Line 1: |
Line 1: |
− | ==Install mariadb 'alongside' mysql== | + | =[[User:Mmccarn|Mmccarn]] ([[User talk:Mmccarn|talk]]) [[User:Mmccarn|Mmccarn]] ([[User talk:Mmccarn|talk]]) 13:10, 22 January 2018 (CET) = |
− | ===Draft notes on mariadb installation=== | + | ==Wazuh== |
− | <nowiki> | + | ===Repo=== |
− | #####################################################################################
| + | <nowiki>/sbin/e-smith/db yum_repositories set wazuh repository \ |
− | # BEGIN
| + | Name 'Wazuh repository' \ |
− | #####################################################################################
| + | BaseURL 'https://packages.wazuh.com/3.x/yum/' \ |
− | # yum repos aren't useful; use the side-by-side install
| + | EnableGroups no \ |
− | # Install mariadb side-by-side with mysql on SME Server v8
| + | GPGCheck yes \ |
− | # From: https://mariadb.com/kb/en/installing-mariadb-alongside-mysql/
| + | GPGKey https://packages.wazuh.com/key/GPG-KEY-WAZUH \ |
− | #
| + | Visible no \ |
− | # create user 'mariadb' in server-manager
| + | status disabled</nowiki> |
− | #
| + | |
− | cd ~
| + | ===Agent Configuration=== |
− | mkdir -p addons
| + | [https://documentation.wazuh.com/current/installation-guide/installing-wazuh-agent/wazuh_agent_rpm.html Wazuh Client Installation Instructions] |
− | cd addons
| + | |
− | RELEASE=5.5.34
| + | Wazuh 3.x installs correctly from the yum repository: |
− | wget https://downloads.mariadb.org/interstitial/mariadb-$RELEASE/kvm-bintar-hardy-x86/mariadb-$RELEASE-linux-i686.tar.gz/from/http://mirror.jmu.edu/pub/mariadb
| + | yum --enablerepo=wazuh install wazuh-agent |
− | cd /opt
| + | |
− | tar zxvf ~/addons/mariadb-$RELEASE-linux-i686.tar.gz
| + | Create the client account on the wazuh manager: |
− | ln -s mariadb-$RELEASE-linux-i686 mariadb
| + | /var/ossec/bin/agent-auth -m [ip.of.wazuh.server] |
− | mkdir mariadb-data
| + | |
− | cp mariadb/support-files/my-medium.cnf mariadb-data/my.cnf
| + | Replace "MANAGER_IP" with the IP address of the wazuh manager in this section of /var/ossec/etc/ossec.conf: |
− | #
| + | <nowiki>... |
− | # edit my.cnf as described on the mariadb-alongside-mysql howto (link above)
| + | <client> |
− | chown -R mariadb:mariadb mariadb-data mariadb mariadb-$RELEASE-linux-i686
| + | <server> |
− | #
| + | <address>MANAGER_IP</address> |
− | cp mariadb/support-files/mysql.server /etc/init.d/mariadb
| + | </server> |
− | chmod +x /etc/init.d/mariadb
| + | <config-profile>rhel, rhel6</config-profile> |
− | #
| + | </client> |
− | # edit /etc/init.d/mariadb as described in the howto
| + | ... |
− | #
| |
− | cd /opt/mariadb
| |
− | scripts/mysql_install_db --defaults-file=/opt/mariadb-data/my.cnf
| |
− | cd /etc/init.d
| |
− | chkconfig --add mariadb
| |
− | chkconfig --levels 3 mariadb on
| |
− | # SME Server uses runlevel 7...
| |
− | mv /etc/rc3.d/S64mariadb /etc/rc7.d
| |
− | #
| |
− | # customizations not mentioned in the howto:
| |
− | mkdir /var/run/mariadb
| |
− | chown mariadb:maridb /var/run/mariadb
| |
− | #
| |
− | # customize the execution line in /etc/init.d/mariadb
| |
− | #
| |
− | # version from howto:
| |
− | # $bindir/mysqld_safe --defaults-file=/opt/mariadb-data/my.cnf --datadir="$datadir" --pid-file="$mysqld_pid_file_path" $other_args >/dev/null 2>&1 &
| |
− | #
| |
− | # version I'm using:
| |
− | # $bindir/mysqld_safe --defaults-file=/opt/mariadb-data/my.cnf --datadir="/opt/mariadb-data" --pid-file="/var/run/mariadb/mariadb.pid" $other_args >/dev/null 2>&1 &
| |
− | #
| |
− | # Finally, testing access requires asking for a password, then entering an empty password (SME feeds the 'root'@'localhost' password to mysql by default:
| |
− | # mysql -e "SELECT VERSION();" --port=3307 --protocol=TCP -p
| |
− | #
| |
− | # set root password in mariadb same as root password in mysql
| |
− | mysql --port=3307 --protocol=TCP -p < /var/service/mysqld/set.password
| |
− | #
| |
− | # Now the example version check from the howto works:
| |
− | mysql -e "SELECT VERSION();" --socket=/opt/mariadb-data/mariadb.sock
| |
| </nowiki> | | </nowiki> |
| | | |
− | ===Backup & Restore===
| + | Start the agent |
− | * (RequestedDeletion) Nice notes. Would it be worth it to look at the pre-backup and pre-restore events (And config db settings) so MariaDB databases are being backup up ?
