Line 1: |
Line 1: |
− | ==Install mariadb 'alongside' mysql== | + | =[[User:Mmccarn|Mmccarn]] ([[User talk:Mmccarn|talk]]) [[User:Mmccarn|Mmccarn]] ([[User talk:Mmccarn|talk]]) 13:10, 22 January 2018 (CET) = |
− | ===Raw notes on mariadb installation=== | + | ==Wazuh== |
− | <nowiki> | + | ===Repo=== |
− | #####################################################################################
| + | <nowiki>/sbin/e-smith/db yum_repositories set wazuh repository \ |
− | # BEGIN
| + | Name 'Wazuh repository' \ |
− | #####################################################################################
| + | BaseURL 'https://packages.wazuh.com/3.x/yum/' \ |
− | # yum repos aren't useful; use the side-by-side install
| + | EnableGroups no \ |
− | # Install mariadb side-by-side with mysql on SME Server v8
| + | GPGCheck yes \ |
− | # From: https://mariadb.com/kb/en/installing-mariadb-alongside-mysql/
| + | GPGKey https://packages.wazuh.com/key/GPG-KEY-WAZUH \ |
− | #
| + | Visible no \ |
− | # create user 'mariadb' in server-manager
| + | status disabled</nowiki> |
− | #
| |
− | cd ~
| |
− | mkdir -p addons
| |
− | cd addons
| |
− | RELEASE=5.5.34
| |
− | wget https://downloads.mariadb.org/interstitial/mariadb-$RELEASE/kvm-bintar-hardy-x86/mariadb-$RELEASE-linux-i686.tar.gz/from/http://mirror.jmu.edu/pub/mariadb
| |
− | cd /opt
| |
− | tar zxvf ~/addons/mariadb-$RELEASE-linux-i686.tar.gz
| |
− | ln -s mariadb-$RELEASE-linux-i686 mariadb
| |
− | mkdir mariadb-data
| |
− | cp mariadb/support-files/my-medium.cnf mariadb-data/my.cnf
| |
− | #
| |
− | # edit my.cnf as described on the mariadb-alongside-mysql howto (link above)
| |
− | chown -R mariadb:mariadb mariadb-data mariadb mariadb-$RELEASE-linux-i686
| |
− | #
| |
− | cp mariadb/support-files/mysql.server /etc/init.d/mariadb
| |
− | chmod +x /etc/init.d/mariadb
| |
− | #
| |
− | # edit /etc/init.d/mariadb as described in the howto
| |
− | #
| |
− | cd /opt/mariadb
| |
− | scripts/mysql_install_db --defaults-file=/opt/mariadb-data/my.cnf
| |
− | cd /etc/init.d
| |
− | chkconfig --add mariadb
| |
− | chkconfig --levels 3 mariadb on
| |
− | # SME Server uses runlevel 7...
| |
− | mv /etc/rc3.d/S64mariadb /etc/rc7.d
| |
− | #
| |
− | # customizations not mentioned in the howto:
| |
− | mkdir /var/run/mariadb
| |
− | chown mariadb:mariadb /var/run/mariadb
| |
− | #
| |
− | # customize the execution line in /etc/init.d/mariadb
| |
− | #
| |
− | # version from howto:
| |
− | # $bindir/mysqld_safe --defaults-file=/opt/mariadb-data/my.cnf --datadir="$datadir" --pid-file="$mysqld_pid_file_path" $other_args >/dev/null 2>&1 &
| |
− | #
| |
− | # version I'm using:
| |
− | # $bindir/mysqld_safe --defaults-file=/opt/mariadb-data/my.cnf --datadir="/opt/mariadb-data" --pid-file="/var/run/mariadb/mariadb.pid" $other_args >/dev/null 2>&1 &
| |
− | #
| |
− | # Finally, testing access requires asking for a password, then entering an empty password (SME feeds the 'root'@'localhost' password to mysql by default:
| |
− | # mysql -e "SELECT VERSION();" --port=3307 --protocol=TCP -p
| |
− | #
| |
− | # set root password in mariadb same as root password in mysql
| |
− | mysql --port=3307 --protocol=TCP -p < /var/service/mysqld/set.password
| |
− | #
| |
− | # Now the example version check from the howto works:
| |
− | mysql -e "SELECT VERSION();" --socket=/opt/mariadb-data/mariadb.sock
| |
− | </nowiki> | |
| | | |
− | ===Gotchas=== | + | ===Agent Configuration=== |
− | ====my.cnf====
| + | [https://documentation.wazuh.com/current/installation-guide/installing-wazuh-agent/wazuh_agent_rpm.html Wazuh Client Installation Instructions] |
− | I have not copied the customization instructions for my.cnf from the mariadb howto page.
| |
| | | |
− | Be sure to make all of the changes to my.cnf suggested.
