Table of
Contents
This System Manager's Manual
for the Advanced Weather Interactive Processing System (AWIPS) Local Data
Acquisition and Dissemination (LDAD) system provides the necessary information
to set up and configure the web based data dissemination system.
Please refer to the official AWIPS LDAD SMM for more information abouth
the LDAD architecture and other pertinant information.
Advanced weather dissemination to support emergency preparedness and the acquisition and processing of non-federal local meteorological observations are critical to the AWIPS enhancements program of Build 5.0 and beyond. The current method of alphanumeric weather dissemination cannot capture the detail of mesoscale weather events or convey the critical significance of AWIPS weather information to support effective emergency management response to hazardous weather.
The Local Data Acquisition and Dissemination (LDAD) Web Dissemination system will help the NWS test, evaluate and deploy the AWIPS Web interface technology for modernized local Weather Forecast Offices. This component of AWIPS will help improve the NWS WFO dissemination capabilities by using advanced web-based technologies that:
- Disseminate AWIPS weather information using advanced visualization and integration techniques that effectively conveys critical information to the emergency management.
- Disseminate Quality Control information back to the data provider for their data integrity management schemes.
- Facilitate two-way communications between WFOs and state and local government agencies.
- Disseminate AWIPS weather information using advanced visualization and integration techniques to the general public.
LDAD data is made available to the public via the Emergency Manager Decision Support (EMDS) system, which provides weather data to many users from the well-trained meteorologist to the general public. Its variety of products and display capabilities, however, is mainly intended for use in decision-making among the emergency response community. Formal training in meteorology is unlikely for much of the emergency response community. Nonetheless, many of their decisions hinge on timely weather status and prediction. The process of product selection has been designed to accommodate the user's skills, familiarity, and the potentially urgent nature of their tasks. Additionally, the EMDS system allows you to set up the display to your preferences.
There are many varied data types that are made available for dissemination via the EMDS system, such as gridded weather data sets; cross-correlated, quality-controlled weather observation data; radar data, and National Weather Service weather advisory and forecast text messages. The LDAD web dissemination works in conjunction with a data processing system to make these data sets available to the public.
The LDAD system resides on two separate AWIPS machines separated by a security firewall. Figure 3.1 shows schematically both sides of the LDAD system. The box on the right side of the Figure represents the part of LDAD that resides on the AWIPS LDAD Server (LS) machine which is accessible by the public. The left side of the Figure represents the AWIPS Data Server (DS) machine which is separated from the LS machine by a security firewall, as shown by the red box in the Figure. The four items contained in the boxes in the Figure: AWIPS Data, PollForData, HmIngest, and Web are all components of the LDAD web dissemination system and will be described in further detail in this document.
Figure 3.1 Simplified Data Flow Schematic
As mentioned above, there are many varied weather data types that are made available for dissemination via the EMDS system. These weather data sets include:3.2 PollForDataMost of these data sets are archived on the AWIPS DS machine in Network Common Data Form (netCDF) data files.
- Gridded Weather Data Sets, Such as LAPS, and MSAS Grids.
- Radar Reflectivity
- Radar Derived Rainfall Estimates
- Quality Controlled (QC) Local Surface Weather Observations
- METAR Surface Weather Observations
- Weather Spotter Reports
- Current NWS Weather Watch and Warning Text Messages
For more information about the netCDF file format, please refer to the UNIDATA web site at: www.unidata.ucar.edu/packages/netcdf/index.html. These netCDF data files are read by the AWIPS D-2D interactive weather forecaster workstation for display, and these files are also read by the LDAD EMDS web application for display as well.Other data in addition to these weather data sets can also be incorporated into the LDAD web dissemination EMDS display, such as:
Each of the weather data sets listed above reside on the AWIPS DS machine and are monitored by the PollForData process to see when new data is available.
- Graphics Interchange Format (GIF) Image Data Files
- Open Geographical Information Standard (GIS) Shapefiles
The PollForData process monitors a specific set of AWIPS data sets on a timed basis which are to be sent to the AWIPS LDAD Server (LS) machine for dissemination. The PollForData sub-system is made up of two (2) components. The first component is the pollForData.pl Perl script, and the second component is the pollForData.conf configuration file. The pollForData.pl Perl script is the process that runs on the AWIPS DS machine. At start-up, The pollForData.pl Perl script reads in the pollForData.conf configuration file which lists the AWIPS data files that are to be monitored. Here is a few line sample from the pollForData.conf file:3.3 HmIngest
###################################################################
pollForData.conf: configuration file for the LDAD polling function
#
# Each line describes one dataset via 7 fields
# Tag Source of data (unused)
# Key Description of the data
# Type "model, obs, radar, nwstext, localtext"
# Source "laps, msas, ifp, maps40, ruc, eta, mesoeta, avn, mrf";
# "metar, qcmesonet, hydro, manual";
# "r1r, r2r"; (radar IDs substituted during localization)
# "warning, watch, forecast, outlook, report, statement, qctext";
# "warning, watch, forecast, outlook, report, statement, qctext"
# DataType "Reflectivity, 1HourRain, 3HourRain, TotalRain, Tornado"
# (This field applies to radar only.)
# Scale "local, national" (dissemination system display scale)
# SrcDir Source directory (on ds).
# Time(s) The source directory is checked at these times (minutes past
# the hour) to see if the data have updated. If -1, checks at
# each pollForData cycle (30 seconds).
# Script "/awips/ldad/bin/sendLDADnotification.pl"
# Arguments Parameters passed to the script - always 'R "KKK FFF" HHH PPP'
# R means send to ls and notify hmIngest
# pollForData.pl makes substitutions for the rest with the key,
# file name, host, and internal port number, respectively.
# DestDir Destination directory (on ls).
#
###################################################################
# LAPS Analysis
FSL|model:laps:local|/data/fxa/Grid/FSL/netCDF/LAPS_Grid/LAPS|30,35,40|
/awips/ldad/bin/sendLDADnotification.pl R "KKK FFF" HHH PPP|
/data/ldad/public/Grid/LAPS
# MSAS Analysis
FSL|model:msas:national|/data/fxa/Grid/FSL/netCDF/MSAS|30,35|
/awips/ldad/bin/sendLDADnotification.pl R "KKK FFF" HHH PPP|
/data/ldad/public/Grid/MSASEach of the lines that have a "#" character in the first column are comment lines. The first non-comment lines in the file start after the "# LAPS Analysis" comment line and are shown in bold type in the example shown here. Each of the pipe (|) symbols are delimiters separating individual columns for each line in this table. Each column in this table is documented in the pollForData.conf file. Each field is described below:
Column 1: Tag Source of data (unused) Column 2: Factor dataType:dataSource:dataScale
types: "model, obs, radar, nwstext, localtext, radar"
sources: "laps, msas, ifp, eta, metar, qcmesonet"
scales: "local, national"Column 3: Source Dir Source directory on DS machine. Column 4: Time(s) The source directory is checked at these times (minutes past the hour) to see if the data have updated. If set to "-1" then checks every pollForData cycle (30 seconds). Column 5: Script Script that is run (sendLDADnotification.pl) when new data is available Column 6: Arguments Parameters passed to "Script" - always 'R "KKK FF" HHH PP', where:
R means send to the LDAD machine and notify hmIngest
The pollForData.pl script makes substitutions for the rest with the key, file
name, host, and internal port number, respectively.Column 7: DestDir Destination directory on the LDAD machine where the netCDF file (un-processed) will be written for public access. Using this line from the pollForData.conf file as an example:
# LAPS Analysis
FSL|model:laps:local|/data/fxa/Grid/FSL/netCDF/LAPS_Grid/LAPS|30,35,40|
/awips/ldad/bin/sendLDADnotification.pl| R "KKK FFF" HHH PPP|/data/ldad/public/Grid/LAPSIn this example, LAPS analysis netCDF data files located in the /data/fxa/Grid/FSL/netCDF/LAPS_Grid/LAPS
directory will be checked at 30, 35, and 40 minutes after the hour for new data. If a new file is found, the HmIngest sub-system (See Section 3.4, below) running on the LS machine is notified. The HmIngest sub-system processes the data and writes the processed data file to the /data/ldad/public/javadata directory where it is made available to the EMDS
web application application. Finally, the original netCDF file is written to the /data/ldad/public/Grid/LAPS for public access.The second argument in the example shown above, model:laps:local, is the Factor name. A Factor is an abstraction that allows classification of any particular type of data, such as temperature, humidity, latitude, wind, etc., as a generic Factor type. All of these types of data are classified simply as "factors". The format for the Factor name as described above is dataType:dataSource:dataScale. The first part of the Factor name, dataType, describes the type of data represented by this Factor. Typical data types are model (gridded model data sets), obs (observation data) , radar (radar data sets), and nwstext (NWS text messages). The middle part of the Factor name, dataSource, describes the source of the data. Data sources include: "laps (LAPS gridded data), msas (MSAS gridded data), eta (Eta-model gridded data), metar (METAR surface weather observation data), qcmesonet (Local quality controlled surface mesonet observation data), and ifp (Interactive Forecaster Preparation model grids). The last part of the Factor name, dataScale, is the scale that the data is to be displayed on. The possible scales are local (local scale), and national (national scale).
The Factor name field in the pollForData.conf file is passed along with the name of the file that is to be processed to the HmIngest sub-system running on the AWIPS LDAD Server (LS) machine. The HmIngest sub-system is described below.
