Bric::Admin - Bricolage System Administration Guide.
$Revision: 1.5.2.17 $
$Date: 2001/12/10 21:15:18 $
This guide is intended for the system administrator in charge of installing, configuring, or tuning a Bricolage system.
Bricolage requires a lot of other components to be installed; here's a list of them:
Perl 5.6.1
Perl Modules:
OpenSSL 0.9.6a (optional)
MM 1.1.3 - Shared Memory Library
mod_ssl 2.8.4-1.3.20 - Apache Interface to OpenSSL (optional)
mod_perl 1.25 - Apache/Perl Integration
Apache 1.3.20
PostgreSQL 7.1.3
Bricolage 1.0.2
At some point, we hope to have a makefile that will automate the installation of all of these packages for you. Until then, the following instructions will get you through installing all the needed components.
The standard Perl installation should apply with no problems. We do recomend the following Configure commands:
This Configure command will build perl without perl's malloc. This is necessary to prevent segfaults with XML::Parser under mod_perl. [Note that XML::Parser isn't currently part of Bricolage, but will soon be, and users will likely install it, anyway.]
This Configure command will arrange for /usr/bin/perl to be linked to the current version of perl. If you don't specify this command, configure will prompt you to find out whether to link /usr/bin/perl to the current version of perl. We strongly suggest that you answer "yes".
This optional command tells Configure that you except all the other defaults, and it will therefore provide terse output during the configuration.
Here is how to install Perl:
Download the Perl source tarball from www.perl.com.
Gunzip and untar the sources.
Change to the source directory and execute these commands:
sh Configure -Umymalloc -Dinstallusrbinperl -des
make
make test
make installThere are quite a few Perl modules required by Bricolage (see "PACKAGES" above for a list). Installation of these modules follows the usual perl module installation process:
Download the package sources.
Gunzip and untar the sources.
Change to the source directory and execute these commands:
perl Makefile.PL
make
make test
make installYou can also use the CPAN module to install the modules (perldoc CPAN for details), or use ActiveState PPM packages if they're available. We do recommend that you install all but three of the required packages immediately after installing Perl, and before installing the other software packages. (You must, of course, install them all after installing Perl; otherwise, they'll be compiled under and associated with the extant perl on your system.) The three exceptions are DBD::Pg, which can only be installed after PostgreSQL has been installed (see below); and Apache::Session and libapreq, both of which can only be installed once Apache and mod_perl have been installed.
You'll need to install OpenSSL if you want to use Bricolage's SSL support to run a more secure server, otherwise you can skip this step. Installation of OpenSSL follows the usual conventions. Here's an example:
Download the OpenSSL source tarball from www.openssl.org.
Gunzip and untar the sources.
Change into the source directory, read the INSTALL file to see if you need to use any Configure commands, and execute these commands:
sh config <commands>
make
make testmake install insn't necessary because the sources will be compiled into Apache.
Installation of MM follows the usual conventions. Here's an example:
Download the MM source tarball from www.engelschall.com.
Gunzip and untar the sources.
Change into the source directory, read the INSTALL file to see if you need to use any Configure commands (we recommend --disable-shared, to prevent building shared libraries), and execute these commands:
./configure --disable-shared
makemake install insn't necessary because the sources will be compiled into Apache.
You'll need to install mod_perl if you want to use Bricolage's SSL support to run a more secure server, otherwise you can skip this step. Installation of mod_ssl follows the usual conventions. Here's an example:
Download the mod_ssl source tarball from www.modssl.org.
Gunzip and untar the sources.
Change into the source directory, read the INSTALL file to see if you need to use any Configure commands. The only one required here is --with-apache, so you'll need to have already downloaded, gunzipped, and untarred the Apache sources (see below). If you already have a server certificate and a server key, use the --with-crt and --with-key commands to point to them. Then, execute this command:
./configure --with-apache=/usr/local/src/bricolage/apache_1.3.xxWhere "apache_1.3.xx" represents ther version of Apache you will be installing (see the "Packages" section above for a recommended version number.
make and make install aren't necessary because the sources will be compiled into Apache.
Installation of mod_perl follows the usual conventions for installing Perl modules. It does require a number of Configure commands, however. The most important command is <APACHE_SRC>, which points to the Apache sources. You will need to have already downloaded, gunzipped, and untarred the Apache sources before compiling mod_perl. Here's the routine:
Download the mod_perl source tarball from perl.apache.org.
Gunzip and untar the sources.
