[753] | 1 | <!-- $Id$ --> |
---|
| 2 | |
---|
| 3 | <chapter> |
---|
[865] | 4 | <title id="installation">Installation</title> |
---|
[860] | 5 | |
---|
| 6 | <para>Last modified on $Date$</para> |
---|
| 7 | |
---|
[753] | 8 | <para> |
---|
[856] | 9 | Before being able to use <application>PyKota</application>, you have of course to |
---|
| 10 | install it first. But before installing, you must carefully plan your installation. |
---|
[753] | 11 | </para> |
---|
[856] | 12 | |
---|
| 13 | <para> |
---|
| 14 | First you have to determine which machine will be the <application>PyKota</application> |
---|
[2844] | 15 | database server. The database server is the host responsible |
---|
[856] | 16 | for keeping a centralized database of print usage for all your printers, users and groups. |
---|
| 17 | </para> |
---|
| 18 | |
---|
| 19 | <para> |
---|
[860] | 20 | Then you have to list all the <firstterm>Print Servers</firstterm> for which |
---|
[2844] | 21 | you plan to use print quota facilities. |
---|
[856] | 22 | </para> |
---|
| 23 | |
---|
| 24 | <para> |
---|
[2844] | 25 | With most database backends, several print servers can share a single database, however |
---|
| 26 | as we'll see later this is not possible if you choose to use <application>SQLite</application> |
---|
| 27 | as your print quota database backend. |
---|
| 28 | </para> |
---|
| 29 | |
---|
| 30 | <para> |
---|
[861] | 31 | Finally you have to download <application>PyKota</application>'s latest version |
---|
| 32 | or buy an official package, from |
---|
| 33 | <ulink url="http://www.librelogiciel.com/software/">http://www.librelogiciel.com/software/</ulink>. |
---|
| 34 | If you've just bought an official package, then as soon as you've receive it you |
---|
| 35 | have to decompress and visit its archive, to do so just type the following commands : |
---|
| 36 | <screen> |
---|
[2820] | 37 | jerome@nordine:~$ tar -zxf pykota-1.24_official.tar.gz |
---|
| 38 | jerome@nordine:~$ cd pykota-1.24_official |
---|
| 39 | jerome@nordine:~/pykota-1.24_official$ |
---|
[861] | 40 | </screen> |
---|
| 41 | </para> |
---|
| 42 | |
---|
| 43 | <para> |
---|
| 44 | You can see many files in this directory, the first ones to read are <filename>README</filename>, |
---|
| 45 | then <filename>COPYING</filename> and <filename>LICENSE</filename>. They will give you |
---|
| 46 | basic installation instructions and explain the licensing terms under which |
---|
| 47 | <application>PyKota</application> is distributed. Of course they are also mostly |
---|
| 48 | boring to read ! Detailed installation and operating instructions are defined |
---|
| 49 | in the <filename>./docs</filename> directory, in the form of <acronym>SGML</acronym> |
---|
| 50 | documentation in the <ulink url="http://www.docbook.org">DocBook</ulink> format. |
---|
| 51 | You have to compile these files into readable documentation like the <acronym>HTML</acronym> |
---|
| 52 | or <acronym>PDF</acronym> formats, or buy an official <application>PyKota</application> package |
---|
[1168] | 53 | which already contains these compiled forms of the documentation. Of course you already |
---|
| 54 | know this because that's what you are currently reading ! |
---|
[861] | 55 | </para> |
---|
| 56 | |
---|
| 57 | <para> |
---|
| 58 | Now we will see what has to be done on each of the servers we are planning to use. |
---|
[856] | 59 | <note> |
---|
| 60 | <title>Note</title> |
---|
| 61 | <para> |
---|
| 62 | Of course, depending on the size of your network, you may very well |
---|
[2851] | 63 | use the same machine as both a Print Server and a database server. |
---|
[856] | 64 | This is especially the case if you've got only one server. |
---|
| 65 | </para> |
---|
| 66 | </note> |
---|
| 67 | </para> |
---|
| 68 | |
---|
| 69 | <sect1> |
---|
[2851] | 70 | <title>Database server installation</title> |
---|
[856] | 71 | |
---|
| 72 | <para> |
---|
| 73 | Depending on <application>PyKota</application>'s version number, different |
---|
| 74 | types of storage backends may be supported, so we will see for each one of |
---|
| 75 | them how to configure it. |
---|
| 76 | </para> |
---|
| 77 | |
---|
| 78 | <sect2> |
---|
| 79 | <title>PostgreSQL</title> |
---|
| 80 | |
---|
| 81 | <para> |
---|
[860] | 82 | <application>PostgreSQL</application> is an <firstterm>Object Relationnal DataBase |
---|
| 83 | Management System</firstterm> distributed under a <firstterm>Free Software</firstterm> |
---|
[856] | 84 | license from the |
---|
| 85 | <ulink url="http://www.postgresql.org">http://www.postgresql.org</ulink> |
---|
| 86 | web site. It certainely is the free <acronym>RDBMS</acronym> which has the most advanced |
---|
| 87 | features, and is widely used all over the world. |
---|
| 88 | </para> |
---|
| 89 | |
---|
| 90 | <para> |
---|
[2851] | 91 | To configure your database, you must have PostgreSQL already working. |
---|
[856] | 92 | The complete installation of <application>PostgreSQL</application> is not covered by |
---|
| 93 | the present manual, please refer to your system's documentation or to |
---|
| 94 | <ulink url="http://www.postgresql.org">http://www.postgresql.org</ulink> for |
---|
| 95 | details. |
---|
| 96 | </para> |
---|
| 97 | |
---|
| 98 | <para> |
---|
| 99 | One thing you have to check, though, is that every Print Server on which you |
---|
[863] | 100 | want to install the print quota mechanism, must be able to connect to the |
---|
[856] | 101 | <application>PostgreSQL</application> server. In the default installation of |
---|
| 102 | <application>PostgreSQL</application> this may not be the case for security reasons, except if both |
---|
| 103 | servers are in fact the same machine. In any case, it is recommended that you |
---|
[862] | 104 | check the <filename>/etc/postgresql/pg_hba.conf</filename> file and modify it if |
---|
[856] | 105 | needed. This file is self documented and its modification is straightforward. |
---|
[858] | 106 | You also have to make sure that <application>PostgreSQL</application> accepts <acronym>TCP/IP</acronym> connections. |
---|
| 107 | To do so you either have to launch it with the <option>-i</option> option or |
---|
[862] | 108 | modify the <filename>/etc/postgresql/postgresql.conf</filename> file, which is |
---|
[1168] | 109 | self documented and easy to modify too. Allowing <acronym>TCP/IP</acronym> connections |
---|
[2844] | 110 | is not necessary though if your print quota database server and your Print Server are |
---|
[1168] | 111 | the very same host. |
---|
[2116] | 112 | </para> |
---|
| 113 | |
---|
| 114 | <para> |
---|
| 115 | Here's an excerpt from a <filename>pg_hba.conf</filename> file. This one rejects all |
---|
| 116 | connections to PyKota's database excepted when made from the same host by <application>PostgreSQL</application> users |
---|
| 117 | <literal>pykotauser</literal> or <literal>pykotaadmin</literal> with the correct password. |
---|
| 118 | <screen> |
---|
| 119 | local all postgres ident sameuser |
---|
| 120 | local all all reject |
---|
| 121 | host pykota pykotauser 127.0.0.1 255.255.255.255 crypt |
---|
| 122 | host pykota pykotaadmin 127.0.0.1 255.255.255.255 crypt |
---|
| 123 | host pykota all 127.0.0.1 255.255.255.255 reject |
---|
| 124 | </screen> |
---|
| 125 | </para> |
---|
| 126 | |
---|
| 127 | <para> |
---|