The HmIngest sub-system is a made up of set of software components written in Java that takes AWIPS data sets and makes them available to the public via the LDAD EMDS web dissemination system. The HmIngest sub-system runs entirely on the AWIPS LDAD Server (LS) machine, as shown in Figure 3.1, above. The process that runs the HmIngest sub-system is called the hmingestd.class executable, which is a server process in a clinet/server architecture that gets notified when new data is available for dissemination. The hmingestd server is a persistent process that functions as a data pre-processor. It reads in raw AWIPS data files in netCDF or other standard formats and using various configuration files, generates a smaller, compressed Java serialized data file for use by the Java applets or applications. Here is a hierarchical listing of the main pieces of Java source code that make up the HmIngest subsystem of LDAD:
Figure 3.2 Herarchical listing of hmIngest Classes3.4 Web
StreamMill.java This file handles all data that is in a byte stream format (e.g. radar data sets). TextFactorMill.java This file handles all the NWS text message data. GridFactorMill.java This file handles all gridded data sets (e.g. LAPS, MSAS, etc.). ObsFactorMill.java This file handles all surface weather observation data (e.g. METAR, LDAD mesonet data, etc.). Each of these Java files are "FactorMills", which means that they process Factors. As mentioned above, a Factor is an abstraction that allows classification of any particular type of data, such as temperature, humidity, latitude, wind, etc., as a generic Factor type. The hmingestd.class file resides on the AWIPS LDAD Server (LS) machine in the /ldad/bin directory. All the Java class files needed by the hmingestd process at run-time are stored on the LS machine in the /ldad/classes directory. The class files for the FactorMills listed above are located in the /ldad/classes/hmserve/ingest directory.
When the netCDF data arrives on the AWIPS LS machine it is put into the /data/ldad/hmIngest directory, and the hmingestd process gets notified of the data's arrival. The hmingestd process will use one of the FactorMill classes described above to process the raw netCDF data file and write the processed Java Serialized Object (JSO) files to the /data/ldad/public/javadata directory where they are available for Web Dissemination. Each individual FactorMill can process a certain set of data types. As shown above, the GridFactorMill processes all gridded data sets, such as the LAPS analysis grids. Each individual data set that a particular FactorMill processes may contain many different weather parameters (Factors) such as temperature, wind, sea level pressure, etc. When the hmingestd process gets a new file to process it is sent a FactorName of the format of dataType:dataSource:dataScale, as described above. The hmingestd process will instantiate the appropriate FactorMill from the list of four (4) above based upon the FactorName that it received. The FactorMill will use this FactorName to read in configuration files that completely describe the data.
All of the LDAD data that is made available for dissemination via the web are defined by configuration .cnf files. These files completely describe the data such as, data type, units, and maximum and minimum values. These configuration files are stored on the LS machine in the /ldad/data/factor directory. In addition to these configuration files that describe each individual Factor, there is also a set of configuration files that describe how the data is to
be processed. These configuration files map the individual data types to one of the four (4) FactorMills described above, which process and store the data. In addition, these configuration files map the raw data to the units that are to be displayed on the EMDS Web dissemination system. This second set of configuration files are stored on the LS machine in the /ldad/data/ingest directory.
Figure 3.3 EMDS Display
The EMDS System reads the JSO files generated by the HmIngest sub-system from the /data/ldad/public/javadata directory. Refer to the online EMDS Users Manual for a complete description of the EMDS System. Figure 3.3 shows a screen shot from a EMDS display, where the data is read from /data/ldad/public/javadata to render the graphics.
In the Figure, the left display panel shows an image depiction of a temperature analysis grid with temperature contours overlaid on top of the image. The right display panel shows a National Weather Service (NWS) Rangeland Fire Danger Forecast text message. All of the menus that are available along the menu bar of the EMDS display can be configured in the field to a local site. The Configurator application can be used to configure the web applet/application menus to your preferences.
As mentioned above, there are many varied data types that are made available
for dissemination via the EMDS system, such as gridded weather data sets;
cross-correlated, quality-controlled weather observation data; radar data,
and National Weather Service weather advisory and forecast text messages.
In addition to these data, data from the Interactive
Forecast Preparation (IFP) system forecast grids can also be displayed.
These IFP forecast grids can be large, and so it is recommended that only
those grids that are most useful to your site be incorporated into the
EMDS System. The IFP grids that will be processed are listed in a
configurable table, called the ParmToIFP.table. Thisfile
is locaed on the on the AWIPS LDAD Server (LS) machine
in the /ldad/data directory. Here a copy of the ParmToIFP.table
along with a brief description of the columns in the table:
| # IFP
Parm
Process?
# name name (yes/no) #------- --------- ------- #---------------------------------------------- T | TempAir | yes Td | TempDewPoint | yes Wind | WindVector | yes Sky | PercentCloudCover | yes QPF | TotalPrecip | yes PoP | ProbabilityOfPrecip | yes SnowAmt | 1HourSnow | yes MaxT | TempAirMaxDay | yes MinT | TempAirMinDay | yes Wx | PresentWeather | no FzLevel | FreezingLevel | yes Wave | WaveHeight | yes Swell | SwellHeight | yes CWR | ChanceOfWettingRain | yes LAL | LightningActitityLvl | yes Haines | HainesIndex | yes MixHgt | MixingHeight | yes FreeWind | FreeAirWind | yes TransWind | TransportWind | yes |
| #IFP | Parm | Process |
| #name | name | (yes/no) |
| #------- | ---------- | ---------- |
| #------------------------------- | -------------------------------- | ------------------------ |
| T | | TempAir | | yes |
| Td | | TempDewPoint | | yes |
| Wind | | WindVector | | yes |
| Sky | | PercentCloudCover | | yes |
| QPF | | Total Precip | | yes |
| PoP | | ProbabilityOfPrecip | | yes |
| SnowAmt | | 1HourSnow | | yes |
| MaxT | | TempAirMaxDay | | yes |
| MinT | | TempAirMinDay | | yes |
| Wx | | PresentWeather | | no |
| FzLevel | | FreezingLevel | | yes |
| Wave | | WaveHeight | | yes |
| Swell | | SwellHeight | | yes |
| CWR | | ChanceOfWettingRain | | yes |
| LAL | | LightningActivityLvl | | yes |
| Haines | | HainesIngex | | yes |
| MixHgt | | MixingHeight | | yes |
| FreeWind | | FreeAirWind | | yes |
| TranWind | | TransportWind | | yes |
Each of the lines that have a "#" character in the first column
are comment lines. Each of the pipe (|) symbols are
delimiters separating individual columns for each line in this table.
The parameters in the first column are the abreviated names of each of
the IFP weather parameters. These are the names of the fields as
they appear in the raw data files that we process. The next (second)
column gives the longer parameter name that we use to store the data on
the LDAD Server machine for dissemination. The last column tells
the HmIngest sub-system whether a particular parameter is to be
processed. Currently we cannot process the IFP present weather (PresentWeather)
data, so the column next to this field is maked "no", so it won't
get processed. So as mentioned above, these
IFP forecast grids can be large, and so it is recommended that only those
grids that are most useful to your site be incorporated into the EMDS System.
Turn-off
all
grids that you don't feel that you will need at your site by setting the
last column in the ParmToIFP.table to be "no".
The LDAD Web Page allows the user to run the EMDS System either as a web applet or as an application that he downloads to his local machine. See Figure 3.4, below.
Figure 3.4 LDAD Web Page
There are two ways that the LDAD system can be stopped and started. The first way is to use the LDAD System Monitor and Control System, which is a Web-based system that allows the site to monitor LDAD connectivity and processes.
The Monitor checks on all LDAD processes, systems, and data to provide a visual interface of current LDAD performance for the site LDAD Administrator. The primary interface is via a WWW browser to the LDAD Monitor Summary portion of the AWIPS System Monitor. See the LDAD System's Managers Manual for a detailed description on System Monitor and Control, and refer to Section 8.1.2 which deals with Restarting the system.The second method for stopping and re-starting the LDAD system is to "do it by hand". Here is a listing of the persistent LDAD processes that should be running on both the AWIPS DS and LS machines:
AWIPS DS MACHINE AWIPS LS MACHINE watchDogInternal.sh newLDADdataNotification pollForData.pl MakeLDApage ldadServer watchDogExternal.sh routerStoreNetcdf java -mx65536000 hmingestd listener CO_serv CommsRouter MakePROCpage DataController routerStoreText routerShefEncoder routerLdadDecoder
To Stop the LDAD system, follow these steps:(1) Log onto the AWIPS DS machine.
(2) Become "ldad" (sudo su - ldad).
(3) Change directories to the ${LDAD_HOME}/bin directory.
(4) Run the LDAD Stop script: stopLDAD.sh
To Start the LDAD system, follow these steps:(1) Log onto the AWIPS DS machine.
(2) Become "ldad" (sudo su - ldad).
(3) Change directories to the ${LDAD_HOME}/bin directory.
(4) Run the LDAD Start script: startLDAD.csh
There are many web servers that could be utilized to serve data to an LDAD EMDS client. In particular, AWIPS has been using Netscape's FastTrack Web Server on their Application and LDAD servers and and some regional headquarters and other sites have been using the Apache web server on either the Windows NT or the Linux platforms. Since the server that the EMDS client could be connecting to could be either Netscape FastTrack or the Apache, this section contains both Netscape FastTrack and the Apache web servers configuration files. Additional guidance will be provided on the creation of these configuration files. For a more in depth review and understanding of these server, the reader is encouraged to view the documentation that is available for both web servers.
4.0 LDAD Web Server ConfigurationBoth the Apache and Netscape's FastTrack are based on the original NCSA Http Server, thus making them very similar in their configuration items. The basic differences are in the interfaces in performing the configuration. In this chapter, we assume that the FastTrack Web Server is on a HP platform running HPUX and the Apache Web server is on a Linux platform.
