search

metasfresh / metasfresh-documentation

Docs and Manuals for Devs, Users, Admins
http://docs.metasfresh.org/
26 stars 27 forks source link

Document experimental native installation on CentOS 7 #401

Open metas-jb opened 5 years ago

metas-jb commented 5 years ago

Background:

Right now, we're officially supporting only Ubuntu 16.04 Server using our installer (native installation package). However in recent events, we deployed the metasfresh stack on a VM running CentOS 7 which worked perfectly fine.

Todo:

metas-ts commented 5 years ago

Created by @metas-jb 

#Tested with:
#       CentOS Linux release 7.6.1810 (Core) - minimal install - 3.10.0-957.1.3.el7.x86_64
#       
#       
#Note:  
#       all commands shall be executed by root or alternatively with "sudo" in front, except the ones where we "su" into users of course.
#       though with most lines you can copy them as is to the terminal, please don't ctrl+a and paste into terminal ;) - some lines need user confirmation / editing / etc.
#
#       also, many of the described config files can be modified for different reasons:
#           - have the database on a different server
#           - using a different server for hosting the nginx reverse proxy
#           - improving performance (DB, App and Proxy)
#           - etc.
#       however - this is just a quick and roughly scribbled together how-to for deploying metasfresh as easy as possible

General Prep:
    adduser metasfresh
    yum install epel-release
    yum install wget
    yum install unzip
    modify /etc/hosts -> use primary IP for hostname 
        (eg. if hostname is "myserver" and primary IP 192.168.1.2 in /etc/hosts shall be this entry: 192.168.1.2 myserver. This is necessary for the application server)

Postgresql-Server:
    wget https://download.postgresql.org/pub/repos/yum/11/redhat/rhel-7-x86_64/pgdg-centos11-11-2.noarch.rpm
    yum install pgdg-centos11-11-2.noarch.rpm
    yum check-update
    yum install postgresql11-server postgresql11-contrib
    export PGSETUP_INITDB_OPTIONS="-E 'UTF-8' --lc-collate='de_DE.UTF-8' --lc-ctype='de_DE.UTF-8'"; /usr/pgsql-11/bin/postgresql-11-setup initdb

    systemctl start postgresql-11
    su postgres
        psql
            CREATE ROLE metasfresh LOGIN ENCRYPTED PASSWORD 'metasfresh' SUPERUSER INHERIT CREATEDB NOCREATEROLE;
            CREATE DATABASE metasfresh OWNER metasfresh ENCODING UTF8 LC_COLLATE 'de_DE.UTF-8' LC_CTYPE 'de_DE.UTF-8';
            EXIT;
        exit
    su metasfresh
        vi ~/.pgpass
            localhost:5432:*:metasfresh:metasfresh
            server-hostname:5432:*:metasfresh:metasfresh
        chmod 600 ~/.pgpass
        exit

    vi /var/lib/pgsql/11/data/postgresql.conf
        -> change and uncomment "listen_addresses" to: listen_addresses = '*'
    vi /var/lib/pgsql/11/data/pg_hba.conf
        -> add line:
            host    metasfresh      metasfresh      0.0.0.0/0               md5
            #note: you can also restrict access to the IP/Subnet of your primary IP
    systemctl restart postgresql-11
    systemctl enable postgresql-11

    #user "metasfresh" shall now be able to connect to database "metasfresh" check with:
    # su metasfresh
    #   psql -d metasfresh -U metasfresh -h $(hostname)

OpenJDK-8:
    yum install java-1.8.0-openjdk-headless

Elasticsearch:
    wget https://download.elastic.co/elasticsearch/release/org/elasticsearch/distribution/rpm/elasticsearch/2.4.6/elasticsearch-2.4.6.rpm
    yum install elasticsearch-2.4.6.rpm
    modify and uncomment in /etc/elasticsearch/elasticsearch.yml ->
        cluster.name: metasfresh
        network.host: localhost
    systemctl restart elasticsearch.service
    systemctl enable elasticsearch.service

