update the glossary;
authorSteve Sheppard <ssheps@gmail.com>
Thu, 16 Sep 2010 16:17:02 +0000 (12:17 -0400)
committerSteve Sheppard <ssheps@gmail.com>
Thu, 16 Sep 2010 16:17:02 +0000 (12:17 -0400)
1.6/admin/ServersideInstallation.xml
1.6/glossary.xml

index 06cbc11..db6897c 100644 (file)
                                <figure>
                                        <title>Commands to add <systemitem class="username">opensrf</systemitem> user</title>
                                        <screen>
-                               $ su - opensrf
-                               $ useradd -m -s /bin/bash opensrf
-                               $ passwd opensrf
-                               Enter new UNIX password: ******
-                               Retype new UNIX password: ******
-                               passwd: password updated successfully
-                               $
-                               </screen>
+                                       $ su - opensrf
+                                       $ useradd -m -s /bin/bash opensrf
+                                       $ passwd opensrf
+                                       Enter new UNIX password: ******
+                                       Retype new UNIX password: ******
+                                       passwd: password updated successfully
+                                       $
+                                       </screen>
                                </figure>
                        </section>
                        <section>
                                <figure>
                                        <title>Commands to download and unpack OpenSRF</title>
                                        <screen>
-                               $ su - opensrf
-                               $ wget http://evergreen-ils.org/downloads/OpenSRF-1.0.7.tar.gz
-                               $ tar zxf OpenSRF-1.0.7.tar.gz
-                               </screen>
+                                       $ su - opensrf
+                                       $ wget http://evergreen-ils.org/downloads/OpenSRF-1.0.7.tar.gz
+                                       $ tar zxf OpenSRF-1.0.7.tar.gz
+                                       </screen>
                                </figure>
                                <para>The new directory <filename class="directory">/home/opensrf/OpenSRF-1.0.7</filename> will be created.</para>
                        </section>
                                <figure>
                                        <title>Commands to install prerequisites for OpenSRF</title>
                                        <screen>
-                               $ su - root
-                               $ cd /home/opensrf/OpenSRF-1.0.7
-                               $ make -f src/extras/Makefile.install [DISTRIBUTION]
-                               ...
-                               </screen>
+                                       $ su - root
+                                       $ cd /home/opensrf/OpenSRF-1.0.7
+                                       $ make -f src/extras/Makefile.install [DISTRIBUTION]
+                                       ...
+                                       </screen>
                                </figure>
                                <table xml:id="serversideinstallation-keywords-figure-1a">
                                        <title>Keywords Targets for <application>make</application> Command</title>
                                <figure>
                                        <title>Commands to configure OpenSRF</title>
                                        <screen>
-                               $ su - opensrf
-                               $ cd /home/opensrf/OpenSRF-1.0.7
-                               $ ./configure --prefix=/openils --sysconfdir=/openils/conf
-                               $ make
-                               ...
-                               </screen>
+                                       $ su - opensrf
+                                       $ cd /home/opensrf/OpenSRF-1.0.7
+                                       $ ./configure --prefix=/openils --sysconfdir=/openils/conf
+                                       $ make
+                                       ...
+                                       </screen>
                                </figure>
                        </section>
                        <section>
                                <figure>
                                        <title>Commands to build, link and install OpenSRF</title>
                                        <screen>
-                               $ su - opensrf
-                               $ cd /home/opensrf/OpenSRF-1.0.7
-                               $ make install
-                               ...
-                               </screen>
+                                       $ su - opensrf
+                                       $ cd /home/opensrf/OpenSRF-1.0.7
+                                       $ make install
+                                       ...
