New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document experimental native installation on CentOS 7 #401

Open
metas-jb opened this Issue Feb 1, 2019 · 1 comment

Comments

Projects
None yet
2 participants
@metas-jb
Copy link
Member

metas-jb commented Feb 1, 2019

Background:

Right now, we're officially supporting only Ubuntu 16.04 Server using our installer (native installation package).
However in recent events, we deployed the metasfresh stack on a VM running CentOS 7 which worked perfectly fine.

Todo:

  • migrate documentation of how to deploy metasfresh natively on CentOS as markdown (right now, there's only a simple text-file with bulletin points)
  • point out, that the documentation is very experimental and not officially supported even if it worked on at least two deployments already
@metas-ts

This comment has been minimized.

Copy link
Member

metas-ts commented Feb 12, 2019

Created by @metas-jb

#Tested with:
#       CentOS Linux release 7.6.1810 (Core) - minimal install - 3.10.0-957.1.3.el7.x86_64
#       
#       
#Note:  
#       all commands shall be executed by root or alternatively with "sudo" in front, except the ones where we "su" into users of course.
#       though with most lines you can copy them as is to the terminal, please don't ctrl+a and paste into terminal ;) - some lines need user confirmation / editing / etc.
#
#       also, many of the described config files can be modified for different reasons:
#           - have the database on a different server
#           - using a different server for hosting the nginx reverse proxy
#           - improving performance (DB, App and Proxy)
#           - etc.
#       however - this is just a quick and roughly scribbled together how-to for deploying metasfresh as easy as possible



General Prep:
    adduser metasfresh
    yum install epel-release
    yum install wget
    yum install unzip
    modify /etc/hosts -> use primary IP for hostname 
        (eg. if hostname is "myserver" and primary IP 192.168.1.2 in /etc/hosts shall be this entry: 192.168.1.2 myserver. This is necessary for the application server)
    
Postgresql-Server:
    wget https://download.postgresql.org/pub/repos/yum/11/redhat/rhel-7-x86_64/pgdg-centos11-11-2.noarch.rpm
    yum install pgdg-centos11-11-2.noarch.rpm
    yum check-update
    yum install postgresql11-server postgresql11-contrib
    export PGSETUP_INITDB_OPTIONS="-E 'UTF-8' --lc-collate='de_DE.UTF-8' --lc-ctype='de_DE.UTF-8'"; /usr/pgsql-11/bin/postgresql-11-setup initdb
    
    systemctl start postgresql-11
    su postgres
        psql
            CREATE ROLE metasfresh LOGIN ENCRYPTED PASSWORD 'metasfresh' SUPERUSER INHERIT CREATEDB NOCREATEROLE;
            CREATE DATABASE metasfresh OWNER metasfresh ENCODING UTF8 LC_COLLATE 'de_DE.UTF-8' LC_CTYPE 'de_DE.UTF-8';
            EXIT;
        exit
    su metasfresh
        vi ~/.pgpass
            localhost:5432:*:metasfresh:metasfresh
            server-hostname:5432:*:metasfresh:metasfresh
        chmod 600 ~/.pgpass
        exit
    
    vi /var/lib/pgsql/11/data/postgresql.conf
        -> change and uncomment "listen_addresses" to: listen_addresses = '*'
    vi /var/lib/pgsql/11/data/pg_hba.conf
        -> add line:
            host    metasfresh      metasfresh      0.0.0.0/0               md5
            #note: you can also restrict access to the IP/Subnet of your primary IP
    systemctl restart postgresql-11
    systemctl enable postgresql-11
    
    #user "metasfresh" shall now be able to connect to database "metasfresh" check with:
    # su metasfresh
    #   psql -d metasfresh -U metasfresh -h $(hostname)

    
OpenJDK-8:
    yum install java-1.8.0-openjdk-headless

    
Elasticsearch:
    wget https://download.elastic.co/elasticsearch/release/org/elasticsearch/distribution/rpm/elasticsearch/2.4.6/elasticsearch-2.4.6.rpm
    yum install elasticsearch-2.4.6.rpm
    modify and uncomment in /etc/elasticsearch/elasticsearch.yml ->
        cluster.name: metasfresh
        network.host: localhost
    systemctl restart elasticsearch.service
    systemctl enable elasticsearch.service
    