| 128 | Of course if your print server and your database servers have different <acronym>IP</acronym> |
---|
| 129 | addresses, you have to replace the <literal>127.0.0.1</literal> address above with your print |
---|
[2126] | 130 | server's <acronym>IP</acronym> address. As an alternative, you could still keep these |
---|
[2169] | 131 | lines and add similar lines with other <acronym>IP</acronym> addresses if you have several |
---|
[2126] | 132 | print servers for which you want a single centralized database. |
---|
[856] | 133 | <tip> |
---|
| 134 | <title>Tip</title> |
---|
| 135 | <para> |
---|
| 136 | Don't forget to restart <application>PostgreSQL</application> if you modify |
---|
| 137 | any of its configuration files, in order for the changes to take effect. |
---|
| 138 | </para> |
---|
| 139 | </tip> |
---|
| 140 | </para> |
---|
| 141 | |
---|
| 142 | <para> |
---|
| 143 | Be careful, you may be unable to connect from a Print Server to the <application>PostgreSQL</application> |
---|
| 144 | server even if the configuration is correct. Sometimes your connections may be blocked by |
---|
| 145 | one or more network firewalls along the route from one machine to the other. If this |
---|
[860] | 146 | is the case, then the best thing you can do is to ask your <firstterm>Network Administrator</firstterm> |
---|
[856] | 147 | to not filter the IP port used by <application>PostgreSQL</application>, which is |
---|
[1099] | 148 | usually port <literal>5432/tcp</literal>. |
---|
[860] | 149 | <note> |
---|
| 150 | <title>Note</title> |
---|
[856] | 151 | <para> |
---|
| 152 | The TCP/IP network port used by PostgreSQL may be different. When in doubt, ask your |
---|
[860] | 153 | <firstterm>System Administrator</firstterm> for the correct value. |
---|
[856] | 154 | </para> |
---|
[860] | 155 | </note> |
---|
[856] | 156 | </para> |
---|
| 157 | |
---|
| 158 | <para> |
---|
[860] | 159 | Now that your <application>PostgreSQL</application> server is up and running, and |
---|
[2844] | 160 | is waiting for your connections, you have to create the print quota database. |
---|
[860] | 161 | To do so, you'll have to feed <application>PostgreSQL</application> with the |
---|
[2851] | 162 | <filename>pykota-1.24_official/initscripts/postgresql/pykota-postgresql.sql</filename> file. |
---|
[2844] | 163 | This file will create a print quota database administrator in the <application>PostgreSQL</application> system, then create an empty |
---|
| 164 | print quota database and set some permissions on it. The print quota database administrator |
---|
| 165 | is the <application>PostgreSQL</application>'s user used to manage the quota database. |
---|
| 166 | The print quota database Administrator is not present in the quota database |
---|
[1021] | 167 | itself, he is only defined in <application>PostgreSQL</application> and don't |
---|
[2844] | 168 | have to exist on any system, nor in the print quota database. His default name |
---|
[1021] | 169 | is <literal>pykotaadmin</literal>. |
---|
[2844] | 170 | A print quota database read-only user is also created under the name of <literal>pykotauser</literal>. |
---|
[1099] | 171 | This read-only user is used by <application>PyKota</application> to connect to the |
---|
[2844] | 172 | print quota database when an user who is not a <application>PyKota</application> administrator |
---|
[2116] | 173 | <footnote><para>a <application>PyKota</application> administrator is an user who can read the <filename>~pykota/pykotadmin.conf</filename> file.</para></footnote> |
---|
[1783] | 174 | launches a pykota command. This prevents normal |
---|
[1099] | 175 | users from being able to modify their own, or other users', quota information. |
---|
[1021] | 176 | The database which will be created will be named <literal>pykota</literal> by default. |
---|
[2851] | 177 | The <literal>pykotaadmin</literal> and <literal>pykotauser</literal> users by |
---|
| 178 | default respectively have <literal>readwritepw</literal> and <literal>readonlypw</literal> |
---|
| 179 | as their passwords. |
---|
[862] | 180 | <note> |
---|
| 181 | <title>Note</title> |
---|
| 182 | <para> |
---|
[2851] | 183 | You can choose other names and passwords if you want by modifying the |
---|
[1015] | 184 | <filename>initscripts/postgresql/pykota-postgresql.sql</filename> file |
---|
[864] | 185 | accordingly, and report your changes into <application>PyKota</application>'s |
---|
[1600] | 186 | configuration files. |
---|
[862] | 187 | </para> |
---|
| 188 | </note> |
---|
[856] | 189 | </para> |
---|
[860] | 190 | |
---|
| 191 | <para> |
---|
[2115] | 192 | To run this script, you can use the <command>psql</command> frontend to |
---|
[860] | 193 | <application>PostgreSQL</application>, but your priviledges must be sufficient |
---|
[2115] | 194 | to be allowed to create users and databases. You can launch <command>psql</command> |
---|
[860] | 195 | as the <literal>postgres</literal> user which is <application>PostgreSQL</application>'s |
---|
| 196 | default administrator, and connect to the default database named <literal>template1</literal>. |
---|
| 197 | From a command line interpreter (i.e. shell), type the following commands : |
---|
| 198 | <screen> |
---|
[2820] | 199 | jerome@nordine:~$ cd pykota-1.24_official/initscripts/postgresql |
---|
| 200 | jerome@nordine:~/pykota-1.24_official/initscripts$ psql -h localhost -U postgres template1 |
---|
[860] | 201 | Welcome to psql, the PostgreSQL interactive terminal. |
---|
| 202 | |
---|
| 203 | Type: \copyright for distribution terms |
---|
| 204 | \h for help with SQL commands |
---|
| 205 | \? for help on internal slash commands |
---|
| 206 | \g or terminate with semicolon to execute query |
---|
| 207 | \q to quit |
---|
| 208 | |
---|
| 209 | template1=# \i pykota-postgresql.sql |
---|
| 210 | ... a lot of output lines |
---|
[862] | 211 | pykota=# |
---|
[860] | 212 | </screen> |
---|
[1906] | 213 | <note> |
---|
| 214 | <title>Note</title> |
---|
| 215 | <para> |
---|
| 216 | If you use RPM or DEB packages, usually the |
---|
| 217 | <filename>pykota-postgresql.sql</filename> file gets installed into the |
---|
| 218 | <filename>/usr/share/pykota/postgresql</filename> directory, along |
---|
| 219 | with a README file. |
---|
| 220 | </para> |
---|
| 221 | </note> |
---|
[860] | 222 | </para> |
---|
| 223 | |
---|
| 224 | <para> |
---|
[2851] | 225 | If you want to you can change passwords later in |
---|
[862] | 226 | <application>PostgreSQL</application> for the |
---|
[1099] | 227 | <literal>pykotaadmin</literal> and <literal>pykotauser</literal> users. |
---|
[2115] | 228 | To do so, just type the following lines while still being at the <command>psql</command> |
---|
[2851] | 229 | prompt (replace the password values by your own : |
---|
[862] | 230 | <screen> |
---|
| 231 | pykota=# ALTER USER pykotaadmin PASSWORD 'somepassword'; |
---|
| 232 | ALTER USER |
---|
[2851] | 233 | pykota=# ALTER USER pykotauser PASSWORD 'anotherpassword'; |
---|
[862] | 234 | pykota=# \q |
---|
[2820] | 235 | jerome@nordine:~/pykota-1.24_official/initscripts/postgresql$ |
---|
[862] | 236 | </screen> |
---|
| 237 | </para> |
---|
| 238 | |
---|
| 239 | <para> |
---|
[2115] | 240 | The <literal>\q</literal> command above will quit the <command>psql</command> |
---|
[862] | 241 | program and return you to the shell's command line prompt. |
---|
| 242 | </para> |
