All new 8-1-2021 QuizExtensions Install #Created server #Setting a few personal preferences and installing some tools, before continuing yum install mlocate updatedb #Bings and pings in Linux when using ssh from a windows terminal {ubuntu} are annoying. To disable, edit these files: vim /etc/vimrc #and add this at the end--> set noeb vb t_vb= vim /etc/inputrc #remove the # from in front of the line---> set bell-style none #Yum error = Failed to set locale, defaulting to C. Fix yum by setting these options: Add the following lines to the .bashrc file in home dir. vim .bashrc #add the following alias lsa='ls -alh' ## US English ## export LANG=en_US.UTF-8 export LANGUAGE=en_US.UTF-8 export LC_COLLATE=C export LC_CTYPE=en_US.UTF-8 yum install yum-cron sudo systemctl start yum-cron sudo systemctl enable yum-cron yum install net-tools #We run a ansible script that accomplished a number of installs and changes. #Results from running the script: #Wednesday =================================================================================================================================================================================================================== == cis_uwyo : PRELIM | Section 4.1 | Configure System Accounting (auditd) ---------------------------------------------------------------------------------------------------------------------------------- 78.05s == authentication Type SSD | Get AD Target OU -------------------------------------------------------------------------------------------------------------------------------------------------------------- 65.68s == auth : Active Directory Authentication | Install Required Packages -------------------------------------------------------------------------------------------------------------------------------------- 38.94s == cis_uwyo : SCORED | 1.6.2 | PATCH | Ensure SELinux is installed ----------------------------------------------------------------------------------------------------------------------------------------- 26.41s == auditd : Ensure events that modify date and time information are collected ------------------------------------------------------------------------------------------------------------------------------ 24.84s == snmpd : Install snmpd ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 23.43s == iptables : Install iptables, ipset, and related services services --------------------------------------------------------------------------------------------------------------------------------------- 21.73s == swclient : Install SolarWinds Agent --------------------------------------------------------------------------------------------------------------------------------------------------------------------- 20.48s == postfix : Install postfix ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 12.85s == auditd : Install audit ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 12.74s == cis_uwyo : NOTSCORED | 1.2.1 | PATCH | Ensure package manager repositories are configured --------------------------------------------------------------------------------------------------------------- 11.72s == authentication Type SSD | Get AD Username ---------------------------------------------------------------------------------------------------------------------------------------------------------------- 9.73s == authentication Type SSD | Get AD Password ---------------------------------------------------------------------------------------------------------------------------------------------------------------- 9.37s == cis_uwyo : SCORED | 5.4.2 | PATCH | Ensure system accounts are non-login --------------------------------------------------------------------------------------------------------------------------------- 9.15s == cis_uwyo : SCORED | 6.2.11 | PATCH | Ensure no users have .forward files --------------------------------------------------------------------------------------------------------------------------------- 7.92s == cis_uwyo : SCORED | 6.2.14 | PATCH | Ensure no users have .rhosts files ---------------------------------------------------------------------------------------------------------------------------------- 7.89s == cis_uwyo : SCORED | 6.2.12 | PATCH | Ensure no users have .netrc files ----------------------------------------------------------------------------------------------------------------------------------- 