Statistics
| Branch: | Tag: | Revision:

root / doc / build / html / install.html @ 6de88ee1

History | View | Annotate | Download (30.6 kB)

1

    
2

    
3
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
4
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
5

    
6

    
7
<html xmlns="http://www.w3.org/1999/xhtml">
8
  <head>
9
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
10
    
11
    <title>Installation &mdash; fod 1.1.0 documentation</title>
12
    
13
    <link rel="stylesheet" href="_static/default.css" type="text/css" />
14
    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
15
    
16
    <script type="text/javascript">
17
      var DOCUMENTATION_OPTIONS = {
18
        URL_ROOT:    '',
19
        VERSION:     '1.1.0',
20
        COLLAPSE_INDEX: false,
21
        FILE_SUFFIX: '.html',
22
        HAS_SOURCE:  true
23
      };
24
    </script>
25
    <script type="text/javascript" src="_static/jquery.js"></script>
26
    <script type="text/javascript" src="_static/underscore.js"></script>
27
    <script type="text/javascript" src="_static/doctools.js"></script>
28
    <link rel="top" title="fod 1.1.0 documentation" href="index.html" />
29
    <link rel="prev" title="Firewall on Demand" href="index.html" /> 
30
  </head>
31
  <body>
32
    <div class="related">
33
      <h3>Navigation</h3>
34
      <ul>
35
        <li class="right" style="margin-right: 10px">
36
          <a href="genindex.html" title="General Index"
37
             accesskey="I">index</a></li>
38
        <li class="right" >
39
          <a href="index.html" title="Firewall on Demand"
40
             accesskey="P">previous</a> |</li>
41
        <li><a href="index.html">fod 1.1.0 documentation</a> &raquo;</li> 
42
      </ul>
43
    </div>  
44

    
45
    <div class="document">
46
      <div class="documentwrapper">
47
        <div class="bodywrapper">
48
          <div class="body">
49
            