Change into the source directory, read the INSTALL file to see if you need to use any Configure commands other than those specified below. Then execute the commands:
perl Makefile.PL \
APACHE_SRC=/usr/local/src/bricolage/apache_1.3.xx/src \
DO_HTTPD=1 \
USE_APACI=1 \
PREP_HTTPD=1 \
EVERYTHING=1
make
make installBy now you've downloaded Apache and gunzipped and untarred its sources. There are a lot of Configure commands supported by Apache. We recommend that you use at least the following for Bricolage:
This command selects the classical Apache path layout.
This command prevents incompatabilities between Apache's implementation of the Expat XML parser, and that used by Perl's XML::Parser module.
This command compiles in SSL support, using the mod_ssl sources configured earlier. You only need this option if you plan to use Bricolage's SSL support.
This command enables the mod_rewrite module that ships with the Apache sources. While mod_rewrite is not currently used in Bricolage, it may be in future versions.
This command enables the mod_so module that ships with Apache. This shared libarary is used by mod_perl. [Is this true, or did I make it up?]
This command enables the mod_proxy module.
This command compiles in mod_perl. The library it points to was installed by the mod_perl make process.
The commands you'll execute, therefore, should look something like this:
./configure \
"--with-layout=Apache" \
"--disable-rule=EXPAT" \
"--enable-module=rewrite" \
"--enable-module=so" \
"--enable-module=proxy" \
"--activate-module=src/modules/perl/libperl.a"
makeOr if you're planning to use SSL:
./configure \
"--with-layout=Apache" \
"--disable-rule=EXPAT" \
"--enable-module=ssl" \
"--enable-module=rewrite" \
"--enable-module=so" \
"--enable-module=proxy" \
"--activate-module=src/modules/perl/libperl.a"
makeIf you plan to use SSL you'll need to install the SSL certificates before you install Apache. If you compiled OpenSSL with the --with-crt and --with-key commands, you can skip this step.
If you don't have a formal certificate from a certificate authority such as VeriSign then you can make a dummy certificate with the command:
make certificate TYPE=dummyIf you do have a formal certificate then can make a certificate with the command:
make certificate TYPE=customNear the end of the certificate creation process, you will be prompted to enter information for the certificate. Here you'll enter the information for your certificate. See the OpenSSL documentation for a description of the certificate data.
You'll be prompted to enter the certificate information twice. Afterwards, you'll see this prompt for each of the two new certificates:
Encrypt the private key now? [Y/n]:Enter "n" to avoid having to type in a passphrase every time you start Apache. Enter "y" if you really don't trust your system users.
Finally, install Apache:
make installDon't forget to install the Apache::Session and Apache::libapreq perl modules now (See "Perl Modules," above).
And you're done! You can test the installation by calling
/usr/local/apache/bin/apachectl configtestPostgreSQL is an integral part of Bricolage: it's where all of your assets are stored! Its installation is pretty straight-forward and typical, but it requires a number of extra steps that one might not expect. Here are the details:
Download the PostgreSQL source tarball from www.postgresql.org.
Gunzip and untar the sources.
Create a new system user named "postgres". This is the user that will start the PostgreSQL server. The startup scripts that come with PostgreSQL mostly seem to expect that the postgres user will use the tcsh shell, so you may wish to set that shell now. Here's an example under Linux:
/usr/sbin/useradd -d /home/postgres postgres -s /bin/tcshChange into the source directory and read the INSTALL file to see if you need to use any Configure commands. One Configure command is required by Bricolage: --enable-multibyte=UNICODE. Because Bric stores all of its textual data in Unicode format, this command is not optional. If you require the use of a different character set for your installation, see the CHAR_SET configuration directive above to ensure that data will be translated to and from your character set and the Unicode stored in the database.
Install PostgreSQL:
./configure --enable-multibyte=UNICODE
make
make installNow make a directory in which you want to keep your PostgreSQL databases, including the Bricolage database. Make the "postgres" user the owner of that directory. Think carefully about where you want this directory to be, and on what partition. The Bricolage database will get to be quite large, and will require a great deal of disk accessing, so we recommend you put it on its own partition. This example just demonstrates the default:
mkdir /usr/local/pgsql/data
chown postgres /usr/local/pgsql/dataIntitialize the PostgreSQL database. Be sure to pass the directory you just created to the -D command.
su - postgres -c "/usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data"Start the PostgreSQL "postmaster". You can use one of the scripts in contrib/start-scripts.
Make the PostgreSQL documentation. This step is optional, if you don't need the docs or have them available elsewhere:
cd docs
make installDon't forget to install the DBD::Pg perl module! You'll need to set the POSTGRES_INCLUDE and POSTGRES_LIB environment variables, first:
POSTGRES_INCLUDE=/usr/local/pgsql/include
POSTGRES_LIB=/usr/local/pgsql/lib
export POSTGRES_INCLUDE POSTGRES_LIB
cd /path/to/DBD-Pg-1.00
perl Makefile.PL
make
make test
make installAnd now PostgreSQL is ready to go!
