Gruppo Meteo/HowTo/server-centos
Installazione RMAP server su centos 7
istallazione sistema operativo
useradd rmap
add epel repository
cd /etc/yum.repos.d wget http://rmap.it/repo/rmap/rmapcentos.repo
yum install yum-plugin-copr yum copr enable simc/stable
#cd /tmp #wget http://rmap.it/repo/rmap/yum-packages-centos.list #yum -y install < yum-packages-centos.list yum groupinstall rmap
/etc/selinux/config
SELINUX=disabled
/etc/tmpfiles.d/rmap.conf
d /run/wsgirmap 0755 rmap rmap - d /var/run/rmap 0755 rmap rmap - d /var/run/httpd 0755 rmap rmap -
mkdir /rmap chmod go+rx /rmap
/etc/sysconfig/crond
CRONDARGS=-s -m off
mkdir /var/log/rmap chown -R rmap:rmap /var/log/rmap
postgresql
yum install postgresql-server postgresql-contrib yum install python-psycopg2
/var/lib/pgsql/data/pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD # "local" is for Unix domain socket connections only # allow postgres user to use "ident" authentication on Unix sockets local all postgres ident # allow all other users to use "md5" authentication on Unix sockets local all all md5 # IPv4 local connections: host all all 127.0.0.1/32 md5 # IPv6 local connections: host all all ::1/128 md5
/var/lib/pgsql/data/postgresql.conf
max_connections = 100 shared_buffers = 128MB work_mem = 100MB maintenance_work_mem = 200MB effective_cache_size = 1GB
mkdir /etc/systemd/system/postgresql.service.d/
/etc/systemd/system/postgresql.service.d/rmap.conf
[Service] # Location of database directory Environment=PGDATA=/rmap/pgsql/data
mkdir /rmap/pgsql/ chown postgres:postgres /rmap/pgsql/ mv /var/lib/pgsql/data /rmap/pgsql/
su - postgres initdb exit
systemctl enable postgresql.service systemctl start postgresql.service
su - postgres createuser -P -e rmapadmin createdb --owner=rmapadmin rmapadmin exit
/etc/rmap/rmap-site.cfg
[database] DATABASE_ENGINE = 'postgresql_psycopg2' # 'postgresql_psycopg2', 'postgresql', 'mysql', 'sqlite3' or 'ado_mssql'. DATABASE_NAME = 'rmapadmin' # Or path to database file if using sqlite3. DATABASE_USER = 'rmapadmin' # Not used with sqlite3. DATABASE_PASSWORD = 'rmapadmin' # Not used with sqlite3. DATABASE_HOST = 'localhost' # Set to empty string for localhost. Not used with sqlite3. DATABASE_PORT = '5432' # Set to empty string for default. Not used with sqlite3.
rmapctrl --syncdb
su - postgres createuser -P -e rmap createdb --owner=rmap report_fixed createdb --owner=rmap report_mobile createdb --owner=rmap sample_fixed createdb --owner=rmap sample_mobile
exit
apache
yum install python34-mod_wsgi
useradd -r rmap mkdir /home/rmap chown rmap:rmap /home/rmap mkdir /rmap/cache chown rmap:rmap /rmap/cache
/etc/httpd/conf.modules.d/00-mpm.conf
LoadModule mpm_worker_module modules/mod_mpm_worker.so <IfModule mpm_worker_module> #StartServers 2 #MaxClients 150 #MinSpareThreads 25 #MaxSpareThreads 75 #ThreadsPerChild 25 #MaxRequestsPerChild 0 ServerLimit 16 StartServers 2 MaxRequestWorkers 150 MinSpareThreads 10 MaxSpareThreads 35 ThreadsPerChild 15 MaxRequestWorkers 240 MaxConnectionsPerChild 10000 </IfModule>
/etc/httpd/conf.d/rmap.conf
ServerName rmap.it
WSGISocketPrefix /run/wsgirmap/rmap
WSGIDaemonProcess www.rmap.cc user=rmap group=rmap maximum-requests=100 graceful-timeout=200 processes=10 threads=5 request-timeout=180 socket-timeout=180 header-buffer-  size=65000
WSGIProcessGroup www.rmap.cc
WSGIApplicationGroup %{GLOBAL}
<VirtualHost *:80 >
   ServerName rmap.it
   ServerAlias rmap.cc rmapv.rmap.cc rmapv.rmap.it www.rmap.cc www.rmapv.rmap.cc www.rmap.it www.rmapv.rmap.it localhost localhost.localdomain 127.0.0.1 partecipa.rainbolife.eu
   Include conf.d/rmap.inc
</VirtualHost>
