root / pykota / trunk / docs / installation.sgml @ 3462

Revision 3413, 53.4 kB (checked in by jerome, 16 years ago)

Removed unnecessary spaces at EOL.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
Line 
1<!-- $Id$ -->
2
3<chapter>
4  <title id="installation">Installation</title>
5
6  <para>Last modified on $Date$</para>
7
8  <para>
9    Before being able to use <application>PyKota</application>, you have of course to
10    install it first. But before installing, you must carefully plan your installation.
11  </para>
12
13  <para>
14    First you have to determine which machine will be the <application>PyKota</application>
15    database server. The database server is the host responsible
16    for keeping a centralized database of print usage for all your printers, users and groups.
17  </para>
18
19  <para>
20    Then you have to list all the <firstterm>Print Servers</firstterm> for which
21    you plan to use print quota facilities.
22  </para>
23
24  <para>
25    With most database backends, several print servers can share a single database, however
26    as we'll see later this is not possible if you choose to use <application>SQLite</application>
27    as your print quota database backend.
28  </para>
29
30  <para>
31    Finally you have to download <application>PyKota</application>'s latest version
32    or buy an official package, from
33    <ulink url="http://www.pykota.com/software/pykota">http://www.pykota.com/software/pykota</ulink>.
34    If you've just bought an official package, then as soon as you've receive it you
35    have to decompress and visit its archive, to do so just type the following commands :
36    <screen>
37jerome@nordine:~$ tar -zxf pykota-1.26_official.tar.gz
38jerome@nordine:~$ cd pykota-1.26_official
39jerome@nordine:~/pykota-1.26_official$
40    </screen>
41  </para>
42
43  <para>
44    You can see many files in this directory, the first ones to read are <filename>README</filename>,
45    then <filename>COPYING</filename> and <filename>LICENSE</filename>. They will give you
46    basic installation instructions and explain the licensing terms under which
47    <application>PyKota</application> is distributed. Of course they are also mostly
48    boring to read ! Detailed installation and operating instructions are defined
49    in the <filename>./docs</filename> directory, in the form of <acronym>SGML</acronym>
50    documentation in the <ulink url="http://www.docbook.org">DocBook</ulink> format.
51    You have to compile these files into readable documentation like the <acronym>HTML</acronym>
52    or <acronym>PDF</acronym> formats, or buy an official <application>PyKota</application> package
53    which already contains these compiled forms of the documentation. Of course you already
54    know this because that's what you are currently reading !
55  </para>
56
57  <sect1>
58    <title>Interactive step-by-step installation of PyKota with pksetup</title>
59
60    <para>
61      <command>pksetup</command> is a command line tool with which you'll be able
62      to install <application>PyKota</application> and all its dependencies in
63      a completely interactive way. At the end of the installation, a shell
64      script is created which allows you to replicate the very same
65      installation in an automated way. This can be useful if you've got
66      several servers to install identically.
67    </para>
68
69    <para>
70      Currently, <command>pksetup</command> is experimental, and only works
71      with <ulink url="http://www.debian.org">Debian</ulink> and
72      <ulink url="http://www.ubuntu.com">Ubuntu</ulink> distributions.
73      In addition, the database backend which will be installed with
74      this command is <ulink url="http://www.postgresql.org">PostgreSQL</ulink>
75      and you have no choice for another backend. If you want another
76      database backend, or use a different distribution, or want to do
77      the installation manually, then read and follow the instructions in the next section.
78    </para>
79
80    <para>
81      To launch the installation procedure, just type <literal>pksetup</literal>
82      followed with the name of your distribution, like :
83    <screen>
84jerome@nordine:~/pykota-1.26_official$ ./bin/pksetup debian
85    </screen>
86      and then follow the instructions and answer to the several questions you'll
87      be asked.
88    </para>
89  </sect1>
90
91  <sect1>
92    <title>Manual installation</title>
93    <para>
94      To do a manual installation, we will see what has to be done on each of the servers we are planning to use.
95      <note>
96        <title>Note</title>
97        <para>
98          Of course, depending on the size of your network, you may very well
99          use the same machine as both a Print Server and a database server.
100          This is especially the case if you've got only one server.
101        </para>
102      </note>
103    </para>
104
105    <sect2>
106      <title>Database server installation</title>
107
108      <para>
109        Depending on <application>PyKota</application>'s version number, different
110        types of storage backends may be supported, so we will see for each one of
111        them how to configure it.
112      </para>
113
114      <sect3>
115        <title>PostgreSQL</title>
116
117        <para>
118          <application>PostgreSQL</application> is an <firstterm>Object Relationnal DataBase
119          Management System</firstterm> distributed under a <firstterm>Free Software</firstterm>
120          license from the
121          <ulink url="http://www.postgresql.org">http://www.postgresql.org</ulink>
122          web site. It certainely is the free <acronym>RDBMS</acronym> which has the most advanced
123          features, and is widely used all over the world.
124        </para>
125
126        <para>
127          To configure your database, you must have PostgreSQL already working.
128          The complete installation of <application>PostgreSQL</application> is not covered by
129          the present manual, please refer to your system's documentation or to
130          <ulink url="http://www.postgresql.org">http://www.postgresql.org</ulink> for
131          details.
132        </para>
133
134        <para>
135          One thing you have to check, though, is that every Print Server on which you
136          want to install the print quota mechanism, must be able to connect to the
137          <application>PostgreSQL</application> server. In the default installation of
138          <application>PostgreSQL</application> this may not be the case for security reasons, except if both
139          servers are in fact the same machine. In any case, it is recommended that you
140          check the <filename>/etc/postgresql/pg_hba.conf</filename> file and modify it if
141          needed. This file is self documented and its modification is straightforward.
142          You also have to make sure that <application>PostgreSQL</application> accepts <acronym>TCP/IP</acronym> connections.