| + | /etc/init.d/wazuh-agent start |
− | ====/etc/e-smith/events/actions/mariadb-dump-tables====
| |
− | * Based on /etc/e-smith/events/actions/mysql-dump-tables
| |
− | * "CONNECT" options separated out for easy modification and potential movement into db variables
| |
− | * "-x" option added to the mysqldump command line to avoid an error about locking log files
| |
− | <nowiki>#!/bin/sh
| |
− | #CONNECT=--socket=/opt/mariadb-data/mariadb.sock
| |
− | CONNECT="--protocol=TCP --port=3307"
| |
| | | |
− | if ! $(mysqladmin $CONNECT ping >/dev/null 2>&1)
| + | ===SME Customizations=== |
− | then
| + | I added these instructions to /var/ossec/etc/ossec.conf: |
− | echo "mariadb is not running - no tables dumped" >&2 | + | <nowiki> <localfile> |
− | exit 0 | + | <log_format>djb-multilog</log_format> |
− | fi
| + | <location>/var/log/dovecot/current</location> |
| + | </localfile> |
| + | |
| + | <localfile> |
| + | <log_format>djb-multilog</log_format> |
| + | <location>/var/log/tinydns/current</location> |
| + | </localfile> |
| + | <localfile> |
| + | <log_format>djb-multilog</log_format> |
| + | <location>/var/log/dnscache/current</location> |
| + | </localfile> |
| + | |
| + | <localfile> |
| + | <log_format>command</log_format> |
| + | <command>grep -h logterse /var/log/*qpsmtpd/current</command> |
| + | <alias>s/qpsmtpd</alias> |
| + | <frequency>360</frequency> |
| + | </localfile> |
| + | </nowiki> |
| | | |
− | mkdir -p /home/e-smith/db/mariadb
| + | And this instruction to /var/ossec/etc/local_internal_options.conf: |
− | for db in $(mysql $CONNECT -BNre "show databases;")
| + | <nowiki># from https://documentation.wazuh.com/2.0/user-manual/reference/ossec-conf/localfile.html |
− | do
| + | # 'it may not be permissible in all environments to allow the Wazuh manager to run |
− | mysqldump $CONNECT -x --add-drop-table -QB "$db" -r /home/e-smith/db/mariadb/"$db".dump || exit 1
| + | # arbitrary commands on agents in their root security context.' |
− | done</nowiki>
| + | logcollector.remote_commands=1 |
− | ====/etc/e-smith/events/actions/mariadb-load-tables====
| + | </nowiki> |
− | * based on /etc/e-smith/events/actions/mysql-load-tables
| |
− | * doesn't actually load the dbs
| |
− | * NEEDS EXAMINATION!
| |
− | <nowiki>#!/bin/sh | |
− | #CONNECT=--socket=/opt/mariadb-data/mariadb.sock
| |
− | CONNECT="--protocol=TCP --port=3307"
| |
− | MARIADATA=/opt/mariadb-data
| |
| | | |
− | if ! $(mysqladmin $CONNECT ping >/dev/null 2>&1)
| + | And restarted the agent using |
− | then
| + | /etc/init.d/wazuh-agent restart |
− | echo "mariadb is not running - no tables restored" >&2
| |
− | exit 0
| |
− | fi
| |
| | | |
− | if [ ! -f $MARIADATA/mysql/user.frm ]
| + | =Older= |
− | then
| + | Mariadb notes moved to [[MariaDB_alongside_MySQL]] |
− | mkdir -p /etc/e-smith/mariadb/init
| |
− | for db in $(ls /home/e-smith/db/mariadb/*.dump 2> /dev/null | grep -v '/mysql.dump')
| |
− | do
| |
− | mv $db /etc/e-smith/mariadb/init/01_$(basename $db .dump).sql
| |
− | done
| |
− | fi</nowiki>
| |
− | ====Automation====
| |
− | =====Backup=====
| |
− | * Link mariadb-dump-tables into the pre-backup event
| |
− | * Dumped tables should be included in backups as they are stored under /home/e-smith
| |
− | <nowiki>cd /etc/e-smith/events/pre-backup
| |
− | ln -s ../actions/mariadb-dump-tables S20mariadb-dump-tables</nowiki>
| |
− | =====Restore - NEEDS WORK=====
| |
− | The SME Server mysql restore is complicated by various factors that may not apply to a mariadb "alongside" installation.