+                                       </screen>
                                </figure>
                        </section>
                        <section>
                                <figure>
                                        <title>Commands to modify system dynamic library path</title>
                                        <screen>
-                               $ su - root
-                               $ echo "/openils/lib" > /etc/ld.so.conf.d/osrf.conf
-                               $ ldconfig
-                               </screen>
+                                       $ su - root
+                                       $ echo "/openils/lib" > /etc/ld.so.conf.d/osrf.conf
+                                       $ ldconfig
+                                       </screen>
                                </figure>
                        </section>
                        <section>
                                <figure>
                                        <title>Example public and private domains in /etc/hosts</title>
                                        <screen>
-                               127.0.1.2       public.localhost        public
-                               127.0.1.3       private.localhost       private
-                               </screen>
+                                       127.0.1.2       public.localhost        public
+                                       127.0.1.3       private.localhost       private
+                                       </screen>
                                </figure>
                        </section>
                        <section>
                                <figure>
                                        <title>Commands to change file ownerships</title>
                                        <screen>
-                               $ chown -R opensrf:opensrf /openils
-                               </screen>
+                                       $ chown -R opensrf:opensrf /openils
+                                       </screen>
                                </figure>
                        </section>
                        <section>
                                <figure>
                                        <title>Commands to stop the <systemitem class="service">ejabberd</systemitem> service</title>
                                        <screen>
-                               $ /etc/init.d/ejabberd stop
-                               </screen>
+                                       $ /etc/init.d/ejabberd stop
+                                       </screen>
                                </figure>
                                <para>If <systemitem class="service">ejabberd</systemitem> reports that it is already stopped, it may have run into a problem starting back at the installation stage. One possible fix is to kill any remaining <systemitem class="daemon">beam</systemitem> and <systemitem class="daemon">epmd</systemitem> processes, then edit the configuration file <filename>/etc/ejabberd/ejabberd.cfg</filename> to hardcode a domain:</para>
                                <figure>
                                        <title>Commands to recover from <systemitem class="service">ejabberd</systemitem> errors</title>
                                        <screen>
-                               $ su - root
-                               $ epmd -kill
-                               $ killall beam; killall beam.smp
-                               $ rm /var/lib/ejabberd/*
-                               $ echo 'ERLANG_NODE=ejabberd@localhost' >> /etc/default/ejabberd
-                               </screen>
+                                       $ su - root
+                                       $ epmd -kill
+                                       $ killall beam; killall beam.smp
+                                       $ rm /var/lib/ejabberd/*
+                                       $ echo 'ERLANG_NODE=ejabberd@localhost' >> /etc/default/ejabberd
+                                       </screen>
                                </figure>
                        </section>
                        <section>
                </section>
                <section xml:id="serversideinstallation-proxy">
                        <title>Configuring a Proxy for the Staff Client</title>
+                       <para>By using an SSH proxy and an SSH tunnel, it is possible to provide secure (encrypted) network communications between the Staff Client and one or more Evergreen servers. In addition to providing excellent data security, this method also buffers and caches data travelling to and from the Staff Client and can speed up access to resources on remote Evergreen servers. This is important if your system architecture includes many Staff Clients and Evergreen servers in a busy environment, through network firewalls, or must operate over unsecure networks.</para>
                        <section>
                                <title>Why Use a Proxy for the Staff Client?</title>
                                <para>There are several reasons for sending network traffic for the Staff Client through an SSH proxy:</para>
                                <itemizedlist>
-                                       <listitem>
-                                               <para><emphasis role="bold">Firewalls</emphasis> may prevent you from reaching the server. This may happen when you are connecting the Staff Client to a test server that should not be available generally, or it may be the result of network design priorities other than ease of use.</para>
-                                       </listitem>
-                                       <listitem>
-                                               <para>You may wish to <emphasis role="bold">improve security</emphasis> where Staff Client traffic may be susceptible to network eavesdropping. This is especially true when wireless is otherwise the best option for connecting a staff machine to the network.</para>