When all of the basic software components have been insalled, start PostgreSQL. You can use one of the scripts in startup/ if you like.
Download the latest Bricolage sources from http://bricolage.sourceforge.net/. Decompress them into /usr/local/bricolage.
Change directories into /usr/local/bricolage/bin and run bric_pgimport as follows:
./bric_pgimport -u postgres -p postgres -d dbname -c -m db_user:db_passwordWhere 'dbname' is the name you want the Bricolage database to be called in PostgreSQL, and 'db_user' and 'db_password' are the user name and password to be created in the PostgreSQL database, and under which the Bricolage application will run. Note that the -u argument must represent a PostgreSQL user with CREATE DATABASE and CREATE USER permissions. The 'bric_user' user will be creaed without these permissions (the 'dbname' database will be owned by the user passed in via the -u argument), but will be granted full CREATE, DELETE, UPDATE, and SELECT permissions an all objects in the Bricolage database.
Start Apache. Use one of the scripts in scripts/ if you like. You can manually start it via the following command:
/user/local/bricolage/bin/bric_apachectl startTry to hit the web server. If you're prompted for a login, you're in! If not, check the Apache error log to figure out what might have gone wrong.
To start using Bricolage, log in as the default user. The user name is "admin" and the password is "c@st3l!@n". This user is not special, so you can change it however you like. The first thing you should do is to change the admin login password so that others who download the Bricolage sources can't just use that login to get into your installation! Now use the admin login to create other user accounts.
Configuration of Bricolage is handled via two interfaces. The first is the user interface, where application administrators can set preferences such as Time Zone and Date Format. The second interface -- and the one of interest to us here -- is the Bricolage configuration file, which you'll find at /usr/local/bricolage/conf/bricolage.conf. This file is designed for system configuration, and thus to be edited by system administrators -- in other words, the audience of for this document.
The Bricolage configuration file contains a number of configuration options, each of which falls roughly into a number of categories, described below. Edit this document to tweak the functionality of Bricolage. The vast majority of configuration issues can be resolved by editing this docuement alone.
Note: Bricolage uses the BRICOLAGE_ROOT environment variable to determine where to find all of its libraries and configuration files. If this environment variable is not defined in the shell before starting Bricolage, Bricolage will default to '/usr/local/bricolage'. If you have installed Bricolage in any other location, you will need to set this environment variable before you start Bricolage or use any of its tools. The value of this environment variable is important for many of the configuration directives, as well. You will find it represented in this document as $BRICOLAGE_ROOT.
And now, on with the descriptions of the Bricolage configuration directives.
These settings relate the similarly-named Apache run-time configuration directives. (In fact, the descriptions here are largely cribbed from the Apache documentation.) Read the Apache documentation for more information on these and other Apache directives. Depending on your environment, changing some of these may help improve performance.
Note: These configuration settings are used directly in the Apache configuration file. Thus, advanced users can configure Apache themselves by editing the httpd.conf file directly. This is not recommended in most cases, however, as Bricolage uses Perl to configure Apache, and some of the configurations are used elsewhere, too. If you decide to edit the httpd.conf file yourself, however, be sure to also update the bricolage.conf file, so that the settings stay in sync.
APACHE_SERVER_ROOTL: This directive is the equivalent of Apache's ServerRoot directive. It sets the directory in which the server lives. Defaults to '/usr/local/apache' if not specified. This isn't portable, so we recommend you set it!
PID_FILE: Sets the file to which the server records the process id of the daemon. If the filename does not begin with a slash (/) then it is assumed to be relative to the ServerRoot. Defaults to "/usr/local/apache/logs/httpd.pid" if not specified. This isn't portable, so we recommend you set it!
SERVER_NAME: The DNS name or IP address of the Bricolage server. If this configuration is not specified, Bricolage will use the unix-specific system tools hostname and dnsdomainname to try to establish the server name. Needless to say, these tools are not portable, so we highly recommend that you set this configuration directive in bricolage.conf.
SERVER_ADMIN: The email address of the server administrator. Defaults to "root@SERVER_NAME".
DOCUMENT_ROOT: Sets the directory from which Apache will serve files. Defaults to $BRICOLAGE_ROOT/comp if not specified.