---|
| 243 | |
---|
| 244 | <para> |
---|
| 245 | To improve security further, you could encrypt your database connections, or |
---|
| 246 | take any other step as needed. Please refer to <application>PostgreSQL</application>'s |
---|
[2117] | 247 | documentation for details. |
---|
[862] | 248 | <warning> |
---|
| 249 | <title>Warning</title> |
---|
| 250 | <para> |
---|
| 251 | Defining passwords may not be sufficient if your database access rule is |
---|
| 252 | set to <literal>trust</literal> in the <filename>/etc/postgresql/pg_hba.conf</filename>. |
---|
| 253 | Again, please refer to <application>PostgreSQL</application>'s documentation |
---|
| 254 | for details. Also, passwords will fly unencrypted over the network by default, |
---|
| 255 | so be sure to take any necessary step to secure your database server from |
---|
| 256 | unauthorized use. This has nothing to do with <application>PyKota</application> |
---|
| 257 | though, it is just a general rule to keep in mind. |
---|
| 258 | </para> |
---|
| 259 | </warning> |
---|
| 260 | </para> |
---|
| 261 | |
---|
| 262 | <para> |
---|
[2851] | 263 | For more details, please see <filename>initscripts/mysql/README.mysql</filename>. |
---|
| 264 | </para> |
---|
| 265 | |
---|
| 266 | <para> |
---|
[2844] | 267 | If no error occured, then your print quota database is ready to be used. |
---|
| 268 | Now you can let the print quota database server alone, the remaining work |
---|
[860] | 269 | will have to be done on each one of the print servers which will |
---|
[2844] | 270 | use this particular print quota database server. |
---|
[860] | 271 | <tip> |
---|
| 272 | <title>Tip</title> |
---|
| 273 | <para> |
---|
| 274 | If an error occured, maybe your PostgreSQL version is too old, or |
---|
[1168] | 275 | an unexpected problem (like a bug) happened. Please contact us via email so that we |
---|
[2117] | 276 | can try to fix the problem. Thanks in advance. |
---|
[860] | 277 | </para> |
---|
| 278 | </tip> |
---|
| 279 | </para> |
---|
[862] | 280 | |
---|
[856] | 281 | </sect2> |
---|
| 282 | |
---|
| 283 | <sect2> |
---|
[1906] | 284 | <title>LDAP</title> |
---|
[856] | 285 | |
---|
| 286 | <para> |
---|
[1906] | 287 | Any <acronym>LDAP</acronym> server, and particularly <application>OpenLDAP</application>, can be used |
---|
[2844] | 288 | as a print quota database backend. |
---|
[1600] | 289 | Some other LDAP servers can be used, but this is currently untested in production. |
---|
[856] | 290 | </para> |
---|
[1052] | 291 | |
---|
| 292 | <para> |
---|
[1168] | 293 | <application>OpenLDAP</application> is a Lightweight Directory Access Protocol server |
---|
| 294 | implementation published as Free Software. |
---|
| 295 | You can download it from <ulink url="http://www.openldap.org">http://www.openldap.org</ulink>. |
---|
| 296 | </para> |
---|
| 297 | |
---|
| 298 | <para> |
---|
[2844] | 299 | To use <application>OpenLDAP</application> as your print quota database backend, you have to copy the |
---|
[2117] | 300 | <filename>pykota/initscripts/ldap/pykota.schema</filename> into <application>OpenLDAP</application>'s |
---|
[1052] | 301 | schemas directory. |
---|
| 302 | Under Debian GNU/Linux, this is something like : |
---|
| 303 | <screen> |
---|
| 304 | $ cp pykota.schema /etc/ldap/schema |
---|
| 305 | </screen> |
---|
[1906] | 306 | <note> |
---|
| 307 | <title>Note</title> |
---|
| 308 | <para> |
---|
[2126] | 309 | If you use RPM or DEB packages, the |
---|
| 310 | <filename>pykota.schema</filename> file is usually installed into the |
---|
| 311 | <filename>/usr/share/pykota/ldap</filename> directory, along |
---|
| 312 | with a README file, and may also be installed automatically in |
---|
| 313 | your <acronym>LDAP</acronym> server's schemas directory. |
---|
[1906] | 314 | </para> |
---|
| 315 | </note> |
---|
[1052] | 316 | </para> |
---|
| 317 | <para> |
---|
| 318 | Then edit <filename>/etc/ldap/slapd.conf</filename> and add a line to |
---|
| 319 | include the PyKota schema. You should have something |
---|
| 320 | like : |
---|
| 321 | <screen> |
---|
| 322 | # Schema and objectClass definitions |
---|
| 323 | include /etc/ldap/schema/core.schema |
---|
| 324 | include /etc/ldap/schema/cosine.schema |
---|
| 325 | include /etc/ldap/schema/nis.schema |
---|
| 326 | include /etc/ldap/schema/inetorgperson.schema |
---|
| 327 | include /etc/ldap/schema/pykota.schema |
---|
| 328 | </screen> |
---|
| 329 | </para> |
---|
[1168] | 330 | |
---|
[1052] | 331 | <para> |
---|
[1168] | 332 | While this is not mandatory, it is recommended that you setup |
---|
| 333 | some indexes for some often accessed PyKota attributes. |
---|
[1600] | 334 | Here are the minimal indexes |
---|
[1168] | 335 | lines you may want to put in <filename>slapd.conf</filename> : |
---|
| 336 | <screen> |
---|
| 337 | # Indexes for PyKota |
---|
[1600] | 338 | index pykotaUserName pres,eq,sub |
---|
| 339 | index pykotaGroupName pres,eq,sub |
---|
| 340 | index pykotaPrinterName pres,eq,sub |
---|
[2361] | 341 | index pykotaBillingCode pres,eq,sub |
---|
[1168] | 342 | index pykotaLastJobIdent eq |
---|
| 343 | </screen> |
---|
| 344 | </para> |
---|
| 345 | |
---|
| 346 | <para> |
---|
[1600] | 347 | Now you must ensure that the DNs you'll use to bind to |
---|
| 348 | your OpenLDAP server don't have search queries size limits, |
---|
| 349 | which gives for example (OpenLDAP 2.1.x or above) : |
---|
| 350 | |
---|
| 351 | <screen> |
---|
| 352 | # No Limits for PyKota's administrator and read-only user |
---|
[2577] | 353 | limits dn="cn=pykotaadmin,dc=example,dc=com" size.soft=-1 size.hard=soft |
---|
| 354 | limits dn="cn=pykotauser,dc=example,dc=com" size.soft=-1 size.hard=soft |
---|
[1600] | 355 | </screen> |
---|
| 356 | |
---|
[2577] | 357 | Where pykotaadmin and pykotauser are the usernames used to bind to your |
---|
[1600] | 358 | OpenLDAP server within PyKota, respectively in ReadWrite mode |
---|
| 359 | (as set in pykotadmin.conf) and in ReadOnly mode (as set in pykota.conf). |
---|
| 360 | </para> |
---|
| 361 | |
---|
| 362 | <para> |
---|
[2577] | 363 | Finally, stop the <application>OpenLDAP</application> server, generate |
---|
| 364 | the index files, and restart <application>OpenLDAP</application> |
---|
[1052] | 365 | <screen> |
---|
[2577] | 366 | $ /etc/init.d/slapd stop |
---|
| 367 | $ slapindex |
---|
| 368 | $ /etc/init.d/slapd start |
---|
[1052] | 369 | </screen> |
---|
| 370 | </para> |
---|
| 371 | |
---|
| 372 | <para> |
---|
[1168] | 373 | With an <acronym>LDAP</acronym> backend, PyKota will need some branches |
---|
| 374 | in your <acronym>LDAP</acronym> directory to put its own datas. |
---|
| 375 | You can configure PyKota to either attach its datas to your existing |
---|
| 376 | users and groups, or to put them in their own <literal>ou</literal>. |
---|
| 377 | But some <literal>ou</literal>s dedicated to PyKota are needed in any case, |
---|
| 378 | so the best bet may be to put all PyKota's datas below an <literal>ou=PyKota</literal> |
---|
| 379 | branch. While this will separate these datas from your existing users and groups |
---|
| 380 | entries, this may ease the maintainance. |
---|
| 381 | </para> |
---|
| 382 | |
---|
| 383 | <para> |
---|
| 384 | PyKota needs at least an <literal>ou</literal> for printers, for users quotas, for |
---|