4.1 Netscape FastTrack on HPUX
This document describes briefly how to setup, configure and administer the Netscape FastTrack V2.0. This web server has a GUI for the administration of the web server. You can start/stop and configure a new web server from the ground up using this interface. However, as a default, this administration interface will not be available until you start it up. The current settings of AWIPS does not automatically start this administration interface for security reasons. Setting the administration GUI to be secure just requires that it only allows specified hosts to be able to access it. See the Netscape FastTrack Administration documentation for more information.
Starting the Web Admin Interface.
As root on the web server:cd /opt/ns-fasttrack./start-adminThe system will respond with a status message indicating a success or failure. Then using a browser running on the web server machine, type in the following URL:http://YourWebSite.YourDomain:17482You will be prompted with a user name and password. Enter in the password that was provided to you by the installer of the web server. If for some reason, that is unavailable, do the following as root:vi /opt/ns-fasttrack/admserv/admpwYou should see something like the following:root:XXXXXXXXX
Remove the XXXXXXXX part and save. Then go to http://YourWebSite.YourDomain:17482. Type in root for the Username and then click the OK button. You will have to use the Admin interface to change the password. See the FastTrack Admin documentation on how to do this. This document, admguide.ps.gz, (in a compressed postscript format) is normally located in the /opt/ns-fasttrack/doc directory.
Web Server Settings
Using the Admin GUI, make the appropriate changes to the Web Server to the following Settings. Alternatively, you can cut and save the configuration files: magnus.conf, obj.conf and mime.types to the /opt/ns-fasttrack/[YOURWEBSITEDIR] directory where [YOURWEBSITEDIR] refers to the name of your website or httpd-default. Note: When you change the configuration, you will get a response form the Admin GUI upon login that there were changes. Click on the accept changes and Reload button. This will synchronize the Admin GUI and the settings in the configuration files.The table below list the System Settings screen shot for the webserver at a test site. Each item that has been changed from the defaults are highlighted and linked to the appropriate location in the configuration file. A brief comment about that item is provided in the configuration file. For a more in depth understanding of these variables, please refer to the Netscape FastTrack Web Server documentation.
View Server Settings
httpd-ls1-fsld: The server is currently up.
Technical Settings (magnus.conf) Server Root: /opt/ns-fasttrack/httpd-ls1-fsld. Hostname: ls1-fsld.fsl.noaa.gov. IP address: 137.75.59.53. Port: 80. Error log: /opt/ns-fasttrack/httpd-ls1-fsld/logs/errors. User: ldad. Processes: 2. Minimum threads: 4. Maximum threads: 32 DNS: off. Security: off.
Table 4.1: View of the NS FastTrack Web Server Settings
Content Settings (obj.conf) For the entire server: Additional Document Directory:
Prefix /ns-icons.
Directory /opt/ns-fasttrack/ns-icons.Additional Document Directory:
Prefix /mc-icons.
Directory /opt/ns-fasttrack/ns-icons.CGI directory:
Prefix /cgi-bin.
Directory /data/ldad/emwww/cgi-bin.Primary Document Directory:
Directory /data/ldad/emwww/htdocs.Index filenames:
File names index.cgi,index.shtml,index.html.Restrict access: Read allowed. Restrict access: Write denied. Default MIME type: text/plain. Directory indexing: fancy. CGI file type: active. Server parsed HTML: with exec tag. Access log:
Path /opt/ns-fasttrack/httpd-ls1-fsld/logs/access.Restricting Access to the Web Server
After the server setup, use the GUI Admin tool to restrict access to this website to everyone but those registered to this site. You can do this via the Access Control Button at the top of the GUI. Clicking that button will take you to another interface where you will the table of contents shown below:
Figure 4.1. Table of Contents of the Access Control button.Clicking the Restrict Access link on the Table above or the Restrict Access link in View server Settings link will take you to the next window:
Figure 4.2. Restrict Access Window
If the "Access Control" lable in the third row states Access Control is Off, then Click the button "Turn On access control". The screen should like like the above. Set both access types to be "Deny". Then Click the Permissions button for Read and set the permissions as follows:
Figure 4.3. Read Access window to specify who has read access to the web server.The "Hosts Always Allowed Access" should include all those IP addresses that you would like to be able to access the web server without any additional authentication. Those users that may not have a static IP address, you could generate groups and users using this GUI and specifying these users/and or groups. The default load of the Web Disemination package includes 3 default groups:
1) WFO - Should include all users in the WFO
2) Coop Agencies - All cooperative agencies users
3) Emergency Managers - All EM type users.In addition, the default load includes the following users, where each user belongs to 1 or more of the above groups.:
1) ldad:WFO
2) soo:WFO
3) mic:WFO
4) testCoop:Coop. Agencies
5) testEM: Emergency ManagersThe default password for these users is the username plus the number 1. For example, the password of soo is soo1. Please change these passwords and/or remove these test accounts immediately. To create users and groups use the "Create User" and "Create Group" link shown in Figure 1. Follow the directions as specified in the NS FastTrack documentation.
Once the users are created and designated into one of the groups, then acces to the web server can be determined b groups, rather that listing all the individual users who has access. The reason, for separating out Coop Agencies users and Emergency Manager users into their groups is to enable the possibility that these types of users may eventually have a different set of capabilities on the Web Server. A user can belong to more than one group. Then the users takes on the privileges and capabilities of both groups.
Note: If you make changes using the admin GUI, be sure to hit the "Save and Apply" button. This action will force the system to update the configuration file and do a soft restart of the web server with the new settings.
Note: If you make changes via editing the configuration files manually, then be sure that the next time you use the admin GUI, to "OK" the reload of the changes. This message will be displayed because there is an inconsistency between what the admin GUI thinks is the configuration and the web server. By accepting and clicking "OK to update, it syncrhonizes the configuration file and the admin GUI.
4.2 Apache on HPUX or Linux
The Apache Web server has a proven record in providing a stable efficient web access to clients. Although a freeware, it is being used by numerous commercial sites for their web server. It is more scalable than the Netscape FastTrack but does not have a GUI administration interface. On a Linux system, one can use Linuxconf to configure some parts of Apache, but this document will only describe how to configure Apache via editing the configuration files directly and using a command line program to create/manage users and groups.The example configuration files provided in Appendix D, E, F are for a Linux PC running Apache V1.3.6 This server uses a virtual host setup where you could potentially host multiple websites form this same server. Items that have been changed from the default configuratin files are in the BernhardMod BT font.
There are 3 configuration files that Apache uses:
1) httpd.conf - The primary configuration file that tells the server which modules to use.
2) srm.conf - Here you define the name space that users see of your http server. This file also defines server settings which affect how requests are serviced, and how results should be formatted.
3) access.conf - Global access configuration. This is where you set the users, group and domain/Ip accessibility.You can use the files in the Appendices to configure your Apache website. Change all references in the BernhardMod BT font to the appropriate values for your site. There are three main items:
YOURWEBSITEDIR - This is the root directory for this web site.
YOURWEBSITENAME - The URL name for this web server
WebMaster@YourDomain - The email address for the WebMaster.One caveat however is that the dbmmanage program that comes standard with Apache does not perform any kind of group management. Listed in Appendix G is a hacked version of dbmmanage that fixes this oversight. Use dbmmanage to generate a user/group file in a location that is not accessible from the web. e.g. /etc/httpd/users. dbmmanage is a perl script and is usually located in /usr/bin. Using this version of dbmmanage, generate the users and groups that you want.
e.g.To add a new user called Kevin in the DBM file named /etc/httpd/users who is in the EmergencyManagers group and user soo in the WFO group:
cd /etc/httpddbmmanage users adduser Kevin Kevin'sPassword EmergencyManagersdbmmanage users adduser soo soo'sPassword WFO
Once you update the config files, if the Apache web server is running, send a signal to the Apache web server to re-read the configuration files. As root:export httpPid=`cat /var/run/httpd.pid`kill -USR1 $httpPid
Or, if the web server is not running, start the web server. As root:
/etc/rc.d/init.d/httpd start
5.0 LDAD Web Dissemination Installation Guide5.1 Introduction
The following installation instructions are used to update the LDAD Web Dissemination component on an AWIPS 4.2 or higher version system. The web dissemination system is a module that can be loaded separately on top of an existing AWIPS system without negatively impacting current processes. The LDAD system was designed with the dissemination component included in the LDAD package. Therefore, network traffic across the firewall and LAN issues should not be a major concern.Note: If you received an official release of software from NWS or PRC on CDs or other media, follow the instructions included with that release. In this event, disregard these installation instructions and proceed as directed in the supplied instructions.
5.2 Intended Audience
This installation guide is intended to be utilized by the ESA at the WFO offices. The LDAD Web Dissemination Installation Guide describes the procedure for successfully installing the LDAD Web Dissemination software in the WFO.
AWIPS Build4.2 or Higher LDAD Installation
5.3 Package Components
The software supplied for the upgrade to an AWIPS Build4.2 or higher system is comprised of one tar file containing files that are changed from the existing AWIPS LDAD system and an installation script.
- ldadjavaA.tar
- ldadjavaA.install
5.4 Pre-Installation Verification
- Verify that the following directories exist on the LDAD Server (LS). If the directories do not exist, create them.
