
wget http://superb-sea2.dl.sourceforge.net/project/policyd-weight/policyd-weight/0.1.15%20beta-3/policyd-weight-0.1.15dev3-1.noarch.rpm

SELinux will need to be disabled if it is enabled. To disable, from root run:

setenforce 0

Next edit the file /etc/selinux/config and change the value of SELINUX to disabled.

nano /etc/selinux/config

Change the line:

SELINUX=enforcing

To:

SELINUX=disabled

Time to reboot to be sure it is disabled: (from root):

reboot

If you have not already, download the icpCP ω package and extract it. Once extracted, change into the directory to prepare for the next steps.

Download ispCP ω 1.0.7-rc1:

cd /tmp
wget http://softlayer.dl.sourceforge.net/project/ispcp/ispCP%20Omega/ispCP%20Omega%201.0.7%20RC1/ispcp-omega-1.0.7-rc1.tar.bz2

Extract ispCP ω 1.0.7-rc1:

tar -xvjf ispcp-omega-1.0.7-rc1.tar.bz2

A list of packages required by this software are located in docs/CentOS/centos-packages and can be used to easily install them.

Switch to ispCP 1.0.7-rc1 ω directory:

cd /tmp/ispcp-omega-1.0.7

Start the install:

yum install `cat ./docs/CentOS/centos-packages`

There is also one Perl package you will need to install as there are no RPMs for it. This is as simple as running the following command from root (If you haven't ran CPAN before, you will be prompted for manual configuration. Choose NO and the install will contine):

perl -MCPAN -e 'install Term::ReadPassword'

Next, install all of the Courier and the policyd RPMs you downloaded earlier. You can use the following commands to install them:

cd /tmp
rpm -Uvh courier-* policyd-weight-*

CentOS installs Sendmail by default, but icpCP ω uses Postfix. Simply run the command

 yum -y remove sendmail

to remove Sendmail and have Centos switch to the Postfix which was just installed.

Courier needs a user and group account configured to run, and the following commands run as root will create them:

groupadd -g 3000 courier

And then:

useradd -u 3000 -c 'Courier Mail Server' -d /dev/null -g courier -d /bin/false courier

You may get the following warning which can be ignored:

useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.

MySQL will also need to be configured. First, make sure it is running. If it is not, you can run the command

service mysqld start

to start it. Now, run the command

mysql_fix_privilege_tables

mysql_secure_installation

and set the root password and other options. Remember the root password you set, it will be needed later.

As one last thing, we need to clean out Apache's conf.d directory for the new configuration files that will be installed. Simply run the following command to move the existing conf.d directory to a backup location:

mv /etc/httpd/conf.d /etc/httpd/conf.d-disabled

icpCP ω keeps domain configuration in a file named named-ispcp.conf. We need to link that to named.conf for the DNS service to start. We also need to make a few links for zones to be managed correctly. Simply run the following commands:

mv /var/named/data /var/named/data-disabled
ln -s /var/named/chroot/var/named/data /var/named/data
echo 'include "/etc/named-ispcp.conf";' >> /var/named/chroot/etc/named.conf

For the following process, you will need to be in your extracted icpCP ω directory, the MySQL service will need to be running, and you will want to run all commands as root.

There are some errors when trying to install that require perl-version 0.74 or higher. Here we will install the needed package before running the next steps.

Use the following to make sure no older perl-version packages are installed:

yum remove perl-version

Next download and install the perl-version package needed to run the setup:

cd /tmp

For an i386 package:

wget http://packages.sw.be/perl-version/perl-version-0.82-1.el5.rf.i386.rpm

For an x86_64 package:

wget http://packages.sw.be/perl-version/perl-version-0.82-1.el5.rf.x86_64.rpm

Now install the package we just downloaded:

rpm -ivh perl-version*

Look over configs/centos/ispcp.conf and adjust any values to match your server.

To build the software, simply run the command:

cd /tmp/ispcp-omega-1.0.7
make -f Makefile.centos

The software will be built for CentOS and the install structure will be staged at /tmp/ispcp.

If you have not yet, now is a good time to make backups of your server. The following steps make fundamental changes to your system configuration.

To install icpCP ω from the staging area, run the following commands:

cp -RLf /tmp/ispcp/* /

Now that the files are copied, we need to configure icpCP ω. To configure things, simply run the following commands:

cd /var/www/ispcp/engine/setup
perl ispcp-setup

Note: During setup, you will be asked if you are using fastcgi or fcgid. You will want to choose the option for fcgid (shortcut key “f” on the prompt).

Now that icpCP ω is installed, we have to configure a few services still.

We need to create the SASL database for authenticating mail users and configure SASL authenitcation. First, we create the SASL database with the following commands:

touch /etc/sasldb2
mkdir -p /var/spool/postfix/etc
cp /etc/sasldb2 /var/spool/postfix/etc

To allow authentication, edit /usr/lib/sasl2/smtpd.conf and replace the contents with the following:

pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5

The Apache webserver needs to be configured to read website configuration in the directory /etc/httpd/vhosts/. To establish this, run the following command:

echo 'include vhosts/*.conf' >> /etc/httpd/conf/httpd.conf

Note: I ran into a problem where that command was adding 2 entries into the httpd.conf file. If you complete this setup and end up with a blank Apache server page you will need to manually edit the /etc/httpd/conf/httpd.conf and scroll down to the bottom and remove on of the 2 entries:

Change this:

include vhosts/*.conf
include vhosts/*.conf

to just this:

include vhosts/*.conf

By default, Postgrey runs on a socket. We want it to run on port 60000. Edit the file /etc/init.d/postgrey and change the line:

OPTIONS="--unix=$SOCKET"

to

OPTIONS="--unix=$SOCKET --inet=60000"

Several services need to be set to run on boot. To do this, run the following commands:

chkconfig --level 345 httpd on
chkconfig --level 345 mysqld on
chkconfig --level 345 ispcp_network on
chkconfig --level 345 ispcp_daemon on
chkconfig --level 345 amavisd on
chkconfig --level 345 named on
chkconfig --level 345 proftpd on
chkconfig --level 345 postgrey on
chkconfig --level 345 spamassassin on
chkconfig --level 345 policyd-weight on

If you want to start the services without a reboot, run the following commands:

service httpd start
service mysqld start
service ispcp_network start
service ispcp_daemon start
service amavisd start
service named start
service proftpd start
service postgrey start
service spamassassin start
service policyd-weight start

The default permissions for the temporary directory of the control panel need to be adjusted. Please run the following command:

chmod 775 /var/www/ispcp/gui/phptmp

Once you have things working properly, you might want to delete the staging environment for icpCP ω. To do so, run the following command:

rm -Rf /tmp/ispcp

You will need to open ports to the services you plan to use. For me the easiest way was to edit the iptable file and add the ports needed. To do this you will need to edit the /etc/sysconfig/iptables and add the ports.

Add the lines below above the ”-A RH-Firewall-1-INPUT -j REJECT –reject-with icmp-host-prohibited” line. If you add them below the reject line the ports will not open:

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 143 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 993 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 995 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 465 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 53 -j ACCEPT

Next restart iptabes:

/etc/init.d/iptables restart