[2361] | 385 | groups quotas, for print jobs, for billing codes, and for pointers to the last job of each printer. |
---|
[1168] | 386 | In the future, this last <literal>ou</literal> may disappear as its content |
---|
| 387 | will probably be attached to each printer. |
---|
| 388 | </para> |
---|
| 389 | |
---|
| 390 | <para> |
---|
| 391 | Actually PyKota doesn't create these <literal>ou</literal>s for you, because it's |
---|
| 392 | difficult to guess what is the best configuration for you. So you have to |
---|
| 393 | create them by yourself, either directly with a text editor and the |
---|
[2115] | 394 | <command>ldapadd</command> command, or with some specialized tool |
---|
| 395 | like <command>gq</command>. You can look at the <filename>initscripts/ldap/pykota-sample.ldif</filename> |
---|
[2126] | 396 | file to see which minimal branches are necessary. |
---|
[1906] | 397 | <note> |
---|
| 398 | <title>Note</title> |
---|
| 399 | <para> |
---|
| 400 | If you use RPM or DEB packages, usually the |
---|
[2126] | 401 | <filename>pykota-sample.ldif</filename> file is installed into the |
---|
[1906] | 402 | <filename>/usr/share/pykota/ldap</filename> directory, along |
---|
| 403 | with a README file. |
---|
| 404 | </para> |
---|
| 405 | </note> |
---|
[1168] | 406 | </para> |
---|
| 407 | |
---|
| 408 | <para> |
---|
[2844] | 409 | If no error occured, then your print quota database is ready to be used. |
---|
| 410 | Now you can let the print quota database server alone, the remaining work |
---|
[2117] | 411 | will have to be done on each one of the print servers which will |
---|
[2844] | 412 | use this particular print quota database server. |
---|
[2117] | 413 | <tip> |
---|
| 414 | <title>Tip</title> |
---|
| 415 | <para> |
---|
| 416 | If an error occured, maybe your OpenLDAP version is too old, or |
---|
| 417 | an unexpected problem (like a bug) happened. Please contact us via email so that we |
---|
| 418 | can try to fix the problem. Thanks in advance. |
---|
| 419 | </para> |
---|
| 420 | </tip> |
---|
[1052] | 421 | </para> |
---|
[856] | 422 | </sect2> |
---|
| 423 | |
---|
| 424 | <sect2> |
---|
[1038] | 425 | <title>MySQL</title> |
---|
[856] | 426 | |
---|
| 427 | <para> |
---|
[2851] | 428 | <application>MySQL</application> is a simple Relationnal DataBase |
---|
| 429 | Management System distributed under a <firstterm>Free Software</firstterm> |
---|
| 430 | license from the |
---|
| 431 | <ulink url="http://www.mysql.org">http://www.mysql.org</ulink> |
---|
| 432 | web site. |
---|
[856] | 433 | </para> |
---|
[2851] | 434 | |
---|
| 435 | <para> |
---|
| 436 | To configure your database, you must have MySQL already working. |
---|
| 437 | The complete installation of <application>MySQL</application> is not covered by |
---|
| 438 | the present manual, please refer to your system's documentation or to |
---|
| 439 | <ulink url="http://www.mysql.org">http://www.mysql.org</ulink> for |
---|
| 440 | details. |
---|
| 441 | </para> |
---|
| 442 | |
---|
| 443 | <para> |
---|
| 444 | One thing you have to check, though, is that every Print Server on which you |
---|
| 445 | want to install the print quota mechanism, must be able to connect to the |
---|
| 446 | <application>MySQL</application> server. In the default installation of |
---|
| 447 | <application>MySQL</application> this may not be the case for security reasons, except if both |
---|
| 448 | servers are in fact the same machine. In any case, it is recommended that you |
---|
| 449 | check the <filename>/etc/mysql/my.cnf</filename> file and modify it if |
---|
| 450 | needed. |
---|
| 451 | <tip> |
---|
| 452 | <title>Tip</title> |
---|
| 453 | <para> |
---|
| 454 | Don't forget to restart <application>MySQL</application> if you modify |
---|
| 455 | any of its configuration files, in order for the changes to take effect. |
---|
| 456 | </para> |
---|
| 457 | </tip> |
---|
| 458 | </para> |
---|
| 459 | |
---|
| 460 | <para> |
---|
| 461 | Be careful, you may be unable to connect from a Print Server to the <application>MySQL</application> |
---|
| 462 | server even if the configuration is correct. Sometimes your connections may be blocked by |
---|
| 463 | one or more network firewalls along the route from one machine to the other. If this |
---|
| 464 | is the case, then the best thing you can do is to ask your <firstterm>Network Administrator</firstterm> |
---|
| 465 | to not filter the IP port used by <application>MySQL</application>, which is |
---|
| 466 | usually port <literal>3306/tcp</literal>. |
---|
| 467 | <note> |
---|
| 468 | <title>Note</title> |
---|
| 469 | <para> |
---|
| 470 | The TCP/IP network port used by MySQL may be different. When in doubt, ask your |
---|
| 471 | <firstterm>System Administrator</firstterm> for the correct value. |
---|
| 472 | </para> |
---|
| 473 | </note> |
---|
| 474 | </para> |
---|
| 475 | |
---|
| 476 | <para> |
---|
| 477 | Now that your <application>MySQL</application> server is up and running, and |
---|
| 478 | is waiting for your connections, you have to create the print quota database. |
---|
| 479 | To do so, you'll have to feed <application>MySQL</application> with the |
---|
| 480 | <filename>pykota-1.24_official/initscripts/mysql/pykota-mysql.sql</filename> file. |
---|
| 481 | This file will create an empty |
---|
| 482 | print quota database and set some permissions on it. |
---|
| 483 | The database which will be created will be named <literal>pykota</literal> by default. |
---|
| 484 | Two database users will be defined to have access in readonly and read+write modes under |
---|
| 485 | the respective names <literal>pykotauser</literal> and <literal>pykotaadmin</literal>. |
---|
| 486 | The <literal>pykotaadmin</literal> and <literal>pykotauser</literal> users by |
---|
| 487 | default respectively have <literal>readwritepw</literal> and <literal>readonlypw</literal> |
---|
| 488 | as their passwords. |
---|
| 489 | <note> |
---|
| 490 | <title>Note</title> |
---|
| 491 | <para> |
---|
| 492 | You can choose other names and passwords if you want by modifying the |
---|
| 493 | <filename>initscripts/mysql/pykota-mysql.sql</filename> file |
---|
| 494 | accordingly, and report your changes into <application>PyKota</application>'s |
---|
| 495 | configuration files. |
---|
| 496 | </para> |
---|
| 497 | </note> |
---|
| 498 | </para> |
---|
| 499 | |
---|
| 500 | <para> |
---|
| 501 | To run this script, you can use the <command>mysql</command> frontend to |
---|
| 502 | <application>MySQL</application>, but your priviledges must be sufficient |
---|
| 503 | to be allowed to create databases. You can launch <command>mysql</command> |
---|
| 504 | as the <literal>root</literal> user for example. |
---|
| 505 | From a command line interpreter (i.e. shell), type the following commands : |
---|
| 506 | <screen> |
---|
| 507 | jerome@nordine:~$ cd pykota-1.24_official/initscripts/mysql |
---|
| 508 | jerome@nordine:~/pykota-1.24_official/initscripts$ mysql <pykota-mysql.sql |
---|
| 509 | </screen> |
---|
| 510 | <note> |
---|
| 511 | <title>Note</title> |
---|
| 512 | <para> |
---|
| 513 | If you use RPM or DEB packages, usually the |
---|
| 514 | <filename>pykota-mysql.sql</filename> file gets installed into the |
---|
| 515 | <filename>/usr/share/pykota/mysql</filename> directory, along |
---|
| 516 | with a README file. |
---|
| 517 | </para> |
---|
| 518 | </note> |
---|
