Changes

Jump to navigation Jump to search

User talk:Mmccarn (view source)

Revision as of 14:11, 22 January 2018

5,337 bytes removed ,  14:11, 22 January 2018
m
update time stamp
Line 1: Line 1: −
==Install mariadb 'alongside' mysql==
+
=[[User:Mmccarn|Mmccarn]] ([[User talk:Mmccarn|talk]]) [[User:Mmccarn|Mmccarn]] ([[User talk:Mmccarn|talk]]) 13:10, 22 January 2018 (CET) =
===Installation===
+
==Wazuh==
These installation notes are based on the notes from From: https://mariadb.com/kb/en/installing-mariadb-alongside-mysql/
+
===Repo===
 +
<nowiki>/sbin/e-smith/db yum_repositories set wazuh repository \
 +
Name 'Wazuh repository' \
 +
BaseURL 'https://packages.wazuh.com/3.x/yum/' \
 +
EnableGroups no \
 +
GPGCheck yes \
 +
GPGKey https://packages.wazuh.com/key/GPG-KEY-WAZUH \
 +
Visible no \
 +
status disabled</nowiki>
   −
Yum cannot be used for a 'side-by-side' installation (where mysql is left in place and mariadb is run as a separate service).
+
===Agent Configuration===
====Create service account====
+
[https://documentation.wazuh.com/current/installation-guide/installing-wazuh-agent/wazuh_agent_rpm.html Wazuh Client Installation Instructions]
Create a user named '''mariadb''' in server-manager.  This user account will be used by mariadb when running, and does not need to have a password set.
     −
====Download MariaDB and extract into /opt====
+
Wazuh 3.x installs correctly from the yum repository:
 +
yum --enablerepo=wazuh install wazuh-agent
   −
  <nowiki>mkdir -p addons
+
Create the client account on the wazuh manager:
cd addons
+
  /var/ossec/bin/agent-auth -m [ip.of.wazuh.server]
RELEASE=5.5.34
  −
wget https://downloads.mariadb.org/interstitial/mariadb-$RELEASE/kvm-bintar-hardy-x86/mariadb-$RELEASE-linux-i686.tar.gz/from/http://mirror.jmu.edu/pub/mariadb
  −
cd /opt
  −
tar zxvf ~/addons/mariadb-$RELEASE-linux-i686.tar.gz</nowiki>
     −
====Create folders and links====
+
Replace "MANAGER_IP" with the IP address of the wazuh manager in this section of /var/ossec/etc/ossec.conf:
 
+
<nowiki>...
<nowiki>RELEASE=5.5.34
+
<client>
cd /opt
+
    <server>
ln -s mariadb-$RELEASE-linux-i686 mariadb
+
      <address>MANAGER_IP</address>
mkdir mariadb-data
+
    </server>
#
+
    <config-profile>rhel, rhel6</config-profile>
 
+
</client>
 
+
...
====Raw notes on mariadb installation====
  −
<nowiki>
  −
#####################################################################################
  −
# BEGIN
  −
#####################################################################################
  −
# yum repos aren't useful; use the side-by-side install
  −
# Install mariadb side-by-side with mysql on SME Server v8
  −
# From: https://mariadb.com/kb/en/installing-mariadb-alongside-mysql/
  −
#
  −
# create user 'mariadb' in server-manager
  −
#
  −
cd ~
  −
mkdir -p addons
  −
cd addons
  −
RELEASE=5.5.34
  −
wget https://downloads.mariadb.org/interstitial/mariadb-$RELEASE/kvm-bintar-hardy-x86/mariadb-$RELEASE-linux-i686.tar.gz/from/http://mirror.jmu.edu/pub/mariadb
  −
cd /opt
  −
tar zxvf ~/addons/mariadb-$RELEASE-linux-i686.tar.gz
  −
ln -s mariadb-$RELEASE-linux-i686 mariadb
  −
mkdir mariadb-data
  −
cp mariadb/support-files/my-medium.cnf mariadb-data/my.cnf
  −
#
  −
# edit my.cnf as described on the mariadb-alongside-mysql howto (link above)
  −
chown -R mariadb:mariadb mariadb-data mariadb mariadb-$RELEASE-linux-i686
  −
#
  −
cp mariadb/support-files/mysql.server /etc/init.d/mariadb
  −
chmod +x /etc/init.d/mariadb
  −
#
  −
# edit /etc/init.d/mariadb as described in the howto
  −
#
  −
cd /opt/mariadb
  −
scripts/mysql_install_db --defaults-file=/opt/mariadb-data/my.cnf
  −
cd /etc/init.d
  −
chkconfig --add mariadb
  −
chkconfig --levels 3 mariadb on
  −
# SME Server uses runlevel 7...
  −
mv /etc/rc3.d/S64mariadb /etc/rc7.d
  −
#
  −
# customizations not mentioned in the howto:
  −
mkdir /var/run/mariadb
  −
chown mariadb:mariadb /var/run/mariadb
  −
#
  −
# customize the execution line in /etc/init.d/mariadb
  −
#
  −
# version from howto:
  −
#  $bindir/mysqld_safe --defaults-file=/opt/mariadb-data/my.cnf --datadir="$datadir" --pid-file="$mysqld_pid_file_path" $other_args >/dev/null 2>&1 &
  −
#
  −
# version I'm using:
  −
# $bindir/mysqld_safe --defaults-file=/opt/mariadb-data/my.cnf --datadir="/opt/mariadb-data" --pid-file="/var/run/mariadb/mariadb.pid" $other_args >/dev/null 2>&1 &
  −
#
  −
# Finally, testing access requires asking for a password, then entering an empty password (SME feeds the 'root'@'localhost' password to mysql by default:
  −
# mysql -e "SELECT VERSION();" --port=3307 --protocol=TCP -p
  −
#
  −
# set root password in mariadb same as root password in mysql
  −
mysql --port=3307 --protocol=TCP -p < /var/service/mysqld/set.password
  −
#
  −
# Now the example version check from the howto works:   
  −
mysql -e "SELECT VERSION();" --socket=/opt/mariadb-data/mariadb.sock
   
