Chrooting AOLserver on Solaris, without Oracle
* Make an appropriate nsadmin-sitename directory with an AOLserver install
* Since it'll be running with /home/nsadmin-sitename hoisted up as /, you'll
need to copy some stuff into here so that system calls and shared libraries
can find their moving parts:
= mkdir /home/nsadmin-sitename/etc
= mkdir /home/nsadmin-sitename/dev
= mkdir /home/nsadmin-sitename/tmp
= mkdir -p /home/nsadmin-sitename/var/tmp
= mkdir -p /home/nsadmin-sitename/usr/lib
= mkdir -p /home/nsadmin-sitename/usr/ucblib
= copy /etc/passwd to /home/nsadmin-sitename/etc/passwd, and edit it down to
just nsadmin
= make an /home/nsadmin-sitename/etc/nsswitch.conf that has in it:
passwd: files
= in the /home/nsadmin-sitename/dev directory, do (as root)
# mknod /home/nsadmin-sitename/dev/zero c 13 12
# mknod /home/nsadmin-sitename/dev/null c 13 2
(you may want to ls -l /dev/zero and /dev/null and chase any
symlinks to see if your system has a different major/minor device
numbers)
(the solaris threads library wants /dev/zero, and AOLserver wants
/dev/null)
= cp /etc/lib/nss_files.so.1 /home/nsadmin-sitename/usr/lib
(for getpwnam) [a hard link might work for these guys]
= cp /usr/ucblib/libucb.so.1 /home/nsadmin-sitename/usr/ucblib
= cp /usr/lib/libelf.so.1 /home/nsadmin-sitename/usr/lib
(for nssock)
* Put the stuff you'd ordinarly put in /web into /home/nsadmin-sitename/web,
and put a symlink to there into /web so that folks can find that directory
to do site development.
/home/nsadmin-sitename/web should include parameters, tcl, and www
directories
* If you need any unix commands (say you're doing an exec ls from Tcl),
you'll need to copy those into /home/nsadmin-sitename/usr/bin.
* Edit the sitename.ini:
[ns/parameters]
Home=/
auxConfigDir=/web/parameters
log=sitename-error.log
[ns/server/sitename]
pageRoot=/web/www
[ns/server/sitename/tcl]
library=/web/tcl
[ns/server/sitename/module/nslog]
file=/log/sitename.log
[ns/server/sitename/module/nsssl]
CertFile=/servers/cert.pem
KeyFile=/servers/key.pem
; or wherever the cert/key files are kept
* Run AOLserver with "-R /home/nsadmin-sitename" in addition to other
parameters. (you have to run it as root, even if you're just testing
things on high ports)
--------------------------------------------------
Chrooting AOLserver on Solaris, with Oracle
I haven't actually tried this yet, since it looks like it involves
moving all of the oracle stuff under /home/nsadmin-sitename as well.
I'll see if I can get this working on my Linux box before I screw up
gs.arsdigita.com.
* If the Oracle driver needs any shared libs when loading, there should
be a message in the server.log like this:
Warning: Load of '/bin/ora8.so' failed: ld.so.1: bin/nsd:
fatal: libm.so.1: open failed: No such file or directory
In which case do a find from / looking for libm.so.1, and copy that
into /home/nsadmin-sitename/usr/lib
* copy all of the oracle jazz from /ora8/* to /home/nsadmin-sitename?
--------------------------------------------------
Chrooting AOLserver on HP
* It craps out on startup, saying that 'nsamdin is not a valid user name'.
This means that there's some moving piece that's not being found. HP
doesn't have the nifty 'truss' command to show what system calls are
being made and what files are being opened, so tracking this one
down will require a call to HP support, and I want to wait until we need
to do it on HP before burning the time.