| |
− | Here's what would need to be done to restore all mariadb databases:
| |
− | * Reinstall mariadb, including setting the password to match the mysql root password
| |
− | * Restore the 'dump' files created during pre-backup individually using:
| |
− | <nowiki>cd /home/e-smith/db/mariadb
| |
− | CONNECT=--socket=/opt/mariadb-data/mariadb.sock
| |
− | mysql $CONNECT < <dbname>.dump</nowiki>
| |
− |
| |
| ==Install Moodle 2.6 using git== | | ==Install Moodle 2.6 using git== |
| ===Requirements=== | | ===Requirements=== |
Line 235: |
Line 186: |
| quit"</nowiki> | | quit"</nowiki> |
| =====Authentication Settings===== | | =====Authentication Settings===== |
− | Moodle can be configured to authenticate users using any of the methods listed below | + | To configure authentication mechanisms: |
| + | * Login to Moodle using an account with administrative rights |
| + | * Select 'Site Administration' |
| + | ** Select 'Plugins' |
| + | *** Select 'Authentication' |
| + | Moodle can be configured to authenticate users using any of the methods listed below: |
| * Manual accounts | | * Manual accounts |
| * No login | | * No login |
Line 253: |
Line 209: |
| * Shibboleth | | * Shibboleth |
| * Web services authentication | | * Web services authentication |
| + | |
| + | =====Create Additional Administrators===== |
| + | http://docs.moodle.org/26/en/Assign_admins |
| + | |
| + | ==TiddlyWiki5 Using Node.js== |
| + | [http://tiddlywiki.com/ TiddlyWiki] is "a complete interactive wiki in JavaScript." |
| + | |
| + | {{Warning box|The install and update routines shown here are based on notes from a working installation.<br>The removal routines are untested.}} |
| + | |
| + | ===Prerequisites=== |
| + | # node.js > 8.x (note: I was unable to find a binary installer for curent node releases; I use 'gcc' and compile locally) |
| + | # [https://npmjs.org/package/npm npm] |
| + | |
| + | ===Assumptions=== |
| + | # wiki content will be stored in /opt/tiddlywiki/tiddlers |
| + | # tiddlywiki code will be stored in /opt/tiddlywiki/node_modules |
| + | # tiddlywiki will run as user 'www' |
| + | # tiddlywiki logs will be run as 'smelog' |
| + | # tiddlywiki will be daemonized using daemontools |
| + | |
| + | ===Installation=== |
| + | <nowiki>mkdir /opt/tiddlywiki |
| + | cd /opt/tiddlywiki |
| + | npm install tiddlywiki |
| + | chown -R www:www /opt/tiddlywiki/.</nowiki> |
| + | |
| + | ====Create daemontools scripts, folders, etc==== |
| + | The code below is designed to be run by copy/paste into a server console prompt. |
| + | |
| + | <nowiki>mkdir -p /var/service/tiddlywiki/log |
| + | mkdir -p /var/log/tiddlywiki |
| + | chown -R smelog:smelog /var/log/tiddlywiki |
| + | cd /service |
| + | ln -s /var/service/tiddlywiki . |
| + | cd /var/service/tiddlywiki |
| + | touch down |
| + | # |
| + | # create the service 'run' file |
| + | # |
| + | echo '#!/bin/sh |
| + | # |
| + | # setup node environment |
| + | # |
| + | exec 2>&1 |
| + | # |
| + | APP_DIR=/opt/tiddlywiki |
| + | USER=www |
| + | # |
| + | NODE_EXEC=/usr/local/bin/node |
| + | NODE_ENV=production |
| + | NODE_CONFIG_DIR=$APP_DIR |
| + | NODE_APP=node_modules/tiddlywiki/tiddlywiki.js |
| + | NODE_ARGS=--server |
| + | echo "Starting $NODE_EXEC $APP_DIR/$NODE_APP $NODE_ARGS" |
| + | cd $APP_DIR |