| + | Wazuh 3.x installs correctly from the yum repository: |
| + | yum --enablerepo=wazuh install wazuh-agent |
| | | |
− | https://mariadb.com/kb/en/installing-mariadb-alongside-mysql/
| + | Create the client account on the wazuh manager: |
| + | /var/ossec/bin/agent-auth -m [ip.of.wazuh.server] |
| | | |
− | ====/var/run/mariadb====
| + | Replace "MANAGER_IP" with the IP address of the wazuh manager in this section of /var/ossec/etc/ossec.conf: |
− | I could not get mariadb to run until I manually created the folder for the process id file.
| + | <nowiki>... |
− | <nowiki>mkdir /var/run/mariadb | + | <client> |
− | chown mariadb:mariadb /var/run/mariadb</nowiki>
| + | <server> |
| + | <address>MANAGER_IP</address> |
| + | </server> |
| + | <config-profile>rhel, rhel6</config-profile> |
| + | </client> |
| + | ... |
| + | </nowiki> |
| | | |
− | ====/etc/init.d/mariadb====
| + | Start the agent |
− | I was unable to make the 'mysqld_save' command line from the howto work. Where the howto wanted this command:
| + | /etc/init.d/wazuh-agent start |
− | $bindir/mysqld_safe --defaults-file=/opt/mariadb-data/my.cnf --datadir="$datadir" --pid-file="$mysqld_pid_file_path" $other_args >/dev/null 2>&1 &
| |
| | | |
− | I needed to specify the datadir instead of using the "$datadir" variable: | + | ===SME Customizations=== |
− | $bindir/mysqld_safe --defaults-file=/opt/mariadb-data/my.cnf --datadir="/opt/mariadb-data" --pid-file="/var/run/mariadb/mariadb.pid" $other_args >/dev/null 2>&1 &
| + | I added these instructions to /var/ossec/etc/ossec.conf: |
| + | <nowiki> <localfile> |
| + | <log_format>djb-multilog</log_format> |
| + | <location>/var/log/dovecot/current</location> |
| + | </localfile> |
| | | |
− | If I use the line suggested in the HOWTO, mariadb never starts (although it reports starting on the command line, it records an error in /opt/mariadb-data/<hostname>.err)
| + | <localfile> |
| + | <log_format>djb-multilog</log_format> |
| + | <location>/var/log/tinydns/current</location> |
| + | </localfile> |
| + | <localfile> |
| + | <log_format>djb-multilog</log_format> |
| + | <location>/var/log/dnscache/current</location> |
| + | </localfile> |
| | | |
− | ====set mariadb root password====
| + | <localfile> |
− | Since I am managing mariadb using the existing SME mysql client, and since the SME mysql client automatically uses the mysql 'root' password, I chose to set the root password for my mariadb installation to match the mysql root password.
| + | <log_format>command</log_format> |
| + | <command>grep -h logterse /var/log/*qpsmtpd/current</command> |
| + | <alias>s/qpsmtpd</alias> |
| + | <frequency>360</frequency> |
| + | </localfile> |
| + | </nowiki> |
| | | |
− | When running the commands below, press <Enter> when prompted for a password (the default mariadb root password is empty):
| + | And this instruction to /var/ossec/etc/local_internal_options.conf: |
− | <nowiki>CONNECT=--socket=/opt/mariadb-data/mariadb.sock | + | <nowiki># from https://documentation.wazuh.com/2.0/user-manual/reference/ossec-conf/localfile.html |
− | mysql $CONNECT -p < /var/service/mysqld/set.password</nowiki>
| + | # 'it may not be permissible in all environments to allow the Wazuh manager to run |
| + | # arbitrary commands on agents in their root security context.' |
| + | logcollector.remote_commands=1 |
| + | </nowiki> |
| | | |
− | Now that your mariadb installation is using your SME Server mysql root password, you can easily verify the versions of mysql and mariadb as described in the howto:
| + | And restarted the agent using |
− | <nowiki>#mysql version
| + | /etc/init.d/wazuh-agent restart |
− | mysql -e "SELECT VERSION();"</nowiki>
| |
− | | |
− | <nowiki>#mariadb version
| |
− | CONNECT=--socket=/opt/mariadb-data/mariadb.sock
| |
− | mysql -e "SELECT VERSION();" $CONNECT
| |
− | # OR connect using port 3307
| |
− | CONNECT="--protocol=TCP --port=3307"
| |
− | mysql -e "SELECT VERSION();" $CONNECT
| |
− | # OR spell out the connection on the command line
| |
− | mysql -e "SELECT VERSION();" --protocol=TCP --port=3307</nowiki>
| |
− | | |
− | ===Backup & Restore===
| |
− | * (RequestedDeletion) Nice notes. Would it be worth it to look at the pre-backup and pre-restore events (And config db settings) so MariaDB databases are being backup up ?