143          To do so you either have to launch it with the <option>-i</option> option or
144          modify the <filename>/etc/postgresql/postgresql.conf</filename> file, which is
145          self documented and easy to modify too. Allowing <acronym>TCP/IP</acronym> connections
146          is not necessary though if your print quota database server and your Print Server are
147          the very same host.
148        </para>
149
150        <para>
151          Here's an excerpt from a <filename>pg_hba.conf</filename> file. This one rejects all
152          connections to PyKota's database excepted when made from the same host by <application>PostgreSQL</application> users
153          <literal>pykotauser</literal> or <literal>pykotaadmin</literal> with the correct password.
154    <screen>
155          local all    postgres                              ident sameuser
156          local all    all                                   reject
157          host  pykota pykotauser  127.0.0.1 255.255.255.255 crypt
158          host  pykota pykotaadmin 127.0.0.1 255.255.255.255 crypt
159          host  pykota all         127.0.0.1 255.255.255.255 reject
160    </screen>
161       </para>
162
163       <para>
164          Of course if your print server and your database servers have different <acronym>IP</acronym>
165          addresses, you have to replace the <literal>127.0.0.1</literal> address above with your print
166          server's <acronym>IP</acronym> address. As an alternative, you could still keep these
167          lines and add similar lines with other <acronym>IP</acronym> addresses if you have several
168          print servers for which you want a single centralized database.
169          <tip>
170            <title>Tip</title>
171            <para>
172              Don't forget to restart <application>PostgreSQL</application> if you modify
173              any of its configuration files, in order for the changes to take effect.
174            </para>
175          </tip>
176        </para>
177
178        <para>
179          Be careful, you may be unable to connect from a Print Server to the <application>PostgreSQL</application>
180          server even if the configuration is correct. Sometimes your connections may be blocked by
181          one or more network firewalls along the route from one machine to the other. If this
182          is the case, then the best thing you can do is to ask your <firstterm>Network Administrator</firstterm>
183          to not filter the IP port used by <application>PostgreSQL</application>, which is
184          usually port <literal>5432/tcp</literal>.
185          <note>
186            <title>Note</title>
187            <para>
188              The TCP/IP network port used by PostgreSQL may be different. When in doubt, ask your
189              <firstterm>System Administrator</firstterm> for the correct value.
190            </para>
191          </note>
192        </para>
193
194        <para>
195          Now that your <application>PostgreSQL</application> server is up and running, and
196          is waiting for your connections, you have to create the print quota database.
197          To do so, you'll have to feed <application>PostgreSQL</application> with the
198          <filename>pykota-1.26_official/initscripts/postgresql/pykota-postgresql.sql</filename> file.
199          This file will create a print quota database administrator in the <application>PostgreSQL</application> system, then create an empty
200          print quota database and set some permissions on it. The print quota database administrator
201          is the <application>PostgreSQL</application>'s user used to manage the quota database.
202          The print quota database Administrator is not present in the quota database
203          itself, he is only defined in <application>PostgreSQL</application> and don't
204          have to exist on any system, nor in the print quota database. His default name
205          is <literal>pykotaadmin</literal>.
206          A print quota database read-only user is also created under the name of <literal>pykotauser</literal>.
207          This read-only user is used by <application>PyKota</application> to connect to the
208          print quota database when an user who is not a <application>PyKota</application> administrator
209          <footnote><para>a <application>PyKota</application> administrator is an user who can read the <filename>~pykota/pykotadmin.conf</filename> file.</para></footnote>
210          launches a pykota command. This prevents normal
211          users from being able to modify their own, or other users', quota information.
212          The database which will be created will be named <literal>pykota</literal> by default.
213          The <literal>pykotaadmin</literal> and <literal>pykotauser</literal> users by
214          default respectively have <literal>readwritepw</literal> and <literal>readonlypw</literal>
215          as their passwords.
216          <note>
217            <title>Note</title>
218            <para>
219              You can choose other names and passwords if you want by modifying the
220              <filename>initscripts/postgresql/pykota-postgresql.sql</filename> file
221              accordingly, and report your changes into <application>PyKota</application>'s
222              configuration files.
223            </para>
224          </note>
225        </para>
226
227        <para>
228          To run this script, you can use the <command>psql</command> frontend to
229          <application>PostgreSQL</application>, but your priviledges must be sufficient
230          to be allowed to create users and databases. You can launch <command>psql</command>
231          as the <literal>postgres</literal> user which is <application>PostgreSQL</application>'s
232          default administrator, and connect to the default database named <literal>template1</literal>.
233          From a command line interpreter (i.e. shell), type the following commands :
234          <screen>
235    jerome@nordine:~$ cd pykota-1.26_official/initscripts/postgresql
236    jerome@nordine:~/pykota-1.26_official/initscripts$ psql -h localhost -U postgres template1
237    Welcome to psql, the PostgreSQL interactive terminal.
238
239    Type:  \copyright for distribution terms
240         \h for help with SQL commands
241         \? for help on internal slash commands
242         \g or terminate with semicolon to execute query
243         \q to quit
244
245    template1=# \i pykota-postgresql.sql
246              ... a lot of output lines
247    pykota=#
248          </screen>
249          <note>
250            <title>Note</title>
251            <para>
252              If you use RPM or DEB packages, usually the
253              <filename>pykota-postgresql.sql</filename> file gets installed into the
254              <filename>/usr/share/pykota/postgresql</filename> directory, along
255              with a README file.
256            </para>
257          </note>
258        </para>
259
260        <para>
261          If you want to you can change passwords later in
262          <application>PostgreSQL</application> for the
263          <literal>pykotaadmin</literal> and <literal>pykotauser</literal> users.
