This is an installation transcript for RatticDB on Centos 6.5 (minimal), including the setup of an encrypted loopback device for the MySQL database.

Prerequisite: fresh CentOS 6.5 installation based on CentOS-6.5-x86_64-minimal.iso.

Basic install and setup

Prepare system
# login as root
... manual input as required
vi /etc/hosts
... enter server address and name
yum update
yum groupinstall "MySQL Database server"
yum groupinstall development
yum groupinstall "Web Server"
yum install openldap-devel bzip2-devel sqlite-devel libxml2-devel libxslt-devel wget openssl-devel
yum install tk-devel ncurses-devel readline-devel mysql-devel ntp
yum install httpd-devel python-devel

cd /tmp
rpm -ivh epel-release-6-8.noarch.rpm
yum install python-pip

chkconfig ntpd on
service ntpd start

chkconfig mysqld off 

Set up an encrypted device for MySQL

Set up LUKS device
cd /
head -c 5G /dev/zero > luksfile
losetup /dev/loop0 luksfile
cryptsetup luksFormat /dev/loop0
... enter a new LUKS password
mkdir /mnt/luksfile
cryptsetup luksOpen /dev/loop0 luksfile
... enter LUKS password
mke2fs -j /dev/mapper/luksfile
mount /dev/mapper/luksfile /mnt/luksfile

Set up MySQL for RatticDB

Set up MySQL
mv /var/lib/mysql /mnt/luksfile/
ln -s /mnt/luksfile/mysql /var/lib/mysql
chcon -R system_u:object_r:var_lib_t:s0 /mnt/luksfile
chcon -R -u system_u -r object_r -t mysqld_db_t /mnt/luksfile/mysql

vi /etc/my.cnf 

service mysqld start

Reboot to test the basic setup

Startup test
# login as root
losetup /dev/loop0 /luksfile
cryptsetup luksOpen /dev/loop0 luksfile
...enter LUKS password
mount /dev/mapper/luksfile /mnt/luksfile
service mysqld start

Prepare RatticDB database

MySQL setup for RatticDB
create database rattic;
create user rattic@localhost identified by '***rattic-db-password***';
grant all on rattic.* to rattic;

Install RatticDB

Install RatticDB
useradd -c "RatticWeb" -m rattic
cd /tmp
wget --no-check-certificate
tar -xzf v1.1.0.tar.gz 
cd RatticWeb-1.1.0
pip install -r requirements-mysql.txt
mkdir /opt/apps
cd /tmp
mv RatticWeb-1.1.0 /opt/apps/RatticWeb
mkdir /opt/apps/RatticWeb/static
chown -R rattic /opt/apps/RatticWeb
chcon -Rv --type=httpd_sys_content_t /opt/apps/RatticWeb

Configure RatticDB

Configuer RatticDB
su - rattic
cd /opt/apps/RatticWeb/conf
vi local.cfg
	debug = False
	secretkey = ***rattic-secret-key***
	hostname = ***IP name of local host***
	static = /opt/apps/RatticWeb/static
	engine = django.db.backends.mysql
	name = rattic
	user = rattic
	password = ***rattic-db-password***
	host = localhost
	port = 3306

cd /opt/apps/RatticWeb/
./ syncdb --noinput
./ migrate --all
./ collectstatic -c --noinput
./ demosetup
exit # back to root

Prepare web server

Prepare apache httpd
cd /etc/httpd/conf.d
vi rattic.conf

NameVirtualHost *:80
<VirtualHost *:80>
   ServerName ***IP name of local host***
   ServerAlias ***first part of IP name***
   Redirect permanent / https://***IP name of local host***/
   Alias /robots.txt /opt/apps/RatticWeb/static/robots.txt
   Alias /favicon.ico /opt/apps/RatticWeb/static/favicon.ico
   AliasMatch ^/([^/]*\.css) /opt/apps/RatticWeb/static/styles/$1
   Alias /media/ /opt/apps/RatticWeb/media/
   Alias /static/ /opt/apps/RatticWeb/static/
   <Directory /opt/apps/RatticWeb/static>
   Order deny,allow
   Allow from all
   <Directory /opt/apps/RatticWeb/media>
   Order deny,allow
   Allow from all
   WSGIScriptAlias / /opt/apps/RatticWeb/ratticweb/
   WSGIPassAuthorization On
   WSGIDaemonProcess rattic processes=2 threads=25 home=/opt/apps/RatticWeb/ python-path=/opt/apps/RatticWeb display-name=%{GROUP}
   WSGIProcessGroup rattic

   <Directory /opt/apps/RatticWeb/ratticweb>
       Order deny,allow
       Allow from all
service httpd restart

Modify firewall

Prepare iptables
vi /etc/sysconfig/iptables
	-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
	-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

service iptables restart

Test Web access

http://***IP name of local host***


Questions and feedback

Feedback has been disabled here.

For questions and comments please contact Thomas Gutzmann (

  • No labels