Changes

From SME Server

2,827 bytes added , 14:11, 22 January 2018

update time stamp

Line 1: Line 1: −

===~~Install mariadb 'alongside' mysql~~===

=[[User:Mmccarn|Mmccarn]] ([[User talk:Mmccarn|talk]]) [[User:Mmccarn|Mmccarn]] ([[User talk:Mmccarn|talk]]) 13:10, 22 January 2018 (CET) =

−

===~~=Draft notes on mariadb installation=~~===

==Wazuh==

−

===Repo===

−

~~#####################################################################################~~

<nowiki>/sbin/e-smith/db yum_repositories set wazuh repository \

−

~~# BEGIN~~

Name 'Wazuh repository' \

−

~~#####################################################################################~~

BaseURL 'https://packages.wazuh.com/3.x/yum/' \

−

~~# yum repos aren~~'~~t useful; use the side-by-side install~~

EnableGroups no \

−

~~# Install mariadb side-by-side with mysql on SME Server v8~~

GPGCheck yes \

−

~~# From:~~ https://~~mariadb~~.com/kb/en/~~installing-mariadb-alongside-mysql/~~

GPGKey https://packages.wazuh.com/key/GPG-KEY-WAZUH \

−

Visible no \

−

~~# create user~~ '~~mariadb' in server-manager~~

status disabled</nowiki>

−

~~cd ~~~

===Agent Configuration===

−

~~mkdir -p addons~~

[https://documentation.wazuh.com/current/installation-guide/installing-wazuh-agent/wazuh_agent_rpm.html Wazuh Client Installation Instructions]

−

~~cd addons~~

−

~~RELEASE=5.5.34~~

Wazuh 3.x installs correctly from the yum repository:

−

~~wget~~ https://~~downloads~~.~~mariadb~~.~~org~~/~~interstitial~~/~~mariadb~~-~~$RELEASE/kvm~~-~~bintar-hardy-x86~~/~~mariadb-$RELEASE-linux-i686.tar.gz/from/http~~://~~mirror~~.~~jmu~~.~~edu~~/~~pub~~/~~mariadb~~

yum --enablerepo=wazuh install wazuh-agent

−

~~cd /opt~~

−

~~tar zxvf ~/addons/mariadb-$RELEASE-linux~~-~~i686.tar.gz~~

Create the client account on the wazuh manager:

−

~~ln -s mariadb-$RELEASE-linux-i686 mariadb~~

/var/ossec/bin/agent-auth -m [ip.of.wazuh.server]

−

~~mkdir mariadb-data~~

−

~~cp mariadb~~/~~support~~-~~files/my~~-~~medium.cnf mariadb-data~~/my.~~cnf~~

Replace "MANAGER_IP" with the IP address of the wazuh manager in this section of /var/ossec/etc/ossec.conf:

−

<nowiki>...

−

~~# edit my~~.~~cnf as described on~~ the ~~mariadb-alongside-mysql howto (link above)~~

−

~~chown -R mariadb:mariadb mariadb~~-~~data mariadb mariadb~~-~~$RELEASE~~-~~linux-i686~~

−

<address>MANAGER_IP</address>

−

~~cp mariadb/support-files/mysql.server /etc/init.d/mariadb~~

</server>

−

~~chmod +x /etc/init.d/mariadb~~

<config-profile>rhel, rhel6</config-profile>

−

</client>

−

~~# edit /etc/init.d/mariadb as described in~~ the ~~howto~~

...

−

cd /~~opt/mariadb~~

−

~~scripts/mysql_install_db --defaults-file=~~/~~opt/mariadb-data~~/~~my.cnf~~

−

cd /~~etc/init.d~~

−

~~chkconfig~~ --~~add mariadb~~

−

~~chkconfig --levels 3 mariadb on~~

−

~~# SME Server uses runlevel 7~~...