264          To do so, just type the following lines while still being at the <command>psql</command>
265          prompt (replace the password values by your own :
266          <screen>
267    pykota=# ALTER USER pykotaadmin PASSWORD 'somepassword';
268    ALTER USER
269    pykota=# ALTER USER pykotauser PASSWORD 'anotherpassword';
270    pykota=# \q
271    jerome@nordine:~/pykota-1.26_official/initscripts/postgresql$
272          </screen>
273        </para>
274
275        <para>
276          The <literal>\q</literal> command above will quit the <command>psql</command>
277          program and return you to the shell's command line prompt.
278        </para>
279
280        <para>
281          To improve security further, you could encrypt your database connections, or
282          take any other step as needed. Please refer to <application>PostgreSQL</application>'s
283          documentation for details.
284          <warning>
285            <title>Warning</title>
286            <para>
287              Defining passwords may not be sufficient if your database access rule is
288              set to <literal>trust</literal> in the <filename>/etc/postgresql/pg_hba.conf</filename>.
289              Again, please refer to <application>PostgreSQL</application>'s documentation
290              for details. Also, passwords will fly unencrypted over the network by default,
291              so be sure to take any necessary step to secure your database server from
292              unauthorized use. This has nothing to do with <application>PyKota</application>
293              though, it is just a general rule to keep in mind.
294            </para>
295          </warning>
296        </para>
297
298        <para>
299          For more details, please see <filename>initscripts/mysql/README.postgresql</filename>.
300        </para>
301
302        <para>
303          If no error occured, then your print quota database is ready to be used.
304          Now you can let the print quota database server alone, the remaining work
305          will have to be done on each one of the print servers which will
306          use this particular print quota database server.
307          <tip>
308            <title>Tip</title>
309            <para>
310              If an error occured, maybe your PostgreSQL version is too old, or
311              an unexpected problem (like a bug) happened. Please contact us via email so that we
312              can try to fix the problem. Thanks in advance.
313            </para>
314          </tip>
315        </para>
316
317      </sect3>
318
319      <sect3>
320        <title>LDAP</title>
321
322        <para>
323          Any <acronym>LDAP</acronym> server, and particularly <application>OpenLDAP</application>, can be used
324          as a print quota database backend.
325          Some other LDAP servers can be used, but this is currently untested in production.
326        </para>
327
328        <para>
329          <application>OpenLDAP</application> is a Lightweight Directory Access Protocol server
330          implementation published as Free Software.
331          You can download it from <ulink url="http://www.openldap.org">http://www.openldap.org</ulink>.
332        </para>
333
334        <para>
335          To use <application>OpenLDAP</application> as your print quota database backend, you have to copy the
336          <filename>pykota/initscripts/ldap/pykota.schema</filename> into <application>OpenLDAP</application>'s
337          schemas directory.
338          Under Debian GNU/Linux, this is something like :
339          <screen>
340    $ cp pykota.schema /etc/ldap/schema
341          </screen>
342          <note>
343            <title>Note</title>
344            <para>
345              If you are using a Red Hat-based system, substitute
346              <filename>/etc/openldap</filename> for
347              <filename>/etc/ldap</filename>.
348            </para>
349          </note>
350          <note>
351            <title>Note</title>
352            <para>
353              If you use RPM or DEB packages, the
354              <filename>pykota.schema</filename> file is usually installed into the
355              <filename>/usr/share/pykota/ldap</filename> directory, along
356              with a README file, and may also be installed automatically in
357              your <acronym>LDAP</acronym> server's schemas directory.
358            </para>
359          </note>
360       </para>
361       <para>
362         Then edit <filename>/etc/ldap/slapd.conf</filename> and add a line to
363         include the PyKota schema. You should have something
364         like :
365         <screen>
366    # Schema and objectClass definitions
367    include         /etc/ldap/schema/core.schema
368    include         /etc/ldap/schema/cosine.schema
369    include         /etc/ldap/schema/nis.schema
370    include         /etc/ldap/schema/inetorgperson.schema
371    include         /etc/ldap/schema/pykota.schema
372          </screen>
373        </para>
374
375        <para>
376          While this is not mandatory, it is recommended that you setup
377          some indexes for some often accessed PyKota attributes.
378          Here are the minimal indexes
379          lines you may want to put in <filename>slapd.conf</filename> :
380          <screen>
381    # Indexes for PyKota
382    index pykotaUserName pres,eq,sub
383    index pykotaGroupName pres,eq,sub
384    index pykotaPrinterName pres,eq,sub
385    index pykotaBillingCode pres,eq,sub
386    index pykotaLastJobIdent eq
387          </screen>
388        </para>
389
390        <para>
391          Now you must ensure that the DNs you'll use to bind to
392          your OpenLDAP server don't have search queries size limits,
393          which gives for example (OpenLDAP 2.1.x or above) :
394
395    <screen>
396    # No Limits for PyKota's administrator and read-only user
397    limits dn="cn=pykotaadmin,dc=example,dc=com" size.soft=-1 size.hard=soft
398    limits dn="cn=pykotauser,dc=example,dc=com" size.soft=-1 size.hard=soft
399    </screen>
400
401          Where pykotaadmin and pykotauser are the usernames used to bind to your
402          OpenLDAP server within PyKota, respectively in ReadWrite mode
403          (as set in pykotadmin.conf) and in ReadOnly mode (as set in pykota.conf).
404        </para>
405
406        <para>
407          Finally, stop the <application>OpenLDAP</application> server, generate
408          the index files, and restart <application>OpenLDAP</application>
409          <screen>
410    $ /etc/init.d/slapd stop
411    $ slapindex
412    $ /etc/init.d/slapd start
413          </screen>
414        </para>
415        <note>
416          <title>Note</title>
417          <para>
418          On Red Hat-based distros, use '/sbin/service ldap stop' and
419        '/sbin/service ldap start' instead.
