HowTo:Enable iFolder Datastore on NSS Volumes
From iFolder
| Table of contents |
Introduction
Since OES shipped, many people have had interest in using NSS on their OES linux machines. iFolder does not gain any appreciable benefit from having it's datastore on an NSS volume as opposed to a Reiser volume. Both are supported configurations. Whichever works best for your environment is what you should use. Reiser is the default configuration since it is also the default configuration that SLES 9 has for it's filesystem.
iFolder does not take advantage of the advanced rights system that NSS or Reiser offers. All of the access restrictions that iFolder 3 uses are internal to iFolder. This is by design. Usability testing has shown that normal users do not understand anything other than Read, Read/Write, and Full Control (Ownership). Thus setting rights on the NSS volume on a per-user basis is useless for iFolder 3.
It should also be noted that the salvage feature of NSS is not used by iFolder either. Should a file be accidently deleted and then salvaged by an NSS volume, you will have to reimport the file via the iFolder client in order to preserve the iFolder meta-data that the NSS filesystem does not have. This meta-data can only be collected via an ifolder client or webaccess at this time.
iFolder "funnels" all of its rights to the volume for each user through the Apache user on OES. Thus the "wwwrun" user must have the proper rights granted to it on the filesystem in order for the server to function properly. For Reiser based systems, the wwwrun user has sufficient rights granted to it with a default install of OES to function properly. This is not the case however with NSS volumes. Thus in order for iFolder to work on an NSS volume, the apache user must be granted rights prior to running the YaST configuration tool.
For the impatient, the whole howto can be summarized in these 3 steps:
First: Get NSS working on Linux Second: Set the rights for the wwwrun (Apache) user Third: Run the YaST configuration tool for iFolder 3
QuickGuide
- Install the latest OES on a server with 2 physical disks. Do not use unpatched OES.
- Delete the partition table on one disk, install the system on the other
- Add the NSS package selections
- Do not add the iFolder 3 package selections
- Complete the install of OES
- Configure NSS pools/volumes on empty disk using iManager
- Set rights for the wwwrun user on the volume using the rights utility
- Install the iFolder 3 package selections using YaST
- Configure the iFolder 3 Server using YaST configuration tool
- Rejoice in the coolness of it all.
Detailed step through
Supported Platforms
- iFolder 3.0 is not supported on unpatched OES machines. NSS volumes had a defect in the first release of OES which prevented Mono from creating files on an NSS volume. This defect was fixed in the SP1 release of OES. It is recommended that iFolder 3.1 is used at a minimum for NSS support since NSS specific fixes were put into the server code for that release. The most recent release of iFolder and OES is the best case scenario.
- It is recommended for the purpose of this howto that you not install NSS and iFolder 3 during the same install of OES. iFolder 3 will have to be reconfigured when you give the apache user the proper rights. It is not easy to do this during the install if the volume/pool has not yet been created. Install NSS first, and then do a post-install of iFolder 3.
- Doing a post install of iFolder 3 will require you to install the iFolder 3 iManager plugin seperately from the rest of iManager if you are using a single server setup. Simply install OES with iManager, then install iFolder 3 including the plugin. Then go into iManager and add the iFolder 3 plugin to the installed plugins list. You will have to restart tomcat.
Getting NSS working on your OES machine
Getting NSS working on your OES machine is documented at length by the documentation on http://www.novell.com/documentation. All of the steps for this are beyond the scope of this document. However, a simple setup is documented here for explanative reasons.
While testing NSS for iFolder 3, best practise has been to have the system volume and swap volumes on one drive and the NSS volume on a completely seperate drive. (See Diagram)
 |
This is probably not necessary, but it has been the easiest in our lab.
While setting up OES, install the normal server components and add the NSS rpms. Do not add the iFolder packages at this time. If you add the iFolder packages during the install, then they will have to be configured during the install. This usually means that you have to go back in and reconfigure again after the install is complete to accomodate NSS. It is possible to do this all during the install, this is just how we have it here in our labs. If you have more detailed information than this... feel free to add it to the wiki. :)
Go into "Partitioning" and do "Custom Partitioning for Experts". Delete the partition table on the drive that you are planning on using for NSS. Create your system partitions on the other drive as you desire.
After the install completes successfully, use iManager to create an NSS Pool and Volume on the unpartitioned space on drive 2. Verify that the NSS filesystem is working properly.
Now you are ready to install iFolder.
Setting the rights for the apache user
As the root user on your OES machine, run the rights utility that gets installed as part of the NSS installation package. For example, if your NSS volume is set to /media/nss/NSSVOL and you have the cn=wwwrun user in the o=main context of the novell_tree directory tree, you would run the following command:
rights -f /media/nss/NSSVOL -r rwfcem trustee wwwrun.main.novell_tree
This will give read, write, file scan, create, erase and modify rights to the NSSVOL/ directory to the wwwrun user. Test this out by su'ing to wwwrun and attempting to create a directory in the NSS volume space. If you are successful, then you can su back to root and go on to the next step. If not, then re-run the rights utility until you are successful.
See the help on the rights utility for more information.
Now you are ready to configure iFolder 3 via YaST!
Running the YaST configuration tool for iFolder 3
Now that you have the proper rights to the NSS Volume, you will be able to configure iFolder 3. Simply run the YaST configuration for iFolder and point the datastore directory to the one that you created previously on your NSS volume.
Overcoming problems
- If you are getting "An Internal Error has occured" within the iManager plugin, this is a sure sign that you have not set up rights within NSS properly. Clicking on the "Details" button returns this output. You will see something like this in the y2log. Furthermore you will be unable to "ping" the webservice at:
http ://<servername>/Simias10/DomainService.asmx
 |
 |