</nowiki>
 
</nowiki>
   −
===Gotchas===
+
Start the agent
====my.cnf====
+
/etc/init.d/wazuh-agent start
I have not copied the customization instructions for my.cnf from the mariadb howto page.
     −
Be sure to make all of the changes to my.cnf suggested.
+
===SME Customizations===
 +
I added these instructions to /var/ossec/etc/ossec.conf:
 +
<nowiki>  <localfile>
 +
    <log_format>djb-multilog</log_format>
 +
    <location>/var/log/dovecot/current</location>
 +
  </localfile>
   −
https://mariadb.com/kb/en/installing-mariadb-alongside-mysql/
+
  <localfile>
 +
    <log_format>djb-multilog</log_format>
 +
    <location>/var/log/tinydns/current</location>
 +
  </localfile>
 +
  <localfile>
 +
    <log_format>djb-multilog</log_format>
 +
    <location>/var/log/dnscache/current</location>
 +
  </localfile>
   −
====/var/run/mariadb====
+
  <localfile>
I could not get mariadb to run until I manually created the folder for the process id file.
+
    <log_format>command</log_format>
<nowiki>mkdir /var/run/mariadb
+
    <command>grep -h logterse /var/log/*qpsmtpd/current</command>
chown mariadb:mariadb /var/run/mariadb</nowiki>
+
    <alias>s/qpsmtpd</alias>
 +
    <frequency>360</frequency>
 +
  </localfile>
 +
</nowiki>
   −
====/etc/init.d/mariadb====
+
And this instruction to /var/ossec/etc/local_internal_options.conf:
I was unable to make the 'mysqld_save' command line from the howto work. Where the howto wanted this command:
+
<nowiki># from https://documentation.wazuh.com/2.0/user-manual/reference/ossec-conf/localfile.html
$bindir/mysqld_safe --defaults-file=/opt/mariadb-data/my.cnf --datadir="$datadir" --pid-file="$mysqld_pid_file_path" $other_args >/dev/null 2>&1 &
+
# 'it may not be permissible in all environments to allow the Wazuh manager to run
 +
#  arbitrary commands on agents in their root security context.'
 +
logcollector.remote_commands=1
 +
</nowiki>
   −
I needed to specify the datadir instead of using the "$datadir" variable:
+
And restarted the agent using
$bindir/mysqld_safe --defaults-file=/opt/mariadb-data/my.cnf --datadir="/opt/mariadb-data" --pid-file="/var/run/mariadb/mariadb.pid" $other_args >/dev/null 2>&1 &
+
  /etc/init.d/wazuh-agent restart
 
  −
If I use the line suggested in the HOWTO, mariadb never starts (although it reports starting on the command line, it records an error in /opt/mariadb-data/<hostname>.err)
  −
 
  −
====set mariadb root password====
  −
Since I am managing mariadb using the existing SME mysql client, and since the SME mysql client automatically uses the mysql 'root' password, I chose to set the root password for my mariadb installation to match the mysql root password.
  −
 
  −
When running the commands below, press <Enter> when prompted for a password (the default mariadb root password is empty):
  −
<nowiki>CONNECT=--socket=/opt/mariadb-data/mariadb.sock
  −
mysql $CONNECT -p < /var/service/mysqld/set.password</nowiki>
  −
 
  −
Now that your mariadb installation is using your SME Server mysql root password, you can easily verify the versions of mysql and mariadb as described in the howto:
  −
<nowiki>#mysql version
  −
mysql -e "SELECT VERSION();"</nowiki>
  −
 