MIN_SPARE_SERVERS: Sets the desired minimum number of idle Apache child server processes. An idle process is one which is not handling a request. If there are fewer than MinSpareServers idle, then the parent process creates new children at a maximum rate of 1 per second. Defaults to "2" if not specified.
MAX_SPARE_SERVERS: Sets the desired maximum number of idle Apache child server processes. An idle process is one which is not handling a request. If there are more than MaxSpareServers idle, then the parent process will kill off the excess processes. Defaults to "6" if not specified.
START_SERVERS: Sets the number of Apache child server processes created on startup. As the number of processes is dynamically controlled depending on the load, there is usually little reason to adjust this parameter. Defaults to "2" if not specified.
MAX_REQUESTS_PER_CHILD: Sets the limit on the number of requests that an individual Apache child server process will handle. After MaxRequestsPerChild requests, the child process will die. If MaxRequestsPerChild is 0, then the process will never expire. Defaults to "0" if not specified.
MAX_CLIENTS: Sets the limit on the number of simultaneous requests that can be supported; not more than this number of Apache child server processes will be created. Defaults to "150" if not specified.
KEEP_ALIVE: Provides long-lived Apache HTTP sessions which allow multiple requests to be sent over the same TCP connection. Performance benefits to Bricolage in enabling this feature are unknown. Defaults to "Off" if not specified.
MAX_KEEP_ALIVE_REQUESTS: Limits the number of requests allowed per connection when KEEP_ALIVE is on. If it is set to "0", unlimited requests will be allowed. Defaults to "100" if not specified.
KEEP_ALIVE_TIMEOUT: The number of seconds Apache will wait for a subsequent request before closing the connection when KEEP_ALIVE is on. Defaults to "15" if not specified.
ERROR_LOG: Sets the name of the file to which the server will log any errors it encounters. Defaults to " /usr/local/apache/logs/error_log" if not specified. This is not portable, so it may need to be changed. [We may want to change it to keep the log in the Bricolage directory space, anyway.]
LOG_LEVEL: Adjusts the verbosity of the messages recorded in the error logs (see ERROR_LOG directive). The following levels are available, in order of decreasing significance:
Defaults to "info" if not specified.
CUSTOM_LOG: Specifies the location of the access log. Defaults to "/usr/local/apache/logs/access_log combined" if not specified. Note that this location is not portable, so it may need to be changed. The 'custom' alias is used by the LOG_FORMAT directive below.
LOG_FORMAT: The format in which all logging will be, erm, logged to the log file specified by the ERROR_LOG directive. See the Apache documentation for details on how this argument may be formatted. IF unspecified, the default is this string:
'%h %l %u %t "%r" %>s %b "%{Referer}i "%{User-Agent}i" "%{Cookie}i" "%v:%p"' combinedSCORE_BOARD_FILE: This directive is required on some architectures to place a file that the Apache server will use to communicate between its children and the parent. The easiest way to find out if your architecture requires a scoreboard file is to run Apache and see if it creates the file named by the directive. If your architecture requires it then you must ensure that this file is not used at the same time by more than one invocation of Apache. Will not be defined if not specified.
TYPES_CONFIG: Sets the location of the MIME types configuration file. The file name value is assumed to be relative to the APACHE_SERVER_ROOT if it doesn't start with a "/". This file sets the default list of mappings from filename extensions to content type Defaults to "/usr/local/apache/conf/mime.types" if not specified.
USE_CANONICAL_NAME: With USE_CANONICAL_NAME on, Apache will use the SERVER_NAME and PORT directives to construct a canonical name for the server. This name is used in all self-referential URLs, Defaults to "On" if not specified.
With USE_CANONICAL_NAME off, Apache will form self-referential URLs using the hostname and port supplied by the client if any are supplied (otherwise it will use the canonical name).
HOST_NAME_LOOKUPS: Enables DNS lookups so that host names can be logged. The available values are "On", "Off", and "Double". The value "Double" refers to doing double-reverse DNS. That is, after a reverse lookup is performed, a forward lookup is then performed on that result. At least one of the ip addresses in the forward lookup must match the original address. Defaults to "Off" if not specified.
SERVER_SIGNATURE: Allows the configuration of a trailing footer line under server-generated documents. The available values are "Off", "On", and "Email". Defaults to "Email" if not specified.
TIMEOUT: The TIMEOUT directive defines the amount of time Apache will wait for three things:
The total amount of time it takes to receive a GET request.
The amount of time between receipt of TCP packets on a POST or PUT request.
The amount of time between ACKs on transmissions of TCP packets in responses.
Defaults to "30" if not specified.
The Apache OpenSSL interface (mod_ssl) is an optional part of the Bricolage application. Not only does it enabled secure logons to the system, but it also allows completely secure access to the entire application, should you need it (and not need to worry about the performance overhead.). The following directives derive from their similarly-named mod_ssl directives. See the mod_ssl documentation <http://www.modssl.org/docs> for more detail.
SSL_ENABLE: Turn on this boolean directive to enable SSL support. Make sure you've followed the installation instructions for building a mod_ssl Apache. Disabled by default.
SSL_SESSION_CACHE: Configures the storage type of the global/inter-process SSL Session Cache. This cache is an optional facility which speeds up parallel request processing. For requests to the same server process (via HTTP keep-alive -- see the KEEP_ALIVE directive above), OpenSSL already caches the SSL session information locally. But because modern clients request inlined images and other data via parallel requests (usually up to four parallel requests are common) those requests are served by different pre-forked server processes. Here an inter-process cache helps to avoid unneccessary session handshakes.
The available values are "none", which could lead to speed penalties; "dbm:/path/to/datafile", which makes use of a DBM hashfile on the local disk to synchronize the local OpenSSL memory caches of the server processes; and "shm:/path/to/datafile[(size)]", which makes use of a high-performance hash table (approx. size bytes in size) inside a shared memory segment in RAM (established via /path/to/datafile) to synchronize the local OpenSSL memory caches of the server processes. See the mod_ssl documentation for more information. Defaults to "dbm:/usr/local/apache/logs/ssl_scache" if not specified. This default isn't portable, so we recommend you set it!
SSL_SESSION_CACHE_TIMEOUT: Sets the timeout in seconds for the information stored in the global/inter-process SSL Session Cache and the OpenSSL internal memory cache. It can be set as low as 15 for testing, but should be set to higher values like 300 in real life. Defaults to "300" if not specified.
SSL_MUTEX: Configures the SSL engine's semaphore (aka. lock) which is used for mutual exclusion of operations which have to be done in a synchronized way between the pre-forked Apache server processes. The available values are "none", which isn't recommended; "file:/path/to/mutex", which is the portable and (under Unix) always provided Mutex variant where a physical (lock-)file is used as the Mutex; and "sem", which is the most elegant but also most non-portable Mutex variant, and is only available when the underlying platform supports it. Defaults to "file:/usr/local/apache/logs/ssl_mutex" if not specified. This default isn't portable, so we recommend you set it!
SSL_LOG: Sets the name of the dedicated SSL protocol engine logfile. Error type messages are additionally duplicated to the general Apache error log file (directive ERROR_LOG). Defaults to "/usr/local/apache/logs/ssl_engine_log" if not specified. This default isn't portable, so we recommend you set it!
SSL_LOG_LEVEL: Sets the verbosity degree of the dedicated SSL protocol engine logfile. The level is one of the following (in ascending order where higher levels include lower levels):
Defaults to "info" if not specified.
SSL_CERTIFICATE_FILE: Points to the PEM-encoded Certificate file for the server and optionally also to the corresponding RSA or DSA Private Key file for it (contained in the same file). If the contained Private Key is encrypted the Pass Phrase dialog is forced at startup time. Defaults to "/usr/local/apache/conf/ssl.crt/server.crt" if not specified. This default isn't portable, so we recommend you set it!
SSL_CERTIFICATE_KEY_FILE: Points to the PEM-encoded Private Key file for the server. Defaults to "/usr/local/apache/conf/ssl.key/server.key" if not specified. This default isn't portable, so we recommend you set it!
SSL_CIPHER_SUITE: This complex directive uses a colon-separated cipher-spec string consisting of OpenSSL cipher specifications to configure the Cipher Suite the client is permitted to negotiate in the SSL handshake phase. See the mod_ssl documentation on the "SSLCipherSuite" directive for details on how to use this directive. Defaults to "ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL" if not specified.
SSL_PASS_PHRASE_DIALOG: The mehtod for Apache to use to query the administrator for a pass phrase should the private key file be encrypted (see SSL_CERTIFICATE_KEY_FILE above and "Building Certificates" below). The available values are "builtin", which will prompt the administrator for the pass phrase upon Apache startup; and "exec:/path/to/program", which will force Apache to call an external program to prompt for the pass phrase and decrypt the private key. Use the latter option only if you know exactly what you're doing! Defaults to "builtin" if not specified.
The database configuration directives tell Bricolage where to find its data, and how to get it. Specifically, you want to assign to these diretives the values you passed to the -d and -m arguments of pgimport (see above).
DB_NAME: The name of the Bricolage PostgreSQL database, and should be the same as the value passed to the -d argument to pgimmport (see above). Defaults to "sharky" if not specified.