−

~~mv /etc/rc3.d/S64mariadb /etc/rc7.d~~

−

~~# customizations not mentioned~~ in ~~the howto:~~

−

~~mkdir /var/run/mariadb~~

−

~~chown mariadb:maridb~~ /var/~~run/mariadb~~

−

~~# customize the execution line in~~ /etc/~~init~~.~~d/mariadb~~

−

~~# version from howto~~:

−

# ~~$bindir/mysqld_safe --defaults-file=/opt/mariadb-data/my~~.~~cnf --datadir="$datadir" --pid-file="$mysqld_pid_file_path" $other_args~~ >~~/dev/null 2~~>~~&1 &~~

−

~~# version I'm using:~~

−

~~# $bindir/mysqld_safe --defaults-file=~~/~~opt/mariadb-data/my.cnf --datadir="/opt/mariadb-data" --pid-file="/var/run/mariadb/mariadb.pid" $other_args~~ >/~~dev/null 2~~>~~&1 &~~

−

~~# Finally~~, ~~testing access requires asking for a password, then entering an empty password (SME feeds the 'root'@'localhost' password to mysql by default:~~

−

~~# mysql~~ -~~e "SELECT VERSION();" --port=3307 --protocol=TCP -p~~

−

~~# set root password in mariadb same as root password in mysql~~

−

~~mysql --port=3307 --protocol=TCP -p~~ < /~~var/service/mysqld/set~~.~~password~~

−

~~# Now the example version check from the howto works:~~

−

~~mysql -e "SELECT VERSION();" --socket=/opt/mariadb-data/mariadb~~.~~sock~~

</nowiki>

−

~~====Backup & Restore====~~

Start the agent

−

* (RequestedDeletion) Nice notes. ~~Would it be worth it to look at the pre~~-~~backup and pre-restore events (And config db settings) so MariaDB databases are being backup up ?~~

/etc/init.d/wazuh-agent start

−

=====/etc/e-~~smith~~/~~events~~/~~actions~~/~~mariadb~~-~~dump-tables=====~~

−

* Based on /~~etc~~/~~e-smith~~/~~events~~/~~actions~~/~~mysql-dump-tables~~

===SME Customizations===

−

* "CONNECT" options separated out for easy modification and potential movement into db variables

I added these instructions to /var/ossec/etc/ossec.conf:

−

* "-~~x" option added to the mysqldump command line to avoid an error about locking log files~~

−

<~~nowiki~~>#!/~~bin~~/sh

<log_format>djb-multilog</log_format>

−

~~#CONNECT=--socket=~~/~~opt~~/~~mariadb-data~~/~~mariadb.sock~~

<location>/var/log/dovecot/current</location>

−

~~CONNECT="--protocol=TCP --port=3307"~~

</localfile>

<log_format>djb-multilog</log_format>

<location>/var/log/tinydns/current</location>

</localfile>

<log_format>djb-multilog</log_format>

<location>/var/log/dnscache/current</location>

</localfile>

−

~~if ! $(mysqladmin $CONNECT ping~~ >/~~dev~~/~~null 2~~>~~&1)~~

−

~~then~~

<log_format>command</log_format>

−

~~echo "mariadb is not running - no tables dumped"~~ >&2

<command>grep -h logterse /var/log/*qpsmtpd/current</command>

−

~~exit 0~~

<alias>s/qpsmtpd</alias>

−

</localfile>

</nowiki>

−

~~mkdir -p~~ /~~home~~/~~e-smith~~/db/~~mariadb~~

And this instruction to /var/ossec/etc/local_internal_options.conf:

−

~~for db in $(mysql $CONNECT -BNre "show databases;")~~

<nowiki># from https://documentation.wazuh.com/2.0/user-manual/reference/ossec-conf/localfile.html

−

# 'it may not be permissible in all environments to allow the Wazuh manager to run

−

~~mysqldump $CONNECT -x --add-drop-table -QB "$db" -r /home/e-smith/db/mariadb/"$db".dump~~ ~~|| exit 1~~

# arbitrary commands on agents in their root security context.'

−

~~done~~</nowiki>

logcollector.remote_commands=1

−

~~=====~~/~~etc~~/~~e-smith~~/~~events~~/~~actions/mariadb~~-~~load-tables=====~~

</nowiki>

−

* based on /~~etc~~/e-~~smith~~/~~events/actions/mysql-load-tables~~

−

* doesn'~~t actually load~~ the ~~dbs~~

−

* NEEDS EXAMINATION!

−

~~<nowiki>#!/bin/sh~~

−

~~#CONNECT=--socket=/opt/mariadb-data/mariadb~~.~~sock~~

−

~~CONNECT~~=~~"--protocol=TCP --port=3307"~~

−

~~MARIADATA=~~/~~opt/mariadb-data~~

−

~~if ! $(mysqladmin $CONNECT ping >~~/~~dev~~/~~null 2>&1)~~

And restarted the agent using

−

~~then~~

/etc/init.d/wazuh-agent restart

−

~~echo "mariadb is not running~~ - ~~no tables restored" >&2~~

−

~~exit 0~~

−

~~if [ ! -f $MARIADATA/mysql/user.frm ]~~

=Older=

−

~~then~~

Mariadb notes moved to [[MariaDB_alongside_MySQL]]

−

~~mkdir -p /etc/e-smith/mariadb/init~~

==Install Moodle 2.6 using git==

−

~~for db in $(ls /home/e-smith/db/mariadb/*.dump 2> /dev/null | grep -v '/mysql.dump')~~

===Requirements===

−

~~mv $db /etc/e-smith/mariadb/init/01_$(basename $db .dump).sql~~

−

~~done~~

−

~~fi</nowiki>~~

−

~~=====Automation=====~~

−

~~======Backup======~~

−

* Link mariadb-dump-tables into the pre-backup event

−

* Dumped tables should be included in backups as they are stored under /home/e-smith

−

~~<nowiki>cd /etc/e-smith/events/pre-backup~~

−

~~ln -s ../actions/mariadb-dump-tables S20mariadb-dump-tables</nowiki>~~

−

~~======Restore - NEEDS WORK====~~==

−

~~The SME Server mysql restore is complicated by various factors that may not apply~~ to ~~a mariadb "alongside" installation.~~

−

~~Here's what would need to be done to restore all mariadb databases:~~

−

* Reinstall mariadb, including setting the password to match the mysql root password

−

* Restore the 'dump' files created during pre-backup individually using:

−

~~<nowiki>cd /home/e-smith/db/mariadb~~

−

~~CONNECT=--socket=/opt/mariadb-data/mariadb.sock~~

−

~~mysql $CONNECT < <dbname>.dump</nowiki>~~

−

===Install Moodle 2.6 using git===

−

====Requirements====

* Recommended minimum browser: recent Google Chrome, recent Mozilla Firefox, Safari 6, Internet Explorer 9 (IE 10 required for drag and drop of files from outside the browser into Moodle)

* Moodle upgrade: Moodle 2.2 or later (if upgrading from earlier versions, you must upgrade to 2.2.11 as a first step)

Line 127: Line 78:

* New recommended PHP extensions: zlib, OPcache

−

=====DB Version=====

====DB Version====

SME Server 8.x comes with MySQL v5.0.95. In order to install Moodle without risking destabilizing a SME server by changing the MySQL version, you can install MariaDB 5.3.54 ''alongside'' MySql.

−

=====OPcache=====

====OPcache====

Zend OPcache is built-in to PHP 5.5, and can be compiled to work with PHP 5.3.3.

Line 137: Line 88:

I believe this will make Moodle run more slowly than it would *with* OPcache.

−

====Installation====

===Installation===

−

=====Prepare your server=====

====Prepare your server====

======Install useful php modules======

* During installation, Moodle will request php-soap, php-xmlrpc and php-intl. These are all available from the 'smeaddons' repository, and can be installed using:

yum install php-soap php-xmlrpc php-intl

−

======Create an ibay======

=====Create an ibay=====

* Create an ibay named 'moodle' in server-manager

* Customize some of the settings on the new moodle ibay

Line 161: Line 112:

#</nowiki>

−

======Create a database======

=====Create a database=====

* Install Mariadb ''alongside'' mysql

* create a mariadb database for moodle

<nowiki># Generate a random 23 character password

DBPASS=`< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c23`

−

DBNAME=~~xmoodle~~

DBNAME=moodle

−

DBUSER=~~xmoodle~~

DBUSER=moodle

CONNECT=--socket=/opt/mariadb-data/mariadb.sock

−

echo Creating Database using: ; \

echo ;\

echo Creating Database using: ;\

echo DBNAME=$DBNAME ;\

echo DBUSER=$DBUSER ;\

echo DBPASS=$DBPASS ;\

echo ;\

−

echo Save this information. You will need it later during initial application setup! (press \<enter\> when ~~done~~) ;\

echo Save this information! You will need it later during initial application setup! $press \<enter\> when ready$ ;\

read

Line 182: Line 135:

quit"</nowiki>

−

=====Install Moodle=====

====Install Moodle====

−

======Download & Checkout using git======

=====Download & Checkout using git=====

Line 191: Line 144:

IBAY=moodle

cd /home/e-smith/files/ibays/$IBAY

−

mv html html.~~org~~

mv html html.`date +%F-%H%M%S`

git clone git://git.moodle.org/moodle.git html

cd html

Line 201: Line 154:

signal-event ibay-modify $IBAY

</nowiki>

−

======Run the installer======

=====Run the moodle installer=====

<nowiki>#

−

# run the command line installer

# run the moodle command line installer

# if prompted, set:

# mysql port: 3307

Line 211: Line 165:

sudo -u www /usr/bin/php install.php

</nowiki>

−

======Correct database settings if necessary======

=====Correct database settings if necessary=====

If you were not prompted for database socket, port, or other connection settings during the command line setup, you will need to correct the settings manually.

