Difference between revisions of "Gallery:Appliance" - Gallery Codex
Personal tools

Difference between revisions of "Gallery:Appliance"

From Gallery Codex

(Introduction)
(Installation)
Line 7: Line 7:
 
First, you will need to download and install the '''free''' [http://www.vmware.com/download/player/ VMware Player].  You will also need to download the latest [http://www.rpath.org/rbuilder/project/gallery/ Gallery Appliance].  Once you have unzipped the Gallery Appliance, simply open it in VMware Player and start it up.
 
First, you will need to download and install the '''free''' [http://www.vmware.com/download/player/ VMware Player].  You will also need to download the latest [http://www.rpath.org/rbuilder/project/gallery/ Gallery Appliance].  Once you have unzipped the Gallery Appliance, simply open it in VMware Player and start it up.
  
Once it is done booting, the screen should show you some simple instructions which will include the correct URL to visit.  It will contain something like <nowiki>http://192.168.1.25/gallery/</nowiki> and <nowiki>http://192.168.1.25/gallery2/</nowiki>, which you can simply load up in your browser.
+
Once it is done booting, the screen should show you some simple instructions which will include the correct URL to visit.  It will contain something like <nowiki>http://192.168.1.25/gallery/</nowiki> and <nowiki>http://192.168.1.25/gallery2/</nowiki>, which you can simply load up in your '''local''' browser.
  
 
Both the system and mysql '''root''' password is BLANK, as in there is no password.  Both Gallery's usernames are '''admin''' and the passwords are '''password'''.
 
Both the system and mysql '''root''' password is BLANK, as in there is no password.  Both Gallery's usernames are '''admin''' and the passwords are '''password'''.

Revision as of 16:18, 18 August 2006

The Gallery Appliance

Introduction

The Gallery VMware Appliance is a GNU/Linux distribution based on rPath Linux. Basically, it is a LAMP (Linux, Apache, MySQL, PHP) appliance with both Gallery 1 and Gallery 2 pre-installed and pre-configured, along with all of the required utilities and most of the optional one. They are both also pre-loaded with some random pictures from various Gallery team members so that you can test things out without even having to find your own images.

Installation

First, you will need to download and install the free VMware Player. You will also need to download the latest Gallery Appliance. Once you have unzipped the Gallery Appliance, simply open it in VMware Player and start it up.

Once it is done booting, the screen should show you some simple instructions which will include the correct URL to visit. It will contain something like http://192.168.1.25/gallery/ and http://192.168.1.25/gallery2/, which you can simply load up in your local browser.

Both the system and mysql root password is BLANK, as in there is no password. Both Gallery's usernames are admin and the passwords are password.

At this point, you should consider this Gallery Appliance to be a DEMO because it is quite unsecure.

Security

As you read above, without a little bit of extra work you have to consider this as a DEMO appliance for Gallery 1 and 2. This appliance should not be made internet accessible and you should not store any important information on it. Fortunatly, it is possible to secure it and I will outline the steps below.

Set a root system and mysql password

Simply run the following commands and we will change the system and mysql root passwords.

 % passwd root
 Changing password for user root.
 New UNIX password:
 Retype new UNIX password:
 passwd: all authentication tokens updated successfully.
 
 % mysqladmin -u root password 'new-password-here'

Clear the existing G1 and G2

The pre-configured G1 and G2 have their username and password published on the internet, so you will want to install G1 or G2 using your own choices. Also, you probably don't want our photos in your Gallery. The Gallery Appliance's special init script can take care of all this for you. The last command will prevent the appliance from trying to re-pre-configure itself.

 % /etc/init.d/gallery-appliance clear
 Totally nuking gallerys...  Done!
 % touch /etc/gallery-pre-configured

Create a new mysql user for Gallery 2

Of course, you need to change username and password to what you desire. The username gallery2 is perfectly reasonable. We may also need to re-create the gallery2 database, but if it fails with an already exists type message don't worry.

 % mysqladmin -uroot -p create gallery2
 Enter password:
 % mysql gallery2 -uroot -p -e"GRANT ALL ON gallery2.* TO username@localhost IDENTIFIED BY 'password'"
 Enter password:

Update the init script with new mysql user/pass

This step is optional. After you change the mysql root password, the gallery-appliance init script will no longer work. This isn't that big a deal, so if you are happy with this then don't worry about it. It isn't a great idea to store passwords in plain text anyway. But if you would like to continue using the init script, it is easy to fix.

 % nano -w /etc/init.d/gallery-appliance

Now find the line that reads #MYUP="-u root -pPASSWORD" and fix it. You can simply put the mysql root password in place of PASSWORD or if you like, you can use the gallery2 user instead, changing root to gallery2 and putting the gallery2 password you set in PASSWORD.

Change this

 #MYUP="-u root -pPASSWORD"

To this

 MYUP="-u gallery2 -pmYnEWpasS"

Init script features

The /etc/init.d/gallery-appliance init script has a few features you might find useful. At first startup, it pre-configures itself, using the file /etc/gallery-pre-configured to determine if it has been pre-configured. At shutdown, it will backup your G1 and G2 to /opt/g[1,2]backup. It also takes the parameters backup, restore, setup, clear, zip, bz2, secure and status.

backup

This option simply backs up the important G1 and G2 parts to the /opt/g1backup and /opt/g2backup directories. It can be used later to restore you settings, if desired.

 % /etc/init.d/gallery-appliance backup
 Backing up Gallery 1...  Done!
 Backing up Gallery 2...  Done!

restore

This option restores the G1 and G2 from the /opt/g1backup and /opt/g2backup directories if they exist. You can see below that it tries to create the gallery2 db, which may fail if it already exists.

 % /etc/init.d/gallery-appliance restore
 Restoring Gallery 1...  Done!
 Restoring Gallery 2...  Done!

setup

This is what is used to pre-configure G1 and G2. The start command does the same thing, both check for the presence of the file /etc/gallery-pre-configured and won't run if it exists.

 % /etc/init.d/gallery-appliance setup
 Pre-configuring gallery...  Done!

clear

This is used to nuke the G1 and G2 so you can start over if you wish. Be careful, it removes the /etc/gallery-pre-configured file so that you can run the start or setup command. This means that if you reboot, you're gallery *will* be pre-configured again.

 % /etc/init.d/gallery-appliance clear
 Totally nuking gallerys...  Done!

zip / bz2

This command creates a .zip or .tar.bz2 of your current G1 and G2, so that you can do with it what you like. You could keep an off-system backup, use it to transfer your gallery to another server or even decorate your cubicle.

 % /etc/init.d/gallery-appliance zip
 Backing up Gallery 1...  Done!
 Backing up Gallery 2...  Done!
 Your G1 data has been zip'd to /opt/gallery1-contents.zip
 Your G2 data has been zip'd to /opt/gallery2-contents.zip
 % /etc/init.d/gallery-appliance bz2
 Backing up Gallery 1...  Done!
 Backing up Gallery 2...  Done!
 Your G1 data has been bzip2'd to /opt/gallery1-contents.tar.bz2
 Your G2 data has been bzip2'd to /opt/gallery2-contents.tar.bz2

secure

This command simply points you to this wiki page.

 % /etc/init.d/gallery-appliance secure
 Please visit http://codex.gallery2.org/index.php/Gallery:Appliance
 for information on securing this appliance.

status

This command will tell you if G1 and G2 appear to be pre-configured.

 % /etc/init.d/gallery-appliance status
 Gallery appears to be pre-configured, use the 'clear' option to undo this
advertisements