| |
− | ====/etc/e-smith/events/actions/mariadb-dump-tables====
| |
− | * Based on /etc/e-smith/events/actions/mysql-dump-tables
| |
− | * "CONNECT" options separated out for easy modification and potential movement into db variables
| |
− | * "-x" option added to the mysqldump command line to avoid an error about locking log files
| |
− | <nowiki>#!/bin/sh | |
− | #CONNECT=--socket=/opt/mariadb-data/mariadb.sock
| |
− | CONNECT="--protocol=TCP --port=3307"
| |
− | | |
− | if ! $(mysqladmin $CONNECT ping >/dev/null 2>&1)
| |
− | then
| |
− | echo "mariadb is not running - no tables dumped" >&2
| |
− | exit 0
| |
− | fi
| |
− | | |
− | mkdir -p /home/e-smith/db/mariadb
| |
− | for db in $(mysql $CONNECT -BNre "show databases;")
| |
− | do
| |
− | mysqldump $CONNECT -x --add-drop-table -QB "$db" -r /home/e-smith/db/mariadb/"$db".dump || exit 1
| |
− | done</nowiki>
| |
− | ====/etc/e-smith/events/actions/mariadb-load-tables====
| |
− | * based on /etc/e-smith/events/actions/mysql-load-tables
| |
− | * doesn't actually load the dbs
| |
− | * NEEDS EXAMINATION!
| |
− | <nowiki>#!/bin/sh
| |
− | #CONNECT=--socket=/opt/mariadb-data/mariadb.sock
| |
− | CONNECT="--protocol=TCP --port=3307"
| |
− | MARIADATA=/opt/mariadb-data
| |
− | | |
− | if ! $(mysqladmin $CONNECT ping >/dev/null 2>&1)
| |
− | then
| |
− | echo "mariadb is not running - no tables restored" >&2
| |
− | exit 0
| |
− | fi
| |
− | | |
− | if [ ! -f $MARIADATA/mysql/user.frm ]
| |
− | then
| |
− | mkdir -p /etc/e-smith/mariadb/init
| |
− | for db in $(ls /home/e-smith/db/mariadb/*.dump 2> /dev/null | grep -v '/mysql.dump')
| |
− | do
| |
− | mv $db /etc/e-smith/mariadb/init/01_$(basename $db .dump).sql
| |
− | done
| |
− | fi</nowiki>
| |
− | ====Automation====
| |
− | =====Backup=====
| |
− | * Link mariadb-dump-tables into the pre-backup event
| |
− | * Dumped tables should be included in backups as they are stored under /home/e-smith
| |
− | <nowiki>cd /etc/e-smith/events/pre-backup
| |
− | ln -s ../actions/mariadb-dump-tables S20mariadb-dump-tables</nowiki>
| |
− | =====Restore - NEEDS WORK=====
| |
− | The SME Server mysql restore is complicated by various factors that may not apply to a mariadb "alongside" installation.
| |
− | Here's what would need to be done to restore all mariadb databases:
| |
− | * Reinstall mariadb, including setting the password to match the mysql root password
| |
− | * Restore the 'dump' files created during pre-backup individually using:
| |
− | <nowiki>cd /home/e-smith/db/mariadb
| |
− | CONNECT=--socket=/opt/mariadb-data/mariadb.sock
| |
− | mysql $CONNECT < <dbname>.dump</nowiki>
| |
| | | |
| + | =Older= |
| + | Mariadb notes moved to [[MariaDB_alongside_MySQL]] |
| ==Install Moodle 2.6 using git== | | ==Install Moodle 2.6 using git== |
| ===Requirements=== | | ===Requirements=== |
Line 403: |
Line 312: |
| <nowiki>DOMAIN=tiddlywiki.domain.tld | | <nowiki>DOMAIN=tiddlywiki.domain.tld |
| db domains set $DOMAIN domain Nameservers internet ProxyPassTarget http://localhost:8080/ TemplatePath ProxyPassVirtualHosts | | db domains set $DOMAIN domain Nameservers internet ProxyPassTarget http://localhost:8080/ TemplatePath ProxyPassVirtualHosts |
| + | # |
| + | # Several TiddlyWiki 5 Plugins require AllowEncodedSlashes On in httpd.conf |
| + | mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/ProxyPassVirtualHosts |
| + | echo '# |
| + | # AllowEncodedSlashes On from custom template in ProxyPassVirtualHosts |
| + | AllowEncodedSlashes On ' > /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/ProxyPassVirtualHosts/04ProxyPassVirtualHosts |
| signal-event domain-create $DOMAIN</nowiki> | | signal-event domain-create $DOMAIN</nowiki> |
| | | |