/data/ldad/emwww/
/data/ldad/pubwww/
/data/ldad/www/
/data/ldad/public/
/data/ldad/public/Grid/
/data/ldad/public/Grid/ifp/
/data/ldad/public/Grid/ifp/Official
/data/ldad/public/Grid/ifp/Eta
/data/ldad/public/Grid/ifp/RUC
/data/ldad/public/Grid/ifp/MRF
/data/ldad/public/Grid/AVN/
/data/ldad/public/Grid/Eta/
/data/ldad/public/Grid/LAPS/
/data/ldad/public/Grid/MAPS40/
/data/ldad/public/Grid/MRF/
/data/ldad/public/Grid/MSAS/
/data/ldad/public/Grid/MesoEta/
/data/ldad/public/Grid/RUC/
/data/ldad/public/javadata/
/data/ldad/public/nexrad/
/data/ldad/public/nwswwas/
/data/ldad/public/point/
/data/ldad/public/point/hydro/
/data/ldad/public/point/manual/
/data/ldad/public/point/mesonet/
/data/ldad/public/point/metar/
/data/ldad/public/point/qcmesonet/
/data/ldad/public/qcmessages/
/data/ldad/public/qcobs/- Verify that the correct version of Java is loaded on the LS and exists in /opt/java/bin. The following command will return the version of Java currently on the system:
/opt/java/bin/java -version
This command should return:
java version "HP-UX Java C.01.17.01 99/04/21"
java version "HP-UX Java B.01.12.01 1997/07/31"
or
If the above command returns the second response, then you are using Java version 1.12. The system will run, however, we have seen 2-3 times performance improvement of the hmIngest daemon when using Java version 1.17. Java Version 1.17 is the version to be used in Build5.0.
- cd /data/ldad/emwww/htdocs as userid root and verify that all files and links are owned by ldad.
cd /data/ldad/emwww/htdocs
ls -alIf links are owned by userid root then:
chown -h ldad:ldad [link files]
5.5 Installation
- On the LDAD Server (LS) as userid ldad, copy the ldadjavaA.tar file to a location having adequate space, e.g. /data/ldad.
- Copy the ldadjavaA.install file to /ldad/bin
- chmod 744 /ldad/bin/ldadjavaA.install
- cd ~ldad/bin
- To capture the output from the script execution in Step 5, type
script ldadjavaA.install.out
- Execute the ldadjavaA.install script:
/ldad/bin/ldadjavaA.install [Web Site Name] [Tar File]
For example: /ldad/bin/ldadjavaA.install emwww /data/ldad/ldadjavaA.tar
- Type exit to terminate the script command in Step 4. Sample output from executing the ldadjavaA.install script can be found in Appendix A.
- On the Data Server (ds1) as userid ldad, save files and then copy new file from the LDAD Server (LS):
cp -p ~ldad/bin/pollForData.pl ~ldad/bin/pollForData.pl.ORIG
cp -p ~ldad/bin/runPerlCmd.pl ~ldad/bin/runPerlCmd.pl.ORIG
cp -p ~ldad/bin/LocalizeWWW.pl ~ldad/bin/LocalizeWWW.pl.ORIG
cp -p ~ldad/bin/map_localization.pl ~ldad/bin/map_localization.pl.ORIG
cp -p ~ldad/data/pollForData.conf ~ldad/data/pollForData.conf.ORIG
cd ~ldad/bin
rcp ls1:/ldad/bin/pollForData.pl pollForData.pl
rcp ls1:/ldad/bin/runPerlCmd.pl runPerlCmd.pl
rcp ls1:/ldad/bin/map_localization.pl map_localization.pl
rcp ls1:/ldad/bin/LocalizeWWW.pl LocalizeWWW.pl
chmod 755 pollForData.pl runPerlCmd.pl
chmod 755 LocalizeWWW.pl map_localization.pl
cd ~ldad/data
rcp ls1:/ldad/data/pollForData.conf pollForData.conf
rcp ls1:/ldad/data/localizeWWW.conf localizeWWW.conf
rcp ls1:/ldad/data/syncFiles.txt syncFiles.txtNote: The runPerlCmd.pl, LocalizeWWW.pl, map_localization.pl, localizeWWW.conf and syncFiles.txt may not be on your system. If they are not, that is OK.
Note: For failover purposes, perform the above steps on the failover node (ds2).
5.6 Post Installation/Localization
5.6.1 Web Dissemination Localization Procedure
- Log on the Data Server as userid ldad.
- Change directory to ~ldad/bin
cd ~ldad/bin
- Capture the output from executing the Web Dissemination localization script:
script LocalizeWWW.out
- Execute the Web Dissemination localization script:
~ldad/bin/LocalizeWWW.pl -c CCC -x XXX -r kxxx -d 7 -i [site id]
where:
c - CCC (from AFOS id)
x - XXX (from AFOS id)
r - radar associated with your localization
d - level of debug (values 1 through 10)
i - 3-letter site id
For example:~ldad/bin/LocalizeWWW.pl -c DEN -x DEN -r kftg -d 7 -i BOU
Note: For multiple site radars, the syntax would be like this:
~ldad/bin/LocalizeWWW.pl -c CCC -x XXX -r kxxx:kxxx -d 7 -i [site id]
- Type exit to terminate the script command in Step 3.
- Refer to Appendix B for an example of output from executing the LocalizeWWW.pl script.
5.6.2 Web Dissemination Map Localization Procedure
- Log on the Data Server as userid ldad.
- Change directory to ~ldad/bin.
cd ~ldad/bin
- Capture the output from the executing the map localization script:
script map_localization.out
- Execute the map localization script:
/usr/local/perl5/bin/perl map_localization.pl -i [site id] -d 7
where:
Example:
i - 3-letter site id
d - level of debug (values 1 through 10)~ldad/bin/map_localization.pl -i BOU -d 7
- Type exit to terminate the script command in Step 3.
- Refer to Appendix C for an example of output from executing the map_localization.pl script.
5.6.3 Stopping pollForData Process
- As userid ldad, stop the pollForData process. The watchDog will restart it!
setenv pollPID `ps -aef | grep pollForData.pl | grep -v grep | awk '{print $2}'`
kill $pollPIDWait for 30 seconds......
ps -aef | grep pollForData.pl
- If the process is not running, check for the existence of the file /awips/fxa/bin/Signal.pm and /awips/fxa/bin/SignalHandler.pm on the Data Server.
ls -al /awips/fxa/bin/Signal.pm
ls -al /awips/fxa/bin/SignalHandler.pmIf the above two files do not exist, copy them from the LS.
rcp ls1:/ldad/bin/Signal.pm ~ldad/bin/Signal.pm
rcp ls1:/ldad/bin/SignalHandler.pm ~ldad/bin/SignalHandler.pm
As userid fxa
and
cp ~ldad/bin/Signal.pm ~fxa/bin/Signal.pm
cp ~ldad/bin/SignalHandler.pm ~fxa/bin/SignalHandler.pm
chmod 755 ~fxa/bin/Signal.pm ~fxa/bin/SignalHandler.pm
5.6.4 Starting the External Processes
- On the external server (ls1) as userid ldad, copy the /ldad/bin/startLDADexternal.csh file and then change the hmIngest start command.
cp -p /ldad/bin/startLDADexternal.csh /ldad/bin/startLDADexternal.csh.ORIG
vi /ldad/bin/startLDADexternal.cshAdd -Drun.log.dir=${LDAD_EXTERNAL_LOGDIR} to the command as shown below:
$JAVA-DIR/java -mx65536000 -Drun.root.dir=$LDAD_EXTERNAL_HOME \
-Drun.config.dir=$LDAD_EXTERNAL_HOME/data \
-Drun.data.dir=/data/ldad/public/javadata \
-Drun.log.dir=${LDAD_EXTERNAL_LOGDIR} \
-Drun.ldaddata.dir=/ldad/data \
hmingestd -d -t $LDAD_EXTERNAL_HOME>> $logFnm 2>&1 &
- Copy the /ldad/bin/watchDogExternal.sh file and then change the hmIngest start command:
cp -p /ldad/bin/watchDogExternal.sh /ldad/bin/watchDogExternal.sh.ORIG
vi /ldad/bin/watchDogExternal.shAdd -Drun.log.dir=${LDAD_EXTERNAL_LOGDIR} to the command as shown below:
$JAVA_DIR/java -mx65536000 -Drun.root.dir=$LDAD_EXTERNAL_HOME \
-Drun.config.dir=$LDAD_EXTERNAL_HOME/data \
-Drun.data.dir=/data/ldad/public/javadata \
-Drun.log.dir=${LDAD_EXTERNAL_LOGDIR} \
-Drun.ldaddata.dir=/ldad/data \
hmingestd -d $LDAD_EXTERNAL_HOME>> $logFnm 2>&1 &
- Change the FXA_SITE_ID to match the Site ID used in this install.
vi /ldad/.environs
(Make sure that the value of FXA_SITE_ID matches the Site ID that you used in this install.)
- As userid ldad, restart the external processes:
/ldad/bin/startLDADexternal.csh
5.6.5 Localizing the EMDS Application/Applet for Your Local Data Providers
This step will populate the Quality Control (QC) menus for the EMDS application/applet (see Section 3.4 , above) with the names of the local (LDAD) data providers at your site. This step is to be run after you have re-started LDAD and then let it run for two (2) days. You must wait two days, or so, in order to allow the MSAS QC system running at your site to ingest all of the data providers that are available in your LDAD system.
- Log on the LDAD Server (LS) machine as userid ldad.
- Change directory to /ldad/bin.
cd /ldad/bin
Make sure that the file "PostConfigure.pl" is in the /ldad/bin directory. If it isn't, then get it from the ~ldad/bin directory on the Data Server (DS) macine.
