Gruppo Meteo/HowTo/server-centos
Installazione RMAP server su centos 7
istallazione sistema operativo
TBD
/etc/selinux/config
SELINUX=disabled
/etc/tmpfiles.d/rmap.conf
d /run/wsgirmap 0755 rmap rmap - d /var/run/rmap 0755 rmap rmap - d /var/run/httpd 0755 rmap rmap -
mkdir /rmap chmod go+rx /rmap
/etc/sysconfig/crond
CRONDARGS=-s -m off
mkdir /var/log/rmap chown -R rmap:rmap rmap
postgresql
yum install postgresql-server postgresql-contrib yum install python-psycopg2
/var/lib/pgsql/data/pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD # "local" is for Unix domain socket connections only # allow postgres user to use "ident" authentication on Unix sockets local all postgres ident # allow all other users to use "md5" authentication on Unix sockets local all all md5 # IPv4 local connections: host all all 127.0.0.1/32 md5 # IPv6 local connections: host all all ::1/128 md5
/var/lib/pgsql/data/postgresql.conf
max_connections = 100 shared_buffers = 128MB work_mem = 100MB maintenance_work_mem = 200MB effective_cache_size = 1GB
mkdir /etc/systemd/system/postgresql.service.d/
/etc/systemd/system/postgresql.service.d/rmap.conf
[Service] # Location of database directory Environment=PGDATA=/rmap/pgsql/data
mkdir /rmap/pgsql/ chown postgres:postgres /rmap/pgsql/ mv /var/lib/pgsql/data /rmap/pgsql/
su - postgres initdb exit
systemctl enable postgresql.service systemctl start postgresql.service
su - postgres createuser -P -e rmapadmin createdb --owner=rmapadmin rmapadmin exit
/etc/rmap/rmap-site.cfg
[database] DATABASE_ENGINE = 'postgresql_psycopg2' # 'postgresql_psycopg2', 'postgresql', 'mysql', 'sqlite3' or 'ado_mssql'. DATABASE_NAME = 'rmapadmin' # Or path to database file if using sqlite3. DATABASE_USER = 'rmapadmin' # Not used with sqlite3. DATABASE_PASSWORD = 'rmapadmin' # Not used with sqlite3. DATABASE_HOST = 'localhost' # Set to empty string for localhost. Not used with sqlite3. DATABASE_PORT = '5432' # Set to empty string for default. Not used with sqlite3.
rmapctrl --syncdb
su - postgres createuser -P -e rmap createdb --owner=rmap report_fixed createdb --owner=rmap report_mobile createdb --owner=rmap sample_fixed createdb --owner=rmap sample_mobile
exit
apache
yum install mod_wsgi-4.4.21-1.el7.centos.x86_64.rpm
useradd -r rmap mkdir /home/rmap chown rmap:rmap /home/rmap mkdir /rmap/cache chown rmap:rmap /rmap/cache
/etc/httpd/conf.modules.d/00-mpm.conf
LoadModule mpm_worker_module modules/mod_mpm_worker.so <IfModule mpm_worker_module> #StartServers 2 #MaxClients 150 #MinSpareThreads 25 #MaxSpareThreads 75 #ThreadsPerChild 25 #MaxRequestsPerChild 0 ServerLimit 16 StartServers 2 MaxRequestWorkers 150 MinSpareThreads 10 MaxSpareThreads 35 ThreadsPerChild 15 MaxRequestWorkers 240 MaxConnectionsPerChild 10000 </IfModule>
/etc/httpd/conf.d/rmap.conf
ServerName rmap.it WSGISocketPrefix /run/wsgirmap/rmap WSGIDaemonProcess www.rmap.cc user=rmap group=rmap maximum-requests=100 graceful-timeout=200 processes=10 threads=5 request-timeout=180 socket-timeout=180 header-buffer- size=65000 WSGIProcessGroup www.rmap.cc WSGIApplicationGroup %{GLOBAL} <VirtualHost *:80 > ServerName rmap.it ServerAlias rmap.cc rmapv.rmap.cc rmapv.rmap.it www.rmap.cc www.rmapv.rmap.cc www.rmap.it www.rmapv.rmap.it localhost localhost.localdomain 127.0.0.1 partecipa.rainbolife.eu Include conf.d/rmap.inc </VirtualHost>
chkconfig httpd on service httpd start
Arkimet
useradd -r arkimet mkdir /rmap/arkimet/ chown -R arkimet:arkimet /rmap/arkimet/
/etc/sysconfig/arkimet
DATASET_CONFIG="/rmap/arkimet/arkimet.conf"
add in /etc/arkimet/scan-bufr/generic.lua
if report == "mobile" then area = bufr_read_area_mobile(msg) end
chkconfig arkimet on service arkimet start
Sincronizzazione DB
Server di origine
rmapctrl --dumpdata > dumpdata.json
rimuovere le prime righe che non sono json
dbadb export --dsn="mysql:///report_fixed?user=rmap&password=****" > report_fixed.bufr dbadb export --dsn="mysql:///report_mobile?user=rmap&password=****" > report_mobile.bufr dbadb export --dsn="mysql:///sample_fixed?user=rmap&password=****" > sample_fixed.bufr dbadb export --dsn="mysql:///sample_mobile?user=rmap&password=****" > sample_mobile.bufr
Server di destinazione
Da interfaccia web admin rimuovere TUTTI gli utenti (compreso rmap)
rmapctrl --loaddata=dumpdata.json
dbadb import --wipe-first --dsn="postgresql://rmap:***@localhost/report_fixed" report_fixed.bufr dbadb import --wipe-first --dsn="postgresql://rmap:***@localhost/report_mobile" report_mobile.bufr dbadb import --wipe-first --dsn="postgresql://rmap:***@localhost/sample_mobile" sample_mobile.bufr dbadb import --wipe-first --dsn="postgresql://rmap:***@localhost/sample_fixed" sample_fixed.bufr
cd /usr/share/rmap/ rsync -av utente@serverorigine:/usr/share/rmap/media .
