Gruppo Meteo/HowTo/server-centos

Da raspibo.
Jump to navigation Jump to search

Installazione RMAP server su centos 7

istallazione sistema operativo

add epel repository

cd /etc/yum.repos.d
wget http://rmap.it/repo/rmap/rmapcentos.repo
yum install yum-plugin-copr
yum copr enable simc/stable
#cd /tmp
#wget http://rmap.it/repo/rmap/yum-packages-centos.list
#yum -y install < yum-packages-centos.list

yum groupinstall rmap


/etc/selinux/config

SELINUX=disabled

/etc/tmpfiles.d/rmap.conf

d /run/wsgirmap 0755 rmap rmap -
d /var/run/rmap 0755 rmap rmap -
d /var/run/httpd 0755 rmap rmap -
mkdir /rmap
chmod go+rx /rmap

/etc/sysconfig/crond

CRONDARGS=-s -m off
mkdir /var/log/rmap
chown -R rmap:rmap /var/log/rmap

postgresql

yum install postgresql-server postgresql-contrib yum install python-psycopg2

/var/lib/pgsql/data/pg_hba.conf

# TYPE  DATABASE        USER            ADDRESS                 METHOD                                                                

# "local" is for Unix domain socket connections only                                                                                  
# allow postgres user to use "ident" authentication on Unix sockets                                                                   
local   all             postgres                                ident
# allow all other users to use "md5" authentication on Unix sockets                                                                   
local   all             all                                     md5
# IPv4 local connections:                                                                                                             
host    all             all             127.0.0.1/32            md5
# IPv6 local connections:                                                                                                             
host    all             all             ::1/128                 md5


/var/lib/pgsql/data/postgresql.conf

max_connections = 100
shared_buffers = 128MB
work_mem = 100MB
maintenance_work_mem = 200MB
effective_cache_size = 1GB


mkdir /etc/systemd/system/postgresql.service.d/

/etc/systemd/system/postgresql.service.d/rmap.conf

[Service]

# Location of database directory
Environment=PGDATA=/rmap/pgsql/data
mkdir /rmap/pgsql/
chown postgres:postgres /rmap/pgsql/
mv /var/lib/pgsql/data /rmap/pgsql/
su - postgres
initdb
exit
systemctl enable postgresql.service
systemctl start postgresql.service
su - postgres
createuser -P -e rmapadmin
createdb --owner=rmapadmin rmapadmin
exit

/etc/rmap/rmap-site.cfg

[database]
DATABASE_ENGINE = 'postgresql_psycopg2' # 'postgresql_psycopg2', 'postgresql', 'mysql', 'sqlite3' or 'ado_mssql'.                     
DATABASE_NAME = 'rmapadmin'             # Or path to database file if using sqlite3.                                                  
DATABASE_USER = 'rmapadmin'             # Not used with sqlite3.                                                                      
DATABASE_PASSWORD = 'rmapadmin'         # Not used with sqlite3.                                                                      
DATABASE_HOST = 'localhost'             # Set to empty string for localhost. Not used with sqlite3.                                   
DATABASE_PORT = '5432'                  # Set to empty string for default. Not used with sqlite3.                                     
rmapctrl --syncdb


su - postgres
createuser -P -e rmap
createdb --owner=rmap report_fixed
createdb --owner=rmap report_mobile
createdb --owner=rmap sample_fixed
createdb --owner=rmap sample_mobile


exit

apache

yum install mod_wsgi-4.4.21-1.el7.centos.x86_64.rpm
useradd -r rmap
mkdir /home/rmap
chown rmap:rmap /home/rmap

mkdir /rmap/cache
chown rmap:rmap /rmap/cache

/etc/httpd/conf.modules.d/00-mpm.conf

LoadModule mpm_worker_module modules/mod_mpm_worker.so

<IfModule mpm_worker_module>
#StartServers          2
#MaxClients          150
#MinSpareThreads      25
#MaxSpareThreads      75
#ThreadsPerChild      25
#MaxRequestsPerChild   0
ServerLimit         16
StartServers         2
MaxRequestWorkers  150
MinSpareThreads     10
MaxSpareThreads     35
ThreadsPerChild     15
MaxRequestWorkers      240
MaxConnectionsPerChild 10000
</IfModule>


/etc/httpd/conf.d/rmap.conf

ServerName rmap.it

WSGISocketPrefix /run/wsgirmap/rmap
WSGIDaemonProcess www.rmap.cc user=rmap group=rmap maximum-requests=100 graceful-timeout=200 processes=10 threads=5 request-timeout=180 socket-timeout=180 header-buffer-  size=65000
WSGIProcessGroup www.rmap.cc
WSGIApplicationGroup %{GLOBAL}


<VirtualHost *:80 >
   ServerName rmap.it
   ServerAlias rmap.cc rmapv.rmap.cc rmapv.rmap.it www.rmap.cc www.rmapv.rmap.cc www.rmap.it www.rmapv.rmap.it localhost localhost.localdomain 127.0.0.1 partecipa.rainbolife.eu
   Include conf.d/rmap.inc
</VirtualHost>

/etc/httpd/conf.d/rmap.inc

Alias /download /var/www/html/download
Alias /repo     /var/www/html/repo
Alias /showroom /var/www/html/showroom
Alias /arkiweb  /var/www/html/arkiweb

#Alias /static/admin /usr/lib/python2.7/site-packages/django/contrib/admin/static/admin
#<Directory "/usr/lib/python2.7/site-packages/django/contrib/admin/static/admin">
#	    Require all granted
#</Directory>

Alias /static   /usr/share/rmap/static
<Directory /usr/share/rmap/static>
       Require all granted
       SetHandler None
</Directory>

Alias /media /usr/share/rmap/media
<Directory /usr/share/rmap/media>
       Require all granted
       SetHandler None
</Directory>

WSGIScriptAlias / /usr/bin/rmap.wsgi
#WSGIImportScript /usr/bin/rmap.wsgi process-group=%{GLOBAL} application-group=%{GLOBAL}
#WSGIPythonPath /path/to/mysite.com

#WSGIDaemonProcess rmap processes=5 threads=5
#WSGIDaemonProcess rmap
#WSGIProcessGroup rmap

<Directory /usr/bin>
<Files rmap.wsgi>
Require all granted
</Files>
</Directory>

<Location /auth>
   Order Deny,Allow
   Deny from all
   Allow from 127.0.0.1
</Location>


chkconfig httpd on
service httpd start

Arkimet

useradd  -r arkimet
mkdir /home/arkimet
chown arkimet:arkimet /home/arkimet
mkdir /rmap/arkimet/
chown -R arkimet:arkimet /rmap/arkimet/

/etc/sysconfig/arkimet

DATASET_CONFIG="/rmap/arkimet/arkimet.conf"

ATTENZIONE ATTENZIONE questa ultima modifica si perde con un aggiornamento del pacchetto

add in /etc/arkimet/scan-bufr/generic.lua

   if report == "mobile"
   then
       area = bufr_read_area_mobile(msg)
   end

ATTENZIONE ATTENZIONE: questa ultima modifica è da fare a ogni aggiornamento del pacchetto

systemctl daemon-reload
chkconfig arkimet on
service arkimet start

Sincronizzazione DB

Server di origine

rmapctrl --dumpdata > dumpdata.json

rimuovere le prime righe che non sono json

dbadb export --dsn="mysql:///report_fixed?user=rmap&password=****" > report_fixed.bufr
dbadb export --dsn="mysql:///report_mobile?user=rmap&password=****" > report_mobile.bufr
dbadb export --dsn="mysql:///sample_fixed?user=rmap&password=****" > sample_fixed.bufr
dbadb export --dsn="mysql:///sample_mobile?user=rmap&password=****" > sample_mobile.bufr