420          </para>
421        </note>
422        <para>
423          With an <acronym>LDAP</acronym> backend, PyKota will need some branches
424          in your <acronym>LDAP</acronym> directory to put its own datas.
425          You can configure PyKota to either attach its datas to your existing
426          users and groups, or to put them in their own <literal>ou</literal>.
427          But some <literal>ou</literal>s dedicated to PyKota are needed in any case,
428          so the best bet may be to put all PyKota's datas below an <literal>ou=PyKota</literal>
429          branch. While this will separate these datas from your existing users and groups
430          entries, this may ease the maintainance.
431        </para>
432
433        <para>
434          PyKota needs at least an <literal>ou</literal> for printers, for users quotas, for
435          groups quotas, for print jobs, for billing codes, and for pointers to the last job of each printer.
436          In the future, this last <literal>ou</literal> may disappear as its content
437          will probably be attached to each printer.
438        </para>
439
440        <para>
441          Actually PyKota doesn't create these <literal>ou</literal>s for you, because it's
442          difficult to guess what is the best configuration for you. So you have to
443          create them by yourself, either directly with a text editor and the
444          <command>ldapadd</command> command, or with some specialized tool
445          like <command>gq</command>. You can look at the <filename>initscripts/ldap/pykota-sample.ldif</filename>
446          file to see which minimal branches are necessary.
447          <note>
448            <title>Note</title>
449            <para>
450              If you use RPM or DEB packages, usually the
451              <filename>pykota-sample.ldif</filename> file is installed into the
452              <filename>/usr/share/pykota/ldap</filename> directory, along
453              with a README file.
454            </para>
455          </note>
456        </para>
457
458        <para>
459          If no error occured, then your print quota database is ready to be used.
460          Now you can let the print quota database server alone, the remaining work
461          will have to be done on each one of the print servers which will
462          use this particular print quota database server.
463          <tip>
464            <title>Tip</title>
465            <para>
466              If an error occured, maybe your OpenLDAP version is too old, or
467              an unexpected problem (like a bug) happened. Please contact us via email so that we
468              can try to fix the problem. Thanks in advance.
469            </para>
470          </tip>
471        </para>
472      </sect3>
473
474      <sect3>
475        <title>MySQL</title>
476
477        <para>
478          <application>MySQL</application> is a simple Relationnal DataBase
479          Management System distributed under a <firstterm>Free Software</firstterm>
480          license from the
481          <ulink url="http://www.mysql.org">http://www.mysql.org</ulink>
482          web site.
483        </para>
484
485        <para>
486          To configure your database, you must have MySQL version 4.1 or higher already working.
487          We recommend that you use MySQL 5.0 or higher though.
488          The complete installation of <application>MySQL</application> is not covered by
489          the present manual, please refer to your system's documentation or to
490          <ulink url="http://www.mysql.org">http://www.mysql.org</ulink> for
491          details.
492        </para>
493
494        <para>
495          One thing you have to check, though, is that every Print Server on which you
496          want to install the print quota mechanism, must be able to connect to the
497          <application>MySQL</application> server. In the default installation of
498          <application>MySQL</application> this may not be the case for security reasons, except if both
499          servers are in fact the same machine. In any case, it is recommended that you
500          check the <filename>/etc/mysql/my.cnf</filename> file and modify it if
501          needed.
502          <tip>
503            <title>Tip</title>
504            <para>
505              Don't forget to restart <application>MySQL</application> if you modify
506              any of its configuration files, in order for the changes to take effect.
507            </para>
508          </tip>
509        </para>
510
511        <para>
512          Be careful, you may be unable to connect from a Print Server to the <application>MySQL</application>
513          server even if the configuration is correct. Sometimes your connections may be blocked by
514          one or more network firewalls along the route from one machine to the other. If this
515          is the case, then the best thing you can do is to ask your <firstterm>Network Administrator</firstterm>
516          to not filter the IP port used by <application>MySQL</application>, which is
517          usually port <literal>3306/tcp</literal>.
518          <note>
519            <title>Note</title>
520            <para>
521              The TCP/IP network port used by MySQL may be different. When in doubt, ask your
522              <firstterm>System Administrator</firstterm> for the correct value.
523            </para>
524          </note>
525        </para>
526
527        <para>
528          Now that your <application>MySQL</application> server is up and running, and
529          is waiting for your connections, you have to create the print quota database.
530          To do so, you'll have to feed <application>MySQL</application> with the
531          <filename>pykota-1.26_official/initscripts/mysql/pykota-mysql.sql</filename> file.
532          This file will create an empty
533          print quota database and set some permissions on it.
534          The database which will be created will be named <literal>pykota</literal> by default.
535          Two database users will be defined to have access in readonly and read+write modes under
536          the respective names <literal>pykotauser</literal> and <literal>pykotaadmin</literal>.
537          The <literal>pykotaadmin</literal> and <literal>pykotauser</literal> users by
538          default respectively have <literal>readwritepw</literal> and <literal>readonlypw</literal>
539          as their passwords.
540          <note>
541            <title>Note</title>
542            <para>
543              You can choose other names and passwords if you want by modifying the
544              <filename>initscripts/mysql/pykota-mysql.sql</filename> file
545              accordingly, and report your changes into <application>PyKota</application>'s
546              configuration files.
547            </para>
548          </note>
549        </para>
550
551        <para>
552          To run this script, you can use the <command>mysql</command> frontend to
553          <application>MySQL</application>, but your priviledges must be sufficient
554          to be allowed to create databases. You can launch <command>mysql</command>
555          as the <literal>root</literal> user for example.
556          From a command line interpreter (i.e. shell), type the following commands :
557          <screen>
558    jerome@nordine:~$ cd pykota-1.26_official/initscripts/mysql
559    jerome@nordine:~/pykota-1.26_official/initscripts$ mysql &lt;pykota-mysql.sql
560          </screen>
561          <note>
562            <title>Note</title>
563            <para>
564              If you use RPM or DEB packages, usually the
565              <filename>pykota-mysql.sql</filename> file gets installed into the
566              <filename>/usr/share/pykota/mysql</filename> directory, along
567              with a README file.
568            </para>
569          </note>
570        </para>
571
572        <para>
573          To improve security further, you could encrypt your database connections, or
574          take any other step as needed. Please refer to <application>MySQL</application>'s
575          documentation for details.
576        </para>
577
578        <para>
579          For more details, please see <filename>initscripts/mysql/README.mysql</filename>.
580        </para>
581
582        <para>
583          If no error occured, then your print quota database is ready to be used.
584          Now you can let the print quota database server alone, the remaining work
585          will have to be done on each one of the print servers which will
586          use this particular print quota database server.
587          <tip>
588            <title>Tip</title>
589            <para>
590              If an error occured, maybe your MySQL version is too old, or
591              an unexpected problem (like a bug) happened. Please contact us via email so that we
592              can try to fix the problem. Thanks in advance.
593            </para>
594          </tip>
595        </para>
596
597      </sect3>
598
599      <sect3>
600        <title>SQLite</title>
601
602        <para>
603          <application>SQLite</application> is an embeddable Relationnal DataBase
604          distributed under a Free Software
605          license from the
606          <ulink url="http://www.sqlite.org">http://www.sqlite.org</ulink>
607          web site.
608          If is very easy to configure and use, offers a very small memory footprint,
609          is very fast, but can only be used on the print server because it doesn't include
610          a server daemon : the database is directly embedded in the application.
611        </para>
612
613        <para>
614          To configure your database, you must have SQLite already working.
615          The complete installation of <application>SQLite</application> is not covered by
616          the present manual, please refer to your system's documentation or to
617          <ulink url="http://www.sqlite.org">http://www.sqlite.org</ulink> for
618          details.
619        </para>
620
621        <para>
622          Once <application>SQLite</application> is installed, you have to decide where
623          you'll put your database. A good idea is to store it into the <literal>pykota</literal>
624          user's home directory. Then to create the database, just type :
625    <screen>
626    # sqlite3 ~pykota/pykota.db &lt;pykota/initscripts/sqlite/pykota.sqlite
627    # chown pykota.pykota ~pykota/pykota.db
628    # chmod 660 ~pykota/pykota.db
629    # chown pykota.pykota ~pykota
630    </screen>
631        </para>
632        <para>
633          If user <literal>pykota</literal> doesn't exist yet, then please
634          follow the instructions a bit below which explain how to install PyKota on the print server.
635        </para>
636
637        <para>
638          Once this is done, you'll want to set in <filename>~pykota/pykota.conf</filename> the
639          following lines in the <literal>[global]</literal> section :
640    <screen>
641    storagebackend : sqlitestorage
642    storagename : /etc/pykota/pykota.db
643    </screen>
644        </para>
645        <para>
646          Of course you'll want to replace the path on the <literal>storagename</literal> line
647          with the full path to the newly created <application>SQLite</application> database.
648        </para>
649        <para>
650          If no error occured, then your print quota database is ready to be used.
651          In case you need them, additional instructions are available in <filename>pykota/initscripts/sqlite/README.sqlite</filename>
652          <tip>
653            <title>Tip</title>
654            <para>
655              If an error occured, maybe your SQLite version is too old, or
656              an unexpected problem (like a bug) happened. Please contact us via email so that we
657              can try to fix the problem. Thanks in advance.
658            </para>
659          </tip>
660        </para>
661      </sect3>
662
663      <sect3>
664        <title>Berkeley DB</title>
665
666        <para>
667          A <application>Berkeley DB</application> backend is planned, but it actually
668          doesn't exist. It seems that remote storage won't be possible with such a backend,
669          so in other terms this means that you will have a different quota database on
670          each print server. This may still prove to be useful for small configurations.
671        </para>
672      </sect3>
673    </sect2>
674
675    <sect2>
676      <title>Print Server Installation</title>
677
678      <para>
679        For each Print Server on which you plan to implement the print quota
680        mechanism, you have, of course, to have an already working printing environment.
681        Currently <application>PyKota</application> works with
682        <ulink url="http://www.cups.org"><application>CUPS</application></ulink>
683        but older releases also supported <ulink url="http://lprng.sourceforge.net"><application>LPRng</application></ulink>.
684        <application>LPRng</application> support might be re-added in the future.
685      </para>
686
687      <para>
688        Here's the list of software you have to install on each Print Server, version numbers
689        are given as an indication of which was successfully tested, but older versions may
690        work too.
691        <itemizedlist>
692          <listitem>
693            <para>
694              <application>CUPS</application> version 1.3.4 or higher. NB :
695              <application>PyKota</application> releases up to and including 1.26 support
696              <application>CUPS</application> version 1.1.14 or higher.
697              You can download it from <ulink url="http://www.cups.org">http://www.cups.org</ulink>
698            </para>
699          </listitem>
700          <listitem>
701            <para>
702              <application>Python</application> version 2.3 or higher.
703              You can download it from <ulink url="http://www.python.org">http://www.python.org</ulink>.
704              While <application>PyKota</application> itself will try to preserve compatibility
705              with <application>Python</application> version 2.3 for the near future, some <application>Python</application>
706              modules which are needed by <application>PyKota</application> may require a more recent version
707              of this language.
708            </para>
709          </listitem>
710          <listitem>
711            <para>
712              print quota database client libraries, depending on your print quota database backend :
713              <itemizedlist>
714                <listitem>
715                  <para>
716                    PostgreSQL backend :
717                    <itemizedlist>
718                      <listitem>
719                        <para>
720                          <application>PostgreSQL</application> client libraries. They must match the <application>PostgreSQL</application>
721                          version used on your print quota database server.
722                        </para>
723                      </listitem>
724                      <listitem>
725                        <para>
726                          The <application>PygreSQL</application> python module.
727                          <application>PygreSQL</application> is normally included in
728                          <application>PostgreSQL</application>, but you may want to
729                          download it from <ulink url="http://www.pygresql.org">http://www.pygresql.org</ulink>
730                        </para>
731                      </listitem>
732                    </itemizedlist>
733                  </para>
734                </listitem>
735                <listitem>
736                  <para>
737                    OpenLDAP backend :
738                    <itemizedlist>
739                      <listitem>
740                        <para>
741                          <application>OpenLDAP</application> client libraries. They must match
742                          the <application>OpenLDAP</application> version used on your print quota database server.
743                        </para>
744                      </listitem>
745                      <listitem>
746                        <para>
747                          The <application>Python-LDAP</application> python module.
748                          You may download this module from <ulink url="http://python-ldap.sourceforge.net">http://python-ldap.sourceforge.net</ulink>
749                        </para>
750                      </listitem>
751                    </itemizedlist>
752                  </para>
753                </listitem>
754                <listitem>
755                  <para>
756                    MySQL backend :
757                    <itemizedlist>
758                      <listitem>
759                        <para>
760                          <application>MySQL</application> client libraries. They must match the <application>MySQL</application>
761                          version used on your database server.
762                        </para>
763                      </listitem>
764                      <listitem>
765                        <para>
766                          The <application>Python-MySQL</application> python module, version 1.2.x or higher.
767                          You can download it from <ulink url="http://sourceforge.net/projects/mysql-python">http://sourceforge.net/projects/mysql-python</ulink>
768                        </para>
769                      </listitem>
770                    </itemizedlist>
771                  </para>
772                </listitem>
773                <listitem>
774                  <para>
775                    SQLite backend : SQLite is not a database server, but an embeddable database, so
776                    if you want to use it you MUST install SQLite on your print server. With
777                    <application>PostgreSQL</application>, <application>MySQL</application> or
778                    <application>OpenLDAP</application> you can store your datas on a different
779                    machine than the print server, but this is not possible with <application>SQLite</application>.
780                    <itemizedlist>
781                      <listitem>
782                        <para>
783                          <application>SQLite</application> version 3.2.1 or higher and its library.
784                          You can download it from
785                          <ulink url="http://www.sqlite.org">http://www.sqlite.org</ulink>
786                        </para>
787                      </listitem>
788                      <listitem>
789                        <para>
790                          The <application>Python-SQLite</application> python module version 2.0.5 or higher.
791                          You can download it from
792                          <ulink url="http://www.pysqlite.org">http://www.pysqlite.org</ulink>
793                        </para>
794                      </listitem>
795                    </itemizedlist>
796                  </para>
797                </listitem>
798                <listitem>
799                  <para>
800                    Berkeley DB backend : Not supported yet.
801                  </para>
802                </listitem>
803              </itemizedlist>
804            </para>
805          </listitem>
806          <listitem>
807            <para>
808              <application>ucd-snmp</application> or <application>net-snmp</application> tools, version 4.2.5 or above. You only need
809              the <command>snmpget</command> command.
810              You can download this software from <ulink url="http://www.sourceforge.net/projects/net-snmp/">http://www.sourceforge.net/projects/net-snmp/</ulink>.
811              You only need this if PyKota's internal SNMP accounting code doesn't work for your SNMP-aware
812              printers.
813            </para>
814          </listitem>
815          <listitem>
816            <para>
817              <application>netatalk</application> version 1.6.1 or above. You only need
818              the <command>pap</command> command.
819              You can download this software from <ulink url="http://netatalk.sourceforge.net/">http://netatalk.sourceforge.net/</ulink>.
820              You only need this if you plan to query your printers for their internal page counter via AppleTalk.
821            </para>
822          </listitem>
823          <listitem>
824            <para>
825              eGenix' mxDateTime Python module version 2.0.3 or above. It must match your default Python version.
826              You can download it from <ulink url="http://www.egenix.com">http://www.egenix.com</ulink>.
827            </para>
828          </listitem>
829          <listitem>
830            <para>
831              The Python acccelerator <application>Psyco</application>. It must match your default Python version.
832              You can download it from <ulink url="http://psyco.sourceforge.net">http://psyco.sourceforge.net</ulink>.
833              You only need this if you run on the <literal>x86</literal> architecture because
834              <application>Psyco</application> doesn't yet exist on other architectures.
835            </para>
836          </listitem>
837          <listitem>
838            <para>
839              The <application>pysnmp</application> Python module version 3.4.2, or higher, version 4 is recommanded.
840              You can download it from <ulink url="http://pysnmp.sourceforge.net">http://pysnmp.sourceforge.net</ulink>.
841            </para>
842          </listitem>
843          <listitem>
844            <para>
845              The <application>JAXML</application> Python module.
846              You can download it from <ulink url="http://www.librelogiciel.com/software/">http://www.librelogiciel.com/software/</ulink>.
847            </para>
848          </listitem>
849          <listitem>
850            <para>
851              The <application>ReportLab</application> Toolkit Python module.
852              You can download it from <ulink url="http://www.reportlab.org">http://www.reportlab.org</ulink>.
853            </para>
854          </listitem>
855          <listitem>
856            <para>
857              The <application>Python Imaging Library - PIL</application> module.
858              You can download it from <ulink url="http://www.pythonware.com">http://www.pythonware.com</ulink>.
859            </para>
860          </listitem>
861          <listitem>
862            <para>
863              The <application>PyOSD</application> Python module.
864              You can download it from <ulink url="http://repose.cx/pyosd/">http://repose.cx/pyosd/</ulink>.
865            </para>
866          </listitem>
867          <listitem>
868            <para>
869              The <application>pkpgcounter</application> Generic Page Description Language parser.
870              You can download it from <ulink url="http://www.pykota.com.com/software/pkpgcounter">http://www.pykota.com/software/pkpgcounter</ulink>.