7.89s == cis_uwyo : SCORED | 5.4.2 | PATCH | Ensure system accounts are non-login --------------------------------------------------------------------------------------------------------------------------------- 7.49s == rapid7_agent : Run rapid7 agent installer as reinstall and with attribute(s) ----------------------------------------------------------------------------------------------------------------------------- 6.90s == iptables : Remove firewalld ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 6.60s =================================================================================================================================================================================================================== #disable IPV6 netstat -tulpn (should see several entries for ipv6) vim /etc/sysconfig/network-scripts/ifcfg-ens192 (set IPV6INIT="no") vim /etc/my.cnf.d/server.cnf (bind-address=10.84.40.241) grep "^\s*linux" /boot/grub2/grub.cfg vim /etc/default/grub (add line = GRUB_CMDLINE_LINUX="ipv6.disable=1") grub2-mkconfig > /boot/grub2/grub.cfg remove the ipv6 line from the hosts file; /etc/hosts reboot to be safe netstat -tulpn (should not see any more entries for ipv6) yum install -y httpd mod_ssl @development python3 mod_wsgi.x86_64 python3-wheel python-virtualenv libxml2-devel.x86_64 libxslt-devel python3-devel mysql-devel python-pip mkdir /etc/sysconfig/ipset.d cd /etc/sysconfig chmod 700 ipset.d cd ipset.d/ vim web-users.set #--add the following to web-users.set (examples) create web-users hash:net family inet hashsize 1024 maxelem 65536 add web-users 10.0.45.0/24 add web-users 10.0.46.3 add web-users 10.0.47.5 add web-users 10.0.48.6 add web-users 10.0.49.0/24 chmod 600 web-users.set vim /etc/sysconfig/iptables #--add the following line -A ens192_IN -p tcp -m set --match-set web-users src -m tcp --match multiport --dports 80,443 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT systemctl restart ipset.service systemctl restart iptables.service #Default Apache page should now be working cd /var/www/ git clone https://github.com/ucfopen/quiz-extensions.git cd quiz-extensions/ cp config.py.template config.py vim config.py Add line in config.py to read---> DEBUG = False #after line 1 "import os" ---- Edit the following lines API_URL = "https://yourschool.test.instructure.com/api/v1/" API_KEY = "098709870987---your-api-key-80709870987" ALLOWED_CANVAS_DOMAINS = ["yourschool.test.instructure.com"] SECRET_KEY = "(0987your-key0897)" LTI_TOOL_ID = "QuizExtensions" SQLALCHEMY_DATABASE_URI = "mysql://quizextdev_db_user:89760987@mysql.yourschool.edu:6003/quizext_devdb" SQLALCHEMY_TRACK_MODIFICATIONS = True CONSUMER_KEY = os.environ.get("0987yourkey0987", "key") SHARED_SECRET = os.environ.get("0987yourkey0987", "secret") #-- change this line: "app": {"handlers": ["console", "file"], "level": "DEBUG", "propagate": True} #-- to read: "app": {"handlers": ["console", "file"], "level": "DEBUG", "propagate": False} #don't forget to save# #-- Setup SSL ----- request a cert using openssl openssl pkcs12 -in ./yourserver.pfx -nocerts -out /etc/pki/tls/private/yourserver.pem -nodes openssl rsa -in /etc/pki/tls/private/yourserver.pem -out /etc/pki/tls/private/yourserver.key openssl pkcs12 -in ./yourserver.pfx -nokeys -out /etc/pki/tls/certs/yourserver.crt #-- Edit the ssl.conf file; vim /etc/httpd/conf.d/ssl.conf SSLCertificateFile /etc/pki/tls/certs/yourserver.crt SSLCertificateKeyFile /etc/pki/tls/private/yourserver.key #-- Create virtual config file for Apache -- location -- /etc/httpd/conf.d/quizextdev.conf ------------------------------------------------------------------------------------------------------------------------- # Ensure that Apache listens on port 80 servername quizextdev.yourschool.edu serveralias quizextdev.yourschool.edu serveradmin deptsys-it@yourschool.edu SSLEngine on SSLProtocol TLSv1.1 TLSv1.2 SSLInsecureRenegotiation off SSLCertificateFile /etc/pki/tls/certs/yourschool.crt SSLCertificateKeyFile /etc/pki/tls/private/yourschool.crt #QUIZ EXTENSION CODE Alias quiz-ext/static /var/www/quiz-extensions/static Require all granted Require all granted WSGIDaemonProcess quiz-ext WSGIProcessGroup quiz-ext WSGIScriptAlias /quiz-ext /var/www/quiz-extensions/wsgi.py LogLevel warn rewrite:trace2 LogFormat "%a %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" X-Forwarded-For CustomLog /var/log/httpd/quizext-ssl.uwyo.edu-access.log X-Forwarded-For ErrorLog /var/log/httpd/quizext-ssl.uwyo.edu-error.log ------------------------------------------------------------------------------------------------------------------------- vim /var/www/quiz-extensions/wsgi.py #-- I had to re-order the commands so they would execute properly. It should read like this. activate_this = "/var/www/quiz-extensions/env/bin/activate_this.py" execfile(activate_this, dict(__file__=activate_this)) import sys sys.path.insert(0, "/var/www/quiz-extensions/") from views import app as application #-- save and close vim /var/www/quiz-extensions/utils.py #-- Change line 7 from this; from urllib.parse import parse_qs, urlsplit #--To read like this; from urlparse import parse_qs, urlsplit #-- save and close create directory and file; mkdir /usr/share/httpd/logs/ touch /usr/share/httpd/logs/quiz_ext.log chmod 666 /usr/share/httpd/logs/quiz_ext.log # commented out these google statements to remove error. vim /var/www/quiz-extensions/views.py # @app.context_processor # def add_google_analytics_id(): # return dict(GOOGLE_ANALYTICS=config.GOOGLE_ANALYTICS) #-- save and close Created directory for logs mkdir /var/www/quiz-extensions/logs/ #create a virtual enviroment for quizextensions virtualenv env #output = #New python executable in /var/www/quiz-extensions/env/bin/python #Installing setuptools, pip, wheel...done. source /var/www/quiz-extensions/env/bin/activate pip install pip==20.3.4 #ignore upgrade message unless you want to try to upgrade to python 3.xx which would require an extensive amount of work. env/bin/pip install Flask env/bin/pip install Flask-Migrate env/bin/pip install lxml env/bin/pip install PyLTI env/bin/pip install redis env/bin/pip install requests env/bin/pip install rq #This has to be downloaded but to be honest, I don't know from where. I found it on my Dev server. OR you might try this command but no guarantees. env/bin/pip install mysqlclient==1.4.5 env/bin/pip install mysqlclient-1.4.6-cp27-cp27mu-linux_x86_64.whl deactivate #for some reason, redis has to be installed both via pip and via yum yum install redis systemctl start redis systemctl enable redis systemctl status redis #Verify that redis server is working; redis-server --version #Found that rq was working but it did not have any "workers" assigned to it and therefore would not actually work. The worker function was nowhere to be found in their code. #We created a bash script to start the "workers" and then made it a systemd service. #Solution: Create file called rq_worker.sh and add the following: vim /var/www/quiz-extensions/rq_worker.sh #-------file contents---------------------------------------------- #!/bin/bash source /var/www/quiz-extensions/env/bin/activate rq worker --url redis://localhost:6379 quizext #-------end file---------------------------------------------- chmod 700 /var/www/quiz-extensions/rq_worker.sh #Create a file in /etc/systemd/system ending in .service (this will be used to reference your service in systemctl commands) touch /etc/systemd/system/rq_uw.service #The file should have file permissions 644 based the Red Hat documentation section. (Reference link) # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/sect-managing_services_with_systemd-unit_files chmod 644 /etc/systemd/system/rq_uw.service #Open the file and create three sections [Unit] [Service] [Install] (case sensitive) as follows -> vim /etc/systemd/system/rq_uw.service #-------file contents---------------------------------------------- [Unit] Description=RQ Worker After=network.target [Service] Type=simple WorkingDirectory=/var/www/quiz-extensions Environment=LANG=en_US.UTF-8 Environment=LC_ALL=en_US.UTF-8 Environment=LC_LANG=en_US.UTF-8 ExecStart=/var/www/quiz-extensions/rq_worker.sh ExecReload=/bin/kill -s HUP $MAINPID ExecStop=/bin/kill -s TERM $MAINPID PrivateTmp=true Restart=always [Install] WantedBy=multi-user.target #-------end file---------------------------------------------- #You can now run the following three commands to enable and start your service (you don't actually need to type .service at the end of the file name) systemctl daemon-reload systemctl enable rq_uw.service systemctl start rq_uw.service You should have a working QuizExtensions now.