- Execute the script to localize your EMDS application/applet for your local data providers:
/usr/local/perl5/bin/perl PostConfigure.pl -t qc -i [site id]
where:
Example:
i - 3-letter site id
/usr/local/perl5/bin/perl PostConfigure.pl -t qc -i BOU
6.0 Utilities
The EMDS system includes 2 utility programs; MapClipper and Sync. MapClipper is used to store map data as a compressed (gzip) serialized file and sync allows the client to be notified and allows the users to synchronize with their registered WFO's.6.1 Map Clipper and Compressor - MapClipper
MapClipper is used to store map data as a compressed (gzip) serialized class. It is a java program that you can start in both command mode or by using the MapClipper icon (for users who have downloaded and installed the EMDS application. Mapclipper saves the clipped and compressed files to the current working directory. They must still be copied the the "..../localizations/[siteId]/mapdata" directory or the "localConfig" directory to be used. MapClipper requires 11 parameters as shown below:
Shapefile Name (without the suffix). "Clip" North West corner in degrees longitude. North West corner in degrees latitude. North East corner in degrees longitude. North East corner in degrees latitude. South West corner in degrees longitude South West corner in degrees latitude. South East corner in degrees longitude South East corner in degrees latitude. 3 character siteId. Both options will be described below.
6.1.1 MapClipper in interactive mode.
Users can start MapClipper in interactive mode in 2 ways. For those users who have installed the EMDS gui on their PC's, you will see an icon labeled MapClipper on your desktop. Double-clik this icon and MapClipper is started. On a Unix/Linux system you will have to start in using the following command:
java ldadapp.shape.MapClipper
(Make sure that the CLASSPATH is defined and points to the directory where the EMDS is installed.)Upon startup, a dialog box describing MapClipper is displayed and then a series of dialogs requesting the input of the various parameters MapClipper requires. The first dialog is a "File Open" dialog allowing you to browse the disk for the appropriate shape file (*.shp). (Note: You have to have the 2 other associated shape file i.e. *.dbf and *.shx in the same directory) The a series of dialogs requesting input for the clip region will be displayed. Enter each corner longitude and latitude one at a time. After completion, you will have to copy the generated files i.e. *.shpm.gzip and *.dbfm.gzip to the appropriate location.
Figure 6.1 MapClipper startup dialog
If you are the WFO LDAD administrator: Move them to /ldad/data/localizations/[siteId]/mapdata. Then add these filenames to the file /data/ldad/emwww/syncFiles.txt. Adding these filenames will push out these added files to the users.
If you are a user: Move them to the ...."EMDS installation directory"/localConfig. Then you can add the menu items that will display these shape file using the Configurator.
6.1.2 MapClipper in batch mode.
The batch mode option for MapClipper is also available to allow for user to clip multiple files in a batch file. You can list out a number of files to be clipped in a batch file and then run the batch file. You have to provide the full path to the file and remember that the program puts the resultant file in the same directory as the original.For each file to be clipped add a command line that follows this pattern. Note that all <> parameters are required.
java -mx54536000 ldadapp.shape.MapClipper <filename (without suffix)> Clip <NW Lon> <NW Lat> <NE Lon> <NE Lat> <SW Lon> <SW Lat> <SE Lon> <SE Lat> <Site Id>
Examples:
java -mx54536000 ldadapp.shape.MapClipper northamerica_001 Clip -152.856 49.500 -49.385 49.500 -133.459 12.190 -65.091 14.335 BOU
java -mx54536000 ldadapp.shape.MapClipper cous_0005 Clip -107.8875 41.9901 -100.70689 42.407955 -107.74974 37.022182 -101.0305 36.56353 BOU
6.2 Synchronization between Client and Server - Sync
Everytime the users starts up the EMDS application, they will be provided with a dialog to synchronize with their registered WFO. (The registered WFO is the WFO Web Server URL that the user selected when they first ran sync.) Clicking yes to perform a Sync check could take a couple of minutes. Upon startup, users will be provided with a dialog listing the current registered website that they will be sync-ing to. User could select any other site at this point and they will be sync-ed to that website. (Note: Sync-ing to a different site will require registration with that site and require a manual change of the siteId.txt file.) Upon completion, Sync will report whether there are newer files on the server to be downloaded. Users have a choice to Sync or not to Sync. Although a good question, it is recommended that they Sync. This process will update all the default files from the LDAD Web Server. It will not modify or delete any file in their localConfig directory or make any changes to the menus etc that they have created.Sync can also be started up as an independent application using the Sync icon, running "java Sync" in a command line or by using the Synchronize Application menuitem in teh File menu of EMDS.
Figure 6.2 Sync startup dialog.
# #
Appendix A: magnus.conf -- Netscape FastTrack HTTP server configuration file
# # magnus.conf -- Netscape FastTrack HTTP server configuration file
# #
# The directory for this server's config files etc. The standard one is /opt/ns-fasttrack/httpd-default unless
# you create one that is named for the webserver name.
#ServerRoot /opt/ns-fasttrack/httpd-ls1-fsld
# ServerName is the URL of your web Server e.g. www.crh.noaa.gov etc
ServerName ls1-fsld.fsl.noaa.gov
#Address is the IP address of your server
Address 137.75.59.53
Port 80
LoadObjects obj.conf
RootObject default
ErrorLog /opt/ns-fasttrack/httpd-ls1-fsld/logs/errors
PidLog /opt/ns-fasttrack/httpd-ls1-fsld/logs/pid
# The user you want the web server to run as.
User ldad
#MaxProcs - Choose a number that is reasonable for your webserver. For the standard LS use the following numbers.
# If you have a powerful dual-proc system that has a better backplane maybe a D350, then by all means increase to 10.
MaxProcs 5
# Similar analysis for Threads.
MinThreads 8
MaxThreads 32
DNS off
Security off
Ciphers +rc4,+rc4export,+rc2,+rc2export,+des,+desede3
SSL3Ciphers +rsa_rc4_128_md5,+rsa_3des_sha,+rsa_des_sha,+rsa_rc4_40_md5,+rsa_rc2_40_md5,-rsa_null_md5
ACLFile /opt/ns-fasttrack/httpacl/generated.httpd-ls1-fsld.acl# #
Appendix B: obj.conf -- Netscape FastTrack HTTP server configuration file
# # obj.conf -- Netscape FastTrack HTTP server configuration file
# #
# Netscape Communications Corporation - obj.conf
# You can edit this file, but comments and formatting changes
# might be lost when the admin server makes changes.Init fn="flex-init" format.access="%Ses->client.ip% - %Req->vars.auth-user% [%SYSDATE%] \"%Req->reqpb.clf-request%\" %Req->srvhdrs.clf-status% %Req->srvhdrs.content-length%" access="/opt/ns-fasttrack/httpd-ls1-fsld/logs/access"
Init fn="load-types" mime-types="mime.types"<Object name="default">
NameTrans fn="pfx2dir" from="/ns-icons" dir="/opt/ns-fasttrack/ns-icons"
NameTrans fn="pfx2dir" from="/mc-icons" dir="/opt/ns-fasttrack/ns-icons"
# This creates an alias between /cgi-bin to the directory that we want it to go to
# i.e. /data/ldad/emwww/cgi-bin. Also, it tells the web server that whatever is in this directory can
# be called as a CGI script.
NameTrans from="/cgi-bin" fn="pfx2dir" dir="/data/ldad/emwww/cgi-bin" name="cgi"