871            </para>
872          </listitem>
873          <listitem>
874            <para>
875              The <application>PyPAM</application> Python interface to <acronym>PAM</acronym>.
876              You'll need this if you plan to ask users to authenticate when printing through <command>pknotify</command>
877              and <command>pykoticon</command>. You don't need this module otherwise.
878              If needed, you can download it from <ulink url="http://www.pangalactic.org/PyPAM/">http://www.pangalactic.org/PyPAM/</ulink>.
879            </para>
880          </listitem>
881          <listitem>
882            <para>
883              The <application>PkIPPLib</application> Python <acronym>IPP</acronym> library.
884              You can download it from <ulink url="http://www.pykota.com/software/pkipplib">http://www.pykota.com/software/pkipplib</ulink>.
885            </para>
886          </listitem>
887        </itemizedlist>
888      </para>
889
890      <para>
891        Instead of downloading all these programs' sources and compiling them, which really
892        is a boring task considering that many software are needed, you may prefer to look
893        into the packages included with your GNU/Linux distribution of choice (if you use
894        this operating system of course). Most, if not all, GNU/Linux distributions include
895        all the software mentionned above, in the form of packages which are easier to
896        install than sources tarballs. This is probably the same for the many *BSD
897        distributions.
898      </para>
899
900      <para>
901         You can check that all needed software is installed by launching the <command>checkdeps.py</command>
902         command :
903        <screen>
904    $ python checkdeps.py
905        </screen>
906      </para>
907
908      <para>
909        Once all these software are installed, installing PyKota itself is a breeze.
910        PyKota being written entirely in the Python language, which is interpreted,
911        there's no need to compile anything. You just have to execute the installation
912        script :
913        <screen>
914    $ python setup.py install
915        </screen>
916      </para>
917
918      <para>
919        The setup script will automatically create the
920        <filename>/usr/share/pykota/conf</filename> directory and put the sample
921        configuration files <filename>conf/pykota.conf.sample</filename> and
922        <filename>conf/pykotadmin.conf.sample</filename> there, along with
923        a <filename>README</filename> file explaining their purpose.
924      </para>
925
926      <para>
927        Now you have to create a <literal>pykota</literal> system user and group. The <application>PyKota</application>
928        software will automatically search its configuration files in user <literal>pykota</literal>'s
929        home directory. For example we could create the user and group, and set <filename>/etc/pykota</filename>
930        as the home directory, but any other home directory will do :
931    <screen>
932      adduser --system --group --home /etc/pykota --gecos PyKota pykota
933    </screen>
934      </para>
935
936      <para>
937        You now have to copy the sample configuration files into the <filename>~pykota</filename>
938        directory, under the respective names <filename>pykota.conf</filename> and
939        <filename>pykotadmin.conf</filename>. Once copied there, you just
940        have to modify these files to adapt them to your own setup.
941        These files are heavily commented, so you should have no problem.
942        Also their format is quite common, because it's the one used by
943        <application>Samba</application> for example, or by <literal>.ini</literal>
944        files under <application>MS-Windows</application>, so you may already
945        be familiar with this syntax.
946        In a future release, this documentation will include the complete
947        reference for all configuration fields available. Keep in mind that
948        <application>PyKota</application> can be really heavily customized, and can delegate some work
949        to any external command of your choice.
950      </para>
951
952      <para>
953        Please create a backup copy of the <filename>~pykota</filename>
954        directory before modifying a working installation.
955      </para>
956
957      <para>
958        PyKota features some interesting possibilities which allow you to
959        define options either globally so that they apply to all printers,
960        or on a per printer basis. Please see the sample configuration files
961        to see what I mean. In the simplest form, only a <literal>[global]</literal> section is
962        needed. In more complex configurations, you will have to create
963        one section per printer. Each section in the configuration files
964        begins with a name between square brackets <literal>[]</literal>.
965        The name to use to define a particular printer section is the name
966        of the print queue you want to manage with PyKota.
967      </para>
968
969      <para>
970        After you have modified <application>PyKota</application>'s configuration files, you have to
971        double check their permissions, otherwise your installation may be
972        insecure or may not work at all.
973        The main configuration file <filename>~pykota/pykota.conf</filename>
974        doesn't contain much sensitive information, so it can be made
975        readable by anyone. If normal users read this file, at best they
976        will learn the username and optional password of the read-only
977        database user. This means that beside being allowed to read all the contents of
978        the quota database, they won't be allowed to modify or delete it.
979        On the other hand, the <filename>~pykota/pykotadmin.conf</filename>
980        file contains the read-write user's identity and password. You must then
981        ensure that no normal user can read this file. It should only be readable
982        by the <literal>root</literal> user, which is always the case, and by
983        <application>PyKota</application> administrators. In addition,
984        users for which <application>CUPS</application> doesn't run as user <literal>root</literal> will
985        have to ensure that the user their printing system is run as
986        can read both of these files. An easy way to do so is to put the <literal>lp</literal> user
987        (for example) into the <literal>pykota</literal> system group, then
988        to give the correct permissions to <application>PyKota</application>'s configuration files :
989        <screen>
990    $ chown -R pykota.pykota ~pykota/
991    $ chmod 750 ~pykota/
992    $ chmod 644 ~pykota/pykota.conf
993    $ chmod 640 ~pykota/pykotadmin.conf
994        </screen>
995
996        <warning>
997          <title>Warning</title>
998          <para>
999            All the users allowed to read the <filename>~pykota/pykotadmin.conf</filename>
1000            are considered to be <application>PyKota</application> administrators. So be
1001            careful with these files permissions.