Line 218: Line 173:

If you have just run the above database connection commands in the same putty session, you can correct your moodle settings using:

−

<nowiki>sed -i s/dbname.*/dbname\ \ \ \ \=\ \'$DBNAME\'\;/ /home/e-smith/files/ibays/~~moodle~~/html/config.php

<nowiki>IBAY=moodle

−

sed -i s/dbuser.*/dbuser\ \ \ \ \=\ \'$DBUSER\'\;/ /home/e-smith/files/ibays/~~moodle~~/html/config.php

sed -i s/dbname.*/dbname\ \ \ \ \=\ \'$DBNAME\'\;/ /home/e-smith/files/ibays/$IBAY/html/config.php

−

sed -i s/dbpass.*/dbpass\ \ \ \ \=\ \'$DBPASS\'\;/ /home/e-smith/files/ibays/~~moodle~~/html/config.php</nowiki>

sed -i s/dbuser.*/dbuser\ \ \ \ \=\ \'$DBUSER\'\;/ /home/e-smith/files/ibays/$IBAY/html/config.php

sed -i s/dbpass.*/dbpass\ \ \ \ \=\ \'$DBPASS\'\;/ /home/e-smith/files/ibays/$IBAY/html/config.php</nowiki>

====Optional Settings====

=====Scan Uploads using ClamAV=====

Moodle can be configured to scan all user files when uploaded.

<nowiki>mysql $CONNECT -e "use moodle;

update mdl_config set value=1 where name='runclamonupload';

update mdl_config set value='/usr/bin/clamscan' where name='pathtoclam';

quit"</nowiki>

=====Authentication Settings=====

To configure authentication mechanisms:

* Login to Moodle using an account with administrative rights

* Select 'Site Administration'

** Select 'Plugins'

*** Select 'Authentication'

Moodle can be configured to authenticate users using any of the methods listed below:

* Manual accounts

* No login

* CAS server (SSO)

* Email-based self-registration

* External database

* FirstClass server

* IMAP server

** Select 'imapcert' if your IMAP server uses a self-signed certificate

* LDAP server

* MNet authentication

* NNTP server

* No authentication

* PAM (Pluggable Authentication Modules)

* POP3 server

* RADIUS server

* Shibboleth

* Web services authentication

=====Create Additional Administrators=====

http://docs.moodle.org/26/en/Assign_admins

==TiddlyWiki5 Using Node.js==

[http://tiddlywiki.com/ TiddlyWiki] is "a complete interactive wiki in JavaScript."

{{Warning box|The install and update routines shown here are based on notes from a working installation. The removal routines are untested.}}

===Prerequisites===

# node.js > 8.x (note: I was unable to find a binary installer for curent node releases; I use 'gcc' and compile locally)

# [https://npmjs.org/package/npm npm]

===Assumptions===

# wiki content will be stored in /opt/tiddlywiki/tiddlers

# tiddlywiki code will be stored in /opt/tiddlywiki/node_modules

# tiddlywiki will run as user 'www'

# tiddlywiki logs will be run as 'smelog'

# tiddlywiki will be daemonized using daemontools

===Installation===

<nowiki>mkdir /opt/tiddlywiki

cd /opt/tiddlywiki

npm install tiddlywiki

chown -R www:www /opt/tiddlywiki/.</nowiki>

====Create daemontools scripts, folders, etc====

The code below is designed to be run by copy/paste into a server console prompt.