# Tells the webserver where the root directory is. This is the directory where http://yourWebsitename/ points to.
NameTrans root="/data/ldad/emwww/htdocs" fn="document-root"
PathCheck fn="unix-uri-clean"
PathCheck fn="find-pathinfo"
PathCheck fn="find-index" index-names="index.cgi,index.shtml,index.html"
PathCheck fn="check-acl" acl="httpd-ls1-fsld_formgen-READ-ACL_allow-8971"
PathCheck fn="check-acl" acl="httpd-ls1-fsld_formgen-WRITE-ACL_deny-8971"
ObjectType fn="type-by-extension"
ObjectType fn="force-type" type="text/plain"
Service fn="imagemap" method="(GET|HEAD)" type="magnus-internal/imagemap"
Service fn="index-common" method="(GET|HEAD)" type="magnus-internal/directory"
Service fn="send-cgi" type="magnus-internal/cgi"
#Make sure that you add this as contact.shtml uses a serve-side include (SSI) to
# perform a simple calculation of the number of hits to the website
Service fn="parse-html" method="(GET|HEAD)" type="magnus-internal/parsed-html"
Service fn="send-file" method="(GET|HEAD)" type="*~magnus-internal/*"
AddLog fn="flex-log" name="access"
</Object><Object name="cgi">
ObjectType fn="force-type" type="magnus-internal/cgi"
Service fn="send-cgi"
</Object># #
Appendix C: mime.types-- Netscape FastTrack HTTP server configuration file
# # mime.types -- Netscape FastTrack HTTP server configuration file
# #
#--Netscape Communications Corporation MIME Information
# Do not delete the above line. It is used to identify the file type.# New Microsoft MIME types
type=application/msword exts=doc
type=application/vnd.ms-excel exts=xls,xlw,xla,xlc,xlm,xlt
type=application/vnd.ms-powerpoint exts=ppt,pps,pot
type=application/vnd.ms-project exts=mpp
type=application/x-msaccess exts=mdb
type=application/x-mspublisher exts=pub
type=application/x-msschedule exts=scd
type=application/winhlp exts=hlp
type=application/x-mscardfile exts=crd
type=application/x-msclip exts=clp
type=application/x-msmediaview exts=m13,m14
type=application/x-msmetafile exts=wmf
type=application/x-msmoney exts=mny
type=application/x-msterminal exts=trm
type=application/x-mswrite exts=writype=application/octet-stream exts=bin
type=application/astound exts=asd,asn
type=application/fastman exts=lcc
type=application/mac-binhex40 exts=hqx
type=application/mbedlet exts=mbd
type=application/oda exts=oda
type=application/pdf exts=pdf
type=application/postscript exts=ai,eps,ps
type=application/rtf exts=rtf
type=application/studiom exts=smp
type=application/timbuktu exts=tbt
type=application/x-javascript exts=js
type=application/x-asap exts=asp
type=application/x-csh exts=csh
type=application/x-dot exts=dot
type=application/x-dvi exts=dvi
type=application/x-earthtime exts=etc
type=application/x-envoy exts=evy
type=application/x-excel exts=xls,xlc,xll,xlm,xlw
type=application/x-gtar exts=gtar
type=application/x-hdf exts=hdf
type=application/x-latex exts=latex
type=application/x-maker exts=fm
type=application/x-mif exts=mif,mi
type=application/x-mocha exts=mocha,moc
type=application/x-NET-Install exts=ins
type=application/x-netcdf exts=nc,cdf
type=application/x-ns-proxy-autoconfig exts=proxy
type=application/x-pointplus exts=css
type=application/x-salsa exts=slc
type=application/x-sh exts=sh
type=application/x-shar exts=shar
type=application/x-sprite exts=spr,sprite
type=application/x-tar exts=tar
type=application/x-tcl exts=tcl
type=application/x-tex exts=tex
type=application/x-texinfo exts=texinfo,texi
type=application/x-timbuktu exts=tbp
type=application/x-tkined exts=tki,tkined
type=application/x-troff-man exts=man
type=application/x-troff-me exts=me
type=application/x-troff-ms exts=ms
type=application/x-troff exts=t,tr,roff
type=application/x-wais-source exts=src
type=application/zip exts=ziptype=audio/basic exts=au,snd
type=audio/echospeech exts=es,esl
type=audio/midi exts=midi,mid
type=audio/x-aiff exts=aif,aiff,aifc
#type=audio/x-midi exts=midi,mid
type=audio/x-wav exts=wav
type=audio/x-pn-realaudio exts=ra,ram
type=audio/x-pac exts=pac
type=audio/x-epac exts=paetype=image/fif exts=fif
type=image/gif exts=gif
type=image/ief exts=ief
type=image/ifs exts=ifs
type=image/jpeg exts=jpeg,jpg,jpe
type=image/png exts=png
type=image/tiff exts=tiff,tif
type=image/vnd exts=dwg,svf
type=image/wavelet exts=wi
type=image/bmp exts=bmp
type=image/x-cmu-raster exts=ras
type=image/x-portable-anymap exts=pnm
type=image/x-portable-bitmap exts=pbm
type=image/x-portable-graymap exts=pgm
type=image/x-portable-pixmap exts=ppm
type=image/x-rgb exts=rgb
type=image/x-xbitmap exts=xbm
type=image/x-xpixmap exts=xpm
type=image/x-xwindowdump exts=xwdtype=text/html exts=htm,html
type=text/plain exts=txt
type=text/richtext exts=rtx
type=text/tab-separated-values exts=tsv
type=text/x-setext exts=etx
type=text/x-speech exts=talktype=video/isivideo exts=fvi
type=video/mpeg exts=mpeg,mpg,mpe
type=video/msvideo exts=avi
type=video/quicktime exts=qt,mov
type=video/vivo exts=viv,vivo
type=video/wavelet exts=wv
#type=video/x-msvideo exts=avi
type=video/x-sgi-movie exts=movietype=x-world/x-svr exts=svr
type=x-world/x-vrml exts=wrl
type=x-world/x-vrt exts=vrttype=x-conference/x-cooltalk exts=ice
enc=x-gzip exts=gz
enc=x-compress exts=z
enc=x-uuencode exts=uu,uuetype=magnus-internal/imagemap exts=map
type=magnus-internal/parsed-html exts=shtml
#type=magnus-internal/cgi exts=cgi,exe,bat
type=magnus-internal/cgi exts=cgi,battype=emds/jar exts=jar
type=emds/exe exts=exe
Appendix D: httpd.conf -- Apache HTTP server configuration file
# #
# # httpd.conf -- Apache HTTP server configuration file
# ## This is the main server configuration file. See URL http://www.apache.org/
# for instructions.# Do NOT simply read the instructions in here without understanding
# what they do, if you are unsure consult the online docs. You have been
# warned.# Originally by Rob McCool
# Dynamic Shared Object (DSO) Support
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Please read the file README.DSO in the Apache 1.3 distribution for more
# details about the DSO mechanism and run `httpd -l' for the list of already
# built-in (statically linked and thus always available) modules in your httpd
# binary.# Example:
# LoadModule foo_module libexec/mod_foo.so# Documentation for modules is in "/home/httpd/manual/mod" in HTML format.
# LoadModule mmap_static_module modules/mod_mmap_static.so
LoadModule env_module modules/mod_env.so
LoadModule config_log_module modules/mod_log_config.so
LoadModule agent_log_module modules/mod_log_agent.so
LoadModule referer_log_module modules/mod_log_referer.so
# LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule status_module modules/mod_status.so
LoadModule info_module modules/mod_info.so
LoadModule includes_module modules/mod_include.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule dir_module modules/mod_dir.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule asis_module modules/mod_asis.so
LoadModule imap_module modules/mod_imap.so
LoadModule action_module modules/mod_actions.so
# LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule proxy_module modules/libproxy.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule access_module modules/mod_access.so
LoadModule auth_module modules/mod_auth.so
LoadModule anon_auth_module modules/mod_auth_anon.so
# LoadModule dbm_auth_module modules/mod_auth_dbm.so
LoadModule db_auth_module modules/mod_auth_db.so
LoadModule digest_module modules/mod_digest.so
# LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
# LoadModule example_module modules/mod_example.so
# LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so# Extra Modules
# LoadModule php_module modules/mod_php.so
# LoadModule php3_module modules/libphp3.so
# LoadModule perl_module modules/libperl.so# Reconstruction of the complete module list from all available modules
# (static and shared ones) to achieve correct module execution order.
# [WHENEVER YOU CHANGE THE LOADMODULE SECTION ABOVE UPDATE THIS, TOO]
ClearModuleList
# AddModule mod_mmap_static.c
AddModule mod_env.c
AddModule mod_log_config.c
AddModule mod_log_agent.c
AddModule mod_log_referer.c
# AddModule mod_mime_magic.c
AddModule mod_mime.c
AddModule mod_negotiation.c
AddModule mod_status.c
AddModule mod_info.c
AddModule mod_include.c
AddModule mod_autoindex.c
AddModule mod_dir.c
AddModule mod_cgi.c
AddModule mod_asis.c
AddModule mod_imap.c
AddModule mod_actions.c
# AddModule mod_speling.c
AddModule mod_userdir.c
AddModule mod_proxy.c
AddModule mod_alias.c
AddModule mod_rewrite.c
AddModule mod_access.c
AddModule mod_auth.c
AddModule mod_auth_anon.c
# AddModule mod_auth_dbm.c
AddModule mod_auth_db.c
AddModule mod_digest.c
# AddModule mod_cern_meta.c
AddModule mod_expires.c
AddModule mod_headers.c
AddModule mod_usertrack.c
# AddModule mod_example.c
# AddModule mod_unique_id.c
AddModule mod_so.c
AddModule mod_setenvif.c
# Extra Modules
# AddModule mod_php.c
# AddModule mod_php3.c
# AddModule mod_perl.c# ServerType is either inetd, or standalone.
ServerType standalone
# If you are running from inetd, go to "ServerAdmin".
# Port: The port the standalone listens to. For ports < 1023, you will
# need httpd to be run as root initially.Port 80
# Number of servers to start --- should be a reasonable ballpark figure.
StartServers 10
# Server-pool size regulation. Rather than making you guess how many
# server processes you need, Apache dynamically adapts to the load it
# sees --- that is, it tries to maintain enough server processes to
# handle the current load, plus a few spare servers to handle transient
# load spikes (e.g., multiple simultaneous requests from a single
# Netscape browser).# It does this by periodically checking how many servers are waiting
# for a request. If there are fewer than MinSpareServers, it creates
# a new spare. If there are more than MaxSpareServers, some of the
# spares die off. These values are probably OK for most sites ---MinSpareServers 8
MaxSpareServers 20# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.KeepAlive 0
# KeepAliveTimeout: Number of seconds to wait for the next request
KeepAliveTimeout 15
# Limit on total number of servers running, i.e., limit on the number
# of clients who can simultaneously connect --- if this limit is ever
# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
# It is intended mainly as a brake to keep a runaway server from taking
# Unix with it as it spirals down...MaxClients 150
# MaxRequestsPerChild: the number of requests each child process is
# allowed to process before the child dies.
# The child will exit so as to avoid problems after prolonged use when
# Apache (and maybe the libraries it uses) leak. On most systems, this
# isn't really needed, but a few (such as Solaris) do have notable leaks
# in the libraries.MaxRequestsPerChild 100
# If you would like to have an agent and referer logfile uncomment the
# following directives.# CustomLog logs/referer_log referer
# CustomLog logs/agent_log agent# If you prefer a single logfile with access, agent and referer information
# (Combined Logfile Format) you can use the following directive.# CustomLog logs/access_log combined
# PidFile: The file the server should log its pid to
PidFile /var/run/httpd.pid# CacheNegotiatedDocs: By default, Apache sends Pragma: no-cache with each
# document that was negotiated on the basis of content. This asks proxy
# servers not to cache the document. Uncommenting the following line disables
# this behavior, and proxies will be allowed to cache the documents.# CacheNegotiatedDocs
# Timeout: The number of seconds before receives and sends time out
Timeout 300
# ScoreBoardFile: File used to store internal server process information.
# Not all architectures require this. But if yours does (you'll know because
# this file is created when you run Apache) then you *must* ensure that
# no two invocations of Apache share the same scoreboard file.
ScoreBoardFile /var/run/httpd.scoreboard# ServerRoot: The directory the server's config, error, and log files