Mosquitto
yum install mosquitto mkdir git cd git git clone https://github.com/jpmens/mosquitto-auth-plug.git cp config.mk.in config.mk emacs config.mk (disable mysql; enable http) make cp auth-plug.so /usr/lib64/ mkdir /etc/mosquitto/conf.d mkdir /rmap/mosquitto chown mosquitto:mosquitto /rmap/mosquitto
/etc/mosquitto/conf.d/rmap.conf
persistent_client_expiration 1d allow_anonymous true password_file /etc/mosquitto/pwfile acl_file /etc/mosquitto/aclfile log_type error log_type warning auth_plugin /usr/lib64/auth-plug.so auth_opt_backends http auth_opt_http_hostname localhost auth_opt_http_ip 127.0.0.1 auth_opt_http_port 80 auth_opt_http_getuser_uri /auth/auth auth_opt_http_superuser_uri /auth/superuser auth_opt_http_aclcheck_uri /auth/acl persistence true persistence_location /rmap/mosquitto/
/etc/mosquitto/aclfile
topic read # topic write test/# # This only affects clients with username "rmap". user rmap topic # pattern write rmap/%u/# pattern write sample/%u/# pattern write report/%u/# pattern write fixed/%u/# pattern write mobile/%u/# pattern write maint/%u/# pattern write rpc/%u/#
add in /etc/mosquitto/mosquitto.conf
include_dir /etc/mosquitto/conf.d
chkconfig mosquitto on service mosquitto start
create /etc/systemd/system/mosquitto.service.d/rmap.conf
[Service] Restart=always RestartSec=15
Rabbitmq
curl -s https://packagecloud.io/install/repositories/rabbitmq/rabbitmq-server/script.rpm.sh |bash wget https://packages.erlang-solutions.com/erlang-solutions-1.0-1.noarch.rpm rpm -Uvh erlang-solutions-1.0-1.noarch.rpm yum install rabbitmq-server
in /etc/rabbitmq/rabbitmq.config
[ {rabbit, [ {auth_backends, [rabbit_auth_backend_internal, rabbit_auth_backend_http]}, {loopback_users, []} ] }, {rabbitmq_auth_backend_http, [{user_path, "http://localhost/auth/user"}, {vhost_path, "http://localhost/auth/vhost"}, {resource_path, "http://localhost/auth/resource"} ] } ].
rabbitmq-plugins enable rabbitmq_auth_backend_http rabbitmq-plugins enable rabbitmq_management rabbitmq-plugins enable rabbitmq_management_visualiser rabbitmq-plugins enable rabbitmq_shovel rabbitmq-plugins enable rabbitmq_shovel_management
forse:
chown rabbitmq:rabbitmq /var/lib/rabbitmq/.erlang.cookie chmod 600 /var/lib/rabbitmq/.erlang.cookie
chkconfig rabbitmq-server on service rabbitmq-server start
login at management interface with user "guest" and password "guest"
on overview page use import definition to configure exchange, queue and users
with the same management interface remove "guest" user and login with a new real user
Monit
yum install monit
comment everithings and add in /etc/monitrc
set daemon 60 # check services at 1-minute intervals set log syslog set httpd port 5925 and allow rmap:<password> # require user 'admin' with password 'monit' allow @monit # allow users of group 'monit' to connect (rw) allow @users readonly # allow users of group 'users' to connect readonly include /etc/monit.d/*
rm /etc/monit.d/logging
wget https://raw.githubusercontent.com/r-map/rmap/master/server/etc/monit.d/rmap
chkconfig monit on service monit start
Cron
cd /etc/cron.d https://raw.githubusercontent.com/r-map/rmap/master/server/etc/cron.d/arpae_aq_ckan https://raw.githubusercontent.com/r-map/rmap/master/server/etc/cron.d/dballe2arkimet https://raw.githubusercontent.com/r-map/rmap/master/server/etc/cron.d/luftdatem https://raw.githubusercontent.com/r-map/rmap/master/server/etc/cron.d/rmap_generate_summary_cache