DBI_USER: The name of the PostgreSQL user as whom Bricolage should connect to the DB_NAME database. This should be the same as the username passed to the first half of the -m argument to pgimport (see above). Defaults to "castellan" if not specified.
DBI_PASS: The password of the PostgreSQL user as whom Bricolage should connect to the DB_NAME database. This should be the same as the password passed to the second half of the -m argument to pgimport (see above). Defaults to "nalletsac" if not specified.
This is the name and group of the system user as whom Bricolage and Apache run. If you decide to edit httpd.conf yourself (but you wouldn't do that, right?), you'll want to make sure that the names set in bricolage.conf agree with the httpd.conf User and Group directives, since the user name is expected to be the same for other parts of the application.
SYS_USER: The system user as whom Bricolage runs. Defaults to "nobody" if not specified.
SYS_GROUP: The system group of which SYS_USER is a member. Defaults to "nobody" if not specified.
There are two parts to the Mason configuration. The first is for the Bricolage UI environment, and thus it needs to point to the Bricolage UI Mason elements. The second is for the Bricolage Publish environment, which is a separate environment from the Bricolage UI environment. The directives for the Publish environment will need to point to the directories where Bricolage Templates are stored.
MASON_COMP_ROOT: Mason's element root. This is the directory in which all the Bricolage UI element sare stored. Defaults to $BRICOLAGE_ROOT/comp if not specified.
MASON_DATA_ROOT: Mason's data root. This where Mason stores the Bricolage UI elements once they've been compilied Defaults to $BRICOLAGE_ROOT/data if not specified. Make sure that SYS_USER has permission to write to this directory.
BURN_ROOT: The staging area directory where the burn system places content files upon publication or preview. Defaults to $BRICOLAGE_ROOT/data/burn if not specified. Make sure that SYS_USER has permission to write to this directory.
BURN_COMP_ROOT: The directory templates are deployed to. Defaults to $BRICOLAGE_ROOT/burn/comp if not specified.
BURN_DATA_ROOT: The directory where Mason stores Templates once it has compiled them. Defaults to $BRICOLAGE_ROOT/burn/data if not specified. Make sure that SYS_USER has permission to write to this directory.
INCLUDE_XML_WRITER: This directive, when switched on, causes Bricolage to instantiate an XML::Writer object and to include it in all templates as a global variable named $writer. See the XML::Writer documentation for more information. Defaults to off if unspecified.
XML_WRITER_ARGS: If INCLUDE_XML_WRITER is switched on, then this direcive is passed to the instantiation method of the XML::Writer object. All arguments to XML::Writer->new() are supported except the OUTPUT argument, which Bricolage handles internally to ensure that data is sent directly to the template's output file. Defaults to no arguments if not specified.
These directives set rules for Bricolage user authentication.
AUTH_TTL: The amount of time, in seconds, a user is allowed to be idle before he/she is automatically logged out. Defaults to 8 hours (28800 seconds) if not specified.
AUTH_SECRET: A random string that's used to encrypt the authentication cookie information in a double-MD5 hashing scheme. It's a good idea to change this value periodically so that anyone who might have seen it before can't reverse-engineer the authentication cookie. If you're running the distribution monitor (see below) on a different machine, be sure that this directive is exactly the same as on the machine running the Bricolage distribution server. Defaults to the following string if not specified:
^eFH5D,~3!f9o&3f_=dwePL3f:/.Oi|FG/3sd9=45oi%8GF*)4#0gn3)34tf\`3~fdIf^ N:LOGIN_LENGTH: The minimum length of login name allowed to users. Defaults to "6" if not specified.
PASSWD_LENGTH: The minimum length of password allowed to users. Note that passwords can be of infinite length. Defaults to "6" if not specified.
All character data is stored in the PostgreSQL database in Unicode (UTF-8). However, most browsers submit data to the Bricolage server in other character sets. This directive specifies what character set to expect from Bricolage users' browsers.
CHAR_SET: The character set of in which data will be passed to the API. ISO-8859-1 should work for most Western European users. Note that this setting is necessary as all data is stored in the database in Unicode. Defaults to ISO-8859-1 if not specified. Defaults to "ISO-8859-1" if not specified.
These directives affect the how distribution is handled by Bricolage. There are two basic ways to handle distribution. The first, default approach is to let the Bricolage application server also handle distribution. In this case, the same Apache processes that handle the UI will also handle distribution responsibilities. The second approach is to set up a separate Apache server just to handle distribution. That server will need access to $BRICOLAGE_ROOT/stage in order to read the files there and distribute them elsewhere. Making $BRICOLAGE_ROOT/stage an NFS mount will do the trick. [Will need to write a lot more documentation about this at some point -- and need think about saving media to /stage instead of /media/assets, too.]
