root / doc / source / install.rst @ 7aa06e71
History | View | Annotate | Download (16.1 kB)
1 | 51ce199a | Leonidas Poulopoulos | ************ |
---|---|---|---|
2 | 51ce199a | Leonidas Poulopoulos | Installation |
3 | 51ce199a | Leonidas Poulopoulos | ************ |
4 | 51ce199a | Leonidas Poulopoulos | |
5 | 51ce199a | Leonidas Poulopoulos | .. toctree:: |
6 | 51ce199a | Leonidas Poulopoulos | :maxdepth: 2 |
7 | 51ce199a | Leonidas Poulopoulos | |
8 | 51ce199a | Leonidas Poulopoulos | Ubuntu 12.04.3 (64) - Django 1.3.x |
9 | 51ce199a | Leonidas Poulopoulos | ================================== |
10 | 51ce199a | Leonidas Poulopoulos | |
11 | 51ce199a | Leonidas Poulopoulos | This guide assumes that installation is carried out in /srv/flowspy directory. If other directory is to be used, please change the corresponding configuration files. It is also assumed that the root user will perform every action. |
12 | 51ce199a | Leonidas Poulopoulos | |
13 | 51ce199a | Leonidas Poulopoulos | Required system packages |
14 | 51ce199a | Leonidas Poulopoulos | ------------------------ |
15 | 51ce199a | Leonidas Poulopoulos | |
16 | 51ce199a | Leonidas Poulopoulos | Update and install the required packages:: |
17 | 51ce199a | Leonidas Poulopoulos | |
18 | 51ce199a | Leonidas Poulopoulos | apt-get update |
19 | 51ce199a | Leonidas Poulopoulos | apt-get upgrade |
20 | 51ce199a | Leonidas Poulopoulos | apt-get install mysql-server apache2 memcached libapache2-mod-proxy-html gunicorn beanstalkd python-django python-django-extensions python-django-south python-django-tinymce tinymce python-mysqldb python-yaml python-memcache python-django-registration python-ipaddr python-lxml mysql-client git python-django-celery python-paramiko python-gevent vim |
21 | 51ce199a | Leonidas Poulopoulos | |
22 | 51ce199a | Leonidas Poulopoulos | .. note:: |
23 | 51ce199a | Leonidas Poulopoulos | Set username and password for mysql if used |
24 | 51ce199a | Leonidas Poulopoulos | |
25 | 51ce199a | Leonidas Poulopoulos | .. note:: |
26 | 51ce199a | Leonidas Poulopoulos | If you wish to deploy an outgoing mail server, now it is time to do it. Otherwise you could set FoD to send out mails via a third party account |
27 | 51ce199a | Leonidas Poulopoulos | |
28 | 93f99c86 | Leonidas Poulopoulos | Create a database |
29 | 93f99c86 | Leonidas Poulopoulos | ----------------- |
30 | 93f99c86 | Leonidas Poulopoulos | If you are using mysql, you should create a database:: |
31 | 93f99c86 | Leonidas Poulopoulos | |
32 | 93f99c86 | Leonidas Poulopoulos | mysql -u root -p -e 'create database fod' |
33 | 93f99c86 | Leonidas Poulopoulos | |
34 | 93f99c86 | Leonidas Poulopoulos | |
35 | 51ce199a | Leonidas Poulopoulos | Required application packages |
36 | 51ce199a | Leonidas Poulopoulos | ----------------------------- |
37 | 51ce199a | Leonidas Poulopoulos | Get the required packages and install them |
38 | 51ce199a | Leonidas Poulopoulos | |
39 | 51ce199a | Leonidas Poulopoulos | - ncclient: NETCONF python client:: |
40 | 51ce199a | Leonidas Poulopoulos | |
41 | 51ce199a | Leonidas Poulopoulos | cd ~ |
42 | 51ce199a | Leonidas Poulopoulos | git clone https://github.com/leopoul/ncclient.git |
43 | 51ce199a | Leonidas Poulopoulos | cd ncclient |
44 | 51ce199a | Leonidas Poulopoulos | python setup.py install |
45 | 51ce199a | Leonidas Poulopoulos | |
46 | 51ce199a | Leonidas Poulopoulos | - nxpy: Python Objects from/to XML proxy:: |
47 | 51ce199a | Leonidas Poulopoulos | |
48 | 51ce199a | Leonidas Poulopoulos | cd ~ |
49 | 51ce199a | Leonidas Poulopoulos | git clone https://code.grnet.gr/git/nxpy |
50 | 51ce199a | Leonidas Poulopoulos | cd nxpy |
51 | 51ce199a | Leonidas Poulopoulos | python setup.py install |
52 | 51ce199a | Leonidas Poulopoulos | |
53 | 51ce199a | Leonidas Poulopoulos | - flowspy: core application. Installation is done at /srv/flowspy:: |
54 | 51ce199a | Leonidas Poulopoulos | |
55 | 51ce199a | Leonidas Poulopoulos | cd /srv |
56 | 51ce199a | Leonidas Poulopoulos | git clone https://code.grnet.gr/git/flowspy |
57 | 51ce199a | Leonidas Poulopoulos | cd flowspy |
58 | 51ce199a | Leonidas Poulopoulos | |
59 | 51ce199a | Leonidas Poulopoulos | Application configuration |
60 | 51ce199a | Leonidas Poulopoulos | ========================= |
61 | 51ce199a | Leonidas Poulopoulos | |
62 | 51ce199a | Leonidas Poulopoulos | Copy settings.py.dist to settings.py:: |
63 | 51ce199a | Leonidas Poulopoulos | |
64 | 51ce199a | Leonidas Poulopoulos | cp settings.py.dist settings.py |
65 | 51ce199a | Leonidas Poulopoulos | |
66 | 51ce199a | Leonidas Poulopoulos | Edit settings.py file and set the following according to your configuration:: |
67 | 51ce199a | Leonidas Poulopoulos | |
68 | 51ce199a | Leonidas Poulopoulos | ADMINS: set your admin name and email (assuming that your server can send notifications) |
69 | 51ce199a | Leonidas Poulopoulos | DATABASES (to point to your local database). You could use views instead of tables for models: peer, peercontacts, peernetworks. For this to work we suggest MySQL with MyISAM db engine |
70 | 51ce199a | Leonidas Poulopoulos | SECRET_KEY : Make this unique, and don't share it with anybody |
71 | 51ce199a | Leonidas Poulopoulos | STATIC_URL (static media directory) . If you have followed the above this should be: /srv/flowspy/static |
72 | 51ce199a | Leonidas Poulopoulos | TEMPLATE_DIRS : If you have followed the above this should be: /srv/flowspy/templates |
73 | 51ce199a | Leonidas Poulopoulos | CACHE_BACKEND: If you have followed the above this should be: memcached://127.0.0.1:11211/?timeout=3600 |
74 | 51ce199a | Leonidas Poulopoulos | Alternatively you could go for redis with the corresponding Django client lib. |
75 | 51ce199a | Leonidas Poulopoulos | NETCONF_DEVICE (tested with Juniper EX4200 but any BGP enabled Juniper should work). This is the flowspec capable device |
76 | 51ce199a | Leonidas Poulopoulos | NETCONF_USER (enable ssh and netconf on device) |
77 | 51ce199a | Leonidas Poulopoulos | NETCONF_PASS |
78 | 51ce199a | Leonidas Poulopoulos | If beanstalk is selected the following should be left intact. |
79 | 51ce199a | Leonidas Poulopoulos | BROKER_HOST (beanstalk host) |
80 | 51ce199a | Leonidas Poulopoulos | BROKER_PORT (beanstalk port) |
81 | 51ce199a | Leonidas Poulopoulos | SERVER_EMAIL |
82 | 51ce199a | Leonidas Poulopoulos | EMAIL_SUBJECT_PREFIX |
83 | 51ce199a | Leonidas Poulopoulos | If beanstalk is selected the following should be left intact. |
84 | 51ce199a | Leonidas Poulopoulos | BROKER_URL (beanstalk url) |
85 | 51ce199a | Leonidas Poulopoulos | SHIB_AUTH_ENTITLEMENT (if you go for Shibboleth authentication) |
86 | 51ce199a | Leonidas Poulopoulos | NOTIFY_ADMIN_MAILS (bcc mail addresses) |
87 | 51ce199a | Leonidas Poulopoulos | PROTECTED_SUBNETS (subnets for which source or destination address will prevent rule creation and notify the NOTIFY_ADMIN_MAILS) |
88 | 51ce199a | Leonidas Poulopoulos | The whois client is meant to be used in case you have inserted peers with their ASes in the peers table and wish to get network info for each one in an automated manner. |
89 | 51ce199a | Leonidas Poulopoulos | PRIMARY_WHOIS |
90 | 51ce199a | Leonidas Poulopoulos | ALTERNATE_WHOIS |
91 | 51ce199a | Leonidas Poulopoulos | If you wish to deploy FoD with Shibboleth change the following attributes according to your setup: |
92 | 51ce199a | Leonidas Poulopoulos | SHIB_AUTH_ENTITLEMENT = 'urn:mace' |
93 | 51ce199a | Leonidas Poulopoulos | SHIB_ADMIN_DOMAIN = 'example.com' |
94 | 51ce199a | Leonidas Poulopoulos | SHIB_LOGOUT_URL = 'https://example.com/Shibboleth.sso/Logout' |
95 | 51ce199a | Leonidas Poulopoulos | SHIB_USERNAME = ['HTTP_EPPN'] |
96 | 51ce199a | Leonidas Poulopoulos | SHIB_MAIL = ['mail', 'HTTP_MAIL', 'HTTP_SHIB_INETORGPERSON_MAIL'] |
97 | 51ce199a | Leonidas Poulopoulos | SHIB_FIRSTNAME = ['HTTP_SHIB_INETORGPERSON_GIVENNAME'] |
98 | 51ce199a | Leonidas Poulopoulos | SHIB_LASTNAME = ['HTTP_SHIB_PERSON_SURNAME'] |
99 | 51ce199a | Leonidas Poulopoulos | SHIB_ENTITLEMENT = ['HTTP_SHIB_EP_ENTITLEMENT'] |
100 | 51ce199a | Leonidas Poulopoulos | |
101 | 51ce199a | Leonidas Poulopoulos | If you have not installed an outgoing mail server you can always use your own account (either corporate or gmail, hotmail ,etc) by adding the following lines in settings.py:: |
102 | 51ce199a | Leonidas Poulopoulos | |
103 | 51ce199a | Leonidas Poulopoulos | EMAIL_USE_TLS = True #(or False) |
104 | 51ce199a | Leonidas Poulopoulos | EMAIL_HOST = 'smtp.example.com' |
105 | 51ce199a | Leonidas Poulopoulos | EMAIL_HOST_USER = 'username' |
106 | 51ce199a | Leonidas Poulopoulos | EMAIL_HOST_PASSWORD = 'yourpassword' |
107 | 51ce199a | Leonidas Poulopoulos | EMAIL_PORT = 587 #(outgoing) |
108 | 51ce199a | Leonidas Poulopoulos | |
109 | 51ce199a | Leonidas Poulopoulos | |
110 | 51ce199a | Leonidas Poulopoulos | .. note:: |
111 | 51ce199a | Leonidas Poulopoulos | Soon we will release a version with django-registration as a means to add users and Shibboleth as an alternative |
112 | 51ce199a | Leonidas Poulopoulos | |
113 | 51ce199a | Leonidas Poulopoulos | Let's move on with some copies and dir creations:: |
114 | 51ce199a | Leonidas Poulopoulos | |
115 | 51ce199a | Leonidas Poulopoulos | cp urls.py.dist urls.py |
116 | 51ce199a | Leonidas Poulopoulos | mkdir log |
117 | 51ce199a | Leonidas Poulopoulos | chown -R root:www-data log/ |
118 | 51ce199a | Leonidas Poulopoulos | chmod -R g+w log |
119 | 51ce199a | Leonidas Poulopoulos | |
120 | 51ce199a | Leonidas Poulopoulos | System configuration |
121 | 51ce199a | Leonidas Poulopoulos | ==================== |
122 | 51ce199a | Leonidas Poulopoulos | Apache operates as a gunicorn Proxy with WSGI and Shibboleth modules enabled. |
123 | 51ce199a | Leonidas Poulopoulos | Depending on the setup the apache configuration may vary:: |
124 | 51ce199a | Leonidas Poulopoulos | |
125 | 51ce199a | Leonidas Poulopoulos | a2enmod rewrite |
126 | 51ce199a | Leonidas Poulopoulos | a2enmod proxy |
127 | 51ce199a | Leonidas Poulopoulos | a2enmod ssl |
128 | 51ce199a | Leonidas Poulopoulos | a2enmod proxy_http |
129 | 51ce199a | Leonidas Poulopoulos | |
130 | 51ce199a | Leonidas Poulopoulos | If shibboleth is to be used:: |
131 | 51ce199a | Leonidas Poulopoulos | |
132 | 51ce199a | Leonidas Poulopoulos | apt-get install libapache2-mod-shib2 |
133 | 51ce199a | Leonidas Poulopoulos | a2enmod shib2 |
134 | 51ce199a | Leonidas Poulopoulos | |
135 | 51ce199a | Leonidas Poulopoulos | Now it is time to configure beanstalk, gunicorn, celery and apache. |
136 | 51ce199a | Leonidas Poulopoulos | |
137 | 51ce199a | Leonidas Poulopoulos | beanstalkd |
138 | 51ce199a | Leonidas Poulopoulos | ---------- |
139 | 51ce199a | Leonidas Poulopoulos | |
140 | 51ce199a | Leonidas Poulopoulos | Enable beanstalk by editting /etc/default/beanstalkd:: |
141 | 51ce199a | Leonidas Poulopoulos | |
142 | 51ce199a | Leonidas Poulopoulos | vim /etc/default/beanstalkd |
143 | 51ce199a | Leonidas Poulopoulos | |
144 | 51ce199a | Leonidas Poulopoulos | Uncomment the line **START=yes** to enable beanstalk |
145 | 51ce199a | Leonidas Poulopoulos | |
146 | 51ce199a | Leonidas Poulopoulos | Start beanstalkd:: |
147 | 51ce199a | Leonidas Poulopoulos | |
148 | 51ce199a | Leonidas Poulopoulos | service beanstalkd start |
149 | 51ce199a | Leonidas Poulopoulos | |
150 | 51ce199a | Leonidas Poulopoulos | gunicorn.d |
151 | 51ce199a | Leonidas Poulopoulos | ---------- |
152 | 51ce199a | Leonidas Poulopoulos | |
153 | 51ce199a | Leonidas Poulopoulos | create and edit /etc/gunicorn.d/fod:: |
154 | 51ce199a | Leonidas Poulopoulos | |
155 | 51ce199a | Leonidas Poulopoulos | vim /etc/gunicorn.d/fod |
156 | 51ce199a | Leonidas Poulopoulos | |
157 | 51ce199a | Leonidas Poulopoulos | FoD is served via gunicorn and is then proxied by Apache. If the above directory conventions have been followed so far, then your configuration should be:: |
158 | 51ce199a | Leonidas Poulopoulos | |
159 | 51ce199a | Leonidas Poulopoulos | CONFIG = { |
160 | 51ce199a | Leonidas Poulopoulos | 'mode': 'django', |
161 | 51ce199a | Leonidas Poulopoulos | 'working_dir': '/srv/flowspy', |
162 | 51ce199a | Leonidas Poulopoulos | 'args': ( |
163 | 51ce199a | Leonidas Poulopoulos | '--bind=127.0.0.1:8081', |
164 | 51ce199a | Leonidas Poulopoulos | '--workers=1', |
165 | 51ce199a | Leonidas Poulopoulos | '--timeout=360', |
166 | 51ce199a | Leonidas Poulopoulos | '--worker-class=egg:gunicorn#gevent', |
167 | 51ce199a | Leonidas Poulopoulos | '--log-level=debug', |
168 | 51ce199a | Leonidas Poulopoulos | 'settings.py', |
169 | 51ce199a | Leonidas Poulopoulos | ), |
170 | 51ce199a | Leonidas Poulopoulos | } |
171 | 51ce199a | Leonidas Poulopoulos | |
172 | 51ce199a | Leonidas Poulopoulos | celery.d |
173 | 51ce199a | Leonidas Poulopoulos | -------- |
174 | 51ce199a | Leonidas Poulopoulos | |
175 | 51ce199a | Leonidas Poulopoulos | Celery is used over beanstalkd to apply firewall rules in a serial manner so that locks are avoided on the flowspec capable device. In our setup celery runs via django. That is why the python-django-celery package was installed. |
176 | 51ce199a | Leonidas Poulopoulos | |
177 | c657a994 | Leonidas Poulopoulos | Create the celeryd daemon at /etc/init.d/celeryd:: |
178 | cccef23d | Leonidas Poulopoulos | |
179 | 1c6c3dad | Leonidas Poulopoulos | vim /etc/init.d/celeryd |
180 | 1c6c3dad | Leonidas Poulopoulos | |
181 | 1c6c3dad | Leonidas Poulopoulos | The configuration should be:: |
182 | 1c6c3dad | Leonidas Poulopoulos | |
183 | c657a994 | Leonidas Poulopoulos | #!/bin/sh -e |
184 | c657a994 | Leonidas Poulopoulos | # ============================================ |
185 | c657a994 | Leonidas Poulopoulos | # celeryd - Starts the Celery worker daemon. |
186 | c657a994 | Leonidas Poulopoulos | # ============================================ |
187 | c657a994 | Leonidas Poulopoulos | # |
188 | c657a994 | Leonidas Poulopoulos | # :Usage: /etc/init.d/celeryd {start|stop|force-reload|restart|try-restart|status} |
189 | c657a994 | Leonidas Poulopoulos | # :Configuration file: /etc/default/celeryd |
190 | c657a994 | Leonidas Poulopoulos | # |
191 | c657a994 | Leonidas Poulopoulos | # See http://docs.celeryq.org/en/latest/cookbook/daemonizing.html#init-script-celeryd |
192 | c657a994 | Leonidas Poulopoulos | |
193 | c657a994 | Leonidas Poulopoulos | |
194 | c657a994 | Leonidas Poulopoulos | ### BEGIN INIT INFO |
195 | c657a994 | Leonidas Poulopoulos | # Provides: celeryd |
196 | c657a994 | Leonidas Poulopoulos | # Required-Start: $network $local_fs $remote_fs |
197 | c657a994 | Leonidas Poulopoulos | # Required-Stop: $network $local_fs $remote_fs |
198 | c657a994 | Leonidas Poulopoulos | # Default-Start: 2 3 4 5 |
199 | c657a994 | Leonidas Poulopoulos | # Default-Stop: 0 1 6 |
200 | c657a994 | Leonidas Poulopoulos | # Short-Description: celery task worker daemon |
201 | c657a994 | Leonidas Poulopoulos | ### END INIT INFO |
202 | c657a994 | Leonidas Poulopoulos | |
203 | c657a994 | Leonidas Poulopoulos | #set -e |
204 | c657a994 | Leonidas Poulopoulos | |
205 | c657a994 | Leonidas Poulopoulos | DEFAULT_PID_FILE="/var/run/celeryd@%n.pid" |
206 | c657a994 | Leonidas Poulopoulos | DEFAULT_LOG_FILE="/var/log/celeryd@%n.log" |
207 | c657a994 | Leonidas Poulopoulos | DEFAULT_LOG_LEVEL="INFO" |
208 | c657a994 | Leonidas Poulopoulos | DEFAULT_NODES="celery" |
209 | c657a994 | Leonidas Poulopoulos | DEFAULT_CELERYD="-m celery.bin.celeryd_detach" |
210 | c657a994 | Leonidas Poulopoulos | |
211 | c657a994 | Leonidas Poulopoulos | # /etc/init.d/celeryd: start and stop the celery task worker daemon. |
212 | c657a994 | Leonidas Poulopoulos | |
213 | c657a994 | Leonidas Poulopoulos | CELERY_DEFAULTS=${CELERY_DEFAULTS:-"/etc/default/celeryd"} |
214 | c657a994 | Leonidas Poulopoulos | |
215 | c657a994 | Leonidas Poulopoulos | test -f "$CELERY_DEFAULTS" && . "$CELERY_DEFAULTS" |
216 | c657a994 | Leonidas Poulopoulos | if [ -f "/etc/default/celeryd" ]; then |
217 | c657a994 | Leonidas Poulopoulos | . /etc/default/celeryd |
218 | c657a994 | Leonidas Poulopoulos | fi |
219 | c657a994 | Leonidas Poulopoulos | |
220 | c657a994 | Leonidas Poulopoulos | CELERYD_PID_FILE=${CELERYD_PID_FILE:-${CELERYD_PIDFILE:-$DEFAULT_PID_FILE}} |
221 | c657a994 | Leonidas Poulopoulos | CELERYD_LOG_FILE=${CELERYD_LOG_FILE:-${CELERYD_LOGFILE:-$DEFAULT_LOG_FILE}} |
222 | c657a994 | Leonidas Poulopoulos | CELERYD_LOG_LEVEL=${CELERYD_LOG_LEVEL:-${CELERYD_LOGLEVEL:-$DEFAULT_LOG_LEVEL}} |
223 | c657a994 | Leonidas Poulopoulos | CELERYD_MULTI=${CELERYD_MULTI:-"celeryd-multi"} |
224 | c657a994 | Leonidas Poulopoulos | CELERYD=${CELERYD:-$DEFAULT_CELERYD} |
225 | c657a994 | Leonidas Poulopoulos | CELERYCTL=${CELERYCTL:="celeryctl"} |
226 | c657a994 | Leonidas Poulopoulos | CELERYD_NODES=${CELERYD_NODES:-$DEFAULT_NODES} |
227 | c657a994 | Leonidas Poulopoulos | |
228 | c657a994 | Leonidas Poulopoulos | export CELERY_LOADER |
229 | c657a994 | Leonidas Poulopoulos | |
230 | c657a994 | Leonidas Poulopoulos | if [ -n "$2" ]; then |
231 | c657a994 | Leonidas Poulopoulos | CELERYD_OPTS="$CELERYD_OPTS $2" |
232 | c657a994 | Leonidas Poulopoulos | fi |
233 | c657a994 | Leonidas Poulopoulos | |
234 | c657a994 | Leonidas Poulopoulos | CELERYD_LOG_DIR=`dirname $CELERYD_LOG_FILE` |
235 | c657a994 | Leonidas Poulopoulos | CELERYD_PID_DIR=`dirname $CELERYD_PID_FILE` |
236 | c657a994 | Leonidas Poulopoulos | if [ ! -d "$CELERYD_LOG_DIR" ]; then |
237 | c657a994 | Leonidas Poulopoulos | mkdir -p $CELERYD_LOG_DIR |
238 | c657a994 | Leonidas Poulopoulos | fi |
239 | c657a994 | Leonidas Poulopoulos | if [ ! -d "$CELERYD_PID_DIR" ]; then |
240 | c657a994 | Leonidas Poulopoulos | mkdir -p $CELERYD_PID_DIR |
241 | c657a994 | Leonidas Poulopoulos | fi |
242 | c657a994 | Leonidas Poulopoulos | |
243 | c657a994 | Leonidas Poulopoulos | # Extra start-stop-daemon options, like user/group. |
244 | c657a994 | Leonidas Poulopoulos | if [ -n "$CELERYD_USER" ]; then |
245 | c657a994 | Leonidas Poulopoulos | DAEMON_OPTS="$DAEMON_OPTS --uid=$CELERYD_USER" |
246 | c657a994 | Leonidas Poulopoulos | chown "$CELERYD_USER" $CELERYD_LOG_DIR $CELERYD_PID_DIR |
247 | c657a994 | Leonidas Poulopoulos | fi |
248 | c657a994 | Leonidas Poulopoulos | if [ -n "$CELERYD_GROUP" ]; then |
249 | c657a994 | Leonidas Poulopoulos | DAEMON_OPTS="$DAEMON_OPTS --gid=$CELERYD_GROUP" |
250 | c657a994 | Leonidas Poulopoulos | chgrp "$CELERYD_GROUP" $CELERYD_LOG_DIR $CELERYD_PID_DIR |
251 | c657a994 | Leonidas Poulopoulos | fi |
252 | c657a994 | Leonidas Poulopoulos | |
253 | c657a994 | Leonidas Poulopoulos | if [ -n "$CELERYD_CHDIR" ]; then |
254 | c657a994 | Leonidas Poulopoulos | DAEMON_OPTS="$DAEMON_OPTS --workdir=\"$CELERYD_CHDIR\"" |
255 | c657a994 | Leonidas Poulopoulos | fi |
256 | c657a994 | Leonidas Poulopoulos | |
257 | c657a994 | Leonidas Poulopoulos | |
258 | c657a994 | Leonidas Poulopoulos | check_dev_null() { |
259 | c657a994 | Leonidas Poulopoulos | if [ ! -c /dev/null ]; then |
260 | c657a994 | Leonidas Poulopoulos | echo "/dev/null is not a character device!" |
261 | c657a994 | Leonidas Poulopoulos | exit 1 |
262 | c657a994 | Leonidas Poulopoulos | fi |
263 | c657a994 | Leonidas Poulopoulos | } |
264 | c657a994 | Leonidas Poulopoulos | |
265 | c657a994 | Leonidas Poulopoulos | |
266 | c657a994 | Leonidas Poulopoulos | export PATH="${PATH:+$PATH:}/usr/sbin:/sbin" |
267 | c657a994 | Leonidas Poulopoulos | |
268 | c657a994 | Leonidas Poulopoulos | |
269 | c657a994 | Leonidas Poulopoulos | stop_workers () { |
270 | c657a994 | Leonidas Poulopoulos | $CELERYD_MULTI stop $CELERYD_NODES --pidfile="$CELERYD_PID_FILE" |
271 | c657a994 | Leonidas Poulopoulos | } |
272 | c657a994 | Leonidas Poulopoulos | |
273 | c657a994 | Leonidas Poulopoulos | |
274 | c657a994 | Leonidas Poulopoulos | start_workers () { |
275 | c657a994 | Leonidas Poulopoulos | $CELERYD_MULTI start $CELERYD_NODES $DAEMON_OPTS \ |
276 | c657a994 | Leonidas Poulopoulos | --pidfile="$CELERYD_PID_FILE" \ |
277 | c657a994 | Leonidas Poulopoulos | --logfile="$CELERYD_LOG_FILE" \ |
278 | c657a994 | Leonidas Poulopoulos | --loglevel="$CELERYD_LOG_LEVEL" \ |
279 | c657a994 | Leonidas Poulopoulos | --cmd="$CELERYD" \ |
280 | c657a994 | Leonidas Poulopoulos | $CELERYD_OPTS |
281 | c657a994 | Leonidas Poulopoulos | } |
282 | c657a994 | Leonidas Poulopoulos | |
283 | c657a994 | Leonidas Poulopoulos | |
284 | c657a994 | Leonidas Poulopoulos | restart_workers () { |
285 | c657a994 | Leonidas Poulopoulos | $CELERYD_MULTI restart $CELERYD_NODES $DAEMON_OPTS \ |
286 | c657a994 | Leonidas Poulopoulos | --pidfile="$CELERYD_PID_FILE" \ |
287 | c657a994 | Leonidas Poulopoulos | --logfile="$CELERYD_LOG_FILE" \ |
288 | c657a994 | Leonidas Poulopoulos | --loglevel="$CELERYD_LOG_LEVEL" \ |
289 | c657a994 | Leonidas Poulopoulos | --cmd="$CELERYD" \ |
290 | c657a994 | Leonidas Poulopoulos | $CELERYD_OPTS |
291 | c657a994 | Leonidas Poulopoulos | } |
292 | c657a994 | Leonidas Poulopoulos | |
293 | c657a994 | Leonidas Poulopoulos | |
294 | c657a994 | Leonidas Poulopoulos | |
295 | c657a994 | Leonidas Poulopoulos | case "$1" in |
296 | c657a994 | Leonidas Poulopoulos | start) |
297 | c657a994 | Leonidas Poulopoulos | check_dev_null |
298 | c657a994 | Leonidas Poulopoulos | start_workers |
299 | c657a994 | Leonidas Poulopoulos | ;; |
300 | c657a994 | Leonidas Poulopoulos | |
301 | c657a994 | Leonidas Poulopoulos | stop) |
302 | c657a994 | Leonidas Poulopoulos | check_dev_null |
303 | c657a994 | Leonidas Poulopoulos | stop_workers |
304 | c657a994 | Leonidas Poulopoulos | ;; |
305 | c657a994 | Leonidas Poulopoulos | |
306 | c657a994 | Leonidas Poulopoulos | reload|force-reload) |
307 | c657a994 | Leonidas Poulopoulos | echo "Use restart" |
308 | c657a994 | Leonidas Poulopoulos | ;; |
309 | c657a994 | Leonidas Poulopoulos | |
310 | c657a994 | Leonidas Poulopoulos | status) |
311 | c657a994 | Leonidas Poulopoulos | $CELERYCTL status $CELERYCTL_OPTS |
312 | c657a994 | Leonidas Poulopoulos | ;; |
313 | c657a994 | Leonidas Poulopoulos | |
314 | c657a994 | Leonidas Poulopoulos | restart) |
315 | c657a994 | Leonidas Poulopoulos | check_dev_null |
316 | c657a994 | Leonidas Poulopoulos | restart_workers |
317 | c657a994 | Leonidas Poulopoulos | ;; |
318 | c657a994 | Leonidas Poulopoulos | |
319 | c657a994 | Leonidas Poulopoulos | try-restart) |
320 | c657a994 | Leonidas Poulopoulos | check_dev_null |
321 | c657a994 | Leonidas Poulopoulos | restart_workers |
322 | c657a994 | Leonidas Poulopoulos | ;; |
323 | c657a994 | Leonidas Poulopoulos | |
324 | c657a994 | Leonidas Poulopoulos | *) |
325 | c657a994 | Leonidas Poulopoulos | echo "Usage: /etc/init.d/celeryd {start|stop|restart|try-restart|kill}" |
326 | c657a994 | Leonidas Poulopoulos | exit 1 |
327 | c657a994 | Leonidas Poulopoulos | ;; |
328 | c657a994 | Leonidas Poulopoulos | esac |
329 | c657a994 | Leonidas Poulopoulos | |
330 | c657a994 | Leonidas Poulopoulos | exit 0 |
331 | c657a994 | Leonidas Poulopoulos | |
332 | c657a994 | Leonidas Poulopoulos | and make it executable:: |
333 | c657a994 | Leonidas Poulopoulos | |
334 | c657a994 | Leonidas Poulopoulos | chmod +x /etc/init.d/celeryd |
335 | 51ce199a | Leonidas Poulopoulos | |
336 | 51ce199a | Leonidas Poulopoulos | celeryd requires a /etc/default/celeryd file to be in place. |
337 | 51ce199a | Leonidas Poulopoulos | Thus we are going to create this file (/etc/default/celeryd):: |
338 | 51ce199a | Leonidas Poulopoulos | |
339 | 51ce199a | Leonidas Poulopoulos | vim /etc/default/celeryd |
340 | 51ce199a | Leonidas Poulopoulos | |
341 | 51ce199a | Leonidas Poulopoulos | Again if the directory conventions have been followed the file should be:: |
342 | 51ce199a | Leonidas Poulopoulos | |
343 | 51ce199a | Leonidas Poulopoulos | # Name of nodes to start, here we have a single node |
344 | 51ce199a | Leonidas Poulopoulos | CELERYD_NODES="w1" |
345 | 51ce199a | Leonidas Poulopoulos | # or we could have three nodes: |
346 | 51ce199a | Leonidas Poulopoulos | #CELERYD_NODES="w1 w2 w3" |
347 | 51ce199a | Leonidas Poulopoulos | |
348 | 51ce199a | Leonidas Poulopoulos | # Where to chdir at start. |
349 | 51ce199a | Leonidas Poulopoulos | CELERYD_CHDIR="/srv/flowspy/" |
350 | 51ce199a | Leonidas Poulopoulos | # How to call "manage.py celeryd_multi" |
351 | 51ce199a | Leonidas Poulopoulos | CELERYD_MULTI="$CELERYD_CHDIR/manage.py celeryd_multi" |
352 | 51ce199a | Leonidas Poulopoulos | |
353 | 51ce199a | Leonidas Poulopoulos | # How to call "manage.py celeryctl" |
354 | 51ce199a | Leonidas Poulopoulos | CELERYCTL="$CELERYD_CHDIR/manage.py celeryctl" |
355 | 51ce199a | Leonidas Poulopoulos | |
356 | 51ce199a | Leonidas Poulopoulos | # Extra arguments to celeryd |
357 | 51ce199a | Leonidas Poulopoulos | #CELERYD_OPTS="--time-limit=300 --concurrency=8" |
358 | 51ce199a | Leonidas Poulopoulos | CELERYD_OPTS="-E -B" |
359 | 51ce199a | Leonidas Poulopoulos | # Name of the celery config module. |
360 | 51ce199a | Leonidas Poulopoulos | CELERY_CONFIG_MODULE="celeryconfig" |
361 | 51ce199a | Leonidas Poulopoulos | |
362 | 51ce199a | Leonidas Poulopoulos | # %n will be replaced with the nodename. |
363 | 51ce199a | Leonidas Poulopoulos | CELERYD_LOG_FILE="$CELERYD_CHDIR/celery_var/log/celery/%n.log" |
364 | 51ce199a | Leonidas Poulopoulos | CELERYD_PID_FILE="$CELERYD_CHDIR/celery_var/run/celery/%n.pid" |
365 | 51ce199a | Leonidas Poulopoulos | |
366 | 51ce199a | Leonidas Poulopoulos | # Workers should run as an unprivileged user. |
367 | 51ce199a | Leonidas Poulopoulos | CELERYD_USER="root" |
368 | 51ce199a | Leonidas Poulopoulos | CELERYD_GROUP="root" |
369 | 51ce199a | Leonidas Poulopoulos | |
370 | 51ce199a | Leonidas Poulopoulos | # Name of the projects settings module. |
371 | 51ce199a | Leonidas Poulopoulos | export DJANGO_SETTINGS_MODULE="settings" |
372 | 51ce199a | Leonidas Poulopoulos | |
373 | 51ce199a | Leonidas Poulopoulos | Apache |
374 | 51ce199a | Leonidas Poulopoulos | ------ |
375 | 51ce199a | Leonidas Poulopoulos | Apache proxies gunicorn. Things are more flexible here as you may follow your own configuration and conventions. Create and edit /etc/apache2/sites-available/fod. You should set <server_name> and <admin_mail> along with your certificates. If under testing environment, you can use the provided snakeoil certs. If you do not intent to use Shibboleth delete or comment the corresponding configuration parts inside **Shibboleth configuration** :: |
376 | 51ce199a | Leonidas Poulopoulos | |
377 | 51ce199a | Leonidas Poulopoulos | vim /etc/apache2/sites-available/fod |
378 | 51ce199a | Leonidas Poulopoulos | |
379 | 51ce199a | Leonidas Poulopoulos | Again if the directory conventions have been followed the file should be:: |
380 | 51ce199a | Leonidas Poulopoulos | |
381 | 51ce199a | Leonidas Poulopoulos | <VirtualHost *:80> |
382 | 51ce199a | Leonidas Poulopoulos | ServerAdmin webmaster@localhost |
383 | 51ce199a | Leonidas Poulopoulos | ServerName <server_name> |
384 | 51ce199a | Leonidas Poulopoulos | DocumentRoot /var/www |
385 | 51ce199a | Leonidas Poulopoulos | <Directory /> |
386 | 51ce199a | Leonidas Poulopoulos | Options FollowSymLinks |
387 | 51ce199a | Leonidas Poulopoulos | AllowOverride None |
388 | 51ce199a | Leonidas Poulopoulos | </Directory> |
389 | 51ce199a | Leonidas Poulopoulos | <Directory /var/www/> |
390 | 51ce199a | Leonidas Poulopoulos | Options Indexes FollowSymLinks MultiViews |
391 | 51ce199a | Leonidas Poulopoulos | AllowOverride None |
392 | 51ce199a | Leonidas Poulopoulos | Order allow,deny |
393 | 51ce199a | Leonidas Poulopoulos | allow from all |
394 | 51ce199a | Leonidas Poulopoulos | </Directory> |
395 | 51ce199a | Leonidas Poulopoulos | |
396 | 51ce199a | Leonidas Poulopoulos | ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ |
397 | 51ce199a | Leonidas Poulopoulos | <Directory "/usr/lib/cgi-bin"> |
398 | 51ce199a | Leonidas Poulopoulos | AllowOverride None |
399 | 51ce199a | Leonidas Poulopoulos | Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch |
400 | 51ce199a | Leonidas Poulopoulos | Order allow,deny |
401 | 51ce199a | Leonidas Poulopoulos | Allow from all |
402 | 51ce199a | Leonidas Poulopoulos | </Directory> |
403 | 51ce199a | Leonidas Poulopoulos | |
404 | 51ce199a | Leonidas Poulopoulos | ErrorLog ${APACHE_LOG_DIR}/error.log |
405 | 51ce199a | Leonidas Poulopoulos | |
406 | 51ce199a | Leonidas Poulopoulos | # Possible values include: debug, info, notice, warn, error, crit, |
407 | 51ce199a | Leonidas Poulopoulos | # alert, emerg. |
408 | 51ce199a | Leonidas Poulopoulos | LogLevel warn |
409 | 51ce199a | Leonidas Poulopoulos | |
410 | 51ce199a | Leonidas Poulopoulos | CustomLog ${APACHE_LOG_DIR}/access.log combined |
411 | 51ce199a | Leonidas Poulopoulos | |
412 | 51ce199a | Leonidas Poulopoulos | Alias /doc/ "/usr/share/doc/" |
413 | 51ce199a | Leonidas Poulopoulos | <Directory "/usr/share/doc/"> |
414 | 51ce199a | Leonidas Poulopoulos | Options Indexes MultiViews FollowSymLinks |
415 | 51ce199a | Leonidas Poulopoulos | AllowOverride None |
416 | 51ce199a | Leonidas Poulopoulos | Order deny,allow |
417 | 51ce199a | Leonidas Poulopoulos | Deny from all |
418 | 51ce199a | Leonidas Poulopoulos | Allow from 127.0.0.0/255.0.0.0 ::1/128 |
419 | 51ce199a | Leonidas Poulopoulos | </Directory> |
420 | 51ce199a | Leonidas Poulopoulos | |
421 | 51ce199a | Leonidas Poulopoulos | RewriteEngine On |
422 | 51ce199a | Leonidas Poulopoulos | RewriteCond %{HTTPS} off |
423 | 51ce199a | Leonidas Poulopoulos | RewriteRule ^/(.*) https://<server_name>/$1 [L,R] |
424 | 51ce199a | Leonidas Poulopoulos | |
425 | 51ce199a | Leonidas Poulopoulos | </VirtualHost> |
426 | 51ce199a | Leonidas Poulopoulos | <VirtualHost *:443> |
427 | 51ce199a | Leonidas Poulopoulos | ServerName <server_name> |
428 | 51ce199a | Leonidas Poulopoulos | ServerAdmin <admin_mail> |
429 | 51ce199a | Leonidas Poulopoulos | ServerSignature On |
430 | 51ce199a | Leonidas Poulopoulos | |
431 | 51ce199a | Leonidas Poulopoulos | SSLEngine on |
432 | 51ce199a | Leonidas Poulopoulos | SSLCertificateFile /etc/ssl/certs/example.com.crt |
433 | 51ce199a | Leonidas Poulopoulos | SSLCertificateChainFile /etc/ssl/certs/example.com.crt |
434 | 51ce199a | Leonidas Poulopoulos | SSLCertificateKeyFile /etc/ssl/private/example.com.key |
435 | 51ce199a | Leonidas Poulopoulos | |
436 | 51ce199a | Leonidas Poulopoulos | AddDefaultCharset UTF-8 |
437 | 51ce199a | Leonidas Poulopoulos | IndexOptions +Charset=UTF-8 |
438 | 51ce199a | Leonidas Poulopoulos | |
439 | 51ce199a | Leonidas Poulopoulos | # Shibboleth configuration |
440 | 51ce199a | Leonidas Poulopoulos | ShibConfig /etc/shibboleth/shibboleth2.xml |
441 | 51ce199a | Leonidas Poulopoulos | Alias /shibboleth-sp /usr/share/shibboleth |
442 | 51ce199a | Leonidas Poulopoulos | |
443 | 51ce199a | Leonidas Poulopoulos | <Location /fod/login> |
444 | 51ce199a | Leonidas Poulopoulos | AuthType shibboleth |
445 | 51ce199a | Leonidas Poulopoulos | ShibRequireSession On |
446 | 51ce199a | Leonidas Poulopoulos | ShibUseHeaders On |
447 | 51ce199a | Leonidas Poulopoulos | require valid-user |
448 | 51ce199a | Leonidas Poulopoulos | </Location> |
449 | 51ce199a | Leonidas Poulopoulos | |
450 | 51ce199a | Leonidas Poulopoulos | # Shibboleth debugging CGI script |
451 | 51ce199a | Leonidas Poulopoulos | ScriptAlias /shibboleth/test /usr/lib/cgi-bin/shibtest.cgi |
452 | 51ce199a | Leonidas Poulopoulos | <Location /shibboleth/test> |
453 | 51ce199a | Leonidas Poulopoulos | AuthType shibboleth |
454 | 51ce199a | Leonidas Poulopoulos | ShibRequireSession On |
455 | 51ce199a | Leonidas Poulopoulos | ShibUseHeaders On |
456 | 51ce199a | Leonidas Poulopoulos | require valid-user |
457 | 51ce199a | Leonidas Poulopoulos | </Location> |
458 | 51ce199a | Leonidas Poulopoulos | |
459 | 51ce199a | Leonidas Poulopoulos | <Location /Shibboleth.sso> |
460 | 51ce199a | Leonidas Poulopoulos | SetHandler shib |
461 | 51ce199a | Leonidas Poulopoulos | </Location> |
462 | 51ce199a | Leonidas Poulopoulos | |
463 | 51ce199a | Leonidas Poulopoulos | # End of Shibboleth configuration |
464 | 51ce199a | Leonidas Poulopoulos | |
465 | 51ce199a | Leonidas Poulopoulos | <Location /admin/media/> |
466 | 51ce199a | Leonidas Poulopoulos | SetHandler None |
467 | 51ce199a | Leonidas Poulopoulos | </Location> |
468 | 51ce199a | Leonidas Poulopoulos | |
469 | 51ce199a | Leonidas Poulopoulos | Alias /admin/media /usr/share/pyshared/django/contrib/admin/media |
470 | 51ce199a | Leonidas Poulopoulos | Alias /media /usr/share/pyshared/django/contrib/admin/media |
471 | 51ce199a | Leonidas Poulopoulos | DocumentRoot /var/www |
472 | 51ce199a | Leonidas Poulopoulos | <Directory /var/www/> |
473 | 51ce199a | Leonidas Poulopoulos | Options Indexes FollowSymLinks MultiViews |
474 | 51ce199a | Leonidas Poulopoulos | AllowOverride None |
475 | 51ce199a | Leonidas Poulopoulos | Order allow,deny |
476 | 51ce199a | Leonidas Poulopoulos | allow from all |
477 | 51ce199a | Leonidas Poulopoulos | </Directory> |
478 | 51ce199a | Leonidas Poulopoulos | |
479 | 51ce199a | Leonidas Poulopoulos | |
480 | 51ce199a | Leonidas Poulopoulos | |
481 | 51ce199a | Leonidas Poulopoulos | <Proxy *> |
482 | 51ce199a | Leonidas Poulopoulos | Order allow,deny |
483 | 51ce199a | Leonidas Poulopoulos | Allow from all |
484 | 51ce199a | Leonidas Poulopoulos | </Proxy> |
485 | 51ce199a | Leonidas Poulopoulos | |
486 | 51ce199a | Leonidas Poulopoulos | SSLProxyEngine off |
487 | 51ce199a | Leonidas Poulopoulos | ProxyErrorOverride off |
488 | 51ce199a | Leonidas Poulopoulos | ProxyTimeout 28800 |
489 | 51ce199a | Leonidas Poulopoulos | ProxyPass /fod http://localhost:8081/fod retry=0 |
490 | 51ce199a | Leonidas Poulopoulos | ProxyPassReverse /fod http://localhost:8081/fod |
491 | 51ce199a | Leonidas Poulopoulos | |
492 | 51ce199a | Leonidas Poulopoulos | LogLevel warn |
493 | 51ce199a | Leonidas Poulopoulos | ErrorLog /var/log/apache2/ssl-error.log |
494 | 51ce199a | Leonidas Poulopoulos | CustomLog /var/log/apache2/ssl-access.log combined |
495 | 51ce199a | Leonidas Poulopoulos | |
496 | 51ce199a | Leonidas Poulopoulos | |
497 | 51ce199a | Leonidas Poulopoulos | |
498 | 51ce199a | Leonidas Poulopoulos | |
499 | 51ce199a | Leonidas Poulopoulos | Alias /fodstatic /srv/flowspy/static |
500 | 51ce199a | Leonidas Poulopoulos | |
501 | 51ce199a | Leonidas Poulopoulos | </VirtualHost> |
502 | 51ce199a | Leonidas Poulopoulos | |
503 | 1e40c2f5 | Leonidas Poulopoulos | Now, enable your site. You might want to disable the default site if fod is the only site you host on your server:: |
504 | 1e40c2f5 | Leonidas Poulopoulos | |
505 | 1e40c2f5 | Leonidas Poulopoulos | a2dissite default |
506 | 1e40c2f5 | Leonidas Poulopoulos | a2ensite fod |
507 | 1e40c2f5 | Leonidas Poulopoulos | |
508 | 51ce199a | Leonidas Poulopoulos | You are not far away from deploying FoD. When asked for a super user, create one:: |
509 | 51ce199a | Leonidas Poulopoulos | |
510 | 51ce199a | Leonidas Poulopoulos | cd /srv/flowspy |
511 | 51ce199a | Leonidas Poulopoulos | python manage.py syncdb |
512 | 51ce199a | Leonidas Poulopoulos | python manage.py migrate |
513 | 51ce199a | Leonidas Poulopoulos | |
514 | 51ce199a | Leonidas Poulopoulos | Restart, gunicorn and apache:: |
515 | 51ce199a | Leonidas Poulopoulos | |
516 | 51ce199a | Leonidas Poulopoulos | service gunicorn restart && service apache2 restart |
517 | 51ce199a | Leonidas Poulopoulos | |
518 | 51ce199a | Leonidas Poulopoulos | Testing the platform |
519 | 51ce199a | Leonidas Poulopoulos | ==================== |
520 | 51ce199a | Leonidas Poulopoulos | Log in to the admin interface via https://<your ip>/fod/admin. Go to Peer ranges and add a new range (part of/or a complete subnet), eg. 83.212.0.0/19 |
521 | 51ce199a | Leonidas Poulopoulos | Go to Peers and add a new peer, eg. id: 1, name: Test, AS: 16503, tag: TEST and move the network you have crteated from Avalable to Chosen. From the admin front, go to User, and edit your user. From the bottom of the page, select the TEST peer and save. |
522 | 7aa06e71 | Leonidas Poulopoulos | Last but not least, modify as required the existing (example.com) Site instance (admin home->Sites). You are done. As you are logged-in via the admin, there is no need for Shibboleth. Go to https://<your ip>/fod/ and create a new rule. Your rule should be applied on the flowspec capable device after aprox. 10 seconds. |
523 | 51ce199a | Leonidas Poulopoulos | |
524 | 51ce199a | Leonidas Poulopoulos | Branding |
525 | 51ce199a | Leonidas Poulopoulos | ======== |
526 | 51ce199a | Leonidas Poulopoulos | Via the admin interface you can modify flatpages to suit your needs |
527 | 51ce199a | Leonidas Poulopoulos | |
528 | 51ce199a | Leonidas Poulopoulos | Logos |
529 | 51ce199a | Leonidas Poulopoulos | ----- |
530 | 51ce199a | Leonidas Poulopoulos | Inside the static folder you will find two empty png files: fod_logo.xcf (Gimp file) and shib_login.dist.png. Edit those two with your favourite image processing software and save them as fod_logo.png (under static/img/) and shib_login.png (under static/). Image sizes are optimized to operate without any other code changes. In case you want to incorporate images of different sizes you have to fine tune css and/or html as well. |
531 | 51ce199a | Leonidas Poulopoulos | |
532 | 51ce199a | Leonidas Poulopoulos | Footer |
533 | 51ce199a | Leonidas Poulopoulos | ------ |
534 | 51ce199a | Leonidas Poulopoulos | Under the templates folder (templates), you can alter the footer.html file to include your own footer messages, badges, etc. |
535 | 51ce199a | Leonidas Poulopoulos | |
536 | 51ce199a | Leonidas Poulopoulos | Welcome Page |
537 | 51ce199a | Leonidas Poulopoulos | ------------ |
538 | 51ce199a | Leonidas Poulopoulos | Under the templates folder (templates), you can alter the welcome page - welcome.html with your own images, carousel, videos, etc. |