/etc/httpd/conf.d/rmap.inc
Alias /download /var/www/html/download
Alias /repo     /var/www/html/repo
Alias /showroom /var/www/html/showroom
Alias /arkiweb  /var/www/html/arkiweb
#Alias /static/admin /usr/lib/python2.7/site-packages/django/contrib/admin/static/admin
#<Directory "/usr/lib/python2.7/site-packages/django/contrib/admin/static/admin">
#	    Require all granted
#</Directory>
Alias /static   /usr/share/rmap/static
<Directory /usr/share/rmap/static>
       Require all granted
       SetHandler None
</Directory>
Alias /media /usr/share/rmap/media
<Directory /usr/share/rmap/media>
       Require all granted
       SetHandler None
</Directory>
WSGIScriptAlias / /usr/bin/rmap.wsgi
#WSGIImportScript /usr/bin/rmap.wsgi process-group=%{GLOBAL} application-group=%{GLOBAL}
#WSGIPythonPath /path/to/mysite.com
#WSGIDaemonProcess rmap processes=5 threads=5
#WSGIDaemonProcess rmap
#WSGIProcessGroup rmap
<Directory /usr/bin>
<Files rmap.wsgi>
Require all granted
</Files>
</Directory>
<Location /auth>
   Order Deny,Allow
   Deny from all
   Allow from 127.0.0.1
</Location>
chkconfig httpd on service httpd start
Arkimet
useradd -r arkimet mkdir /home/arkimet chown arkimet:arkimet /home/arkimet mkdir /rmap/arkimet/ chown -R arkimet:arkimet /rmap/arkimet/
/etc/sysconfig/arkimet
DATASET_CONFIG="/rmap/arkimet/arkimet.conf"
ATTENZIONE ATTENZIONE questa ultima modifica si perde con un aggiornamento del pacchetto
add in /etc/arkimet/scan-bufr/generic.lua
   local area = nil
   if report:enqc() == "mobile"
   then
       area = bufr_read_area_mobile(msg)
   else
       area = bufr_read_area_fixed(msg)
   end
ATTENZIONE ATTENZIONE: questa ultima modifica è da fare a ogni aggiornamento del pacchetto
systemctl daemon-reload chkconfig arkimet on service arkimet start
Sincronizzazione DB
Server di origine
rmapctrl --dumpdata > dumpdata.json
rimuovere le prime righe che non sono json
dbadb export --dsn="mysql:///report_fixed?user=rmap&password=****" > report_fixed.bufr dbadb export --dsn="mysql:///report_mobile?user=rmap&password=****" > report_mobile.bufr dbadb export --dsn="mysql:///sample_fixed?user=rmap&password=****" > sample_fixed.bufr dbadb export --dsn="mysql:///sample_mobile?user=rmap&password=****" > sample_mobile.bufr
Server di destinazione
Da interfaccia web admin rimuovere TUTTI gli utenti (compreso rmap)
rmapctrl --loaddata=dumpdata.json
dbadb import --wipe-first --dsn="postgresql://rmap:***@localhost/report_fixed" report_fixed.bufr dbadb import --wipe-first --dsn="postgresql://rmap:***@localhost/report_mobile" report_mobile.bufr dbadb import --wipe-first --dsn="postgresql://rmap:***@localhost/sample_mobile" sample_mobile.bufr dbadb import --wipe-first --dsn="postgresql://rmap:***@localhost/sample_fixed" sample_fixed.bufr
cd /usr/share/rmap/ rsync -av utente@serverorigine:/usr/share/rmap/media .
Mosquitto
add exclude=mosquitto in /etc/yum.repos.d/epel.repo
wget "http://download.opensuse.org/repositories/home:/oojah:/mqtt/CentOS_CentOS-7/home:oojah:mqtt.repo" -o /etc/yum.repos.d/mqtt.repo yum install mosquitto libmosquitto-devel libmosquittopp-devel mosquitto-clients mkdir git cd git git clone https://github.com/jpmens/mosquitto-auth-plug.git cp config.mk.in config.mk emacs config.mk (disable mysql; enable http)
apply this patch:
diff --git a/auth-plug.c b/auth-plug.c
index 744f115..a36c039 100644
--- a/auth-plug.c
+++ b/auth-plug.c
@@ -585,6 +585,7 @@ int mosquitto_auth_acl_check(void *userdata, const char *clientid, const char *u
         * id to bypass ACL checks (or have a username/client id that cannot
         * publish or receive messages to its own place in the hierarchy).