RabbitMQ:
    vi /etc/yum.repos.d/erlang.repo
        [erlang-solutions]
        name=CentOS $releasever - $basearch - Erlang Solutions
        baseurl=https://packages.erlang-solutions.com/rpm/centos/$releasever/$basearch
        gpgcheck=1
        gpgkey=https://packages.erlang-solutions.com/rpm/erlang_solutions.asc
        enabled=1

    rpm --import https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc
    vi /etc/yum.repos.d/rabbitmq.repo
        [bintray-rabbitmq-server]
        name=bintray-rabbitmq-rpm
        baseurl=https://dl.bintray.com/rabbitmq/rpm/rabbitmq-server/v3.7.x/el/7/
        gpgcheck=0
        repo_gpgcheck=0
        enabled=1

    yum check-update
    yum install erlang #(make sure it is > 21.x)
    yum install rabbitmq-server #(make sure it is > 3.7)

    echo "listeners.tcp.default = 5672
        default_vhost = /
        default_user = metasfresh
        default_pass = metasfresh
        default_permissions.configure = .*
        default_permissions.read = .*
        default_permissions.write = .*" > /etc/rabbitmq/rabbitmq.conf

    systemctl restart rabbitmq-server
    rabbitmqctl delete_user guest   #you should get an error about no such user "guest" but we're making sure the account is not present
    rabbitmqctl add_user metasfresh metasfresh   #you should get an error about user already exists but we're making sure the user is there
    rabbitmqctl set_permissions -p / metasfresh ".*" ".*" ".*"
    systemctl restart rabbitmq-server.service
    systemctl enable rabbitmq-server

metasfresh:
    move /opt/metasfresh_install/apps/metasfresh -> /opt/

    modify /opt/metasfresh_install/etc/*.properties -> replace FOO_APP with hostname of app-server
                                                    -> replace FOO_DBMS with hostname of db-server
    modify /opt/metasfresh_install/etc/webui_config.js -> replace FOO_IP with externally reachable hostname
    modify /opt/metasfresh_install/etc/metasfresh_server.conf -> replace MF_MAX_MEM with something like 1024 or 2048 depending on available RAM you want to provide the app-server

    mkdir -p /opt/metasfresh-webui-frontend && mv /opt/metasfresh/metasfresh-webui-frontend.tar.gz /opt/metasfresh-webui-frontend/
    cd /opt/metasfresh-webui-frontend && tar xvzf ./metasfresh-webui-frontend.tar.gz

    cd /opt/metasfresh_install/etc
    cp:
        ./webui_logback.xml /opt/metasfresh/metasfresh-webui-api/logback.xml
        ./metasfresh-admin.conf /opt/metasfresh/metasfresh-admin/
        ./webui_application.properties /opt/metasfresh/metasfresh-webui-api/application.properties
        ./app_application.properties /opt/metasfresh/application.properties
        ./mat_dispo_application.properties /opt/metasfresh/metasfresh-material-dispo/application.properties
        ./admin_application.properties /opt/metasfresh/metasfresh-admin/application.properties
        ./metasfresh_webui_api.properties /opt/metasfresh/metasfresh-webui-api/metasfresh.properties
        ./metasfresh_server.conf /opt/metasfresh/metasfresh_server.conf
        ./metasfresh.properties /opt/metasfresh/metasfresh.properties
        ./local_settings.properties /home/metasfresh/local_settings.properties
        ./webui_config.js /opt/metasfresh-webui-frontend/dist/config.js
    chown metasfresh:metasfresh -R /opt/metasfresh-webui-frontend
    chown metasfresh:metasfresh -R /opt/metasfresh
    chown metasfresh:metasfresh /home/metasfresh/*

    cd /opt/metasfresh_install/scripts
    cp: 
        ./*.service /etc/systemd/system/
        ./metasfresh /etc/sudoers.d/metasfresh_app
        ./metasfresh-admin.sudoers /etc/sudoers.d/metasfresh-admin
        ./metasfresh-material-dispo.sudoers /etc/sudoers.d/metasfresh-material-dispo
        ./metasfresh-webui-api.sudoers /etc/sudoers.d/metasfresh-webui-api
    chmod 0440 /etc/sudoers.d/metasfresh*
    systemctl daemon-reload
    cd /opt/metasfresh_install/database
    modify postcopy.sql -> replace FOOBAR with hostname
    su metasfresh
        cd /opt/metasfresh_install/database
        pg_restore -Fc -d metasfresh ./metasfresh.pgdump  #ignore errors about schema public already exists
        psql -d metasfresh -f ./postcopy.sql
        exit
    systemctl start metasfresh_server
    systemctl start metasfresh-webui-api
    systemctl start metasfresh-material-dispo
    systemctl enable metasfresh_server
    systemctl enable metasfresh-webui-api
    systemctl enable metasfresh-material-dispo