RabbitMQ:
    vi /etc/yum.repos.d/erlang.repo
        [erlang-solutions]
        name=CentOS $releasever - $basearch - Erlang Solutions
        baseurl=https://packages.erlang-solutions.com/rpm/centos/$releasever/$basearch
        gpgcheck=1
        gpgkey=https://packages.erlang-solutions.com/rpm/erlang_solutions.asc
        enabled=1
    
    rpm --import https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc
    vi /etc/yum.repos.d/rabbitmq.repo
        [bintray-rabbitmq-server]
        name=bintray-rabbitmq-rpm
        baseurl=https://dl.bintray.com/rabbitmq/rpm/rabbitmq-server/v3.7.x/el/7/
        gpgcheck=0
        repo_gpgcheck=0
        enabled=1

    yum check-update
    yum install erlang #(make sure it is > 21.x)
    yum install rabbitmq-server #(make sure it is > 3.7)

    echo "listeners.tcp.default = 5672
        default_vhost = /
        default_user = metasfresh
        default_pass = metasfresh
        default_permissions.configure = .*
        default_permissions.read = .*
        default_permissions.write = .*" > /etc/rabbitmq/rabbitmq.conf
    
    systemctl restart rabbitmq-server
    rabbitmqctl delete_user guest   #you should get an error about no such user "guest" but we're making sure the account is not present
    rabbitmqctl add_user metasfresh metasfresh   #you should get an error about user already exists but we're making sure the user is there
    rabbitmqctl set_permissions -p / metasfresh ".*" ".*" ".*"
    systemctl restart rabbitmq-server.service
    systemctl enable rabbitmq-server

    
metasfresh:
    move /opt/metasfresh_install/apps/metasfresh -> /opt/
    
    modify /opt/metasfresh_install/etc/*.properties -> replace FOO_APP with hostname of app-server
                                                    -> replace FOO_DBMS with hostname of db-server
    modify /opt/metasfresh_install/etc/webui_config.js -> replace FOO_IP with externally reachable hostname
    modify /opt/metasfresh_install/etc/metasfresh_server.conf -> replace MF_MAX_MEM with something like 1024 or 2048 depending on available RAM you want to provide the app-server
    
    mkdir -p /opt/metasfresh-webui-frontend && mv /opt/metasfresh/metasfresh-webui-frontend.tar.gz /opt/metasfresh-webui-frontend/
    cd /opt/metasfresh-webui-frontend && tar xvzf ./metasfresh-webui-frontend.tar.gz
    
    cd /opt/metasfresh_install/etc
    cp:
        ./webui_logback.xml /opt/metasfresh/metasfresh-webui-api/logback.xml
        ./metasfresh-admin.conf /opt/metasfresh/metasfresh-admin/
        ./webui_application.properties /opt/metasfresh/metasfresh-webui-api/application.properties
        ./app_application.properties /opt/metasfresh/application.properties
        ./mat_dispo_application.properties /opt/metasfresh/metasfresh-material-dispo/application.properties
        ./admin_application.properties /opt/metasfresh/metasfresh-admin/application.properties
        ./metasfresh_webui_api.properties /opt/metasfresh/metasfresh-webui-api/metasfresh.properties
        ./metasfresh_server.conf /opt/metasfresh/metasfresh_server.conf
        ./metasfresh.properties /opt/metasfresh/metasfresh.properties
        ./local_settings.properties /home/metasfresh/local_settings.properties
        ./webui_config.js /opt/metasfresh-webui-frontend/dist/config.js
    chown metasfresh:metasfresh -R /opt/metasfresh-webui-frontend
    chown metasfresh:metasfresh -R /opt/metasfresh
    chown metasfresh:metasfresh /home/metasfresh/*
    
    cd /opt/metasfresh_install/scripts
    cp: 
        ./*.service /etc/systemd/system/
        ./metasfresh /etc/sudoers.d/metasfresh_app
        ./metasfresh-admin.sudoers /etc/sudoers.d/metasfresh-admin
        ./metasfresh-material-dispo.sudoers /etc/sudoers.d/metasfresh-material-dispo
        ./metasfresh-webui-api.sudoers /etc/sudoers.d/metasfresh-webui-api
    chmod 0440 /etc/sudoers.d/metasfresh*
    systemctl daemon-reload
    cd /opt/metasfresh_install/database
    modify postcopy.sql -> replace FOOBAR with hostname
    su metasfresh
        cd /opt/metasfresh_install/database
        pg_restore -Fc -d metasfresh ./metasfresh.pgdump  #ignore errors about schema public already exists
        psql -d metasfresh -f ./postcopy.sql
        exit
    systemctl start metasfresh_server
    systemctl start metasfresh-webui-api
    systemctl start metasfresh-material-dispo
    systemctl enable metasfresh_server
    systemctl enable metasfresh-webui-api
    systemctl enable metasfresh-material-dispo
    