Server di destinazione

Da interfaccia web admin rimuovere TUTTI gli utenti (compreso rmap)

rmapctrl --loaddata=dumpdata.json


dbadb import --wipe-first --dsn="postgresql://rmap:***@localhost/report_fixed" report_fixed.bufr
dbadb import --wipe-first --dsn="postgresql://rmap:***@localhost/report_mobile" report_mobile.bufr
dbadb import --wipe-first --dsn="postgresql://rmap:***@localhost/sample_mobile" sample_mobile.bufr
dbadb import --wipe-first --dsn="postgresql://rmap:***@localhost/sample_fixed" sample_fixed.bufr
cd /usr/share/rmap/
rsync -av utente@serverorigine:/usr/share/rmap/media .

Mosquitto

wget http://download.opensuse.org/repositories/home:/oojah:/mqtt/CentOS_CentOS-7/home:oojah:mqtt.repo -o /etc/yum.repos.d/mqtt.repo
yum install mosquitto libmosquitto-devel libmosquittopp-devel mosquitto-clients
mkdir git
cd git
git clone https://github.com/jpmens/mosquitto-auth-plug.git
cp  config.mk.in  config.mk
emacs config.mk  (disable mysql; enable http)   

apply this patch:

diff --git a/auth-plug.c b/auth-plug.c
index 744f115..a36c039 100644
--- a/auth-plug.c
+++ b/auth-plug.c
@@ -585,6 +585,7 @@ int mosquitto_auth_acl_check(void *userdata, const char *clientid, const char *u
         * id to bypass ACL checks (or have a username/client id that cannot
         * publish or receive messages to its own place in the hierarchy).
         */
+       /*
        if(username && strpbrk(username, "+#/")){
                _log(MOSQ_LOG_NOTICE, "ACL denying access to client with dangerous username \"%s\"", username);
                return MOSQ_DENY_ACL;
@@ -594,6 +595,7 @@ int mosquitto_auth_acl_check(void *userdata, const char *clientid, const char *u
                _log(MOSQ_LOG_NOTICE, "ACL denying access to client with dangerous client id \"%s\"", clientid);
                return MOSQ_DENY_ACL;
        }
+       */
 
        _log(LOG_DEBUG, "mosquitto_auth_acl_check(..., %s, %s, %s, %s)",
                clientid ? clientid : "NULL",

make
cp auth-plug.so /usr/lib64/
mkdir /etc/mosquitto/conf.d
mkdir /rmap/mosquitto
chown mosquitto:mosquitto /rmap/mosquitto

/etc/mosquitto/conf.d/rmap.conf

persistent_client_expiration 1d
allow_anonymous true
password_file /etc/mosquitto/pwfile
acl_file /etc/mosquitto/aclfile
log_type error
log_type warning
auth_plugin /usr/lib64/auth-plug.so
auth_opt_backends http
auth_opt_http_hostname localhost
auth_opt_http_ip 127.0.0.1
auth_opt_http_port 80
auth_opt_http_getuser_uri /auth/auth
auth_opt_http_superuser_uri /auth/superuser
auth_opt_http_aclcheck_uri /auth/acl
persistence true
persistence_location /rmap/mosquitto/

/etc/mosquitto/aclfile

topic read #
topic write test/#

# This only affects clients with username "rmap".
user rmap
topic #
 
pattern write rmap/%u/#
pattern write sample/%u/#

pattern write report/%u/#
pattern write fixed/%u/#

pattern write mobile/%u/#

pattern write maint/%u/#

pattern write rpc/%u/#

remove everythings and add in /etc/mosquitto/mosquitto.conf

include_dir /etc/mosquitto/conf.d
pid_file /var/run/mosquitto.pid
chkconfig mosquitto on
service mosquitto start

if the package use systemd: create /etc/systemd/system/mosquitto.service.d/rmap.conf

[Service] 
Restart=always 
RestartSec=15

if the package use systemV: /etc/monit.d/mosquitto

check process mosquitto with pidfile /var/run/mosquitto.pid
   start program = "/etc/init.d/mosquitto restart"
   stop program = "/etc/init.d/mosquitto stop"
   if failed host localhost port 1883 timeout 30 seconds retry 3 then restart