| 519 | </para> |
---|
| 520 | |
---|
| 521 | <para> |
---|
| 522 | To improve security further, you could encrypt your database connections, or |
---|
| 523 | take any other step as needed. Please refer to <application>MySQL</application>'s |
---|
| 524 | documentation for details. |
---|
| 525 | </para> |
---|
| 526 | |
---|
| 527 | <para> |
---|
| 528 | For more details, please see <filename>initscripts/mysql/README.mysql</filename>. |
---|
| 529 | </para> |
---|
| 530 | |
---|
| 531 | <para> |
---|
| 532 | If no error occured, then your print quota database is ready to be used. |
---|
| 533 | Now you can let the print quota database server alone, the remaining work |
---|
| 534 | will have to be done on each one of the print servers which will |
---|
| 535 | use this particular print quota database server. |
---|
| 536 | <tip> |
---|
| 537 | <title>Tip</title> |
---|
| 538 | <para> |
---|
| 539 | If an error occured, maybe your MySQL version is too old, or |
---|
| 540 | an unexpected problem (like a bug) happened. Please contact us via email so that we |
---|
| 541 | can try to fix the problem. Thanks in advance. |
---|
| 542 | </para> |
---|
| 543 | </tip> |
---|
| 544 | </para> |
---|
| 545 | |
---|
[856] | 546 | </sect2> |
---|
| 547 | |
---|
| 548 | <sect2> |
---|
[2820] | 549 | <title>SQLite</title> |
---|
| 550 | |
---|
| 551 | <para> |
---|
[2842] | 552 | <application>SQLite</application> is an embeddable Relationnal DataBase |
---|
| 553 | distributed under a Free Software |
---|
| 554 | license from the |
---|
| 555 | <ulink url="http://www.sqlite.org">http://www.sqlite.org</ulink> |
---|
| 556 | web site. |
---|
| 557 | If is very easy to configure and use, offers a very small memory footprint, |
---|
| 558 | is very fast, but can only be used on the print server because it doesn't include |
---|
| 559 | a server daemon : the database is directly embedded in the application. |
---|
[2820] | 560 | </para> |
---|
[2842] | 561 | |
---|
| 562 | <para> |
---|
| 563 | To configure your database, you must have SQLite already working. |
---|
| 564 | The complete installation of <application>SQLite</application> is not covered by |
---|
| 565 | the present manual, please refer to your system's documentation or to |
---|
| 566 | <ulink url="http://www.sqlite.org">http://www.sqlite.org</ulink> for |
---|
| 567 | details. |
---|
| 568 | </para> |
---|
| 569 | |
---|
| 570 | <para> |
---|
| 571 | Once <application>SQLite</application> is installed, you have to decide where |
---|
| 572 | you'll put your database. A good idea is to store it into the <literal>pykota</literal> |
---|
| 573 | user's home directory. Then to create the database, just type : |
---|
| 574 | <screen> |
---|
| 575 | # sqlite3 ~pykota/pykota.db <pykota/initscripts/sqlite/pykota.sqlite |
---|
| 576 | # chown pykota.pykota ~pykota/pykota.db |
---|
| 577 | # chmod 660 ~pykota/pykota.db |
---|
| 578 | # chown pykota.pykota ~pykota |
---|
| 579 | </screen> |
---|
| 580 | </para> |
---|
| 581 | <para> |
---|
| 582 | If user <literal>pykota</literal> doesn't exist yet, then please |
---|
| 583 | follow the instructions a bit below which explain how to install PyKota on the print server. |
---|
| 584 | </para> |
---|
| 585 | |
---|
| 586 | <para> |
---|
| 587 | Once this is done, you'll want to set in <filename>~pykota/pykota.conf</filename> the |
---|
| 588 | following lines in the <literal>[global]</literal> section : |
---|
| 589 | <screen> |
---|
| 590 | storagebackend : sqlitestorage |
---|
| 591 | storagename : /etc/pykota/pykota.db |
---|
| 592 | </screen> |
---|
| 593 | </para> |
---|
| 594 | <para> |
---|
| 595 | Of course you'll want to replace the path on the <literal>storagename</literal> line |
---|
| 596 | with the full path to the newly created <application>SQLite</application> database. |
---|
| 597 | </para> |
---|
| 598 | <para> |
---|
[2844] | 599 | If no error occured, then your print quota database is ready to be used. |
---|
| 600 | In case you need them, additional instructions are available in <filename>pykota/initscripts/sqlite/README.sqlite</filename> |
---|
| 601 | <tip> |
---|
| 602 | <title>Tip</title> |
---|
| 603 | <para> |
---|
| 604 | If an error occured, maybe your SQLite version is too old, or |
---|
| 605 | an unexpected problem (like a bug) happened. Please contact us via email so that we |
---|
| 606 | can try to fix the problem. Thanks in advance. |
---|
| 607 | </para> |
---|
| 608 | </tip> |
---|
[2842] | 609 | </para> |
---|
[2820] | 610 | </sect2> |
---|
| 611 | |
---|
| 612 | <sect2> |
---|
[856] | 613 | <title>Berkeley DB</title> |
---|
| 614 | |
---|
| 615 | <para> |
---|
[2844] | 616 | A <application>Berkeley DB</application> backend is planned, but it actually |
---|
[857] | 617 | doesn't exist. It seems that remote storage won't be possible with such a backend, |
---|
| 618 | so in other terms this means that you will have a different quota database on |
---|
| 619 | each print server. This may still prove to be useful for small configurations. |
---|
[856] | 620 | </para> |
---|
| 621 | </sect2> |
---|
| 622 | </sect1> |
---|
| 623 | |
---|
| 624 | <sect1> |
---|
| 625 | <title>Print Server Installation</title> |
---|
| 626 | |
---|
| 627 | <para> |
---|
| 628 | For each Print Server on which you plan to implement the print quota |
---|
| 629 | mechanism, you have, of course, to have an already working printing environment. |
---|
[2478] | 630 | Currently <application>PyKota</application> works with |
---|
[959] | 631 | <ulink url="http://www.cups.org"><application>CUPS</application></ulink> |
---|
[2478] | 632 | but older releases also supported <ulink url="http://lprng.sourceforge.net"><application>LPRng</application></ulink>. |
---|
| 633 | <application>LPRng</application> support might be re-added in the future. |
---|
[856] | 634 | </para> |
---|
| 635 | |
---|
| 636 | <para> |
---|
[959] | 637 | Here's the list of software you have to install on each Print Server, version numbers |
---|
| 638 | are given as an indication of which was successfully tested, but older versions may |
---|
| 639 | work too. |
---|
[862] | 640 | <itemizedlist> |
---|
| 641 | <listitem> |
---|
| 642 | <para> |
---|
[2478] | 643 | <application>CUPS</application> version 1.1.14 or above. |
---|
| 644 | You can download it from <ulink url="http://www.cups.org">http://www.cups.org</ulink> |
---|
[862] | 645 | </para> |
---|
| 646 | </listitem> |
---|
| 647 | <listitem> |
---|
| 648 | <para> |
---|
[2835] | 649 | <application>Python</application> version 2.2 or above. |
---|
[862] | 650 | You can download it from <ulink url="http://www.python.org">http://www.python.org</ulink>. |
---|
[2126] | 651 | While <application>PyKota</application> itself will try to preserve compatibility |
---|
[2835] | 652 | with <application>Python</application> version 2.2 for the near future, some <application>Python</application> |
---|
| 653 | modules which are needed by <application>PyKota</application> may require a more recent version |
---|
[2126] | 654 | of this language. |
---|
[862] | 655 | </para> |
---|
| 656 | </listitem> |
---|
| 657 | <listitem> |
---|
| 658 | <para> |
---|
[2844] | 659 | print quota database client libraries, depending on your print quota database backend : |
---|
[862] | 660 | <itemizedlist> |
---|
| 661 | <listitem> |
---|
| 662 | <para> |
---|
| 663 | PostgreSQL backend : |