WebUI & nginx:
    yum install nginx
    vi /opt/metasfresh-webui-frontend/metasfresh_webui.conf
        server {
            listen 80;
            server_name my-server-name;  #replace with server name
            
            access_log /var/log/nginx/metasfresh.webui.access.log;
            
            proxy_buffering                         off;
            proxy_set_header Host                   $http_host;
            proxy_set_header X-Real-IP              $remote_addr;
            proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto      $scheme;
            proxy_buffers 256 16k;
            proxy_buffer_size 16k;
            proxy_read_timeout 600s;
            client_max_body_size 100M;
            
            location /rest {
                proxy_pass                              http://localhost:8181/rest/;
            }

            location /stomp {
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                client_max_body_size 50M;
                proxy_set_header X-Frame-Options SAMEORIGIN;
                proxy_buffers 256 16k;
                proxy_buffer_size 16k;
                proxy_read_timeout 600s;
                proxy_pass http://localhost:8181/stomp/;
            }

            location /info {
                proxy_pass  http://localhost:8181/info;
            }

            location /swagger-ui.html {
                proxy_pass  http://localhost:8181/swagger-ui.html;
            }

            location /v2/api-docs {
                proxy_pass  http://localhost:8181/v2/api-docs;
            }

            location /swagger-resources{
                proxy_pass  http://localhost:8181/swagger-resources/;
            }

            location /webjars/springfox-swagger-ui{
                proxy_pass  http://localhost:8181/webjars/springfox-swagger-ui/;
            }

            location /configuration{
                proxy_pass  http://localhost:8181/configuration/;
            }

            location /{
                    root /opt/metasfresh-webui-frontend/dist;
                    index index.html;
                    
                    try_files $uri /index.html;
            }
        }
        
    vi /opt/metasfresh-webui-frontend/metasfresh_webui_ssl.conf
        server {
        listen 80;
        server_name my-server-name;  #replace with server name
        rewrite ^ https://$server_name$request_uri?;
        }

        server {
                listen 443;
                server_name my-server-name;  #replace with server name
                ssl     on;
                ssl_certificate         /location/of/ssl/cert.pem;
                ssl_certificate_key     /location/of/ssl/key.pem;

                ssl_session_timeout     30m;
                ssl_session_cache  builtin:1000  shared:SSL:10m;
                ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
                ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
                ssl_prefer_server_ciphers on;

                access_log /var/log/nginx/metasfresh.webui.access.log;

                proxy_buffering                         off;
                proxy_set_header Host                   $http_host;
                proxy_set_header X-Real-IP              $remote_addr;
                proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto      $scheme;
                proxy_buffers 256 16k;
                proxy_buffer_size 16k;
                proxy_read_timeout 600s;
                client_max_body_size 100M;
                
                location /rest {
                    proxy_pass                              https://localhost:8181/rest/;
                }

                location /stomp {
                    proxy_set_header Upgrade $https_upgrade;
                    proxy_set_header Connection "upgrade";
                    client_max_body_size 50M;
                    proxy_set_header X-Frame-Options SAMEORIGIN;
                    proxy_buffers 256 16k;
                    proxy_buffer_size 16k;
                    proxy_read_timeout 600s;
                    proxy_pass https://localhost:8181/stomp/;
                }

                location /info {
                    proxy_pass  http://localhost:8181/info;
                }

                location /swagger-ui.html {
                    proxy_pass  http://localhost:8181/swagger-ui.html;
                }

                location /v2/api-docs {
                    proxy_pass  http://localhost:8181/v2/api-docs;
                }

                location /swagger-resources{
                    proxy_pass  http://localhost:8181/swagger-resources/;
                }

                location /webjars/springfox-swagger-ui{
                    proxy_pass  http://localhost:8181/webjars/springfox-swagger-ui/;
                }

                location /configuration{
                    proxy_pass  http://localhost:8181/configuration/;
                }
                
                location /{
                    root /opt/metasfresh-webui-frontend/dist;
                    index index.html;
                    
                    try_files $uri /index.html;
                }
            }
    cp /opt/metasfresh-webui-frontend/metasfresh_webui.conf /etc/nginx/conf.d/
    (for SSL use the other one and change /opt/metasfresh-webui-frontend/dist/config.js to use "https" instead of "http" )
    
    #(registering files and proxy-connection to SELinux which is enabled by default on centos7)
    chcon -Rt httpd_sys_content_t /opt/metasfresh-webui-frontend/dist
    setsebool httpd_can_network_connect 1 -P
    
    systemctl restart nginx
    systemctl enable nginx
    
    firewall-cmd --zone=public --add-port=80/tcp --permanent
    firewall-cmd --zone=public --add-port=443/tcp --permanent
    firewall-cmd --reload
    
    
    # login via browser on "http://server_hostname" -> Demo-User: it -> Password: demostart 
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment