This is an installation transcript for RatticDB on Centos 6.5 (minimal), including the setup of an encrypted loopback device for the MySQL database.

Prerequisite: fresh CentOS 6.5 installation based on CentOS-6.5-x86_64-minimal.iso.

Basic install and setup

Prepare system
# login as root
ssh-keygen
... manual input as required
vi /etc/hosts
... enter server address and name
 
yum update
yum groupinstall "MySQL Database server"
yum groupinstall development
yum groupinstall "Web Server"
yum install openldap-devel bzip2-devel sqlite-devel libxml2-devel libxslt-devel wget openssl-devel
yum install tk-devel ncurses-devel readline-devel mysql-devel ntp
yum install httpd-devel python-devel

cd /tmp
wget http://mirror-fpt-telecom.fpt.net/fedora/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm
yum install python-pip

chkconfig ntpd on
service ntpd start

chkconfig mysqld off 

Set up an encrypted device for MySQL

Set up LUKS device
cd /
head -c 5G /dev/zero > luksfile
losetup /dev/loop0 luksfile
cryptsetup luksFormat /dev/loop0
... enter a new LUKS password
mkdir /mnt/luksfile
cryptsetup luksOpen /dev/loop0 luksfile
... enter LUKS password
mke2fs -j /dev/mapper/luksfile
mount /dev/mapper/luksfile /mnt/luksfile

Set up MySQL for RatticDB

Set up MySQL
mv /var/lib/mysql /mnt/luksfile/
ln -s /mnt/luksfile/mysql /var/lib/mysql
chcon -R system_u:object_r:var_lib_t:s0 /mnt/luksfile
chcon -R -u system_u -r object_r -t mysqld_db_t /mnt/luksfile/mysql


vi /etc/my.cnf 
	[mysqld]
	datadir=/mnt/luksfile/mysql
	socket=/mnt/luksfile/mysql/mysql.sock


service mysqld start
/usr/bin/mysql_secure_installation

Reboot to test the basic setup

Startup test
reboot
 
# login as root
losetup /dev/loop0 /luksfile
cryptsetup luksOpen /dev/loop0 luksfile
...enter LUKS password
mount /dev/mapper/luksfile /mnt/luksfile
service mysqld start

Prepare RatticDB database

MySQL setup for RatticDB
create database rattic;
create user rattic@localhost identified by '***rattic-db-password***';
grant all on rattic.* to rattic;

Install RatticDB

Install RatticDB
useradd -c "RatticWeb" -m rattic
 
cd /tmp
wget --no-check-certificate https://github.com/tildaslash/RatticWeb/archive/v1.1.0.tar.gz
tar -xzf v1.1.0.tar.gz 
cd RatticWeb-1.1.0
pip install -r requirements-mysql.txt
 
mkdir /opt/apps
cd /tmp
mv RatticWeb-1.1.0 /opt/apps/RatticWeb
mkdir /opt/apps/RatticWeb/static
chown -R rattic /opt/apps/RatticWeb
 
chcon -Rv --type=httpd_sys_content_t /opt/apps/RatticWeb

Configure RatticDB

Configuer RatticDB
su - rattic
cd /opt/apps/RatticWeb/conf
vi local.cfg
	[ratticweb]
	debug = False
	secretkey = ***rattic-secret-key***
	hostname = ***IP name of local host***
	[filepaths]
	static = /opt/apps/RatticWeb/static
	[database]
	engine = django.db.backends.mysql
	name = rattic
	user = rattic
	password = ***rattic-db-password***
	host = localhost
	port = 3306

cd /opt/apps/RatticWeb/
./manage.py syncdb --noinput
./manage.py migrate --all
./manage.py collectstatic -c --noinput
./manage.py demosetup
 
exit # back to root

Prepare web server

Prepare apache httpd
cd /etc/httpd/conf.d
vi rattic.conf


NameVirtualHost *:80
<VirtualHost *:80>
   ServerName ***IP name of local host***
   ServerAlias ***first part of IP name***
   Redirect permanent / https://***IP name of local host***/
</VirtualHost>
   Alias /robots.txt /opt/apps/RatticWeb/static/robots.txt
   Alias /favicon.ico /opt/apps/RatticWeb/static/favicon.ico
   AliasMatch ^/([^/]*\.css) /opt/apps/RatticWeb/static/styles/$1
   Alias /media/ /opt/apps/RatticWeb/media/
   Alias /static/ /opt/apps/RatticWeb/static/
   <Directory /opt/apps/RatticWeb/static>
   Order deny,allow
   Allow from all
   </Directory>
   <Directory /opt/apps/RatticWeb/media>
   Order deny,allow
   Allow from all
   </Directory>
   WSGIScriptAlias / /opt/apps/RatticWeb/ratticweb/wsgi.py
   WSGIPassAuthorization On
   WSGIDaemonProcess rattic processes=2 threads=25 home=/opt/apps/RatticWeb/ python-path=/opt/apps/RatticWeb display-name=%{GROUP}
   WSGIProcessGroup rattic

   <Directory /opt/apps/RatticWeb/ratticweb>
     <Files wsgi.py>
       Order deny,allow
       Allow from all
     </Files>
   </Directory>
 
service httpd restart

Modify firewall

Prepare iptables
vi /etc/sysconfig/iptables
	-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
	-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

service iptables restart

Test Web access

http://***IP name of local host***

 

Questions and feedback

Feedback has been disabled here.

For questions and comments please contact Thomas Gutzmann (thomas@gutzmann.se).

  • No labels