         */
+       /*
        if(username && strpbrk(username, "+#/")){
                _log(MOSQ_LOG_NOTICE, "ACL denying access to client with dangerous username \"%s\"", username);
                return MOSQ_DENY_ACL;
@@ -594,6 +595,7 @@ int mosquitto_auth_acl_check(void *userdata, const char *clientid, const char *u
                _log(MOSQ_LOG_NOTICE, "ACL denying access to client with dangerous client id \"%s\"", clientid);
                return MOSQ_DENY_ACL;
        }
+       */
 
        _log(LOG_DEBUG, "mosquitto_auth_acl_check(..., %s, %s, %s, %s)",
                clientid ? clientid : "NULL",
make cp auth-plug.so /usr/lib64/ mkdir /etc/mosquitto/conf.d mkdir /rmap/mosquitto chown mosquitto:mosquitto /rmap/mosquitto
/etc/mosquitto/conf.d/rmap.conf
persistent_client_expiration 1d allow_anonymous true password_file /etc/mosquitto/pwfile acl_file /etc/mosquitto/aclfile log_type error log_type warning auth_plugin /usr/lib64/auth-plug.so auth_opt_backends http auth_opt_http_hostname localhost auth_opt_http_ip 127.0.0.1 auth_opt_http_port 80 auth_opt_http_getuser_uri /auth/auth auth_opt_http_superuser_uri /auth/superuser auth_opt_http_aclcheck_uri /auth/acl persistence true persistence_location /rmap/mosquitto/
/etc/mosquitto/aclfile
topic read # topic write test/# # This only affects clients with username "rmap". user rmap topic # pattern write rmap/%u/# pattern write sample/%u/# pattern write report/%u/# pattern write fixed/%u/# pattern write mobile/%u/# pattern write maint/%u/# pattern write rpc/%u/#
remove everythings and add in /etc/mosquitto/mosquitto.conf
include_dir /etc/mosquitto/conf.d pid_file /var/run/mosquitto.pid
touch /etc/mosquitto/pwfile
chkconfig mosquitto on service mosquitto start
if the package use systemd: create /etc/systemd/system/mosquitto.service.d/rmap.conf
[Service] Restart=always RestartSec=15
if the package use systemV: /etc/monit.d/mosquitto
check process mosquitto with pidfile /var/run/mosquitto.pid start program = "/etc/init.d/mosquitto restart" stop program = "/etc/init.d/mosquitto stop" if failed host localhost port 1883 timeout 30 seconds retry 3 then restart
Rabbitmq
curl -s https://packagecloud.io/install/repositories/rabbitmq/rabbitmq-server/script.rpm.sh |bash wget https://packages.erlang-solutions.com/erlang-solutions-1.0-1.noarch.rpm rpm -Uvh erlang-solutions-1.0-1.noarch.rpm yum install rabbitmq-server
in /etc/rabbitmq/rabbitmq.config
[
  {rabbit, 
    [
      {auth_backends, [rabbit_auth_backend_internal, rabbit_auth_backend_http]},
      {loopback_users, []}
    ]
  },
  {rabbitmq_auth_backend_http,
    [{user_path,     "http://localhost/auth/user"},
      {vhost_path,    "http://localhost/auth/vhost"},
      {resource_path, "http://localhost/auth/resource"}
    ]
  }
].
rabbitmq-plugins enable rabbitmq_auth_backend_http rabbitmq-plugins enable rabbitmq_management rabbitmq-plugins enable rabbitmq_management_visualiser rabbitmq-plugins enable rabbitmq_shovel rabbitmq-plugins enable rabbitmq_shovel_management
chkconfig rabbitmq-server on service rabbitmq-server start
login at management interface with user "guest" and password "guest"
on overview page use import definition to configure exchange, queue and users
with the same management interface remove "guest" user and login with a new real user
Per attivare uno showell:
rabbitmqctl set_parameter shovel report_mobile '{"src-protocol": "amqp091", "src-uri": "amqp://rmap:<password>@rmap.cc", "src-queue": "report_mobile_saved", 
"dest-protocol": "amqp091", "dest-uri": "amqp://rmap:<password>@", "dest-queue": "report_mobile"}'
problema non risolto: se si trasferiscono dati scritti da un utente autenticandosi con un altro utente la security su user_id lo vieta. https://www.rabbitmq.com/shovel-dynamic.html bisognerebbe riuscire a settare "user_id" tramite il parametro "dest-publish-properties" nel formato json sopra ma non funziona
Monit
yum install monit
comment everithings and add in /etc/monitrc
set daemon 60 # check services at 1-minute intervals set log syslog set httpd port 5925 and allow rmap:<password> # require user 'admin' with password 'monit' allow @monit # allow users of group 'monit' to connect (rw) allow @users readonly # allow users of group 'users' to connect readonly include /etc/monit.d/*
rm /etc/monit.d/logging
wget https://raw.githubusercontent.com/r-map/rmap/master/server/etc/monit.d/rmap
chkconfig monit on service monit start
Cron
cd /etc/cron.d https://raw.githubusercontent.com/r-map/rmap/master/server/etc/cron.d/arpae_aq_ckan https://raw.githubusercontent.com/r-map/rmap/master/server/etc/cron.d/dballe2arkimet https://raw.githubusercontent.com/r-map/rmap/master/server/etc/cron.d/luftdatem https://raw.githubusercontent.com/r-map/rmap/master/server/etc/cron.d/rmap_generate_summary_cache