ENABLE_DIST: This directive indicates whether the Bricolage server will also handle disbribution responsibilities. If set to "On" or "Yes" or "1", the Bricolage server will handle distribution. If set to any other value, it will not. In this latter case, be sure you set up another server to do it. Note that this directive has no effect on previews, as those need to be immediate and will thus always be handled by the Bricolage server. Defaults to "1" if not specified.
DIST_ATTEMPTS: This directive tells the distribution engine how many times to attempt to distribute a resource before giving up. This number can range from "1" to "10", and defaults to "3" if not specified.
PREVIEW_LOCAL: This directive tells Bricolage to use its own Apache server to preview stories. If set to "On" or "Yes" or "1", Bricolage will use its own Apache server to serve preview pages (using a directory prefix from the root). If it's set to any other value, it will use a server from a destination with the 'Preview' checkbox checked. For large Bricolage installations where performance is important, wwe recommend that you use a separate server for previews, as using the Bricolage server itself adds a fair bit of overhead to every request -- including requests outside of the preview directory. Defaults to "1" if not specified.
PREVIEW_MASON: This directive tells Bricolage to use Mason for local story previews. If set to "On" or "Yes" or "1", Bricolage will use its own Apache server and Mason to serve preview pages. If it's set to any other value, it will not use Mason for local previews. For large Bricolage installations, we recommend that you not use Bric's builtin previewing support (see above), and even when you do, enabling Mason for local previews adds even more overhead to every request -- including requests outside of the preview directory. Defaults to "0" if not specified, and has no affect unless the PREVIEW_LOCAL directive has been activated (see above).
The Bricolage alerting system allows users to receive notifications upon the triggering of certain events within the system (see Bric::Util::AlertType and Bric::Util::Alert for the Alert API documentation). There are a few system-level directives that affect Bricolage Alerting.
SMTP_SERVER: The DNS name of an SMTP server that the Alerting API can send alerts to. All alerts are sent by email, so this directive is important to fill out. Defaults to SERVER_NAME directive if not specified.
ALERT_FROM: The email address that appears in the 'From' header of emailed alerts. Defaults to SERVER_ADMIN directive if not specified. [It might be worthwhile in a future version to allow Alert Type owners to set this themselves.]
ALERT_TO_METH: The email header used for addressing alert recipients. Use "to" if you want everyone who receives the same alert to see who else received it. Use "bcc" if you don't want anyone to see who else got an alert, or if you just want to save the bandwidth. Defaults to "bcc" if not specified. [It might be worthwhile in a future version to allow Alert Type owners to set this themselves.]
FULL_SEARCH: Enables Bricolage to perform sub-string searches in its database queries, rather than merely to search at the beginning of a string. Full sub-string searches are more expensive, since they cannot use database indexes, but that may not matter if there are few records in your database. Many users find the sub-string searches to be more intuitive, so enable it if you find the trade-off to be worth it. Defaults to "Off" if not specified.
All files burned to the file system during publishes and previews must be named (of course!), and they're named for the "File Name" and "File Extenstion" properties of the Output Channel they're getting burned to. You can give these properties whatever values you want (as long as they're legal on your file system!), but here you can set some defaults that all Output channels will start with.
DEFAULT_FILENAME: Sets the default filename that all new Output Channel will start with in their "File Name" property. Combined with DEFAULT_FILE_EXT and a page index number to uniquely name the file for a given story. Defaults to "index" if not specified.
DEFAULT_FILE_EXT: Sets the default file extention that all new Output Channel will start with in their "File Name" property. Combined with DEFAULT_FILENAE and a page index number to uniquely name the file for a given story. Defaults to "html" if not specified.
PERL_LOADER: Pass in a line of Perl code, and it will be executed at startup time in the same package spaces as your templates run in. This is so that you only have to load stuff that you might often use once, such as CGI or Apache::DBI. This should be a complete Perl statment that can simply be loaded, and won't pause and wait for anything else, as otherwise your server will never start! And be warned that this code is executed at server startup time, so beware loading any variables that don't survive forks very well (such as database handles). Defaults to load nothing if not specified.