Rabbitmq

curl -s https://packagecloud.io/install/repositories/rabbitmq/rabbitmq-server/script.rpm.sh |bash
wget https://packages.erlang-solutions.com/erlang-solutions-1.0-1.noarch.rpm
rpm -Uvh erlang-solutions-1.0-1.noarch.rpm
yum install rabbitmq-server


in /etc/rabbitmq/rabbitmq.config

[
  {rabbit, 
    [
      {auth_backends, [rabbit_auth_backend_internal, rabbit_auth_backend_http]},
      {loopback_users, []}
    ]
  },
  {rabbitmq_auth_backend_http,
    [{user_path,     "http://localhost/auth/user"},
      {vhost_path,    "http://localhost/auth/vhost"},
      {resource_path, "http://localhost/auth/resource"}
    ]
  }
].


rabbitmq-plugins enable rabbitmq_auth_backend_http
rabbitmq-plugins enable rabbitmq_management
rabbitmq-plugins enable rabbitmq_management_visualiser
rabbitmq-plugins enable rabbitmq_shovel
rabbitmq-plugins enable rabbitmq_shovel_management

forse:

chown rabbitmq:rabbitmq /var/lib/rabbitmq/.erlang.cookie
chmod 600 /var/lib/rabbitmq/.erlang.cookie
chkconfig rabbitmq-server on
service rabbitmq-server start


login at management interface with user "guest" and password "guest" on overview page use import definition to configure exchange, queue and users with the same management interface remove "guest" user and login with a new real user

Per attivare uno showell:

rabbitmqctl set_parameter shovel report_mobile '{"src-protocol": "amqp091", "src-uri": "amqp://rmap:<password>@rmap.cc", "src-queue": "report_mobile_saved", 
"dest-protocol": "amqp091", "dest-uri": "amqp://rmap:<password>@", "dest-queue": "report_mobile"}'

problema non risolto: se si trasferiscono dati scritti da un utente autenticandosi con un altro utente la security su user_id lo vieta. https://www.rabbitmq.com/shovel-dynamic.html bisognerebbe riuscire a settare "user_id" tramite il parametro "dest-publish-properties" nel formato json sopra ma non funziona

Monit

yum install monit

comment everithings and add in /etc/monitrc

set daemon  60              # check services at 1-minute intervals
set log syslog
set httpd port 5925 and
   allow rmap:<password>        # require user 'admin' with password 'monit'
   allow @monit           # allow users of group 'monit' to connect (rw)
   allow @users readonly  # allow users of group 'users' to connect readonly
include /etc/monit.d/*
rm /etc/monit.d/logging
wget https://raw.githubusercontent.com/r-map/rmap/master/server/etc/monit.d/rmap
chkconfig monit on
service monit start

Cron

cd /etc/cron.d
https://raw.githubusercontent.com/r-map/rmap/master/server/etc/cron.d/arpae_aq_ckan
https://raw.githubusercontent.com/r-map/rmap/master/server/etc/cron.d/dballe2arkimet
https://raw.githubusercontent.com/r-map/rmap/master/server/etc/cron.d/luftdatem
https://raw.githubusercontent.com/r-map/rmap/master/server/etc/cron.d/rmap_generate_summary_cache

Arkiweb

yum install arkimet

/etc/httpd/conf.d/arkiweb.conf

ScriptAlias /services/arkiweb/ /usr/lib64/arkiweb/
Alias /arkiweb  /var/www/html/arkiweb

<Directory "/usr/lib64/arkiweb">
       AllowOverride None
       Options +ExecCGI

       Order allow,deny
       Allow from all

       # ARKIWEB_CONFIG is mandatory!
       SetEnv ARKIWEB_CONFIG /rmap/arkimet/arkiweb.config
       

       Require all granted

       # Authentication (optional)
       #
       # Basic authentication example:
       # SetEnv ARKIWEB_RESTRICT REMOTE_USER
       # AuthType Basic
       # AuthUserFile /etc/arkiweb.passwords
       # require valid-user
</Directory>

Alias /arkiwebjs/ /usr/share/arkiweb/public/
<Directory "/usr/share/arkiweb/public">
          #Require all granted
          AllowOverride None

          Order allow,deny
          Allow from all

          Require all granted

</Directory>
mkdir /var/www/html/arkiweb/
cp /usr/share/doc/arkiweb/html/example/index.html /var/www/html/arkiweb/index.html

/rmap/arkimet/arkiweb.config

[arpav]
bounding = POLYGON ((12.3693200000000001 44.9166299999999978, 11.3025699999999993 45.0306599999999975, 11.0090299999999992 45.2172600000000031, 10.8328900000000008 45.3717499999999987, 10.7659300000000009 45.5176999999999978, 11.8763699999999996 46.4992599999999996, 12.4241600000000005 46.6514799999999994, 12.7082800000000002 46.5699699999999979, 13.0772700000000004 45.6406399999999977, 12.3693200000000001 44.9166299999999978))
filter = product: BUFR:t=arpav
index = reftime, area, product, origin, proddef
name = arpav
path = http://arkiserver:8090/dataset/arpav
postprocess = json, bufr, bufr-filter
replace = yes
server = http://arkiserver:8090
step = daily
type = remote
unique = reftime, area, product, origin, proddef

[meteonetwork]
bounding = POLYGON ((12.0994399999999995 43.7931499999999971, 9.8880599999999994 44.5129299999999972, 9.4983599999999999 44.6443500000000029, 9.4705399999999997 44.6982100000000031, 9.4444999999999997 44.9392799999999966, 9.4909800000000004 45.0587200000000010, 11.8647899999999993 46.5125900000000030, 12.1300000000000008 46.5499999999999972, 12.9021600000000003 45.6111099999999965, 12.7495600000000007 43.9628200000000007, 12.6686999999999994 43.8718500000000020, 12.6577099999999998 43.8649699999999996, 12.0994399999999995 43.7931499999999971))
filter = product: BUFR:t=mnw
index = reftime, area, product, origin, proddef
name = meteonetwork
path = http://arkiserver:8090/dataset/meteonetwork
postprocess = json, bufr, bufr-filter
replace = yes
server = http://arkiserver:8090
step = daily
type = remote
unique = reftime, area, product, origin, proddef

[opendata-er]
bounding = POLYGON ((1.1372199999999999 4.4391400000000001, 8.4514200000000006 44.2992399999999975, 9.2314900000000009 44.8656700000000015, 9.5297699999999992 45.0566800000000001, 9.7055399999999992 45.0605199999999968, 11.8957999999999995 44.9680000000000035, 12.1221499999999995 44.9429000000000016, 12.2213899999999995 44.8950600000000009, 12.7393999999999998 43.9584699999999984, 1.1372199999999999 4.4391400000000001))
filter = product: BUFR:t=spdsra or BUFR:t=locali or BUFR:t=agrmet or BUFR:t=profe or BUFR:t=simnpr or BUFR:t=simnbo or BUFR:t=rer or BUFR:t=simc or BUFR:t=urbane or BUFR:t=arpae or BUFR:t=boa or BUFR:t=cer or BUFR:t=provpc or BUFR:t=syrep or BUFR:t=umsuol
index = reftime, area, product, origin, proddef
name = opendata-er
path = http://arkiserver:8090/dataset/opendata-er
postprocess = json, bufr, bufr-filter
replace = yes
server = http://arkiserver:8090
step = daily
type = remote
unique = reftime, area, product, origin, proddef

[opendata-aq-er]
bounding = POLYGON ((1.1372199999999999 4.4391400000000001, 8.4514200000000006 44.2992399999999975, 9.2314900000000009 44.8656700000000015, 9.5297699999999992 45.0566800000000001, 9.7055399999999992 45.0605199999999968, 11.8957999999999995 44.9680000000000035, 12.1221499999999995 44.9429000000000016, 12.2213899999999995 44.8950600000000009, 12.7393999999999998 43.9584699999999984, 1.1372199999999999 4.4391400000000001))
filter = product: BUFR:t=arpae-aq
index = reftime, area, product, origin, proddef
name = opendata-aq-er
path = http://arkiserver:8090/dataset/opendata-er
postprocess = json, bufr, bufr-filter
replace = yes
server = http://arkiserver:8090
step = daily
type = remote
unique = reftime, area, product, origin, proddef

[luftdaten]
bounding = POLYGON ((1.1372199999999999 4.4391400000000001, 8.4514200000000006 44.2992399999999975, 9.2314900000000009 44.8656700000000015, 9.5297699999999992 45.0566800000000001, 9.7055399999999992 45.0605199999999968, 11.8957999999999995 44.9680000000000035, 12.1221499999999995 44.9429000000000016, 12.2213899999999995 44.8950600000000009, 12.7393999999999998 43.9584699999999984, 1.1372199999999999 4.4391400000000001))
filter = product: BUFR:t=luftdaten
index = reftime, area, product, origin, proddef
name = luftdaten
path = http://arkiserver:8090/dataset/luftdaten
postprocess = json, bufr, bufr-filter
replace = yes
server = http://arkiserver:8090
step = daily
type = remote
unique = reftime, area, product, origin, proddef

[report_fixed]
bounding = POLYGON ((11.2500000000000000 44.3458499999999987, 11.2939500000000006 44.5252300000000005, 11.5576200000000000 44.8620999999999981, 11.6186500000000006 44.8371899999999997, 11.6233599999999999 44.6534600000000026, 11.6230100000000007 44.6530500000000004, 11.2500000000000000 44.3458499999999987))
filter = product: BUFR:t=rmap or BUFR:t=fixed
index = reftime, area, product, origin, proddef
name = report_fixed
path = http://arkiserver:8090/dataset/report_fixed
postprocess = json, bufr, bufr-filter
replace = yes
server = http://arkiserver:8090
step = daily
type = remote
unique = reftime, area, product, origin, proddef

[report_mobile]
filter = product: BUFR:t=rmap or BUFR:t=mobile
index = reftime, area, product, origin, proddef
name = report_mobile
path = http://arkiserver:8090/dataset/report_mobile
postprocess = json, bufr, bufr-filter
replace = yes
server = http://arkiserver:8090
step = daily
type = remote
unique = reftime, area, product, origin, proddef


[sample_fixed]
bounding = POLYGON ((0.0000000000000000 0.0000000000000000, 9.1569500000000001 45.4436499999999981, 9.1570599999999995 45.4440700000000035, 11.6006800000000005 46.3956500000000034,   11.6742399999999993 46.4202500000000029, 11.6745000000000001 46.4202900000000014, 11.6747899999999998 46.4201400000000035, 12.4200400000000002 44.1349099999999979, 12.4458099999999998  43.9353399999999965, 12.5000000000000000 41.8999999999999986, 0.0000000000000000 0.0000000000000000))
filter = product: BUFR:t=rmap or BUFR:t=fixed or BUFR:t=arpae
index = reftime, area, product, origin, proddef
name = sample_fixed
path = http://arkiserver:8090/dataset/sample_fixed
postprocess = json, bufr, bufr-filter
replace = yes
server = http://arkiserver:8090
step = daily
type = remote
unique = reftime, area, product, origin, proddef

[sample_mobile]
filter = product: BUFR:t=rmap or BUFR:t=mobile or BUFR:t=arpae
index = reftime, area, product, origin, proddef
name = sample_mobile
path = http://arkiserver:8090/dataset/sample_mobile
postprocess = json, bufr, bufr-filter
replace = yes
server = http://arkiserver:8090
step = daily
type = remote
unique = reftime, area, product, origin, proddef