cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
openbsd-ports/mail/archiveopteryx/pkg
History
ajacoutot f50fdd748e Stop using the daemon class in @newuser. 
If we need to make an exception we can do it and properly document the
reason but by default we should just use the default login class.
rc.d uses daemon or the login class provided in login.conf.d so this has
no impact there.

discussed with sthen@, tb@ and robert@

praying that my grep/sed skills did not break anything and still
believing in portbump :-)
2022-11-08 11:14:43 +00:00
..
aox.rc Remove manually crafted rc_start and use daemon_flags for the same effect. 2022-05-21 11:16:52 +00:00
DESCR
PLIST Stop using the daemon class in @newuser. 2022-11-08 11:14:43 +00:00
README drop RCS Ids 2022-03-11 19:34:31 +00:00

README 

+-----------------------------------------------------------------------
| Running ${PKGSTEM} on OpenBSD
+-----------------------------------------------------------------------

Archiveopteryx is now installed, and sample configuration files were
created in ${SYSCONFDIR}/archiveopteryx.conf and ${SYSCONFDIR}/aoxsuper.conf

Before using it, you will need to create PostgreSQL users and database,
and you'll need to set aox db user password in archiveopteryx.conf,
and aoxsuper db user password in aoxsuper.conf.

Database initialisation
=======================
Assuming you have an administrative account named `postgres',
you can create the aox/aoxsuper users and archiveopteryx database like
this:

createuser -U postgres --pwprompt --no-superuser --no-createdb \
	--no-createrole aox
createuser -U postgres --pwprompt --no-superuser --no-createdb \
	--no-createrole aoxsuper
createdb -U postgres -T template0 -E UTF8 -O aoxsuper archiveopteryx

Now load the database schema:

psql -U postgres archiveopteryx -f - <<PSQL;
\set ON_ERROR_STOP
CREATE EXTENSION citext;
SET SESSION AUTHORIZATION aoxsuper;
SET client_min_messages TO 'ERROR';
\i ${TRUEPREFIX}/libexec/archiveopteryx/schema.pg
\i ${TRUEPREFIX}/libexec/archiveopteryx/flag-names
\i ${TRUEPREFIX}/libexec/archiveopteryx/field-names
\i ${TRUEPREFIX}/libexec/archiveopteryx/downgrades
PSQL

Grant privileges to user 'aox':

aox grant privileges aox

If performing an upgrade, you might need to update schema with:

aox upgrade schema

Certificate generation
======================
By default, archiveopteryx uses TLS (unless use-tls is set to no), so it
needs an ssl certificate file in /etc/ssl/archiveopteryx.pem containing
both private key and signed certificate to function properly. If you
don't already have one, edit /etc/ssl/archiveopteryx-openssl.conf to fit
your needs (only CA field is mandatory) and generate a self-signed
certificate with the following command:

openssl req -config /etc/ssl/archiveopteryx-openssl.conf -x509 -days \
	1764 -newkey rsa -nodes -keyout /etc/ssl/archiveopteryx.pem \
	-out /etc/ssl/archiveopteryx.pem

Startup/Shutdown configuration
==============================
Make sure to startup archiveopteryx after your DB server.
aox show status can give you the status of processes.

Now refer to http://www.archiveopteryx.org/ for more fine-tuned
configuration.