<nowiki>mkdir -p /var/service/tiddlywiki/log

mkdir -p /var/log/tiddlywiki

chown -R smelog:smelog /var/log/tiddlywiki

cd /service

ln -s /var/service/tiddlywiki .

cd /var/service/tiddlywiki

touch down

# create the service 'run' file

echo '#!/bin/sh

# setup node environment

exec 2>&1

APP_DIR=/opt/tiddlywiki

USER=www

NODE_EXEC=/usr/local/bin/node

NODE_ENV=production

NODE_CONFIG_DIR=$APP_DIR

NODE_APP=node_modules/tiddlywiki/tiddlywiki.js

NODE_ARGS=--server

echo "Starting $NODE_EXEC $APP_DIR/$NODE_APP $NODE_ARGS"

cd $APP_DIR

exec \

setuidgid $USER \

$NODE_EXEC $NODE_APP $NODE_ARGS

' > /var/service/tiddlywiki/run

# Create log/run

echo '#!/bin/sh

exec \

/usr/local/bin/setuidgid smelog \

/usr/local/bin/multilog t s5000000 \

/var/log/tiddlywiki' > /var/service/tiddlywiki/log/run </nowiki>

====start the service====

sv u tiddlywiki

====check the log files to see if it worked====

tail /var/log/tiddlywiki/current

====Create init.d script and startup.shutdown scripts====

This segment of code will create the scripts needed to start the service at boot and to stop the service at shutdown.

<nowiki>SERVICE=tiddlywiki

cd /etc/rc.d/init.d

ln -s daemontools $SERVICE

cd /etc/rc.d/rc0.d

ln -s /etc/rc.d/init.d/e-smith-service K01$SERVICE

cd /etc/rc.d/rc1.d

ln -s /etc/rc.d/init.d/e-smith-service K01$SERVICE

cd /etc/rc.d/rc6.d

ln -s /etc/rc.d/init.d/e-smith-service K01$SERVICE

cd /etc/rc.d/rc7.d

ln -s /etc/rc.d/init.d/e-smith/service S99$SERVICE</nowiki>

====Create config db entry====

/etc/rc.d/init.d/e-smith-service will start a service whose status is ''enabled'', and will not start it otherwise.

<nowiki>SERVICE=tiddlywiki

config set $SERVICE service access public status enabled</nowiki>

====Proxypass Domain for WAN access====

I found that I needed to [http://wiki.contribs.org/SME_Server:Documentation:ProxyPass#ProxyPass_a_domain proxypass a domain]. An [http://wiki.contribs.org/SME_Server:Documentation:ProxyPass#ProxyPass_a_alias.2Fdirectory.2Flocation alias/directory/location] proxypass generated errors and prevented edits from saving correctly.

<nowiki>DOMAIN=tiddlywiki.domain.tld

db domains set $DOMAIN domain Nameservers internet ProxyPassTarget http://localhost:8080/ TemplatePath ProxyPassVirtualHosts

# Several TiddlyWiki 5 Plugins require AllowEncodedSlashes On in httpd.conf

mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/ProxyPassVirtualHosts

echo '#

# AllowEncodedSlashes On from custom template in ProxyPassVirtualHosts

AllowEncodedSlashes On ' > /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/ProxyPassVirtualHosts/04ProxyPassVirtualHosts

signal-event domain-create $DOMAIN</nowiki>

===Update to the latest tiddlywiki code===

<nowiki>cd /opt/tiddlywiki && setuidgid www npm update tiddlywiki && sv t tiddlywiki</nowiki>

===COMPLETE Removal===

<nowiki>DOMAIN=tiddlywiki.domain.tld

signal-event domain-delete $DOMAIN

db domains delete $DOMAIN

SERVICE=tiddlywiki

config delete $SERVICE

find /etc/rc.d -name "*$SERVICE*" -exec 'rm' -f "{}" \;

'rm' -rf /service/$SERVICE

'rm' -rf /var/service/$SERVICE

'rm' -rf /var/log/$SERVICE

cd /opt/$SERVICE

npm remove $SERVICE

cd /opt

'rm' -rf /opt/$SERVICE </nowiki>

−

===Notes on check_earlytalker===

==Notes on check_earlytalker==

Why did you remove the Request_for_deletion template on the check_earlytalker page? AFAIK it is obsolete and should be deleted according to http://forums.contribs.org/index.php/topic,46234.msg226418.html#msg226418 - — [[User:Cactus|Cactus]] ([[User talk:Cactus|talk]] | [[Special:Contributions/Cactus|contribs]])  07:05, 16 February 2012 (MST)

Mmccarn

Administrators

688

edits

Retrieved from "https://wiki.koozali.org/Special:MobileDiff/22627...34369"

Changes

User talk:Mmccarn (view source)

Revision as of 14:11, 22 January 2018

Navigation menu

Page actions

Page actions

Personal tools

Koozali SME Server

Recent activities

Koozali resources

Koozali SME Server wiki

Tools

Search