---|
| 664 | <itemizedlist> |
---|
| 665 | <listitem> |
---|
| 666 | <para> |
---|
| 667 | <application>PostgreSQL</application> client libraries. They must match the <application>PostgreSQL</application> |
---|
[2844] | 668 | version used on your print quota database server. |
---|
[862] | 669 | </para> |
---|
| 670 | </listitem> |
---|
| 671 | <listitem> |
---|
| 672 | <para> |
---|
| 673 | The <application>PygreSQL</application> python module. |
---|
[1168] | 674 | <application>PygreSQL</application> is normally included in |
---|
| 675 | <application>PostgreSQL</application>, but you may want to |
---|
| 676 | download it from <ulink url="http://www.pygresql.org">http://www.pygresql.org</ulink> |
---|
[862] | 677 | </para> |
---|
| 678 | </listitem> |
---|
| 679 | </itemizedlist> |
---|
| 680 | </para> |
---|
| 681 | </listitem> |
---|
| 682 | <listitem> |
---|
| 683 | <para> |
---|
[1168] | 684 | OpenLDAP backend : |
---|
| 685 | <itemizedlist> |
---|
| 686 | <listitem> |
---|
| 687 | <para> |
---|
| 688 | <application>OpenLDAP</application> client libraries. They must match |
---|
[2844] | 689 | the <application>OpenLDAP</application> version used on your print quota database server. |
---|
[1168] | 690 | </para> |
---|
| 691 | </listitem> |
---|
| 692 | <listitem> |
---|
| 693 | <para> |
---|
| 694 | The <application>Python-LDAP</application> python module. |
---|
| 695 | You may download this module from <ulink url="http://python-ldap.sourceforge.net">http://python-ldap.sourceforge.net</ulink> |
---|
| 696 | </para> |
---|
| 697 | </listitem> |
---|
| 698 | </itemizedlist> |
---|
[862] | 699 | </para> |
---|
| 700 | </listitem> |
---|
| 701 | <listitem> |
---|
| 702 | <para> |
---|
[2844] | 703 | MySQL backend : |
---|
| 704 | <itemizedlist> |
---|
| 705 | <listitem> |
---|
| 706 | <para> |
---|
| 707 | <application>MySQL</application> client libraries. They must match the <application>MySQL</application> |
---|
| 708 | version used on your database server. |
---|
| 709 | </para> |
---|
| 710 | </listitem> |
---|
| 711 | <listitem> |
---|
| 712 | <para> |
---|
| 713 | The <application>Python-MySQL</application> python module, version 1.2.x or higher. |
---|
| 714 | You can download it from <ulink url="http://sourceforge.net/projects/mysql-python">http://sourceforge.net/projects/mysql-python</ulink> |
---|
| 715 | </para> |
---|
| 716 | </listitem> |
---|
| 717 | </itemizedlist> |
---|
[862] | 718 | </para> |
---|
| 719 | </listitem> |
---|
| 720 | <listitem> |
---|
| 721 | <para> |
---|
[2842] | 722 | SQLite backend : SQLite is not a database server, but an embeddable database, so |
---|
| 723 | if you want to use it you MUST install SQLite on your print server. With |
---|
| 724 | <application>PostgreSQL</application>, <application>MySQL</application> or |
---|
| 725 | <application>OpenLDAP</application> you can store your datas on a different |
---|
| 726 | machine than the print server, but this is not possible with <application>SQLite</application>. |
---|
| 727 | <itemizedlist> |
---|
| 728 | <listitem> |
---|
| 729 | <para> |
---|
| 730 | <application>SQLite</application> version 3.2.1 or higher and its library. |
---|
| 731 | You can download it from |
---|
| 732 | <ulink url="http://www.sqlite.org">http://www.sqlite.org</ulink> |
---|
| 733 | </para> |
---|
| 734 | </listitem> |
---|
| 735 | <listitem> |
---|
| 736 | <para> |
---|
| 737 | The <application>Python-SQLite</application> python module version 2.0.5 or higher. |
---|
| 738 | You can download it from |
---|
| 739 | <ulink url="http://www.pysqlite.org">http://www.pysqlite.org</ulink> |
---|
| 740 | </para> |
---|
| 741 | </listitem> |
---|
| 742 | </itemizedlist> |
---|
[2820] | 743 | </para> |
---|
| 744 | </listitem> |
---|
| 745 | <listitem> |
---|
| 746 | <para> |
---|
[2478] | 747 | Berkeley DB backend : Not supported yet. |
---|
[862] | 748 | </para> |
---|
| 749 | </listitem> |
---|
| 750 | </itemizedlist> |
---|
| 751 | </para> |
---|
| 752 | </listitem> |
---|
| 753 | <listitem> |
---|
| 754 | <para> |
---|
| 755 | <application>ucd-snmp</application> or <application>net-snmp</application> tools, version 4.2.5 or above. You only need |
---|
[2115] | 756 | the <command>snmpget</command> command. |
---|
[1168] | 757 | You can download this software from <ulink url="http://www.sourceforge.net/projects/net-snmp/">http://www.sourceforge.net/projects/net-snmp/</ulink>. |
---|
[959] | 758 | You only need this if you plan to query your printers for their internal page counter via SNMP. |
---|
[862] | 759 | </para> |
---|
| 760 | </listitem> |
---|
| 761 | <listitem> |
---|
| 762 | <para> |
---|
[959] | 763 | <application>netatalk</application> version 1.6.1 or above. You only need |
---|
[2115] | 764 | the <command>pap</command> command. |
---|
[1168] | 765 | You can download this software from <ulink url="http://netatalk.sourceforge.net/">http://netatalk.sourceforge.net/</ulink>. |
---|
[959] | 766 | You only need this if you plan to query your printers for their internal page counter via AppleTalk. |
---|
| 767 | </para> |
---|
| 768 | </listitem> |
---|
| 769 | <listitem> |
---|
| 770 | <para> |
---|
| 771 | eGenix' mxDateTime Python module version 2.0.3 or above. It must match your default Python version. |
---|
[862] | 772 | You can download it from <ulink url="http://www.egenix.com">http://www.egenix.com</ulink>. |
---|
| 773 | </para> |
---|
| 774 | </listitem> |
---|
[2117] | 775 | <listitem> |
---|
| 776 | <para> |
---|
| 777 | The Python acccelerator <application>Psyco</application>. It must match your default Python version. |
---|
| 778 | You can download it from <ulink url="http://psyco.sourceforge.net">http://psyco.sourceforge.net</ulink>. |
---|
| 779 | You only need this if you run on the <literal>x86</literal> architecture because |
---|
| 780 | <application>Psyco</application> doesn't yet exist on other architectures. |
---|
| 781 | </para> |
---|
| 782 | </listitem> |
---|
| 783 | <listitem> |
---|
| 784 | <para> |
---|
[2478] | 785 | The <application>pysnmp</application> Python module version 3.4.2, 3.4.3 or 3.4.4 exclusively. |
---|
[2117] | 786 | You can download it from <ulink url="http://pysnmp.sourceforge.net">http://pysnmp.sourceforge.net</ulink>. |
---|
| 787 | </para> |
---|
| 788 | </listitem> |
---|
| 789 | <listitem> |
---|
| 790 | <para> |
---|
| 791 | The <application>JAXML</application> Python module. |
---|
| 792 | You can download it from <ulink url="http://www.librelogiciel.com/software/">http://www.librelogiciel.com/software/</ulink>. |
---|
| 793 | </para> |
---|
| 794 | </listitem> |
---|
| 795 | <listitem> |
---|
| 796 | <para> |
---|
| 797 | The <application>ReportLab</application> Toolkit Python module. |
---|
| 798 | You can download it from <ulink url="http://www.reportlab.org">http://www.reportlab.org</ulink>. |
---|
| 799 | </para> |
---|
| 800 | </listitem> |
---|
| 801 | <listitem> |
---|
| 802 | <para> |
---|
[2126] | 803 | The <application>Python Imaging Library - PIL</application> module. |
---|
| 804 | You can download it from <ulink url="http://www.pythonware.com">http://www.pythonware.com</ulink>. |
---|
| 805 | </para> |
---|
| 806 | </listitem> |
---|
| 807 | <listitem> |
---|
| 808 | <para> |
---|
[2117] | 809 | The <application>PyOSD</application> Python module. |
---|
| 810 | You can download it from <ulink url="http://repose.cx/pyosd/">http://repose.cx/pyosd/</ulink>. |