# are kept in.
# NOTE! If you intend to place this on a NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation,
# you will save yourself a lot of trouble.ServerRoot /etc/httpd
# HostnameLookups: Log the names of clients or just their IP numbers
# e.g. www.apache.org (on) or 204.62.129.132 (off)
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on.HostnameLookups off
# ServerAdmin: Your address, where problems with the server should be
# e-mailed.#ServerAdmin cvsubra@fsl.noaa.gov
ServerAdmin [WebMaster]@[YOUR DOMAIN]# The LockFile directive sets the path to the lockfile used when Apache
# is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or
# USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at
# its default value. The main reason for changing it is if the logs
# directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL
# DISK. The PID of the main server process is automatically appended to
# the filename.# LockFile /var/lock/httpd.lock
# ServerName allows you to set a host name which is sent back to clients for
# your server if it's different than the one the program would get (i.e. use
# "www" instead of the host's real name).# Note: You cannot just invent host names and hope they work. The name you
# define here must be a valid DNS name for your host. If you don't understand
# this, ask your network administrator.#ServerName emdev2.fsl.noaa.gov
#DocumentRoot /home/mirror/ls1-fsld.fsl.noaa.gov/htdocs/
ServerName [YOURSERVER NAME]
DocumentRoot [YOURSERVERDIR]/htdocs/# BindAddress: You can support virtual hosts with this option. This option
# is used to tell the server which IP address to listen to. It can either
# contain "*", an IP address, or a fully qualified Internet domain name.
# See also the VirtualHost directive.# BindAddress *
# ErrorLog: The location of the error log file. If this does not start
# with /, ServerRoot is prepended to it.ErrorLog logs/error_log
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.# User/Group: The name (or #number) of the user/group to run httpd as.
# On SCO (ODT 3) use User nouser and Group nogroup
# On HPUX you may not be able to use shared memory as nobody, and the
# suggested workaround is to create a user www and use that user.
# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
# when the value of (unsigned)Group is above 60000;
# don't use Group nobody on these systems!User nobody
Group nobody
Options ExecCgi Includes FollowSymlinks# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.LogLevel warn
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent# The location of the access logfile (Common Logfile Format).
# If this does not start with /, ServerRoot is prepended to it.CustomLog logs/access_log common
# UseCanonicalName: (new for 1.3) With this setting turned on, whenever
# Apache needs to construct a self-referencing URL (a url that refers back
# to the server the response is coming from) it will use ServerName and
# Port to form a "canonical" name. With this setting off, Apache will
# use the hostname:port that the client supplied, when possible. This
# also affects SERVER_NAME and SERVER_PORT in CGIs.
UseCanonicalName on# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We reccomend you leave this number high, for maximum performance.MaxKeepAliveRequests 100
<VirtualHost 137.75.60.164>
#ServerAdmin cvsubra@fsl.noaa.gov
#ServerName ls1-fsld.fsl.noaa.gov
#DocumentRoot /home/mirror/ls1-fsld.fsl.noaa.gov/htdocs
#ErrorLog logs/ls1-fsld.fsl.noaa.gov/error_log
#TransferLog logs/ls1-fsld.fsl.noaa.gov/access_log
ServerAdmin [WebMaster]@[YourDomain]
ServerName [YOURWEBSITENAME]
DocumentRoot [YOURWEBSITEDIR]/htdocs
ErrorLog logs/[YOURWEBSITENAME]/error_log
TransferLog logs/[YOURWEBSITENAME]/access_log
User nobody
Group nobody
Options ExecCgi Includes
</VirtualHost>
Appendix E: access.conf -- Apache HTTP server configuration file
##
## access.conf -- Apache HTTP server configuration file
## /etc/httpd/conf/access.conf
### access.conf: Global access configuration
# Online docs at http://www.apache.org/# This file defines server settings which affect which types of services
# are allowed, and in what circumstances.# Each directory to which Apache has access, can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).# Originally by Rob McCool
# First, we configure the "default" to be a very restrictive set of
# permissions.<Directory />
Options None
AllowOverride None
</Directory># Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.# This should be changed to whatever you set DocumentRoot to.
#<Directory /home/httpd/html>
#<Directory /home/mirror/ls1-fsld.fsl.noaa.gov/htdocs>
<Directory [YOURWEBSITEDIR]/htdocs># This may also be "None", "All", or any combination of "Indexes",
# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.Options Indexes Includes FollowSymLinks
# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo",
# "AuthConfig", and "Limit"AllowOverride None
# Controls who can get stuff from this server.
#No Restrictions
#order allow,deny
#allow from all#With Groups and/or Users and/or IP address Restrictions
order deny,allow
deny from all
#Allow from any AWIPS Network
allow from 165.92
AuthType Basic
AuthName "LDAD Restricted Access"
AuthDBGroupFile /etc/httpd/users
AuthDBUserFile /etc/httpd/users
#require valid-user
require group EmergencyManagers WFO
satisfy any
</Directory># /home/httpd/cgi-bin should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.#<Directory /home/httpd/cgi-bin>
#<Directory /home/mirror/ls1-fsld.fsl.noaa.gov/cgi-bin>
<Directory [YOURWEBSITEDIR]/cgi-bin>
AllowOverride None
Options ExecCGI
</Directory># Allow server status reports, with the URL of http://servername/server-status
# Change the ".your_domain.com" to match your domain to enable.#<Location /server-status>
#SetHandler server-status#order deny,allow
#deny from all
#allow from .your_domain.com
#</Location># Allow access to local system documentation from localhost
Alias /doc /usr/doc
<Directory /usr/doc>
order deny,allow
deny from all
allow from localhost
Options Indexes FollowSymLinks
</Directory># There have been reports of people trying to abuse an old bug from pre-1.1
# days. This bug involved a CGI script distributed as a part of Apache.
# By uncommenting these lines you can redirect these attacks to a logging
# script on phf.apache.org. Or, you can record them yourself, using the script
# support/phf_abuse_log.cgi.#<Location /cgi-bin/phf*>
#deny from all
#ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi
#</Location># You may place any other directories or locations you wish to have
# access information for after this one.
Appendix F: srm.conf -- Apache HTTP server configuration file
##
## srm.conf -- Apache HTTP server configuration file
## /etc/httpd/conf/srm.conf
### With this document, you define the name space that users see of your http
# server. This file also defines server settings which affect how requests are
# serviced, and how results should be formatted.# See the tutorials at http://www.apache.org/ for
# more information.# Originally by Rob McCool; Adapted for Apache
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.DocumentRoot /home/mirror/ls1-fsld.fsl.noaa.gov/htdocs
# UserDir: The name of the directory which is appended onto a user's home
# directory if a ~user request is recieved.UserDir public_html
# DirectoryIndex: Name of the file or files to use as a pre-written HTML
# directory index. Separate multiple entries with spaces.DirectoryIndex index.html index.shtml index.cgi
# FancyIndexing is whether you want fancy directory indexing or standard
FancyIndexing on
# AddIcon tells the server which icon to show for different files or filename
# extensionsAddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif coreAddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^# DefaultIcon is which icon to show for files which do not have an icon
# explicitly set.DefaultIcon /icons/unknown.gif
# AddDescription allows you to place a short description after a file in
# server-generated indexes.
# Format: AddDescription "description" filename# ReadmeName is the name of the README file the server will look for by
# default. Format: ReadmeName name
#
# The server will first look for name.html, include it if found, and it will
# then look for name and include it as plaintext if found.
#
# HeaderName is the name of a file which should be prepended to
# directory indexes.ReadmeName README
HeaderName HEADER# IndexIgnore is a set of filenames which directory indexing should ignore
# Format: IndexIgnore name1 name2...IndexIgnore .??* *~ *# HEADER* README* RCS
# AccessFileName: The name of the file to look for in each directory
# for access control information.AccessFileName .htaccess
# TypesConfig describes where the mime.types file (or equivalent) is
# to be found.TypesConfig /etc/mime.types
# DefaultType is the default MIME type for documents which the server
# cannot find the type of from filename extensions.DefaultType text/plain
# AddEncoding allows you to have certain browsers (Mosaic/X 2.1+) uncompress
# information on the fly. Note: Not all browsers support this.AddEncoding x-compress Z
AddEncoding x-gzip gz# AddLanguage allows you to specify the language of a document. You can
# then use content negotiation to give a browser a file in a language
# it can understand. Note that the suffix does not have to be the same
# as the language keyword --- those with documents in Polish (whose
# net-standard language code is pl) may wish to use "AddLanguage pl .po"
# to avoid the ambiguity with the common suffix for perl scripts.AddLanguage en .en
AddLanguage fr .fr
AddLanguage de .de
AddLanguage da .da
AddLanguage el .el
AddLanguage it .it# LanguagePriority allows you to give precedence to some languages
# in case of a tie during content negotiation.
# Just list the languages in decreasing order of preference.LanguagePriority en fr de
# Redirect allows you to tell clients about documents which used to exist in
# your server's namespace, but do not anymore. This allows you to tell the
# clients where to look for the relocated document.
# Format: Redirect fakename url
# Aliases: Add here as many aliases as you need (with no limit). The format is
# Alias fakename realname# Note that if you include a trailing / on fakename then the server will
# require it to be present in the URL. So "/icons" isn't aliased in this
# example.#Alias /icons/ /home/httpd/icons/
# ScriptAlias: This controls which directories contain server scripts.
# Format: ScriptAlias fakename realname#ScriptAlias /cgi-bin/ /home/mirror/ls1-fsld.fsl.noaa.gov/cgi-bin/
ScriptAlias /cgi-bin/ YOURWEBSITEDIR]/cgi-bin/# If you want to use server side includes, or CGI outside
# ScriptAliased directories, uncomment the following lines.# AddType allows you to tweak mime.types without actually editing it, or to