50
  <div class="section" id="installation">
51
<h1>Installation<a class="headerlink" href="#installation" title="Permalink to this headline"></a></h1>
52
<div class="toctree-wrapper compound">
53
<ul class="simple">
54
</ul>
55
</div>
56
<div class="section" id="debian-wheezy-x64-django-1-4-x">
57
<h2>Debian Wheezy (x64) - Django 1.4.x<a class="headerlink" href="#debian-wheezy-x64-django-1-4-x" title="Permalink to this headline"></a></h2>
58
<p>This guide assumes that installation is carried out in /srv/flowspy directory. If other directory is to be used, please change the corresponding configuration files. It is also assumed that the root user will perform every action.</p>
59
<div class="section" id="upgrading-from-v-1-1-x">
60
<h3>Upgrading from v&lt;1.1.x<a class="headerlink" href="#upgrading-from-v-1-1-x" title="Permalink to this headline"></a></h3>
61
<div class="admonition note">
62
<p class="first admonition-title">Note</p>
63
<p>If PEER_*_TABLE tables are set to FALSE in settings.py, you need to perform the south migrations per application:</p>
64
<div class="last highlight-python"><pre>./manage.py migrate longerusername
65
./manage.py migrate flowspec
66
./manage.py migrate accounts</pre>
67
</div>
68
</div>
69
<p>If upgrading from flowspy version &lt;1.1.x pay attention to settings.py changes. Also, do not forget to run if PEER_*_TABLE tables are set to TRUE in settings.py:</p>
70
<div class="highlight-python"><pre>./manage.py migrate</pre>
71
</div>
72
<p>to catch-up with latest database changes.</p>
73
</div>
74
<div class="section" id="upgrading-from-v-1-0-x">
75
<h3>Upgrading from v&lt;1.0.x<a class="headerlink" href="#upgrading-from-v-1-0-x" title="Permalink to this headline"></a></h3>
76
<p>If upgrading from flowspy version &lt;1.0.x pay attention to settings.py changes. Also, do not forget to run:</p>
77
<div class="highlight-python"><pre>./manage.py migrate</pre>
78
</div>
79
<p>to catch-up with latest database changes.</p>
80
</div>
81
<div class="section" id="required-system-packages">
82
<h3>Required system packages<a class="headerlink" href="#required-system-packages" title="Permalink to this headline"></a></h3>
83
<p>Update and install the required packages:</p>
84
<div class="highlight-python"><pre>apt-get update
85
apt-get upgrade
86
apt-get install mysql-server apache2 memcached libapache2-mod-proxy-html gunicorn beanstalkd python-django python-django-south python-django-tinymce tinymce python-mysqldb python-yaml python-memcache python-django-registration python-ipaddr python-lxml mysql-client git python-django-celery python-paramiko python-gevent vim</pre>
87
</div>
88
<div class="admonition note">
89
<p class="first admonition-title">Note</p>
90
<p class="last">Set username and password for mysql if used</p>
91
</div>
92
<div class="admonition note">
93
<p class="first admonition-title">Note</p>
94
<p class="last">If you wish to deploy an outgoing mail server, now it is time to do it. Otherwise you could set FoD to send out mails via a third party account</p>
95
</div>
96
</div>
97
<div class="section" id="create-a-database">
98
<h3>Create a database<a class="headerlink" href="#create-a-database" title="Permalink to this headline"></a></h3>
99
<p>If you are using mysql, you should create a database:</p>
100
<div class="highlight-python"><pre>mysql -u root -p -e 'create database fod'</pre>
101
</div>
102
</div>
103
<div class="section" id="required-application-packages">
104
<h3>Required application packages<a class="headerlink" href="#required-application-packages" title="Permalink to this headline"></a></h3>
105
<p>Get the required packages and their dependencies and install them:</p>
106
<div class="highlight-python"><pre>apt-get install libxml2-dev libxslt-dev gcc python-dev</pre>
107
</div>
108
<ul>
109
<li><p class="first">ncclient: NETCONF python client:</p>
110
<div class="highlight-python"><pre>cd ~
111
git clone https://github.com/leopoul/ncclient.git
112
cd ncclient
113
python setup.py install</pre>
114
</div>
115
</li>
116
<li><p class="first">nxpy: Python Objects from/to XML proxy:</p>
117
<div class="highlight-python"><pre>cd ~
118
git clone https://code.grnet.gr/git/nxpy
119
cd nxpy
120
python setup.py install</pre>
121
</div>
122
</li>
123
<li><p class="first">flowspy: core application. Installation is done at /srv/flowspy:</p>
124
<div class="highlight-python"><pre>cd /srv
125
git clone https://code.grnet.gr/git/flowspy
126
cd flowspy</pre>
127
</div>
128
</li>
129
</ul>
130
</div>
131
</div>
132
<div class="section" id="application-configuration">
133
<h2>Application configuration<a class="headerlink" href="#application-configuration" title="Permalink to this headline"></a></h2>
134
<p>Copy settings.py.dist to settings.py:</p>
135
<div class="highlight-python"><pre>cd flowspy
136
cp settings.py.dist settings.py</pre>
137
</div>
138
<p>Edit settings.py file and set the following according to your configuration:</p>
139
<div class="highlight-python"><pre>ADMINS: set your admin name and email (assuming that your server can send notifications)
140
DATABASES (to point to your local database). You could use views instead of tables for models: peer, peercontacts, peernetworks. For this to work we suggest MySQL with MyISAM db engine
141
SECRET_KEY : Make this unique, and don't share it with anybody
142
STATIC_ROOT: /srv/flowspy/static (or your installation directory)
143
STATIC_URL (static media directory) . If you have followed the above this should be: /srv/flowspy/static
144
TEMPLATE_DIRS : If you have followed the above this should be: /srv/flowspy/templates
145
CACHE_BACKEND:  Enable Memcached for production or leave to DummyCache for development environments
146
Alternatively you could go for redis with the corresponding Django client lib.
147
NETCONF_DEVICE (tested with Juniper EX4200 but any BGP enabled Juniper should work). This is the flowspec capable device
148
NETCONF_USER (enable ssh and netconf on device)
149
NETCONF_PASS
150
If beanstalk is selected the following should be left intact.
151
BROKER_HOST (beanstalk host)
152
BROKER_PORT (beanstalk port)
153
SERVER_EMAIL
154
EMAIL_SUBJECT_PREFIX
155
If beanstalk is selected the following should be left intact.
156
BROKER_URL (beanstalk url)
157
SHIB_AUTH_ENTITLEMENT (if you go for Shibboleth authentication)
158
NOTIFY_ADMIN_MAILS (bcc mail addresses)
159
PROTECTED_SUBNETS (subnets for which source or destination address will prevent rule creation and notify the NOTIFY_ADMIN_MAILS)
160
The whois client is meant to be used in case you have inserted peers with their ASes in the peers table and wish to get network info for each one in an automated manner.
161
PRIMARY_WHOIS
162
ALTERNATE_WHOIS
163
If you wish to deploy FoD with Shibboleth change the following attributes according to your setup:
164
SHIB_AUTH_ENTITLEMENT = 'urn:mace'
165
SHIB_ADMIN_DOMAIN = 'example.com'
166
SHIB_LOGOUT_URL = 'https://example.com/Shibboleth.sso/Logout'
167
SHIB_USERNAME = ['HTTP_EPPN']
168
SHIB_MAIL = ['mail', 'HTTP_MAIL', 'HTTP_SHIB_INETORGPERSON_MAIL']
169
SHIB_FIRSTNAME = ['HTTP_SHIB_INETORGPERSON_GIVENNAME']
170
SHIB_LASTNAME = ['HTTP_SHIB_PERSON_SURNAME']
171
SHIB_ENTITLEMENT = ['HTTP_SHIB_EP_ENTITLEMENT']</pre>
172
</div>
173
<p>If you have not installed an outgoing mail server you can always use your own account (either corporate or gmail, hotmail ,etc) by adding the following lines in settings.py:</p>
174
<div class="highlight-python"><div class="highlight"><pre><span class="n">EMAIL_USE_TLS</span> <span class="o">=</span> <span class="bp">True</span> <span class="c">#(or False)</span>
175
<span class="n">EMAIL_HOST</span> <span class="o">=</span> <span class="s">&#39;smtp.example.com&#39;</span>
176
<span class="n">EMAIL_HOST_USER</span> <span class="o">=</span> <span class="s">&#39;username&#39;</span>
177
<span class="n">EMAIL_HOST_PASSWORD</span> <span class="o">=</span> <span class="s">&#39;yourpassword&#39;</span>
178
<span class="n">EMAIL_PORT</span> <span class="o">=</span> <span class="mi">587</span> <span class="c">#(outgoing)</span>
179
</pre></div>
180
</div>
181
<p>It is strongly advised that you do not change the following to False values unless, you want to integrate FoD with you CRM or members database. This implies that you are able/have the rights to create database views between the two databases:</p>
182
<div class="highlight-python"><div class="highlight"><pre><span class="n">PEER_MANAGED_TABLE</span> <span class="o">=</span> <span class="bp">True</span>
183
<span class="n">PEER_RANGE_MANAGED_TABLE</span> <span class="o">=</span> <span class="bp">True</span>
184
<span class="n">PEER_TECHC_MANAGED_TABLE</span> <span class="o">=</span> <span class="bp">True</span>
185
</pre></div>
186
</div>
187
<p>By doing that the corresponding tables as defined in peers/models will not be created. As noted above, you have to create the views that the tables will rely on.</p>
188
<div class="admonition note">
189
<p class="first admonition-title">Note</p>
190
<p class="last">Soon we will release a version with django-registration as a means to add users and Shibboleth will become an alternative</p>
191
</div>
192
<p>Let&#8217;s move on with some copies and dir creations:</p>
193
<div class="highlight-python"><pre>mkdir /var/log/fod
194
chown www-data.www-data /var/log/fod
195
cp urls.py.dist urls.py
196
cd ..</pre>
197
</div>
198
<div class="admonition note">
199
<p class="first admonition-title">Note</p>
200
<p class="last">LOG_FILE_LOCATION in settings.py is set to <strong>/var/log/fod</strong>. Adjust the chown command above to your selected dir.</p>
201
</div>
202
</div>
203
<div class="section" id="system-configuration">
204
<h2>System configuration<a class="headerlink" href="#system-configuration" title="Permalink to this headline"></a></h2>
205
<p>Apache operates as a gunicorn Proxy with WSGI and Shibboleth modules enabled.
206
Depending on the setup the apache configuration may vary:</p>
207
<div class="highlight-python"><pre>a2enmod rewrite
208
a2enmod proxy
209
a2enmod ssl
210
a2enmod proxy_http</pre>
211
</div>
212
<p>If shibboleth is to be used:</p>
213
<div class="highlight-python"><pre>apt-get install libapache2-mod-shib2
214
a2enmod shib2</pre>
215
</div>
216
<p>Now it is time to configure beanstalk, gunicorn, celery and apache.</p>
217
<div class="section" id="beanstalkd">
218
<h3>beanstalkd<a class="headerlink" href="#beanstalkd" title="Permalink to this headline"></a></h3>
219
<p>Enable beanstalk by editting /etc/default/beanstalkd:</p>
220
<div class="highlight-python"><div class="highlight"><pre><span class="n">vim</span> <span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">default</span><span class="o">/</span><span class="n">beanstalkd</span>
221
</pre></div>
222
</div>
223
<p>Uncomment the line <strong>START=yes</strong> to enable beanstalk</p>
224
<p>Start beanstalkd:</p>
225
<div class="highlight-python"><pre>service beanstalkd start</pre>
226
</div>
227
</div>
228
<div class="section" id="gunicorn-d">
229
<h3>gunicorn.d<a class="headerlink" href="#gunicorn-d" title="Permalink to this headline"></a></h3>
230
<p>Create and edit /etc/gunicorn.d/fod:</p>
231
<div class="highlight-python"><div class="highlight"><pre><span class="n">vim</span> <span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">gunicorn</span><span class="o">.</span><span class="n">d</span><span class="o">/</span><span class="n">fod</span>
232
</pre></div>
233
</div>
234
<p>FoD is served via gunicorn and is then proxied by Apache. If the above directory conventions have been followed so far, then your configuration should be:</p>
235
<div class="highlight-python"><div class="highlight"><pre><span class="n">CONFIG</span> <span class="o">=</span> <span class="p">{</span>
236
      <span class="s">&#39;mode&#39;</span><span class="p">:</span> <span class="s">&#39;django&#39;</span><span class="p">,</span>
237
      <span class="s">&#39;working_dir&#39;</span><span class="p">:</span> <span class="s">&#39;/srv/flowspy&#39;</span><span class="p">,</span>
238
      <span class="s">&#39;args&#39;</span><span class="p">:</span> <span class="p">(</span>
239
           <span class="s">&#39;--bind=127.0.0.1:8081&#39;</span><span class="p">,</span>
240
           <span class="s">&#39;--workers=1&#39;</span><span class="p">,</span>
241
           <span class="s">&#39;--worker-class=egg:gunicorn#gevent&#39;</span><span class="p">,</span>
242
           <span class="s">&#39;--timeout=30&#39;</span><span class="p">,</span>
243
           <span class="s">&#39;--debug&#39;</span><span class="p">,</span>
244
           <span class="s">&#39;--log-level=debug&#39;</span><span class="p">,</span>
245
           <span class="s">&#39;--log-file=/var/log/gunicorn/fod.log&#39;</span><span class="p">,</span>
246
      <span class="p">),</span>
247
<span class="p">}</span>
248
</pre></div>
249
</div>
250
</div>
251
<div class="section" id="celeryd">
252
<h3>celeryd<a class="headerlink" href="#celeryd" title="Permalink to this headline"></a></h3>
253
<p>Celery is used over beanstalkd to apply firewall rules in a serial manner so that locks are avoided on the flowspec capable device. In our setup celery runs via django. That is why the python-django-celery package was installed.</p>
254
<p>Create the celeryd daemon at /etc/init.d/celeryd <strong>if it does not already exist</strong>:</p>
255
<div class="highlight-python"><div class="highlight"><pre><span class="n">vim</span> <span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">init</span><span class="o">.</span><span class="n">d</span><span class="o">/</span><span class="n">celeryd</span>
256
</pre></div>
257
</div>
258
<p>The configuration should be:</p>
259
<div class="highlight-python"><pre>#!/bin/sh -e
260
# ============================================
261
#  celeryd - Starts the Celery worker daemon.
262
# ============================================
263
#
264
# :Usage: /etc/init.d/celeryd {start|stop|force-reload|restart|try-restart|status}
265
# :Configuration file: /etc/default/celeryd
266
#
267
# See http://docs.celeryq.org/en/latest/cookbook/daemonizing.html#init-script-celeryd
268

    
269

    
270
### BEGIN INIT INFO
271
# Provides:              celeryd
272
# Required-Start:     $network $local_fs $remote_fs
273
# Required-Stop:       $network $local_fs $remote_fs
274
# Default-Start:       2 3 4 5
275
# Default-Stop:        0 1 6
276
# Short-Description: celery task worker daemon
277
# Description:          Starts the Celery worker daemon for a single project.
278
### END INIT INFO
279

    
280
#set -e
281

    
282
DEFAULT_PID_FILE="/var/run/celery/%n.pid"
283
DEFAULT_LOG_FILE="/var/log/celery/%n.log"
284
DEFAULT_LOG_LEVEL="INFO"
285
DEFAULT_NODES="celery"
286
DEFAULT_CELERYD="-m celery.bin.celeryd_detach"
287
ENABLED="false"
288

    
289
[ -r "$CELERY_DEFAULTS" ] &amp;&amp; . "$CELERY_DEFAULTS"
290

    
291
[ -r /etc/default/celeryd ] &amp;&amp; . /etc/default/celeryd
292

    
293
if [ "$ENABLED" != "true" ]; then
294
      echo "celery daemon disabled - see /etc/default/celeryd."
295
      exit 0
296
fi
297

    
298

    
299
CELERYD_PID_FILE=${CELERYD_PID_FILE:-${CELERYD_PIDFILE:-$DEFAULT_PID_FILE}}
300
CELERYD_LOG_FILE=${CELERYD_LOG_FILE:-${CELERYD_LOGFILE:-$DEFAULT_LOG_FILE}}
301
CELERYD_LOG_LEVEL=${CELERYD_LOG_LEVEL:-${CELERYD_LOGLEVEL:-$DEFAULT_LOG_LEVEL}}
302
CELERYD_MULTI=${CELERYD_MULTI:-"celeryd-multi"}
303
CELERYD=${CELERYD:-$DEFAULT_CELERYD}
304
CELERYCTL=${CELERYCTL:="celeryctl"}
305
CELERYD_NODES=${CELERYD_NODES:-$DEFAULT_NODES}
306

    
307
export CELERY_LOADER
308

    
309
if [ -n "$2" ]; then
310
      CELERYD_OPTS="$CELERYD_OPTS $2"
311
fi
312

    
313
CELERYD_LOG_DIR=`dirname $CELERYD_LOG_FILE`
314
CELERYD_PID_DIR=`dirname $CELERYD_PID_FILE`
315
if [ ! -d "$CELERYD_LOG_DIR" ]; then
316
      mkdir -p $CELERYD_LOG_DIR
317
fi
318
if [ ! -d "$CELERYD_PID_DIR" ]; then
319
      mkdir -p $CELERYD_PID_DIR
320
fi
321

    
322
# Extra start-stop-daemon options, like user/group.
323
if [ -n "$CELERYD_USER" ]; then
324
      DAEMON_OPTS="$DAEMON_OPTS --uid=$CELERYD_USER"
325
      chown "$CELERYD_USER" $CELERYD_LOG_DIR $CELERYD_PID_DIR
326
fi
327
if [ -n "$CELERYD_GROUP" ]; then
328
      DAEMON_OPTS="$DAEMON_OPTS --gid=$CELERYD_GROUP"
329
      chgrp "$CELERYD_GROUP" $CELERYD_LOG_DIR $CELERYD_PID_DIR
330
fi
331

    
332
if [ -n "$CELERYD_CHDIR" ]; then
333
      DAEMON_OPTS="$DAEMON_OPTS --workdir=\"$CELERYD_CHDIR\""
334
fi
335

    
336

    
337
check_dev_null() {
338
      if [ ! -c /dev/null ]; then
339
           echo "/dev/null is not a character device!"
340
           exit 1
341
      fi
342
}
343

    
344

    
345
export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
346

    
347

    
348
stop_workers () {
349
      $CELERYD_MULTI stop $CELERYD_NODES --pidfile="$CELERYD_PID_FILE"
350
}
351

    
352

    
353
start_workers () {
354
      $CELERYD_MULTI start $CELERYD_NODES $DAEMON_OPTS           \
355
                                    --pidfile="$CELERYD_PID_FILE"        \
356
                                    --logfile="$CELERYD_LOG_FILE"        \
357
                                    --loglevel="$CELERYD_LOG_LEVEL"     \
358
                                    --cmd="$CELERYD"                           \
359
                                    $CELERYD_OPTS
360
}
361

    
362

    
363
restart_workers () {
364
      $CELERYD_MULTI restart $CELERYD_NODES $DAEMON_OPTS        \
365
                                       --pidfile="$CELERYD_PID_FILE"     \
366
                                       --logfile="$CELERYD_LOG_FILE"     \
367
                                       --loglevel="$CELERYD_LOG_LEVEL"  \
368
                                       --cmd="$CELERYD"                        \
369
                                       $CELERYD_OPTS
370
}
371

    
372

    
373

    
374
case "$1" in
375
      start)
376
           check_dev_null
377
           start_workers
378
      ;;
379

    
380
      stop)
381
           check_dev_null
382
           stop_workers
383
      ;;
384

    
385
      reload|force-reload)
386
           echo "Use restart"
387
      ;;
388

    
389
      status)
390
           $CELERYCTL status $CELERYCTL_OPTS
391
      ;;
392

    
393
      restart)
394
           check_dev_null
395
           restart_workers
396
      ;;
397

    
398
      try-restart)
399
           check_dev_null
400
           restart_workers
401
      ;;
402

    
403
      *)
404
           echo "Usage: /etc/init.d/celeryd {start|stop|restart|try-restart|kill}"
405
           exit 1
406
      ;;
407
esac
408

    
409
exit 0</pre>
410
</div>
411
</div>
412
<div class="section" id="celeryd-configuration">
413
<h3>celeryd configuration<a class="headerlink" href="#celeryd-configuration" title="Permalink to this headline"></a></h3>
414
<p>celeryd requires a /etc/default/celeryd file to be in place.
415
Thus we are going to create this file (/etc/default/celeryd):</p>
416
<div class="highlight-python"><div class="highlight"><pre><span class="n">vim</span> <span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">default</span><span class="o">/</span><span class="n">celeryd</span>
417
</pre></div>
418
</div>
419
<p>Again if the directory conventions have been followed the file is (pay attention to the CELERYD_USER, CELERYD_GROUP and change accordingly)</p>
420
<div class="highlight-python"><pre># Default: false
421
ENABLED="true"
422

    
423
# Name of nodes to start, here we have a single node
424
CELERYD_NODES="w1"
425
# or we could have three nodes:
426
#CELERYD_NODES="w1 w2 w3"
427

    
428
# Where to chdir at start.
429
CELERYD_CHDIR="/srv/flowspy"
430
# How to call "manage.py celeryd_multi"
431
CELERYD_MULTI="python $CELERYD_CHDIR/manage.py celeryd_multi"
432

    
433
# How to call "manage.py celeryctl"
434
CELERYCTL="python $CELERYD_CHDIR/manage.py celeryctl"
435

    
436
# Extra arguments to celeryd
437
#CELERYD_OPTS="--time-limit=300 --concurrency=8"
438
CELERYD_OPTS="-E -B --schedule=/var/run/celery/celerybeat-schedule --concurrency=1 --soft-time-limit=180 --time-limit=1800"
439
# Name of the celery config module.
440
CELERY_CONFIG_MODULE="celeryconfig"
441

    
442
# %n will be replaced with the nodename.
443
CELERYD_LOG_FILE="/var/log/celery/fod_%n.log"
444
CELERYD_PID_FILE="/var/run/celery/%n.pid"
445

    
446
CELERYD_USER="root"
447
CELERYD_GROUP="root"
448

    
449
# Name of the projects settings module.
450
export DJANGO_SETTINGS_MODULE="flowspy.settings"</pre>
451
</div>
452
</div>
453
<div class="section" id="apache">
454
<h3>Apache<a class="headerlink" href="#apache" title="Permalink to this headline"></a></h3>
455
<p>Apache proxies gunicorn. Things are more flexible here as you may follow your own configuration and conventions. Create and edit /etc/apache2/sites-available/fod. You should set &lt;server_name&gt; and &lt;admin_mail&gt; along with your certificates. If under testing environment, you can use the provided snakeoil certs. If you do not intent to use Shibboleth delete or comment the corresponding configuration parts inside <strong>Shibboleth configuration</strong></p>
456
<div class="highlight-python"><div class="highlight"><pre><span class="n">vim</span> <span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">apache2</span><span class="o">/</span><span class="n">sites</span><span class="o">-</span><span class="n">available</span><span class="o">/</span><span class="n">fod</span>
457
</pre></div>
458
</div>
459
<p>Again if the directory conventions have been followed the file should be:</p>
460
<div class="highlight-python"><pre>&lt;VirtualHost *:80&gt;
461
    ServerAdmin webmaster@localhost
462
    ServerName  fod.example.com
463
    DocumentRoot /var/www
464

    
465
    ErrorLog ${APACHE_LOG_DIR}/fod_error.log
466

    
467
    # Possible values include: debug, info, notice, warn, error, crit,
468
    # alert, emerg.
469
    LogLevel debug
470

    
471
    CustomLog ${APACHE_LOG_DIR}/fod_access.log combined
472

    
473
    Alias /static       /srv/flowspy/static
474
      RewriteEngine On
475
      RewriteCond %{HTTPS} off
476
      RewriteRule ^/(.*) https://fod.example.com/$1 [L,R]
477
&lt;/VirtualHost&gt;
478

    
479
&lt;VirtualHost *:443&gt;
480
    ServerName    fod.example.com
481
    ServerAdmin     webmaster@localhost
482
    ServerSignature        On
483

    
484
    SSLEngine on
485
    SSLCertificateFile    /etc/ssl/certs/fod.example.com.crt
486
    SSLCertificateChainFile /etc/ssl/certs/example-chain.pem
487
    SSLCertificateKeyFile    /etc/ssl/private/fod.example.com.key
488

    
489
    AddDefaultCharset UTF-8
490
    IndexOptions        +Charset=UTF-8
491

    
492
    ShibConfig       /etc/shibboleth/shibboleth2.xml
493
    Alias          /shibboleth-sp /usr/share/shibboleth
494

    
495

    
496
    &lt;Location /login&gt;
497
         AuthType shibboleth
498
         ShibRequireSession On
499
         ShibUseHeaders On
500
         ShibRequestSetting entityID https://idp.example.com/idp/shibboleth
501
         require valid-user
502
    &lt;/Location&gt;
503

    
504
    # Shibboleth debugging CGI script
505
    ScriptAlias /shibboleth/test /usr/lib/cgi-bin/shibtest.cgi
506
    &lt;Location /shibboleth/test&gt;
507
         AuthType shibboleth
508
         ShibRequireSession On
509
         ShibUseHeaders On
510
         require valid-user
511
    &lt;/Location&gt;
512

    
513
    &lt;Location /Shibboleth.sso&gt;
514
         SetHandler shib
515
    &lt;/Location&gt;
516

    
517
    # Shibboleth SP configuration
518

    
519
    #SetEnv                       proxy-sendchunked
520

    
521
          &lt;Proxy *&gt;
522
           Order allow,deny
523
           Allow from all
524
           &lt;/Proxy&gt;
525

    
526
           SSLProxyEngine           off
527
           ProxyErrorOverride     off
528
      ProxyTimeout     28800
529
         ProxyPass        /static !
530
         ProxyPass          /shibboleth !
531
         ProxyPass        /Shibboleth.sso !
532

    
533
           ProxyPass           / http://localhost:8081/ retry=0
534
           ProxyPassReverse / http://localhost:8081/
535

    
536
      Alias /static          /srv/flowspy/static
537

    
538
    LogLevel warn
539

    
540
    ErrorLog ${APACHE_LOG_DIR}/fod_error.log
541
      CustomLog ${APACHE_LOG_DIR}/fod_access.log combined
542

    
543
&lt;/VirtualHost&gt;</pre>
544
</div>
545
<p>Now, enable your site. You might want to disable the default site if fod is the only site you host on your server:</p>
546
<div class="highlight-python"><pre>a2dissite default
547
a2ensite fod</pre>
548
</div>
549
<p>You are not far away from deploying FoD. When asked for a super user, create one:</p>
550
<div class="highlight-python"><pre>cd /srv/flowspy
551
python manage.py syncdb
552
python manage.py migrate longerusername
553
python manage.py migrate flowspec
554
python manage.py migrate djcelery
555
python manage.py migrate accounts</pre>
556
</div>
557
<p>If you have not changed the values of the PEER_*_TABLE variables to False and thus you are going for a default installation (that is PEER_*_TABLE variables are set to True) , then run:</p>
558
<div class="highlight-python"><pre>python manage.py migrate peers</pre>
559
</div>
560
<p>If however you have set the PEER_*_TABLE variables to False and by accident you have ran the command above, then you have to cleanup you database manually by dropping the peer* tables plus the techc_email table. For MySQL the command is:</p>
561
<div class="highlight-python"><pre>DROP TABLE `peer`, `peer_networks`, `peer_range`, `peer_techc_emails`, techc_email;</pre>
562
</div>
563
<p>Restart, gunicorn and apache:</p>
564
<div class="highlight-python"><pre>service gunicorn restart &amp;&amp; service apache2 restart</pre>
565
</div>
566
</div>
567
</div>
568
<div class="section" id="propagate-the-flatpages">
569
<h2>Propagate the flatpages<a class="headerlink" href="#propagate-the-flatpages" title="Permalink to this headline"></a></h2>
570
<p>Inside the initial_data/fixtures_manual.xml file we have placed 4 flatpages (2 for Greek, 2 for English) with Information and Terms of Service about the service.
571
To import the flatpages, run from root folder:</p>
572
<div class="highlight-python"><pre>python manage.py loaddata initial_data/fixtures_manual.xml</pre>
573
</div>
574
</div>
575
<div class="section" id="testing-the-platform">
576
<h2>Testing the platform<a class="headerlink" href="#testing-the-platform" title="Permalink to this headline"></a></h2>
577
<p>Log in to the admin interface via <a class="reference external" href="https:/">https:/</a>/&lt;hostname&gt;/admin. Go to Peer ranges and add a new range (part of/or a complete subnet), eg. 10.20.0.0/19
578
Go to Peers and add a new peer, eg. id: 1, name: Test, AS: 16503, tag: TEST and move the network you have created from Avalable to Chosen. From the admin front, go to User, and edit your user. From the bottom of the page, select the TEST peer and save.
579
Last but not least, modify as required the existing (example.com) Site instance (admin home-&gt;Sites). You are done. As you are logged-in via the admin, there is no need to go through Shibboleth at this time. Go to <a class="reference external" href="https:/">https:/</a>/&lt;hostname&gt;/ and create a new rule. Your rule should be applied on the flowspec capable device after aprox. 10 seconds. If no Shibboleth authentication is available, a <a class="reference external" href="https:/">https:/</a>/&lt;hostname&gt;/altlogin is provided.</p>
580
</div>
581
<div class="section" id="branding">
582
<h2>Branding<a class="headerlink" href="#branding" title="Permalink to this headline"></a></h2>
583
<p>Via the admin interface you can modify flatpages to suit your needs</p>
584
<div class="section" id="footer">
585
<h3>Footer<a class="headerlink" href="#footer" title="Permalink to this headline"></a></h3>
586
<p>Under the templates folder (templates), you can alter the footer.html file to include your own footer messages, badges, etc.</p>
587
</div>
588
<div class="section" id="welcome-page">
589
<h3>Welcome Page<a class="headerlink" href="#welcome-page" title="Permalink to this headline"></a></h3>
590
<p>Under the templates folder (templates), you can alter the welcome page - welcome.html with your own images, carousel, videos, etc.</p>
591
</div>
592
</div>
593
</div>
594

    
595

    
596
          </div>
597
        </div>
598
      </div>
599
      <div class="sphinxsidebar">
600
        <div class="sphinxsidebarwrapper">
601
  <h3><a href="index.html">Table Of Contents</a></h3>
602
  <ul>
603
<li><a class="reference internal" href="#">Installation</a><ul>
604
<li><a class="reference internal" href="#debian-wheezy-x64-django-1-4-x">Debian Wheezy (x64) - Django 1.4.x</a><ul>
605
<li><a class="reference internal" href="#upgrading-from-v-1-1-x">Upgrading from v&lt;1.1.x</a></li>
606
<li><a class="reference internal" href="#upgrading-from-v-1-0-x">Upgrading from v&lt;1.0.x</a></li>
607
<li><a class="reference internal" href="#required-system-packages">Required system packages</a></li>
608
<li><a class="reference internal" href="#create-a-database">Create a database</a></li>
609
<li><a class="reference internal" href="#required-application-packages">Required application packages</a></li>
610
</ul>
611
</li>
612
<li><a class="reference internal" href="#application-configuration">Application configuration</a></li>
613
<li><a class="reference internal" href="#system-configuration">System configuration</a><ul>
614
<li><a class="reference internal" href="#beanstalkd">beanstalkd</a></li>
615
<li><a class="reference internal" href="#gunicorn-d">gunicorn.d</a></li>
616
<li><a class="reference internal" href="#celeryd">celeryd</a></li>
617
<li><a class="reference internal" href="#celeryd-configuration">celeryd configuration</a></li>
618
<li><a class="reference internal" href="#apache">Apache</a></li>
619
</ul>
620
</li>
621
<li><a class="reference internal" href="#propagate-the-flatpages">Propagate the flatpages</a></li>
622
<li><a class="reference internal" href="#testing-the-platform">Testing the platform</a></li>
623
<li><a class="reference internal" href="#branding">Branding</a><ul>
624
<li><a class="reference internal" href="#footer">Footer</a></li>
625
<li><a class="reference internal" href="#welcome-page">Welcome Page</a></li>
626
</ul>
627
</li>
628
</ul>
629
</li>
630
</ul>
631

    
632
  <h4>Previous topic</h4>
633
  <p class="topless"><a href="index.html"
634
                        title="previous chapter">Firewall on Demand</a></p>
635
  <h3>This Page</h3>
636
  <ul class="this-page-menu">
637
    <li><a href="_sources/install.txt"
638
           rel="nofollow">Show Source</a></li>
639
  </ul>
640
<div id="searchbox" style="display: none">
641
  <h3>Quick search</h3>
642
    <form class="search" action="search.html" method="get">
643
      <input type="text" name="q" />
644
      <input type="submit" value="Go" />
645
      <input type="hidden" name="check_keywords" value="yes" />
646
      <input type="hidden" name="area" value="default" />
647
    </form>
648
    <p class="searchtip" style="font-size: 90%">
649
    Enter search terms or a module, class or function name.
650
    </p>
651
</div>
652
<script type="text/javascript">$('#searchbox').show(0);</script>
653
        </div>
654
      </div>
655
      <div class="clearer"></div>
656
    </div>
657
    <div class="related">
658
      <h3>Navigation</h3>
659
      <ul>
660
        <li class="right" style="margin-right: 10px">
661
          <a href="genindex.html" title="General Index"
662
             >index</a></li>
663
        <li class="right" >
664
          <a href="index.html" title="Firewall on Demand"
665
             >previous</a> |</li>
666
        <li><a href="index.html">fod 1.1.0 documentation</a> &raquo;</li> 
667
      </ul>
668
    </div>
669
    <div class="footer">
670
        &copy; Copyright 2014, Leonidas Poulopoulos (@leopoul), GRNET S.A.
671
      Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.1.3.
672
    </div>
673
  </body>
674
</html>