WebUI & nginx:
    yum install nginx
    vi /opt/metasfresh-webui-frontend/metasfresh_webui.conf
        server {
            listen 80;
            server_name my-server-name;  #replace with server name

            access_log /var/log/nginx/metasfresh.webui.access.log;

            proxy_buffering                         off;
            proxy_set_header Host                   $http_host;
            proxy_set_header X-Real-IP              $remote_addr;
            proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto      $scheme;
            proxy_buffers 256 16k;
            proxy_buffer_size 16k;
            proxy_read_timeout 600s;
            client_max_body_size 100M;

            location /rest {
                proxy_pass                              http://localhost:8181/rest/;
            }

            location /stomp {
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                client_max_body_size 50M;
                proxy_set_header X-Frame-Options SAMEORIGIN;
                proxy_buffers 256 16k;
                proxy_buffer_size 16k;
                proxy_read_timeout 600s;
                proxy_pass http://localhost:8181/stomp/;
            }

            location /info {
                proxy_pass  http://localhost:8181/info;
            }

            location /swagger-ui.html {
                proxy_pass  http://localhost:8181/swagger-ui.html;
            }

            location /v2/api-docs {
                proxy_pass  http://localhost:8181/v2/api-docs;
            }

            location /swagger-resources{
                proxy_pass  http://localhost:8181/swagger-resources/;
            }

            location /webjars/springfox-swagger-ui{
                proxy_pass  http://localhost:8181/webjars/springfox-swagger-ui/;
            }

            location /configuration{
                proxy_pass  http://localhost:8181/configuration/;
            }

            location /{
                    root /opt/metasfresh-webui-frontend/dist;
                    index index.html;

                    try_files $uri /index.html;
            }
        }

    vi /opt/metasfresh-webui-frontend/metasfresh_webui_ssl.conf
        server {
        listen 80;
        server_name my-server-name;  #replace with server name
        rewrite ^ https://$server_name$request_uri?;
        }

        server {
                listen 443;
                server_name my-server-name;  #replace with server name
                ssl     on;
                ssl_certificate         /location/of/ssl/cert.pem;
                ssl_certificate_key     /location/of/ssl/key.pem;

                ssl_session_timeout     30m;
                ssl_session_cache  builtin:1000  shared:SSL:10m;
                ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
                ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
                ssl_prefer_server_ciphers on;

                access_log /var/log/nginx/metasfresh.webui.access.log;

                proxy_buffering                         off;
                proxy_set_header Host                   $http_host;
                proxy_set_header X-Real-IP              $remote_addr;
                proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto      $scheme;
                proxy_buffers 256 16k;
                proxy_buffer_size 16k;
                proxy_read_timeout 600s;
                client_max_body_size 100M;

                location /rest {
                    proxy_pass                              https://localhost:8181/rest/;
                }

                location /stomp {
                    proxy_set_header Upgrade $https_upgrade;
                    proxy_set_header Connection "upgrade";
                    client_max_body_size 50M;
                    proxy_set_header X-Frame-Options SAMEORIGIN;
                    proxy_buffers 256 16k;
                    proxy_buffer_size 16k;
                    proxy_read_timeout 600s;
                    proxy_pass https://localhost:8181/stomp/;
                }

                location /info {
                    proxy_pass  http://localhost:8181/info;
                }

                location /swagger-ui.html {
                    proxy_pass  http://localhost:8181/swagger-ui.html;
                }

                location /v2/api-docs {
                    proxy_pass  http://localhost:8181/v2/api-docs;
                }

                location /swagger-resources{
                    proxy_pass  http://localhost:8181/swagger-resources/;
                }

                location /webjars/springfox-swagger-ui{
                    proxy_pass  http://localhost:8181/webjars/springfox-swagger-ui/;
                }

                location /configuration{
                    proxy_pass  http://localhost:8181/configuration/;
                }

                location /{
                    root /opt/metasfresh-webui-frontend/dist;
                    index index.html;

                    try_files $uri /index.html;
                }
            }
    cp /opt/metasfresh-webui-frontend/metasfresh_webui.conf /etc/nginx/conf.d/
    (for SSL use the other one and change /opt/metasfresh-webui-frontend/dist/config.js to use "https" instead of "http" )

    #(registering files and proxy-connection to SELinux which is enabled by default on centos7)
    chcon -Rt httpd_sys_content_t /opt/metasfresh-webui-frontend/dist
    setsebool httpd_can_network_connect 1 -P

    systemctl restart nginx
    systemctl enable nginx

    firewall-cmd --zone=public --add-port=80/tcp --permanent
    firewall-cmd --zone=public --add-port=443/tcp --permanent
    firewall-cmd --reload

    # login via browser on "http://server_hostname" -> Demo-User: it -> Password: demostart
rmanyoky commented 4 years ago

Was meinst Du mit metasfresh: move /opt/metasfresh_install/apps/metasfresh -> /opt/ und folgende Zeilen?

Wo bekomme ich diese Dateien her? Auf GitHub habe ich sie nicht gefunden.

rmanyoky commented 4 years ago

what do you usually with "metasfresh: move /opt/metasfresh_install/apps/metasfresh -> /opt/" Where can I get these files? I did not find them on GitHub.

metas-jb commented 4 years ago

Hi @rmanyoky You should be able to grab them here: https://metasfresh.com/en/download/

Just: download the Ubuntu installer, extract the archive, extract the debian package and it's data contents and all should be clear:

Example:

wget http://www.metasfresh.com/wp-content/releases/metasfresh-5_130.tar.gz
tar xvzf ./metasfresh-5_130.tar.gz
#metasfresh_install/
#metasfresh_install/metasfresh-5_130.deb
#metasfresh_install/install_metasfresh.sh
cd metasfresh_install
ar x ./metasfresh-5_130.deb
ls
# control.tar.gz  data.tar.xz  debian-binary  install_metasfresh.sh  metasfresh-5_130.deb
tar xvf ./data.tar.xz
...
rmanyoky commented 4 years ago

Hi @metas-jb thanks a lot. There may be an rpm or installation script.

rmanyoky commented 4 years ago

Hi a setting below for access (CentOS7) metasfresh from internet (Local Vbox and Dyn-DNS):

$ cp -r /opt/metasfresh-webui-frontend/dist /opt/metasfresh-webui-frontend/dist_local

modify /opt/metasfresh-webui-frontend/dist/config.js
const config = { API_URL: 'http://**my.server_from.net**/rest/api', WS_URL: 'http://**my.server_from.net**/stomp' }

modify /etc/nginx/conf.d/metasfresh_webui.conf copy text from: server { listen 80; server_name mylocal_server; ... to end }

Past after server {mylocal_server} and modify: server { listen 80; server_name my.server_from.net; ... to end }

modify in server {my.localserver}: 

location /{
                    root /opt/metasfresh-webui-frontend/dist_local;
                    index index.html;

                    try_files $uri /index.html;
                }

$ systemctl restart nginx

rmanyoky commented 4 years ago

Metasfresh also runs with centos 8. Only minor adjustments are necessary during installation.

rmanyoky commented 4 years ago

additionally for centos7 https with cert $ yum install certbot-nginx $ vi /etc/nginx/conf.d/my.conf server_name www.example.com; $ nginx -t $ systemctl reload nginx $ ufw allow https # my firewall manager $ certbot --nginx -d www.example.com $ openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 $ vi /etc/nginx/conf.d/my.conf ssl_certificate /etc/letsencrypt/live/www.exaple.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem; # managed by Certbot ssl_dhparam /etc/ssl/certs/dhparam.pem; $ nginx -t $ systemctl reload nginx $ crontab -e $ 15 3 * /usr/bin/certbot renew --quiet # example 3:15 reload Cert