Gruppo Meteo/HowTo/server
Installazione
repo rmap
- copiare in /etc/yum.repos.d/ il file dal link
http://rmapv.rmap.cc/repo/rmap/rmapcentos.repo
oppure
http://rmapv.rmap.cc/repo/rmap/rmap.repo
- installare rmap con le dipendenze
yum groupinstall rmap
- installare monit
yum install monit
- configurare monit
/etc/monit.d/rmap /etc/monitrc
RMAP
- Installare il pacchetto MySQL-python
- Installare Apache HTTP Server: pacchetti httpd mod_wsgi
- Installare MariaDB
- Installare rmap.noarc
- Inizializzare il DB di rmap (file di configurazione in /etc/rmap )
rmapctrl --syncdb rmap:pamr
- Modificare /etc/httpd/conf/httpd.conf
User rmap Group rmap
- aggiungere in /etc/httpd/conf.d
arkiweb.confgraphite-web.conf rmap.conf
- agiungere la directory per i socket WSGI
mkdir /run/wsgirmap/ chown rmap:rmap /run/wsgirmap/
- Cambiare le impostazioni di invio SMTP
/etc/rmap/rmap-site.cfg
Copiare http2mqtt in /var/www/html/http2mqtt
http://sourceforge.net/p/r-map/code/HEAD/tree/trunk/php/
mariaDB
yum install mariadb-server mariadb-libs
- copiare in /etc/my.cnf.d il file rmap.cnf
[mysqld] datadir = /rmap/mysql skip-networking server-id = 1 default-storage-engine = InnoDB innodb_file_per_table innodb_data_home_dir = /rmap/mysql innodb_data_file_path = ibdata1:10M:autoextend innodb_log_group_home_dir = /var/lib/mysql
- creare la directory /rmap/mysql
mkdir -p /rmap/mysql chown mysql:mysql /rmap/mysql
- far partire il DB server
systemctl start mariadb.service
mysql_secure_installation
- creare il DB
mysql -u root -p create database rmap; CREATE USER 'rmap'@'%' IDENTIFIED BY 'rmap'; GRANT ALL PRIVILEGES ON rmap.* TO 'rmap'@'%' with GRANT option;
CREATE USER 'rmapadmin'@'%' IDENTIFIED BY 'rmapadmin'; create database rmapadmin; GRANT ALL PRIVILEGES ON rmapadmin.* TO 'rmapadmin'@'%' with GRANT option;
FLUSH PRIVILEGES;
rabbitmq-server
- è necessario installare due pacchetti
python-pika per i client
rabbitmq-server per il server
rpm --import https ://www.rabbitmq.com/rabbitmq-signing-key-public.asc yum install http ://www.rabbitmq.com/releases/erlang/erlang-18.3-1.el7.centos.x86_64.rpm yum install http ://www.rabbitmq.com/releases/rabbitmq-server/v3.6.1/rabbitmq-server-3.6.1-1.noarch.rpm
- attivazione server e plugin
chkconfig rabbitmq-server on service rabbitmq-server restart
rabbitmq-plugins enable rabbitmq_management rabbitmq-plugins enable rabbitmq_shovel rabbitmq-plugins enable rabbitmq_shovel_management
- cambio password amministrazione:
rabbitmqctl change_password guest 123456
- verifica risoluzione nome; nel caso fare:
The next thing to do is add the hostname’s short names in your /etc/hosts file. Why? Because RabbitMQ does not like FQDN (Attempting to do this will result in the following error: ** System NOT running to use fully qualified hostnames **).
- gestione porta TCP
la porta dedicata a AMQP è la 15672 grantire l'accesso dove e come necessario
- gestione porta interfaccia grafica management
The web UI is located at: http://server-name:15672/ on a fresh installation the user "guest" is created with password "guest", ma noi la password l'abbiamo cambiata. attenzione ci si collega di default solo da localhost se non va bene bisogna cambiare la conf di loopback_users in /etc/rabbitmq/rabbitmq.config
[ {rabbit, [ %% Uncomment the following line if you want to allow access to the %% guest user from anywhere on the network. {loopback_users, []},
- configurazione
Dal menù "Overview" selezionare la voce "Import / export definitions" e "upload broker definition"
https ://github.com/r-map/rmap/blob/master/rabbitmq/rabbit_server.json
- tuning
ecco solo alcuni suggerimenti:
file rabbitmq.config
disk_free_limit
Disk free space limit of the partition on which RabbitMQ is storing data. When available disk space falls below this limit, flow control is triggered. The value may be set relative to the total amount of RAM (e.g. {mem_relative, 1.0}). The value may also be set to an integer number of bytes. By default free disk space must exceed 50MB. See the memory-based flow control documentation.
Default: 50000000
Controlling System Limits on Linux
The main setting that needs adjustment is the max number of open files, also known as ulimit -n. The default value on many operating systems is too low for a messaging broker (eg. 1024 on several Linux distributions). We recommend allowing for at least 65536 file descriptors for user rabbitmq in production environments. 4096 should be sufficient for most development workloads.
file /etc/security/limits.d/50-rabbitmq.conf
# #<domain> <type> <item> <value> # rabbitmq soft nofile 4096 rabbitmq hard nofile 65536
rabbitmq_auth_backend_http
fare riferimento a https://github.com/simonmacmullen/rabbitmq-auth-backend-http
Sacricare il plugin da qui http://www.rabbitmq.com/community-plugins.html e metterlo in:
/usr/lib/rabbitmq/lib/rabbitmq_server-3.3.5/plugins/
attivarlo con:
rabbitmq-plugins enable rabbitmq_auth_backend_http
aggiungere in /etc/rabbitmq/rabbitmq.config
{rabbit, [{auth_backends, [rabbit_auth_backend_http]}]},
Risulterà, per esempio:
[ {rabbit, [ %% Uncomment the following line if you want to allow access to the %% guest user from anywhere on the network. {loopback_users, []}, {auth_backends, [rabbit_auth_backend_internal, rabbit_auth_backend_http]} ] }, {rabbitmq_auth_backend_http, [ {user_path, "http://localhost/auth/user"}, {vhost_path, "http://localhost/auth/vhost"}, {resource_path, "http://localhost/auth/resource"} ] } ].
Riavviare il servizio
service rabbitmq-server restart
showel configuration
in /etc/sudoers.d/rmap
Defaults:rmap !requiretty rmap ALL= NOPASSWD: /sbin/rabbitmqctl
DB-All.e
- installare il pacchetto mysql-connector-odbc
- aggiungere il DSN in /etc/odbc.ini
[rmap] Description = MySQL rmap database Trace = Off TraceFile = stderr Driver = MySQL SERVER = localhost USER = rmap PASSWORD = rmap PORT = 3306 DATABASE = rmap
- inizializza il DB
dbadb wipe --dsn=rmap
arkimet
- aggiungere alias arkiserver al hostname in /etc/hosts
- creare utente rmap
useradd -r -s /sbin/nologin rmap
TODO aggiungere dal repo svn il file
/etc/arkimet/scan-bufr/generic.lua
- editare /etc/default/arki-server
#echo "ERROR - Please configure /etc/defaults/arkimet" #exit 1 # Remove above lines after setting configuration below. DATASET_CONFIG=/rmap/arkimet/arkimet.conf DAEMONUSER=rmap LOGDIR=/var/log/arkimet SERVER_OPTIONS="--url=http://arkiserver:8090 --port=8090 --accesslog=$LOGDIR/server-access.log --errorlog=$LOGDIR/server-error.log $DATASET_CONFIG"
- creare la directory per i dati
mkdir /rmap/arkimet chown rmap:rmap /rmap/arkimet
- configurare arkimet scompattando la struttura del file
arkimetconf.tgz
chown -R rmap:rmap /rmap/arkimet
mosquitto
- modificare
/etc/mosquitto/mosquitto.conf /etc/mosquitto/aclfile /etc/mosquitto/pwfile /etc/mosquitto/conf.d/rmap.conf
- per systemd modificare il file /usr/lib/systemd/system/mosquitto.service
[Service] ExecStart=/usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf User=mosquitto
'segnalare BUG'
mosquitto-auth-plug
Riferirsi a: https://github.com/jpmens/mosquitto-auth-plug
copiare i sorgenti in locale
creare config.mk come segue:
# Select your backends from this list BACKEND_CDB ?= no BACKEND_MYSQL ?= no BACKEND_SQLITE ?= no BACKEND_REDIS ?= no BACKEND_POSTGRES ?= no BACKEND_LDAP ?= no BACKEND_HTTP ?= yes # Specify the path to the Mosquitto sources here MOSQUITTO_SRC = # Specify the path the OpenSSL here OPENSSLDIR = /usr
poi:
make mkdir /var/lib/mosquitto/plugins cp auth-plug.so /var/lib/mosquitto/plugins/
creare il file /etc/mosquitto/conf.d/rmap.conf
auth_plugin /var/lib/mosquitto/plugins/auth-plug.so auth_opt_backends http auth_opt_http_hostname localhost auth_opt_http_ip 127.0.0.1 auth_opt_http_port 80 auth_opt_http_getuser_uri /auth/auth auth_opt_http_superuser_uri /auth/superuser auth_opt_http_aclcheck_uri /auth/acl
Modificare il file /etc/mosquitto/aclfile
# This affects access control for clients with no username. #topic read $SYS/# topic read # topic write test/# # This only affects clients with username "rmap". user rmap topic # # This affects all clients. #pattern write $SYS/broker/connection/%c/state pattern write rmap/%u/# pattern write report/%u/# pattern write mobile/%u/#
Aiungere la password del amministratore in /etc/mosquitto/pwfile
mosquitto_passwd
restart server:
service mosquitto restart
server ports
* 22 ssh * 80 webserver * 443 monit web server * 1883 8883 MQTT * 5672 amqp * 2003 carbon-cache * 5925 borinud * 15672 rabbitmq_management * 8090 arkimet
graphite
modificare:
/usr/lib/python2.7/site-packages/tagging/forms.py
inserendo:
fields = "__all__"
dopo:
model = Tag
- installare python-django
- installare graphite-web
- installare python-carbon
- editare /etc/carbon/carbon.conf
LINE_RECEIVER_INTERFACE = 127.0.0.1 ENABLE_UDP_LISTENER = True UDP_RECEIVER_INTERFACE = 127.0.0.1
- cambiare i permessi di /var/log/graphite-web
chown rmap /var/log/graphite-web chmod g+w /var/log/graphite-web
- editare /etc/carbon/storage-schemas.conf
# Schema definitions for Whisper files. Entries are scanned in order, # and first match wins. This file is scanned for changes every 60 seconds. # # [name] # pattern = regex # retentions = timePerPoint:timeToStore, timePerPoint:timeToStore, ... # Carbon's internal metrics. This entry should match what is specified in # CARBON_METRIC_PREFIX and CARBON_METRIC_INTERVAL settings [carbon] pattern = ^carbon\. retentions = 60:7d [rmap_10sec_for_10day] #pattern = .* pattern = ^rmap\. retentions = 10s:10d [report_60sec_for_60day] #pattern = .* pattern = ^report\. retentions = 60s:30d [default_1min_13months] pattern = .* retentions = 1m:395d
- In /etc/graphite-web/local_settings.py
configurare
DATABASES = { 'default': { 'NAME': 'rmapadmin', 'ENGINE': 'django.db.backends.mysql', 'USER': 'rmapadmin', 'PASSWORD': 'rmapadmin', 'HOST': '', 'PORT': '' } }
come in rmap ed eventualmente configurare anche la sezione EMAIL poi:
/usr/bin/graphite-manage migrate
Al un seccessivo httpd restart i db di rmap e graphite dovrebbero essere unificati.
graphite Fedora 20 fast start
yum install graphite-web python-carbon
python /usr/lib/python2.7/site-packages/graphite/manage.py syncdb
chown -R rmap:rmap /var/lib/graphite-web
service carbon-cache start
python /usr/lib/python2.7/site-packages/graphite/manage.py runserver
python /usr/share/doc/graphite-web/example-client.py
firefox http://127.0.0.1:8000/dashboard/
Start and test graphite interface
Start mqtt2graphite and view the graphite graphs on http://server_ip/
mqtt2graphited run
2014-07-08 23:28:08,051 Starting MQTT2Graphite_5966-localhost.localdomain
2014-07-08 23:28:08,055 INFO MODE 2014-07-08 23:28:08,084 DEBUG MODE 2014-07-08 23:28:08,213 Connected to broker at localhost as MQTT2Graphite_5966-localhost.localdomain 2014-07-08 23:28:08,253 Subscribing to topic meteo/# 2014-07-08 23:28:08,312 pubblish {'carbon_port': 2003, 'map': {'meteo/#': ('j', None)}, 'sock': <socket._socketobject object at 0xb6a9e9d0>, 'carbon_server': '127.0.0.1'} with id 1 2014-07-08 23:28:08,363 Subscribed: 2 (0,) 2014-07-08 23:28:08,409 CARBONKEY is [meteo.-.1012345_4412345.generic.-_-_-.-_-_-_-.B07030] 2014-07-08 23:28:09,834 meteo.-.1012345_4412345.generic.-_-_-.-_-_-_-.B07030.v 400.000000 1404854888 2014-07-08 23:28:09,863 CARBONKEY is [meteo.-.1137637_4449216.generic.-_-_-.-_-_-_-.B07030] 2014-07-08 23:28:09,926 meteo.-.1137637_4449216.generic.-_-_-.-_-_-_-.B07030.v 400.000000 1404854889 2014-07-08 23:28:11,133 CARBONKEY is [meteo.-.1137637_4449216.generic.254_0_0.103_3000_-_-.B12101] 2014-07-08 23:28:11,155 meteo.-.1137637_4449216.generic.254_0_0.103_3000_-_-.B12101.v 30115.000000 1404854891 2014-07-08 23:28:16,687 CARBONKEY is [meteo.-.1137637_4449216.generic.254_0_0.103_3000_-_-.B12101] 2014-07-08 23:28:16,733 meteo.-.1137637_4449216.generic.254_0_0.103_3000_-_-.B12101.v 30121.000000 1404854896 2014-07-08 23:28:24,895 CARBONKEY is [meteo.-.1137637_4449216.generic.254_0_0.103_3000_-_-.B12101] 2014-07-08 23:28:24,933 meteo.-.1137637_4449216.generic.254_0_0.103_3000_-_-.B12101.v 30121.000000 1404854904
node-red
yum install nodejs npm npm install -g --unsafe-perm node-red npm install -g node-red-admin
useradd nodered passwd nodered -l usermod -s /bin/false nodered
add in /home/nodered/.node-red/settings.js
httpRoot: '/nodered'
add /etc/systemd/system/nodered.service
[Service] ExecStart= /usr/bin/node-red Restart=always StandardOutput=syslog StandardError=syslog SyslogIdentifier=node-sample User=nodered Group=nodered Environment=NODE_ENV=production [Install] WantedBy=multi-user.target
enable apache proxy for node-red
add /etc/httpd/conf.d/nodered.conf
ProxyPass /nodered http://localhost:1880/nodered ProxyPassReverse /nodered http://localhost:1880/nodered
ProxyPass /nodered ws://localhost:1880/nodered ProxyPassReverse /nodered ws://localhost:1880/nodered