  −
  <nowiki>#mariadb version
  −
CONNECT=--socket=/opt/mariadb-data/mariadb.sock
  −
mysql -e "SELECT VERSION();" $CONNECT
  −
# OR connect using port 3307
  −
CONNECT="--protocol=TCP --port=3307"
  −
mysql -e "SELECT VERSION();" $CONNECT
  −
# OR spell out the connection on the command line
  −
mysql -e "SELECT VERSION();" --protocol=TCP --port=3307</nowiki>
  −
 
  −
===Backup & Restore===
  −
* (RequestedDeletion) Nice notes. Would it be worth it to look at the pre-backup and pre-restore events (And config db settings) so MariaDB databases are being backup up ?
  −
====/etc/e-smith/events/actions/mariadb-dump-tables====
  −
* Based on /etc/e-smith/events/actions/mysql-dump-tables
  −
* "CONNECT" options separated out for easy modification and potential movement into db variables
  −
* "-x" option added to the mysqldump command line to avoid an error about locking log files
  −
<nowiki>#!/bin/sh
  −
#CONNECT=--socket=/opt/mariadb-data/mariadb.sock
  −
CONNECT="--protocol=TCP --port=3307"
  −
 
  −
if ! $(mysqladmin $CONNECT ping >/dev/null 2>&1)
  −
then
  −
    echo "mariadb is not running - no tables dumped" >&2
  −
    exit 0
  −
fi
  −
 
  −
mkdir -p /home/e-smith/db/mariadb
  −
for db in $(mysql $CONNECT -BNre "show databases;")
  −
do
  −
    mysqldump $CONNECT  -x --add-drop-table  -QB "$db" -r /home/e-smith/db/mariadb/"$db".dump  || exit 1
  −
done</nowiki>
  −
====/etc/e-smith/events/actions/mariadb-load-tables====
  −
* based on /etc/e-smith/events/actions/mysql-load-tables
  −
* doesn't actually load the dbs
  −
* NEEDS EXAMINATION!
  −
<nowiki>#!/bin/sh
  −
#CONNECT=--socket=/opt/mariadb-data/mariadb.sock
  −
CONNECT="--protocol=TCP --port=3307"
  −
MARIADATA=/opt/mariadb-data
  −
 
  −
if ! $(mysqladmin $CONNECT ping >/dev/null 2>&1)
  −
then   
  −
    echo "mariadb is not running - no tables restored" >&2
  −
    exit 0
  −
fi
  −
 
  −
if [ ! -f $MARIADATA/mysql/user.frm ]
  −
then
  −
    mkdir -p /etc/e-smith/mariadb/init
  −
    for db in $(ls /home/e-smith/db/mariadb/*.dump 2> /dev/null | grep -v '/mysql.dump')
  −
    do
  −
        mv $db /etc/e-smith/mariadb/init/01_$(basename $db .dump).sql
  −
    done
  −
fi</nowiki>
  −
====Automation====
  −
=====Backup=====
  −
* Link mariadb-dump-tables into the pre-backup event
  −
* Dumped tables should be included in backups as they are stored under /home/e-smith
  −
<nowiki>cd /etc/e-smith/events/pre-backup
  −
ln -s ../actions/mariadb-dump-tables S20mariadb-dump-tables</nowiki>
  −
=====Restore - NEEDS WORK=====
  −
The SME Server mysql restore is complicated by various factors that may not apply to a mariadb "alongside" installation.
  −
Here's what would need to be done to restore all mariadb databases:
  −
* Reinstall mariadb, including setting the password to match the mysql root password
  −
* Restore the 'dump' files created during pre-backup individually using:
  −
<nowiki>cd /home/e-smith/db/mariadb
  −
CONNECT=--socket=/opt/mariadb-data/mariadb.sock
  −
mysql $CONNECT < <dbname>.dump</nowiki>
      +
=Older=
 +
Mariadb notes moved to [[MariaDB_alongside_MySQL]]
 
==Install Moodle 2.6 using git==
 
==Install Moodle 2.6 using git==
 
===Requirements===
 
===Requirements===
Line 428: Line 312:  
  <nowiki>DOMAIN=tiddlywiki.domain.tld
 
  <nowiki>DOMAIN=tiddlywiki.domain.tld
 
db domains set $DOMAIN domain Nameservers internet ProxyPassTarget http://localhost:8080/ TemplatePath ProxyPassVirtualHosts
 
db domains set $DOMAIN domain Nameservers internet ProxyPassTarget http://localhost:8080/ TemplatePath ProxyPassVirtualHosts
 +
#
 +
# Several TiddlyWiki 5 Plugins require AllowEncodedSlashes On in httpd.conf
 +
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/ProxyPassVirtualHosts
 +
echo '#
 +
# AllowEncodedSlashes On from custom template in ProxyPassVirtualHosts
 +
AllowEncodedSlashes On ' > /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/ProxyPassVirtualHosts/04ProxyPassVirtualHosts
 
signal-event domain-create $DOMAIN</nowiki>
 
signal-event domain-create $DOMAIN</nowiki>
  
Retrieved from "https://wiki.koozali.org/Special:MobileDiff/23215...34369"

Navigation menu