| + | exec \ |
| + | setuidgid $USER \ |
| + | $NODE_EXEC $NODE_APP $NODE_ARGS |
| + | ' > /var/service/tiddlywiki/run |
| + | |
| + | # |
| + | # Create log/run |
| + | # |
| + | echo '#!/bin/sh |
| + | # |
| + | exec \ |
| + | /usr/local/bin/setuidgid smelog \ |
| + | /usr/local/bin/multilog t s5000000 \ |
| + | /var/log/tiddlywiki' > /var/service/tiddlywiki/log/run </nowiki> |
| + | |
| + | ====start the service==== |
| + | sv u tiddlywiki |
| + | |
| + | ====check the log files to see if it worked==== |
| + | tail /var/log/tiddlywiki/current |
| + | |
| + | ====Create init.d script and startup.shutdown scripts==== |
| + | This segment of code will create the scripts needed to start the service at boot and to stop the service at shutdown. |
| + | |
| + | <nowiki>SERVICE=tiddlywiki |
| + | # |
| + | cd /etc/rc.d/init.d |
| + | ln -s daemontools $SERVICE |
| + | cd /etc/rc.d/rc0.d |
| + | ln -s /etc/rc.d/init.d/e-smith-service K01$SERVICE |
| + | cd /etc/rc.d/rc1.d |
| + | ln -s /etc/rc.d/init.d/e-smith-service K01$SERVICE |
| + | cd /etc/rc.d/rc6.d |
| + | ln -s /etc/rc.d/init.d/e-smith-service K01$SERVICE |
| + | cd /etc/rc.d/rc7.d |
| + | ln -s /etc/rc.d/init.d/e-smith/service S99$SERVICE</nowiki> |
| + | |
| + | ====Create config db entry==== |
| + | /etc/rc.d/init.d/e-smith-service will start a service whose status is ''enabled'', and will not start it otherwise. |
| + | |
| + | <nowiki>SERVICE=tiddlywiki |
| + | config set $SERVICE service access public status enabled</nowiki> |
| + | |
| + | ====Proxypass Domain for WAN access==== |
| + | I found that I needed to [http://wiki.contribs.org/SME_Server:Documentation:ProxyPass#ProxyPass_a_domain proxypass a domain]. An [http://wiki.contribs.org/SME_Server:Documentation:ProxyPass#ProxyPass_a_alias.2Fdirectory.2Flocation alias/directory/location] proxypass generated errors and prevented edits from saving correctly. |
| + | |
| + | <nowiki>DOMAIN=tiddlywiki.domain.tld |
| + | db domains set $DOMAIN domain Nameservers internet ProxyPassTarget http://localhost:8080/ TemplatePath ProxyPassVirtualHosts |
| + | # |
| + | # Several TiddlyWiki 5 Plugins require AllowEncodedSlashes On in httpd.conf |
| + | mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/ProxyPassVirtualHosts |
| + | echo '# |
| + | # AllowEncodedSlashes On from custom template in ProxyPassVirtualHosts |
| + | AllowEncodedSlashes On ' > /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/ProxyPassVirtualHosts/04ProxyPassVirtualHosts |
| + | signal-event domain-create $DOMAIN</nowiki> |
| + | |
| + | ===Update to the latest tiddlywiki code=== |
| + | <nowiki>cd /opt/tiddlywiki && setuidgid www npm update tiddlywiki && sv t tiddlywiki</nowiki> |
| + | |
| + | ===COMPLETE Removal=== |
| + | <nowiki>DOMAIN=tiddlywiki.domain.tld |
| + | signal-event domain-delete $DOMAIN |
| + | db domains delete $DOMAIN |
| + | # |
| + | SERVICE=tiddlywiki |
| + | config delete $SERVICE |
| + | find /etc/rc.d -name "*$SERVICE*" -exec 'rm' -f "{}" \; |
| + | 'rm' -rf /service/$SERVICE |
| + | 'rm' -rf /var/service/$SERVICE |
| + | 'rm' -rf /var/log/$SERVICE |
| + | # |
| + | cd /opt/$SERVICE |
| + | npm remove $SERVICE |
| + | cd /opt |
| + | 'rm' -rf /opt/$SERVICE </nowiki> |
| | | |
| ==Notes on check_earlytalker== | | ==Notes on check_earlytalker== |