Arkiweb
yum install arkimet arkiweb
/etc/httpd/conf.d/arkiweb.conf
ScriptAlias /services/arkiweb/ /usr/lib64/arkiweb/
Alias /arkiweb  /var/www/html/arkiweb
<Directory "/usr/lib64/arkiweb">
       AllowOverride None
       Options +ExecCGI
       Order allow,deny
       Allow from all
       # ARKIWEB_CONFIG is mandatory!
       SetEnv ARKIWEB_CONFIG /rmap/arkimet/arkiweb.config
       
       Require all granted
       # Authentication (optional)
       #
       # Basic authentication example:
       # SetEnv ARKIWEB_RESTRICT REMOTE_USER
       # AuthType Basic
       # AuthUserFile /etc/arkiweb.passwords
       # require valid-user
</Directory>
Alias /arkiwebjs/ /usr/share/arkiweb/public/
<Directory "/usr/share/arkiweb/public">
          #Require all granted
          AllowOverride None
          Order allow,deny
          Allow from all
          Require all granted
</Directory>
mkdir /var/www/html/arkiweb/ cp /usr/share/doc/arkiweb/html/example/index.html /var/www/html/arkiweb/index.html
/rmap/arkimet/arkiweb.config
[arpav] bounding = POLYGON ((12.3693200000000001 44.9166299999999978, 11.3025699999999993 45.0306599999999975, 11.0090299999999992 45.2172600000000031, 10.8328900000000008 45.3717499999999987, 10.7659300000000009 45.5176999999999978, 11.8763699999999996 46.4992599999999996, 12.4241600000000005 46.6514799999999994, 12.7082800000000002 46.5699699999999979, 13.0772700000000004 45.6406399999999977, 12.3693200000000001 44.9166299999999978)) filter = product: BUFR:t=arpav index = reftime, area, product, origin, proddef name = arpav path = http://arkiserver:8090/dataset/arpav postprocess = json, bufr, bufr-filter replace = yes server = http://arkiserver:8090 step = daily type = remote unique = reftime, area, product, origin, proddef [meteonetwork] bounding = POLYGON ((12.0994399999999995 43.7931499999999971, 9.8880599999999994 44.5129299999999972, 9.4983599999999999 44.6443500000000029, 9.4705399999999997 44.6982100000000031, 9.4444999999999997 44.9392799999999966, 9.4909800000000004 45.0587200000000010, 11.8647899999999993 46.5125900000000030, 12.1300000000000008 46.5499999999999972, 12.9021600000000003 45.6111099999999965, 12.7495600000000007 43.9628200000000007, 12.6686999999999994 43.8718500000000020, 12.6577099999999998 43.8649699999999996, 12.0994399999999995 43.7931499999999971)) filter = product: BUFR:t=mnw index = reftime, area, product, origin, proddef name = meteonetwork path = http://arkiserver:8090/dataset/meteonetwork postprocess = json, bufr, bufr-filter replace = yes server = http://arkiserver:8090 step = daily type = remote unique = reftime, area, product, origin, proddef [opendata-er] bounding = POLYGON ((1.1372199999999999 4.4391400000000001, 8.4514200000000006 44.2992399999999975, 9.2314900000000009 44.8656700000000015, 9.5297699999999992 45.0566800000000001, 9.7055399999999992 45.0605199999999968, 11.8957999999999995 44.9680000000000035, 12.1221499999999995 44.9429000000000016, 12.2213899999999995 44.8950600000000009, 12.7393999999999998 43.9584699999999984, 1.1372199999999999 4.4391400000000001)) filter = product: BUFR:t=spdsra or BUFR:t=locali or BUFR:t=agrmet or BUFR:t=profe or BUFR:t=simnpr or BUFR:t=simnbo or BUFR:t=rer or BUFR:t=simc or BUFR:t=urbane or BUFR:t=arpae or BUFR:t=boa or BUFR:t=cer or BUFR:t=provpc or BUFR:t=syrep or BUFR:t=umsuol index = reftime, area, product, origin, proddef name = opendata-er path = http://arkiserver:8090/dataset/opendata-er postprocess = json, bufr, bufr-filter replace = yes server = http://arkiserver:8090 step = daily type = remote unique = reftime, area, product, origin, proddef [opendata-aq-er] bounding = POLYGON ((1.1372199999999999 4.4391400000000001, 8.4514200000000006 44.2992399999999975, 9.2314900000000009 44.8656700000000015, 9.5297699999999992 45.0566800000000001, 9.7055399999999992 45.0605199999999968, 11.8957999999999995 44.9680000000000035, 12.1221499999999995 44.9429000000000016, 12.2213899999999995 44.8950600000000009, 12.7393999999999998 43.9584699999999984, 1.1372199999999999 4.4391400000000001)) filter = product: BUFR:t=arpae-aq index = reftime, area, product, origin, proddef name = opendata-aq-er path = http://arkiserver:8090/dataset/opendata-er postprocess = json, bufr, bufr-filter replace = yes server = http://arkiserver:8090 step = daily type = remote unique = reftime, area, product, origin, proddef [luftdaten] bounding = POLYGON ((1.1372199999999999 4.4391400000000001, 8.4514200000000006 44.2992399999999975, 9.2314900000000009 44.8656700000000015, 9.5297699999999992 45.0566800000000001, 9.7055399999999992 45.0605199999999968, 11.8957999999999995 44.9680000000000035, 12.1221499999999995 44.9429000000000016, 12.2213899999999995 44.8950600000000009, 12.7393999999999998 43.9584699999999984, 1.1372199999999999 4.4391400000000001)) filter = product: BUFR:t=luftdaten index = reftime, area, product, origin, proddef name = luftdaten path = http://arkiserver:8090/dataset/luftdaten postprocess = json, bufr, bufr-filter replace = yes server = http://arkiserver:8090 step = daily type = remote unique = reftime, area, product, origin, proddef [report_fixed] bounding = POLYGON ((11.2500000000000000 44.3458499999999987, 11.2939500000000006 44.5252300000000005, 11.5576200000000000 44.8620999999999981, 11.6186500000000006 44.8371899999999997, 11.6233599999999999 44.6534600000000026, 11.6230100000000007 44.6530500000000004, 11.2500000000000000 44.3458499999999987)) filter = product: BUFR:t=rmap or BUFR:t=fixed index = reftime, area, product, origin, proddef name = report_fixed path = http://arkiserver:8090/dataset/report_fixed postprocess = json, bufr, bufr-filter replace = yes server = http://arkiserver:8090 step = daily type = remote unique = reftime, area, product, origin, proddef [report_mobile] filter = product: BUFR:t=rmap or BUFR:t=mobile index = reftime, area, product, origin, proddef name = report_mobile path = http://arkiserver:8090/dataset/report_mobile postprocess = json, bufr, bufr-filter replace = yes server = http://arkiserver:8090 step = daily type = remote unique = reftime, area, product, origin, proddef [sample_fixed] bounding = POLYGON ((0.0000000000000000 0.0000000000000000, 9.1569500000000001 45.4436499999999981, 9.1570599999999995 45.4440700000000035, 11.6006800000000005 46.3956500000000034, 11.6742399999999993 46.4202500000000029, 11.6745000000000001 46.4202900000000014, 11.6747899999999998 46.4201400000000035, 12.4200400000000002 44.1349099999999979, 12.4458099999999998 43.9353399999999965, 12.5000000000000000 41.8999999999999986, 0.0000000000000000 0.0000000000000000)) filter = product: BUFR:t=rmap or BUFR:t=fixed or BUFR:t=arpae index = reftime, area, product, origin, proddef name = sample_fixed path = http://arkiserver:8090/dataset/sample_fixed postprocess = json, bufr, bufr-filter replace = yes server = http://arkiserver:8090 step = daily type = remote unique = reftime, area, product, origin, proddef [sample_mobile] filter = product: BUFR:t=rmap or BUFR:t=mobile or BUFR:t=arpae index = reftime, area, product, origin, proddef name = sample_mobile path = http://arkiserver:8090/dataset/sample_mobile postprocess = json, bufr, bufr-filter replace = yes server = http://arkiserver:8090 step = daily type = remote unique = reftime, area, product, origin, proddef