# make certain files to be certain types.
# Format: AddType type/subtype ext1# For example, the PHP3 module (not part of the Apache distribution)
# will typically use:
#AddType application/x-httpd-php3 .php3
#AddType application/x-httpd-php3-source .phps
# The following is for PHP/FI (PHP2):
#AddType application/x-httpd-php .phtml# AddHandler allows you to map certain file extensions to "handlers",
# actions unrelated to filetype. These can be either built into the server
# or added with the Action command (see below)
# Format: AddHandler action-name ext1# To use CGI scripts:
#AddHandler cgi-script .cgi# To use server-parsed HTML files
AddType text/html .shtml
AddHandler server-parsed .shtml# Uncomment the following line to enable Apache's send-asis HTTP file
# feature
#AddHandler send-as-is asis# If you wish to use server-parsed imagemap files, use
AddHandler imap-file map# To enable type maps, you might want to use
#AddHandler type-map var# To enable the perl module (if you have it installed), uncomment
# the following section
#
#Alias /perl/ /home/httpd/perl/
#<Location /perl>
#SetHandler perl-script
#PerlHandler Apache::Registry
#Options +ExecCGI
#</Location># Action lets you define media types that will execute a script whenever
# a matching file is called. This eliminates the need for repeated URL
# pathnames for oft-used CGI file processors.
# Format: Action media/type /cgi-script/location
# Format: Action handler-name /cgi-script/location# MetaDir: specifies the name of the directory in which Apache can find
# meta information files. These files contain additional HTTP headers
# to include when sending the document#MetaDir .web
# MetaSuffix: specifies the file name suffix for the file containing the
# meta information.#MetaSuffix .meta
# Customizable error response (Apache style)
# these come in three flavors
#
# 1) plain text
#ErrorDocument 500 "The server made a boo boo.
# n.b. the (") marks it as text, it does not get output
#
# 2) local redirects
#ErrorDocument 404 /missing.html
# to redirect to local url /missing.html
#ErrorDocument 404 /cgi-bin/missing_handler.pl
# n.b. can redirect to a script or a document using server-side-includes.
#
# 3) external redirects
#ErrorDocument 402 http://some.other_server.com/subscription_info.html
## mod_mime_magic allows the server to use various hints from the file itself
# to determine its type.
#MimeMagicFile /etc/httpd/conf/magic# The following directives disable keepalives and HTTP header flushes.
# The first directive disables it for Netscape 2.x and browsers which
# spoof it. There are known problems with these.
# The second directive is for Microsoft Internet Explorer 4.0b2
# which has a broken HTTP/1.1 implementation and does not properly
# support keepalive when it is used on 301 or 302 (redirect) responses.BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0# The following directive disables HTTP/1.1 responses to browsers which
# are in violation of the HTTP/1.0 spec by not being able to grok a
# basic 1.1 response.BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
Appendix G: dbmmanage -- Apache /usr/bin/dbmmanage file
#!/usr/local/bin/perl#
===================================================================
# This program has been modified to mimic an earlier distribution
# of dbmmanage. Don't worry, this is actually an improvement.
# The command "adduser" now supports groups and does not prompt
# a user for the password. Also, "adduser" modifies a preexisting
# user without bawking.
# *** DO NOT USE THE NORMAL DISTRIBUTION ***
# of this program or the password updating job will break.
# 9/99 : Modified by DAS
#
===================================================================#
====================================================================
# Copyright (c) 1995-1999 The Apache Group. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
#
# 3. All advertising materials mentioning features or use of this
# software must display the following acknowledgment:
# "This product includes software developed by the Apache Group
# for use in the Apache HTTP server project (http://www.apache.org/)."
#
# 4. The names "Apache Server" and "Apache Group" must not be used to
# endorse or promote products derived from this software without
# prior written permission. For written permission, please contact
# apache@apache.org.
#
# 5. Products derived from this software may not be called "Apache"
# nor may "Apache" appear in their names without prior written
# permission of the Apache Group.
#
# 6. Redistributions of any form whatsoever must retain the following
# acknowledgment:
# "This product includes software developed by the Apache Group
# for use in the Apache HTTP server project (http://www.apache.org/)."
#
# THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR
# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT,
# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
ADVISED
# OF THE POSSIBILITY OF SUCH DAMAGE.
#
====================================================================
#
# This software consists of voluntary contributions made by many
# individuals on behalf of the Apache Group and was originally based
# on public domain software written at the National Center for
# Supercomputing Applications, University of Illinois, Urbana-Champaign.
# For more information on the Apache Group and the Apache HTTP server
# project, please see <http://www.apache.org/>.#for more functionality see the HTTPD::UserAdmin module:
# http://www.perl.com/CPAN/modules/by-module/HTTPD/HTTPD-Tools-x.xx.tar.gz
#
# usage: dbmmanage <DBMfile> <command> <key> <value>package dbmmanage;
# -ldb -lndbm -lgdbm
#BEGIN { @AnyDBM_File::ISA = qw(DB_File NDBM_File GDBM_File) }
BEGIN { @AnyDBM_File::ISA = qw( NDBM_File DB_File NDBM_File GDBM_File) }
use strict;
use Fcntl;
use AnyDBM_File ();my($file,$command,$key,$crypted_pwd,$group) = @ARGV;
my($value); # added by DAS, temp var to hold passwd for printed messageusage() unless $file and $command and $key and defined &{$dbmc::{$command}};
# if your osname is in $newstyle_salt, then use new style salt (starts with '_' and contains
# four bytes of iteration count and four bytes of salt). Otherwise, just use
# the traditional two-byte salt.
# see the man page on your system to decide if you have a newer crypt() lib.
# I believe that 4.4BSD derived systems do (at least BSD/OS 2.0 does).
# The new style crypt() allows up to 20 characters of the password to be
# significant rather than only 8.
my $newstyle_salt = join '|', qw{bsdos}; #others?# remove extension if any
my $chop = join '|', qw{db.? pag dir};
$file =~ s/\.($chop)$//;my $is_update = $command eq "update";
my $Is_Win32 = $^O eq "MSWin32";
my %DB = ();
my @range = ();
my($mode, $flags) = $command =~
/^(?:view|check)$/ ? (0644, O_RDONLY) : (0644, O_RDWR|O_CREAT);tie %DB, "AnyDBM_File", $file, $flags, $mode || die "Can't tie $file: $!";
dbmc->$command();
untie %DB;sub usage {
my $cmds = join "|", sort keys %dbmc::;
die "usage: $0 filename [$cmds] username [password] [group]\n";
}my $x;
sub genseed {
my $psf;
for (qw(-xlwwa -le)) {
`ps $_ 2>/dev/null`;
$psf = $_, last unless $?;
}
srand (time ^ $$ ^ unpack("%L*", `ps $psf | gzip -f`));
@range = (qw(. /), '0'..'9','a'..'z','A'..'Z');
$x = int scalar @range;
}sub randchar {
join '', map $range[rand $x], 1..shift||1;
}sub salt {
my $newstyle = $^O =~ /(?:$newstyle_salt)/;
genseed() unless @range;
return $newstyle ?
join '', "_", randchar, "a..", randchar(4) :
randchar(2);
}sub getpass {
my $prompt = shift || "Enter password:";unless($Is_Win32) {
open STDIN, "/dev/tty" or warn "couldn't open /dev/tty $!\n";
system "stty -echo;";
}my($c,$pwd);
print STDERR $prompt;
while (($c = getc(STDIN)) ne '' and $c ne "\n" and $c ne "\r") {
$pwd .= $c;
}system "stty echo" unless $Is_Win32;
print STDERR "\n";
die "Can't use empty password!\n" unless length $pwd;
return $pwd;
}sub dbmc::update {
die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
dbmc->adduser;
}sub dbmc::add {
die "Can't use empty password!\n" unless $crypted_pwd;
# removed by DAS
# unless($is_update) {
# die "Sorry, user `$key' already exists!\n" if $DB{$key};
# }
$crypted_pwd .= ":$group" if $group ne "" && $command eq "add"; # added by DAS
$DB{$key} = $crypted_pwd;
my $action = $is_update ? "updated" : "added";
if ( $value ) { print "User $key $action with password $value encrypted to $DB{$key}\n";
}
else { print "User $key $action with password $DB{$key}\n"; }
}sub dbmc::adduser {
# removed by DAS
# my $value = getpass "New password:";
# die "They don't match, sorry.\n" unless getpass("Re-type new password:") eq $value;
$value = $crypted_pwd; # added by DAS
$crypted_pwd = crypt $value, caller->salt;
$crypted_pwd .= ":$group" if $group ne ""; # added by DAS
dbmc->add;
}sub dbmc::delete {
die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
delete $DB{$key}, print "`$key' deleted\n";
}sub dbmc::view {
print $key ? "$key:$DB{$key}\n" : map { "$_:$DB{$_}\n" if $DB{$_} } keys %DB;
}sub dbmc::check {
die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
print crypt(getpass(), $DB{$key}) eq $DB{$key} ? "password ok\n" : "password
mismatch\n";
}sub dbmc::import {
while(defined($_ = <STDIN>) and chomp) {
($key,$crypted_pwd) = split /:/, $_, 2;
dbmc->add;
}
}
Appendix H: Downloading the Build 4.2 or Higher LDAD Web Dissemination SoftwarePackage Components
The software supplied for the upgrade to an AWIPS Build 4.2 or higher system is comprised of one tar file containing files that are changed from the existing AWIPS LDAD system and an installation script.
- ldadjavaA.tar
- ldadjavaA.install
These files can be downloaded via anonymous ftp from the following site: bora.fsl.noaa.gov (137.75.1.174).Use anonymous as your name when you ftp to bora, and then enter your complete email address as your password.
Next, cd to pub/ldad
The two files listed above are in the pub/ldad directory.Download then to your machine.