-                                       </listitem>
+                                       <listitem><emphasis role="bold">Firewalls</emphasis> may prevent you from reaching the server. This may happen when you are connecting the Staff Client to a test server that should not be available generally, or it may be the result of network design priorities other than ease of use.</listitem>
+                                       <listitem>You may wish to <emphasis role="bold">improve security</emphasis> where Staff Client traffic may be susceptible to network eavesdropping. This is especially true when wireless is otherwise the best option for connecting a staff machine to the network.</listitem>
+                                       <listitem>You may wish to buffer and cache data from remote Evergreen servers to speed up access from Staff Clients.</listitem>
                                </itemizedlist>
                        </section>
                        <section>
index 539122c..3c49e3f 100644 (file)
        <glossdiv>
                <title>O</title>
                <glossentry id="OPAC">
-                       <glossterm>Online Public Access Catalog (OPAC)</glossterm>
+                       <glossterm>OPAC</glossterm>
                        <glossdef>
-                               <para>An online database of a library's holdings; used to find resources in their collections; possibly searchable by keyword, title, author, subject or call number.</para>
+                               <para>The "Online Public Access Catalog"; an online database of a library's holdings; used to find resources in their collections; possibly searchable by keyword, title, author, subject or call number.</para>
                        </glossdef>
                </glossentry>
        </glossdiv>
                                <para>A popular open-source object-relational database management system that underpins Evergreen software.</para>
                        </glossdef>
                </glossentry>
-       </glossdiv>
-       <glossdiv>
                <glossentry id="putty">
                        <glossterm>Putty</glossterm>
                        <glossdef>
                                <para>A popular open-source telnet/ssh client for the Windows and Unix platforms. More information is available at <ulink url="http://www.chiark.greenend.org.uk/~sgtatham/putty/">http://www.chiark.greenend.org.uk/~sgtatham/putty/</ulink>.</para>
                        </glossdef>
                </glossentry>
+       </glossdiv>
+       <glossdiv>
                <title>Q</title>
                <glossentry></glossentry>
        </glossdiv>
                                <para>A command language interpreter (shell) that executes commands read from the standard input. It is used to test the Open Service Request Framework (OpenSRF).</para>
                        </glossdef>
                </glossentry>
+               <glossentry id="ssh">
+                       <glossterm>SSH</glossterm>
+                       <glossdef>
+                               <para>An encrypted network protocol using public-key cryptography that allows secure communications between systems on an unsecure network. Typically used to access shell accounts but also supports tunneling, forwarding TCP ports and X11 connections, and transferring files.</para>
+                       </glossdef>
+               </glossentry>
+               <glossentry id="sshproxy">
+                       <glossterm>SSH proxy</glossterm>
+                       <glossdef>
+                               <para> As used in Evergreen, a method of allowing one or more Staff Clients to communicate with one or more Evergreen servers over an unsecure network by sending data through a secure SSH tunnel. It also buffers and caches all data travelling to and from Staff Clients to speed up access to resources on Evergreen servers.</para>
+                               <glossseealso otherterm="ssh"/>
+                               <glossseealso otherterm="tunneling"/>
+                               <glossseealso otherterm="sshtunnel"/>
+                       </glossdef>
+               </glossentry>
+               <glossentry id="sshtunnel">
+                       <glossterm>SSH tunnel</glossterm>
+                       <glossdef>
+                               <para>An encrypted data channel existing over an SSH network connection. Used to securely transfer unencrypted data streams over unsecure networks.</para>
+                               <glossseealso otherterm="ssh"/>
+                               <glossseealso otherterm="tunneling"/>
+                       </glossdef>
+               </glossentry>
                <glossentry id="SSL Certificate">
                        <glossterm>SSL Certificate</glossterm>
                        <glossdef>
        </glossdiv>
        <glossdiv>
                <title>T</title>
-               <glossentry></glossentry>
+               <glossentry id="tunneling">
+                       <glossterm>tunneling</glossterm>
+                       <glossdef>
+                               <para>A method of encapsulating data provided in one network protocol (the "delivery" protocol), within data in a different network protocol (the "tunneling" protocol). Used to provide a secure path and secure communications through an unsecure or incompatible network. Can be used to bypass firewalls by communicating via a protocol the firewall normally blocks, but "wrapped" inside a protocol that the firewall does not block.</para>
+                               <glossseealso otherterm="sshtunnel"/>
+                       </glossdef>
+               </glossentry>
        </glossdiv>
        <glossdiv>
                <title>U</title>