---|
| 811 | </para> |
---|
| 812 | </listitem> |
---|
[2478] | 813 | <listitem> |
---|
| 814 | <para> |
---|
| 815 | The <application>pkpgcounter</application> Generic Page Description Language parser. |
---|
| 816 | You can download it from <ulink url="http://www.librelogiciel.com/software/">http://www.librelogiciel.com/software/</ulink>. |
---|
| 817 | </para> |
---|
| 818 | </listitem> |
---|
[2835] | 819 | <listitem> |
---|
| 820 | <para> |
---|
| 821 | The <application>PyPAM</application> Python interface to <acronym>PAM</acronym>. |
---|
| 822 | You'll need this if you plan to ask users to authenticate when printing through <command>pknotify</command> |
---|
| 823 | and <command>pykoticon</command>. You don't need this module otherwise. |
---|
| 824 | If needed, you can download it from <ulink url="http://www.pangalactic.org/PyPAM/">http://www.pangalactic.org/PyPAM/</ulink>. |
---|
| 825 | </para> |
---|
| 826 | </listitem> |
---|
[862] | 827 | </itemizedlist> |
---|
[856] | 828 | </para> |
---|
[1168] | 829 | |
---|
| 830 | <para> |
---|
| 831 | Instead of downloading all these programs' sources and compiling them, which really |
---|
| 832 | is a boring task considering that many software are needed, you may prefer to look |
---|
| 833 | into the packages included with your GNU/Linux distribution of choice (if you use |
---|
| 834 | this operating system of course). Most, if not all, GNU/Linux distributions include |
---|
| 835 | all the software mentionned above, in the form of packages which are easier to |
---|
| 836 | install than sources tarballs. This is probably the same for the many *BSD |
---|
| 837 | distributions. |
---|
| 838 | </para> |
---|
| 839 | |
---|
| 840 | <para> |
---|
[2551] | 841 | You can check that all needed software is installed by launching the <command>checkdeps.py</command> |
---|
[1906] | 842 | command : |
---|
| 843 | <screen> |
---|
| 844 | $ python checkdeps.py |
---|
| 845 | </screen> |
---|
| 846 | </para> |
---|
| 847 | |
---|
| 848 | <para> |
---|
[1168] | 849 | Once all these software are installed, installing PyKota itself is a breeze. |
---|
| 850 | PyKota being written entirely in the Python language, which is interpreted, |
---|
| 851 | there's no need to compile anything. You just have to execute the installation |
---|
| 852 | script : |
---|
| 853 | <screen> |
---|
| 854 | $ python setup.py install |
---|
| 855 | </screen> |
---|
| 856 | </para> |
---|
| 857 | |
---|
| 858 | <para> |
---|
[1906] | 859 | The setup script will automatically create the |
---|
| 860 | <filename>/usr/share/pykota/conf</filename> directory and put the sample |
---|
| 861 | configuration files <filename>conf/pykota.conf.sample</filename> and |
---|
| 862 | <filename>conf/pykotadmin.conf.sample</filename> there, along with |
---|
| 863 | a <filename>README</filename> file explaining their purpose. |
---|
[1168] | 864 | </para> |
---|
[2117] | 865 | |
---|
[1168] | 866 | <para> |
---|
[2117] | 867 | Now you have to create a <literal>pykota</literal> system user and group. The <application>PyKota</application> |
---|
| 868 | software will automatically search its configuration files in user <literal>pykota</literal>'s |
---|
| 869 | home directory. For example we could create the user and group, and set <filename>/etc/pykota</filename> |
---|
| 870 | as the home directory, but any other home directory will do : |
---|
| 871 | <screen> |
---|
| 872 | adduser --system --group --home /etc/pykota --gecos PyKota pykota |
---|
| 873 | </screen> |
---|
| 874 | </para> |
---|
| 875 | |
---|
| 876 | <para> |
---|
| 877 | You now have to copy the sample configuration files into the <filename>~pykota</filename> |
---|
| 878 | directory, under the respective names <filename>pykota.conf</filename> and |
---|
[1168] | 879 | <filename>pykotadmin.conf</filename>. Once copied there, you just |
---|
| 880 | have to modify these files to adapt them to your own setup. |
---|
| 881 | These files are heavily commented, so you should have no problem. |
---|
| 882 | Also their format is quite common, because it's the one used by |
---|
| 883 | <application>Samba</application> for example, or by <literal>.ini</literal> |
---|
| 884 | files under <application>MS-Windows</application>, so you may already |
---|
| 885 | be familiar with this syntax. |
---|
| 886 | In a future release, this documentation will include the complete |
---|
| 887 | reference for all configuration fields available. Keep in mind that |
---|
[2126] | 888 | <application>PyKota</application> can be really heavily customized, and can delegate some work |
---|
[1168] | 889 | to any external command of your choice. |
---|
| 890 | </para> |
---|
| 891 | |
---|
| 892 | <para> |
---|
[2116] | 893 | Please create a backup copy of the <filename>~pykota</filename> |
---|
[1906] | 894 | directory before modifying a working installation. |
---|
[1168] | 895 | </para> |
---|
| 896 | |
---|
| 897 | <para> |
---|
| 898 | PyKota features some interesting possibilities which allow you to |
---|
| 899 | define options either globally so that they apply to all printers, |
---|
| 900 | or on a per printer basis. Please see the sample configuration files |
---|
[2126] | 901 | to see what I mean. In the simplest form, only a <literal>[global]</literal> section is |
---|
[1168] | 902 | needed. In more complex configurations, you will have to create |
---|
| 903 | one section per printer. Each section in the configuration files |
---|
| 904 | begins with a name between square brackets <literal>[]</literal>. |
---|
| 905 | The name to use to define a particular printer section is the name |
---|
[2835] | 906 | of the print queue you want to manage with PyKota. |
---|
[1168] | 907 | </para> |
---|
| 908 | |
---|
| 909 | <para> |
---|
[2126] | 910 | After you have modified <application>PyKota</application>'s configuration files, you have to |
---|
[1168] | 911 | double check their permissions, otherwise your installation may be |
---|
| 912 | insecure or may not work at all. |
---|
[2116] | 913 | The main configuration file <filename>~pykota/pykota.conf</filename> |
---|
[1168] | 914 | doesn't contain much sensitive information, so it can be made |
---|
| 915 | readable by anyone. If normal users read this file, at best they |
---|
| 916 | will learn the username and optional password of the read-only |
---|
[2126] | 917 | database user. This means that beside being allowed to read all the contents of |
---|
| 918 | the quota database, they won't be allowed to modify or delete it. |
---|
[2116] | 919 | On the other hand, the <filename>~pykota/pykotadmin.conf</filename> |
---|
[1168] | 920 | file contains the read-write user's identity and password. You must then |
---|
| 921 | ensure that no normal user can read this file. It should only be readable |
---|
[2117] | 922 | by the <literal>root</literal> user, which is always the case, and by |
---|
[2478] | 923 | <application>PyKota</application> administrators. In addition, |
---|
| 924 | users for which <application>CUPS</application> doesn't run as user <literal>root</literal> will |
---|
[2117] | 925 | have to ensure that the user their printing system is run as |
---|
| 926 | can read both of these files. An easy way to do so is to put the <literal>lp</literal> user |
---|
| 927 | (for example) into the <literal>pykota</literal> system group, then |