1002          </para>
1003        </warning>
1004      </para>
1005
1006      <para>
1007        On some systems, you may be able to strenghten permissions like this :
1008        <screen>
1009    $ chown -R pykota.pykota ~pykota/
1010    $ chmod 750 ~pykota/
1011    $ chmod 640 ~pykota/pykota.conf
1012    $ chmod 600 ~pykota/pykotadmin.conf
1013        </screen>
1014      </para>
1015
1016      <para>
1017        And on other ones, you may need to relax them, and change the files' owner :
1018        <screen>
1019    $ chown pykota.pykota ~pykota/
1020    $ chmod 755 ~pykota/
1021    $ chown lp.pykota ~pykota/pykota.conf
1022    $ chmod 640 ~pykota/pykota.conf
1023    $ chown lp.pykota ~pykota/pykotadmin.conf
1024    $ chmod 640 ~pykota/pykotadmin.conf
1025        </screen>
1026      </para>
1027
1028      <para>
1029        This all depends on the printing system you are using, and the user the
1030        printing system is usually running as. You need to remember three things :
1031
1032        <itemizedlist>
1033          <listitem>
1034            <para>
1035              The user your printing system runs as MUST be allowed to read
1036              both <application>PyKota</application>'s configuration files.
1037            </para>
1038          </listitem>
1039          <listitem>
1040            <para>
1041              Any user who can read <filename>pykotadmin.conf</filename>
1042              is a <application>PyKota</application> administrator, and
1043              can do whatever he wants to the print quota database.
1044            </para>
1045          </listitem>
1046          <listitem>
1047            <para>
1048              If <filename>cupsd.conf</filename> contains <literal>RunAsUser</literal>, then
1049              you won't be able to authenticate users with <command>pknotify</command> and <command>pykoticon</command>.
1050              Also in this case you may have to make <application>PyKota</application>'s configuration files
1051              owned by the user <application>CUPS</application> runs as.
1052            </para>
1053          </listitem>
1054        </itemizedlist>
1055      </para>
1056
1057      <para>
1058        Don't forget to restart your print server sofware if you changed group membership for the user it runs
1059        as, otherwise your change wouldn't be taken into account.
1060      </para>
1061
1062      <para>
1063        Now depending on your printing system, the configuration to do is particular.
1064        We will now see how to plug PyKota into <application>CUPS</application> since <application>LPRng</application>
1065        is not supported anymore.
1066      </para>
1067
1068      <sect3>
1069        <title>With CUPS</title>
1070
1071        <para>
1072          From version 1.16alpha7 on, configuring <application>PyKota</application> to integrate
1073          within <application>CUPS</application> is more than easy.
1074        </para>
1075
1076        <para>
1077          You just have to create a symbolic link to the <command>cupspykota</command>
1078          command in <application>CUPS</application>' backend directory :
1079          <screen>
1080    $ cd /usr/lib/cups/backend
1081    $ ln -s /usr/share/pykota/cupspykota cupspykota
1082          </screen>
1083        </para>
1084
1085        <para>
1086          If you use CUPS v1.2 or higher, you must
1087          also type the following command to allow the <command>cupspykota</command>
1088          backend to correctly support other backends which must be run
1089          as the root user (e.g. the <command>lpd</command> backend) :
1090          <screen>
1091    $ chmod 700 /usr/share/pykota/cupspykota
1092          </screen>
1093        </para>
1094
1095        <para>
1096          You have to restart <application>CUPS</application> for this modification to
1097          take effect :
1098          <screen>
1099    $ /etc/init.d/cupsys restart
1100          </screen>
1101        </para>
1102
1103        <para>
1104          Now point your web browser to CUPS configuration page, usually at
1105          <ulink url="http://localhost:631">http://localhost:631</ulink> on
1106          your print server.
1107        </para>
1108
1109        <para>
1110          Then when creating new printers or reconfiguring existing ones, just
1111          choose devices which are <literal>PyKota managed</literal>
1112          <footnote>
1113            <para>
1114              Debian 3.0 Woody is known to have problems : CUPS 1.1.14 doesn't automatically
1115              detect <literal>PyKota managed</literal> devices. So you have to manually
1116              modify CUPS' <filename>printers.conf</filename> file as explained in
1117              PyKota's toplevel <filename>README</filename> file.
1118            </para>
1119          </footnote>
1120          instead of
1121          normal devices. You've got one <literal>PyKota managed</literal> device
1122          for each regular device available from CUPS, so just choose the appropriate
1123          one.
1124        </para>
1125
1126        <para>
1127          Repeat the above procedure for each print queue on which you want to use
1128          PyKota. That's all !
1129        </para>
1130
1131        <sect4>
1132          <title>Troubleshooting</title>
1133          <para>
1134            In case of problem, the simplest way to solve it is currently
1135            to ask on PyKota's mailing list, describing the symptoms, as
1136            well as the hardware and software you use.
1137          </para>
1138
1139          <para>
1140            A searchable FAQ is now available at
1141            <ulink url="http://otrs.librelogiciel.com/otrs/public.pl">http://otrs.librelogiciel.com/public.pl</ulink>.
1142            A FAQ entry explaining in great details how to diagnose a problem correctly is
1143            available at
1144            <ulink url="http://otrs.librelogiciel.com/otrs/public.pl?ID=2">http://otrs.librelogiciel.com/public.pl?ID=2</ulink>.
1145          </para>
1146
1147          <para>
1148            You can also ask questions on IRC :
1149            <screen>
1150    /server irc.freenode.net
1151    /join #pykota
1152            </screen>
1153          </para>
1154        </sect4>
1155
1156      </sect3>
1157
1158    </sect2>
1159  </sect1>
1160</chapter>
1161
Note: See TracBrowser for help on using the browser.