As noted above, you need to supply the user and group names under which Bricolage will run. It's important that this user have permission to write to certain directories, as Bricolage will store some data files on the file system. So be sure to grant to SYS_USER and/or SYS_GROUP the necessary permissions to write to the directories identified by the MASON_DATA_ROOT, BURN_ROOT, and BURN_DATA_ROOT configuration directives. Also, Bricolage stores Media asset files in $BRICOLAGE_ROOT/data/media, so be sure the necessary permissions are set on that directory as well. If you're using the default configuration settings, then you'll only need to ensure that the following two directories are fully writable by SYS_USER, since the directives point either to one of these directories or to a subdirectory of these directories:
$BRICOLAGE_ROOT/data
$BRICOLAGE_ROOT/comp/dataThe following address a number of installation issues you might face.
If you choose to create your own SSL certificate and act as your own certificate authority rather than use a known certificate authority such as VeriSign, it's possible that you'll run into issues getting the server to start up with the certificate properly. If so, you'll see errors in the Apache error log that look like this:
[Wed Jul 4 10:48:25 2001] [error] OpenSSL: error:14094412:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in
certificate not server name or identical to CA!?]This issue can be resolved by simply making sure that you enter different values for the "Organization Unite Name" for the certificate authority certificate and the server cirtificate.
If you're facing this issue, here's how to manually build a new certificate:
Shut down Apache if it's running:
/usr/local/bricolage/bin/bric_apachectl stopDelete the existing installation of Apache:
rm -rf /usr/local/apache*Change directories into /usr/local/src/bricolage/apache_build/apache_1.2.xx.
Execute the following command:
make certificate TYPE=customYou will be prompted as you were during the inital installation. Follow the same instructions, but be sure to use different values for the "Organization Unit Name" in the two certificates. When you're prompted to encrypt the CA and Server keys, enter "n" to avoid having to enter a passphrase every time you start Apache, but enter "y" if you really don't trust your system users.
Execute the following command:
make installThis will install Apache and the new certificate.
Start Apache again:
/usr/local/bricolage/bin/bric_apachectl startBricolage is a big application, with big system needs. Thus it's a good idea to give some thought to sysem management, including disk partitioning and file maintenance.
By default, the Bricolage database is stored where all PostgreSQL databases are stored -- that is, /usr/local/pgsql/data. Depending on the needs of your environment, the database can become quite large. We therefore recommend you place this directory on a separate partition. Better yet, place it on its own disk in order to optimize disk access time by preventing database access from competing with other disk processes.
A great deal more maintenance is important for the database. See Bric::DBA for more detail.
Bricolage stores all of its application files -- including the UI elements and Perl libraries -- in $BRICOLAGE_ROOT. Bricolage will make a lot of disk accesses to be to $BRICOLAGE_ROOT/data, which is where all of the UI elements are compiled and stored. The Perl libraries are stored in $BRICOLAGE_ROOT/lib, although mostly they will only be read on startup.
Bricolage creates a great many files on the filesystem, too, however. The BURN_ROOT houses the templates that are used to format stories - you'll want to be sure to back it up regularly. The $BRICOLAGE_ROOT/comp/data/preview directory gets formatted story files written to it if the PREVIEW_LOCAL directive is set to true. This directory doesn't need backing up, as these files are used only for previewing purposes.
The $BRICOLAGE_ROOT/comp/data/media directory gets all media asset files written to it. This last directory is perhaps the most important, from a system administration perspective, because if Bricolage is used to manage large documents (e.g., QuickTime movies), this directory will start to use a lot of space - and especially if the media files themselves are versioned. Thus in environments where many large media assets will be managed, it might make sense to put this directory on its own partition or disk, as well. And remember to back it up to prvent the loss of all of your media assets!
Bricolage also create temporary files for caching user session data and application data. All of these files are stored in sub directories of the local system's $TMP environment variable (actually, the temp directory is determined by the tmpdir() method of the File::Spec library, which uses the $TMP environment variable and other meand to determine the local OS's temporary directory). Session files are stored in $TMP/bricolage/session and $TMP/bricolage/lock. These directories should stay relatively free of cruft, as the session files are regularly deleted when users logout or their login sessions expire and they attempt to log back in. (However, in some cases we've noticed a buildup of files in the lock directory.)
Bricolage also uses a cross-process caching mechanism to shara data between Apache processes and applications. The data for this cache is stored in $TMP/bricolage/cache.
Bricolage comes with a script that cleans out old temporary files. You can use this by adding a line to the crontab for the web server user (often "nobody") like this:
0 2 * * * /usr/local/bricolage/bin/clean_tmp.plThis will run nightly at 2AM and clean out all files older than 12 hours. See the documentation in bin/clean_tmp.pl for more details.
David Wheeler <david@wheeler.net>
perl(1), Bric (2).
Hey! The above document had some coding errors, which are explained below:
'=item' outside of any '=over'
You have '=item 4' instead of the expected '=item 6'