---|
| 928 | to give the correct permissions to <application>PyKota</application>'s configuration files : |
---|
[1168] | 929 | <screen> |
---|
[2117] | 930 | $ chown pykota.pykota ~pykota/pykota.conf |
---|
[2116] | 931 | $ chmod 644 ~pykota/pykota.conf |
---|
[2117] | 932 | $ chown pykota.pykota ~pykota/pykotadmin.conf |
---|
[2116] | 933 | $ chmod 640 ~pykota/pykotadmin.conf |
---|
[1168] | 934 | </screen> |
---|
[1783] | 935 | |
---|
| 936 | <warning> |
---|
| 937 | <title>Warning</title> |
---|
| 938 | <para> |
---|
[2116] | 939 | All the users allowed to read the <filename>~pykota/pykotadmin.conf</filename> |
---|
[1783] | 940 | are considered to be <application>PyKota</application> administrators. So be |
---|
| 941 | careful with these files permissions. |
---|
| 942 | </para> |
---|
| 943 | </warning> |
---|
[1168] | 944 | </para> |
---|
| 945 | |
---|
[2126] | 946 | <para> |
---|
[2261] | 947 | On some systems, you may be able to strenghten permissions like this : |
---|
| 948 | <screen> |
---|
| 949 | $ chown pykota.pykota ~pykota/pykota.conf |
---|
| 950 | $ chmod 640 ~pykota/pykota.conf |
---|
| 951 | $ chown pykota.pykota ~pykota/pykotadmin.conf |
---|
| 952 | $ chmod 600 ~pykota/pykotadmin.conf |
---|
| 953 | </screen> |
---|
| 954 | </para> |
---|
| 955 | |
---|
| 956 | <para> |
---|
| 957 | And on other ones, you may need to relax them, and change the files' owner : |
---|
| 958 | <screen> |
---|
| 959 | $ chown lp.pykota ~pykota/pykota.conf |
---|
| 960 | $ chmod 640 ~pykota/pykota.conf |
---|
| 961 | $ chown lp.pykota ~pykota/pykotadmin.conf |
---|
| 962 | $ chmod 640 ~pykota/pykotadmin.conf |
---|
| 963 | </screen> |
---|
| 964 | </para> |
---|
| 965 | |
---|
| 966 | <para> |
---|
| 967 | This all depends on the printing system you are using, and the user the |
---|
[2835] | 968 | printing system is usually running as. You need to remember three things : |
---|
[2261] | 969 | |
---|
| 970 | <itemizedlist> |
---|
| 971 | <listitem> |
---|
| 972 | <para> |
---|
| 973 | The user your printing system runs as MUST be allowed to read |
---|
| 974 | both <application>PyKota</application>'s configuration files. |
---|
| 975 | </para> |
---|
| 976 | </listitem> |
---|
| 977 | <listitem> |
---|
| 978 | <para> |
---|
| 979 | Any user who can read <filename>pykotadmin.conf</filename> |
---|
| 980 | is a <application>PyKota</application> administrator, and |
---|
| 981 | can do whatever he wants to the print quota database. |
---|
| 982 | </para> |
---|
| 983 | </listitem> |
---|
[2835] | 984 | <listitem> |
---|
| 985 | <para> |
---|
| 986 | If <filename>cupsd.conf</filename> contains <literal>RunAsUser</literal>, then |
---|
| 987 | you won't be able to authenticate users with <command>pknotify</command> and <command>pykoticon</command>. |
---|
| 988 | Also in this case you may have to make <application>PyKota</application>'s configuration files |
---|
| 989 | owned by the user <application>CUPS</application> runs as. |
---|
| 990 | </para> |
---|
| 991 | </listitem> |
---|
[2261] | 992 | </itemizedlist> |
---|
| 993 | </para> |
---|
| 994 | |
---|
| 995 | <para> |
---|
[2126] | 996 | Don't forget to restart your print server sofware if you changed group membership for the user it runs |
---|
| 997 | as, otherwise your change wouldn't be taken into account. |
---|
| 998 | </para> |
---|
[1783] | 999 | |
---|
[1168] | 1000 | <para> |
---|
| 1001 | Now depending on your printing system, the configuration to do is particular. |
---|
[2835] | 1002 | We will now see how to plug PyKota into <application>CUPS</application> since <application>LPRng</application> |
---|
| 1003 | is not supported anymore. |
---|
[1168] | 1004 | </para> |
---|
| 1005 | |
---|
| 1006 | <sect2> |
---|
| 1007 | <title>With CUPS</title> |
---|
| 1008 | |
---|
| 1009 | <para> |
---|
[2126] | 1010 | From version 1.16alpha7 on, configuring <application>PyKota</application> to integrate |
---|
| 1011 | within <application>CUPS</application> is more than easy. |
---|
[1187] | 1012 | </para> |
---|
[1168] | 1013 | |
---|
| 1014 | <para> |
---|
[2551] | 1015 | You just have to create a symbolic link to the <command>cupspykota</command> |
---|
[2126] | 1016 | command in <application>CUPS</application>' backend directory : |
---|
[1187] | 1017 | <screen> |
---|
| 1018 | $ cd /usr/lib/cups/backend |
---|
[1347] | 1019 | $ ln -s /usr/share/pykota/cupspykota cupspykota |
---|
[1187] | 1020 | </screen> |
---|
[1168] | 1021 | </para> |
---|
| 1022 | |
---|
| 1023 | <para> |
---|
| 1024 | You have to restart <application>CUPS</application> for this modification to |
---|
| 1025 | take effect : |
---|
| 1026 | <screen> |
---|
| 1027 | $ /etc/init.d/cupsys restart |
---|
| 1028 | </screen> |
---|
| 1029 | </para> |
---|
| 1030 | |
---|
| 1031 | <para> |
---|
[1187] | 1032 | Now point your web browser to CUPS configuration page, usually at |
---|
| 1033 | <ulink url="http://localhost:631">http://localhost:631</ulink> on |
---|
| 1034 | your print server. |
---|
| 1035 | </para> |
---|
| 1036 | |
---|
| 1037 | <para> |
---|
| 1038 | Then when creating new printers or reconfiguring existing ones, just |
---|
[1600] | 1039 | choose devices which are <literal>PyKota managed</literal> |
---|
| 1040 | <footnote> |
---|
| 1041 | <para> |
---|
| 1042 | Debian 3.0 Woody is known to have problems : CUPS 1.1.14 doesn't automatically |
---|
| 1043 | detect <literal>PyKota managed</literal> devices. So you have to manually |
---|
| 1044 | modify CUPS' <filename>printers.conf</filename> file as explained in |
---|
| 1045 | PyKota's toplevel <filename>README</filename> file. |
---|
| 1046 | </para> |
---|
| 1047 | </footnote> |
---|
| 1048 | instead of |
---|
[1187] | 1049 | normal devices. You've got one <literal>PyKota managed</literal> device |
---|
| 1050 | for each regular device available from CUPS, so just choose the appropriate |
---|
| 1051 | one. |
---|
| 1052 | </para> |
---|
| 1053 | |
---|
| 1054 | <para> |
---|
[1168] | 1055 | Repeat the above procedure for each print queue on which you want to use |
---|
| 1056 | PyKota. That's all ! |
---|
| 1057 | </para> |
---|
| 1058 | |
---|
| 1059 | <sect3> |
---|
| 1060 | <title>Troubleshooting</title> |
---|
| 1061 | <para> |
---|
| 1062 | In case of problem, the simplest way to solve it is currently |
---|
| 1063 | to ask on PyKota's mailing list, describing the symptoms, as |
---|
| 1064 | well as the hardware and software you use. |
---|
| 1065 | </para> |
---|
[1187] | 1066 | |
---|
| 1067 | <para> |
---|
[2835] | 1068 | A searchable FAQ is now available at |
---|
| 1069 | <ulink url="http://otrs.librelogiciel.com/otrs/public.pl">http://otrs.librelogiciel.com/public.pl</ulink>. |
---|
| 1070 | A FAQ entry explaining in great details how to diagnose a problem correctly is |
---|
| 1071 | available at |
---|
| 1072 | <ulink url="http://otrs.librelogiciel.com/otrs/public.pl?ID=2">http://otrs.librelogiciel.com/public.pl?ID=2</ulink>. |
---|
| 1073 | </para> |
---|
| 1074 | |
---|
| 1075 | <para> |
---|
[2842] | 1076 | You can also ask questions on IRC : |
---|
[1187] | 1077 | <screen> |
---|
| 1078 | /server irc.freenode.net |
---|
| 1079 | /join #pykota |
---|
| 1080 | </screen> |
---|
| 1081 | </para> |
---|
[1168] | 1082 | </sect3> |
---|
| 1083 | |
---|
| 1084 | </sect2> |
---|
| 1085 | |
---|
[856] | 1086 | </sect1> |
---|
[753] | 1087 | </chapter> |
---|
| 1088 | |
---|