Tuesday 27 June 2017

Quickstart: Installing and configuring snorby on CentOS 7

This tutorial will demonstrate how to build and configure Snorby on CentOS 7.

Fornote: I will initally be disabling SELinux for the installation of Snorby - however at the end we will re-enable it and adjust the relevant rules in order to get it running nicely with Snorby.

Lets firstly install the libraries needed to compile some of the ruby gems:

yum install mysql-devel libpqxx-devel ruby-devel

cd /tmp
yum install ruby
gem update
gem install rails

(Again - I had to install an older version of rails in order to get it working with Ruby 1.9.3)

Also - ensure selinux is set to permissive mode with:

setenforce 0
vi /etc/selinux/config # set mode to 'permissive'.

We'll now download and configure Snorby:

mkdir -p /opt/snorby/app
cd /opt/snorby/app
git clone git://github.com/Snorby/snorby.git
cd snorby
bundle install
yum install wkhtmltopdf

We'll now sort of the configuration file - firstly copy the template as follows:

cd etc
cp snorby_config.yml.example snorby_config.yml

and under 'Production' we'll change the 'wkhtmltopdf' variable to: /usr/bin/wkhtmltopdf

You can also specify mail setting within:

config/initializers/mail_config.rb

I will be using postgres for the database portion - there is a post here that demonstrates how to get posgres up and running.

We need to ensure that the  snorby rake setup can connect with the database - so we should edit pg_hba.conf - something like the below should do the trick:

vi /var/lib/pgsql/data/pg_hba.conf

# TYPE  DATABASE        USER            ADDRESS                 METHOD
local        all                        postgres                                            peer
local        all                        snorby                                              md5
host         all                        snorby           127.0.0.1/32               md5
host         all                        snorby           ::1/128                        md5

and reload the server for changes to take effect:

sudo service postgresql reload

We'll now edit the database configuration - ensuring the 'adapter' variable is set to 'postgresql', user and passwords are set accordingly etc.

cp database.yml.example database.yml

and then run the Snorby setup with:

rake snorby:setup

We'll now attempt to start the rails application in production mode:

cd config
sudo rails s -e production

With any luck you should now be able to access Snorby on http://<ip>:3000

The default username / password is: [email protected] / snorby.

Once logged in go to 'Administration' >> 'Worker and Job Queue' and ensure the work has started.

Our next step is to configure nginx with passenger so we can let nginx server our pages. However we will either need to compile passenger and nginx from scratch or we can use the Phusion Pasenger repository - which in this case to save time (and my sanity) we will do:

yum install yum-utils
sudo curl --fail -sSLo /etc/yum.repos.d/passenger.repo https://oss-binaries.phusionpassenger.com/yum/definitions/el-passenger.repo
sudo yum install -y nginx passenger || sudo yum-config-manager --enable cr && sudo yum install -y nginx passenger

Uncomment 'passenger_root', 'passenger_ruby' and 'passenger_instance_registry_dir' from /etc/nginx/conf.d/passenger.conf

sudo vi /etc/nginx/conf.d/passenger.conf

Restart and enable nginx with:

sudo systemctl enable nginx
sudo service nginx restart

and validate the install with:

sudo /usr/bin/passenger-config validate-install

We can do add a server block for snorby (after testing you should setup a proper virtual host etc.)

Edit nginx.conf:

vi /etc/nginx/nginx.conf

and comment out the default server block and add something like follows:

    server {
        listen 80 default_server;
        server_name localhost;
        root /opt/snorby;
rails_env production;
passenger_app_root /opt/snorby/application
        passenger_enabled on;
        passenger_ruby /usr/local/rvm/rubies/ruby-2.2.2/bin/ruby;
        passenger_sticky_sessions on;
    }

Make sure the data directory is writable by nginx:

chown -R nginx:nginx /opt/snorby/

Tes the configuration and reload nginx:

nginx -t
sudo service nginx reload

When initially attempting access the site it bombed out and after going through the nginx error logs the following line caught my attention:

Missing proper 'which' command. Make sure it is installed before using RVM!

and also lines like (which was causing the Snorby Worker process from starting):

stderr: sh: env: command not found

Now - I was pretty sure this was already installed - and to confirm we can check with:

rpm -qa which

which-2.20-7.el7.x86_64

So my next though was that it was likely an environment variable (specifically PATH) issue. It turns out nginx (by default) 'nukes' all environment values and in order to preserve them (specifically 'PATH' in this case) we need to add the following to the 'http' stanza in nginx.conf:

env PATH;

and reload:

sudo service nginx reload

Although the above may seem pretty trivial it actually look me a while to get it all up and running with a lot of trial and error - I really hope the developers will streamline the process and fix a number of outstanding bugs as I can imagine a lot of people would be put of my the amount of work involved getting it running!

Performing a hard reset

If you want to start from scratch or simply just purge the snorby database you can do so by doing:

cd /opt/snorby/application

and issuing:

bundle exec rake snorby:hard_reset

SELinux Rules

Will be available soon...

Sources

https://www.phusionpassenger.com/library/install/nginx/install/oss/trusty/
https://stackoverflow.com/questions/32071190/cant-deploy-passenger-with-nginx

0 comments:

Post a Comment