From 136d891bb9b67bef5a31c93a5a20e206882691ec Mon Sep 17 00:00:00 2001 From: Chris Sharp Date: Thu, 23 Sep 2021 18:40:19 -0400 Subject: [PATCH] LP#1880703: add Makefile and docs for RHEL/Rocky Signed-off-by: Chris Sharp --- README | 116 +++++++++++++++++++++++++++++++++++++---- src/extras/Makefile.install | 123 ++++++++++++++++++++++++++++++++++++++------ 2 files changed, 211 insertions(+), 28 deletions(-) diff --git a/README b/README index ffd6aef..ecea032 100644 --- a/README +++ b/README @@ -69,6 +69,8 @@ Well-tested values for include: * `debian-jessie` for Debian 8 * `ubuntu-bionic` for Ubuntu 18.04 * `ubuntu-focal` for Ubuntu 20.04 + * `rocky` for Rocky 8 (experimental) + * `rhel` for RedHat Enterprise Linux 8 (Experimental) Patches and suggestions for improvement from users of these distributions, or others, are welcome! @@ -78,6 +80,13 @@ be prompted for configuration of Comprehensive Perl Archive Network (CPAN) on your server. You can generally accept the defaults by pressing for all of the prompts, except for the country configuration. +[NOTE] +=========================================================================== +The Rocky/RHEL options will automatically add extra repositories to allow +RPM package installation, and will download and install EJabberD from the +project website. +=========================================================================== + Preamble: Developer instructions -------------------------------- @@ -205,7 +214,7 @@ work for OpenSRF. 1. Stop ejabberd before making any changes to its configuration by issuing the following command as the *root* Linux account: + -.(Debian / Ubuntu Bionic / Ubuntu Focal) Stopping ejabberd +.Stopping ejabberd [source, bash] --------------------------------------------------------------------------- systemctl stop ejabberd.service @@ -286,14 +295,52 @@ hosts: ----------------------- + g. Uncomment or add the `mod_legacy_auth` directive under the `modules:` section + +(Rocky/RHEL) Ejabberd 20.x:: +Open `/opt/ejabberd/conf/ejabberd.yml` and make the following +changes: + a. Define your public and private domains in the `hosts` directive. For + example: ++ +[source, bash] +--------------------------------------------------------------------------- +hosts: + - "localhost" + - "private.localhost" + - "public.localhost" +--------------------------------------------------------------------------- ++ + b. Change `starttls_required` to false + c. Change `shaper:` `normal` and `fast` values to 500000 + d. Increase the `max_user_sessions:` `all:` value to 10000 + e. Comment out the `mod_offline` directive ++ +----------------------- +##mod_offline: + ##access_max_user_messages: max_user_offline_messages +----------------------- ++ + f. Add the `mod_legacy_auth` directive under the `modules` section +(indent 2 spaces): ++ +----------------------- +modules: + .... + mod_version: + show_os: false + mod_legacy_auth: {} +----------------------- ++ + g. Add the following lines under the `## Local Variables`: + ----------------------- -mod_legacy_auth: {} +auth_method: internal +auth_password_format: plain ----------------------- + 3. Restart the ejabberd server to make the changes take effect: + -.(Debian / Ubuntu Bionic / Ubuntu Focal) Starting ejabberd +.Starting ejabberd [source, bash] --------------------------------------------------------------------------- systemctl start ejabberd.service @@ -424,7 +471,6 @@ Websockets installation instructions 1. Install websocketd (latest stable release from http://websocketd.com/) + -.(Debian, Ubuntu) [source,bash] --------------------------------------------------------------------------- cd /tmp @@ -436,7 +482,7 @@ sudo cp websocketd /usr/local/bin/ 2. Run websocketd + Choose option a or b, below. -+ + [NOTE] =========================================================================== websocketd does not offer a configurable inactivity timeout, meaning @@ -446,7 +492,7 @@ the use of a proxy (option 'a' below). A proxy also allows websocketd to be exposed to web clients on port 443 instead of its internal port, which may simplify firewall configuration. =========================================================================== -+ + a. Run websocketd as 'opensrf' + [NOTE] @@ -454,7 +500,6 @@ a. Run websocketd as 'opensrf' This choice requires one of the proxy configurations mentioned below. =========================================================================== + -.(Debian, Ubuntu) [source,bash] --------------------------------------------------------------------------- /usr/local/bin/websocketd --port 7682 /openils/bin/osrf-websocket-stdio & @@ -470,7 +515,6 @@ This choice requires one of the proxy configurations mentioned below. + b. Run websocketd without a proxy + -.(Debian, Ubuntu) [source,bash] --------------------------------------------------------------------------- sudo -b /usr/local/bin/websocketd --port 7682 --ssl --sslcert=/etc/apache2/ssl/server.crt \ @@ -485,11 +529,20 @@ of the proxy IP address. 1. Enable mod_remoteip + +.(Debian, Ubuntu) [source,bash] --------------------------------------------------------------------------- sudo a2enmod remoteip --------------------------------------------------------------------------- + +For Rocky/RHEL, create a file at `/etc/httpd/20-remoteip.conf` with the following line: ++ +.(Rocky/RHEL) +[source,bash] +--------------------------------------------------------------------------- +LoadModule remoteip_module modules/mod_remoteip.so +--------------------------------------------------------------------------- ++ 2. Enable remote IP settings by uncommenting and modifying as needed the Apache configuration variables starting with RemoteIP* in the sample Apache configuration file opensrf.conf. @@ -497,6 +550,25 @@ sudo a2enmod remoteip 3. Configure Apache to listen on port 7080 for HTTP and port 7443 for HTTPS and ensure that it is not listening on ports 80 and 443, then restart Apache. + +[NOTE] +=============================================================================== +On Rocky and RHEL, SELinux must be configured to allow Apache to access +and execute files in the non-standard `/openils` directory and to run on alternate +ports. Assuming `/openils` is the installation directory, issue the following +before restarting Apache. +=============================================================================== ++ +.(Rocky/RHEL) +[source, bash] +---------------------------------------------------------------------------- +semanage fcontext -a -t httpd_sys_content_t "/openils(/.*)?" +semanage fcontext -a -t httpd_log_t "/openils/var/log(/.*)?" +semanage fcontext -a -t httpd_sys_script_exec_t "/openils/lib(/.*)?" +semanage port -a -t http_port_t -p tcp 7080 +semanage port -a -t http_port_t -p tcp 7443 +restorecon -Rv /openils +---------------------------------------------------------------------------- ++ 4. If you didn't run `configure` with the `--with-websockets-port=443` option, edit `/javascript/opensrf_ws.js` and `/javascript/opensrf_ws_shared.js` and change @@ -513,7 +585,6 @@ to var WEBSOCKET_PORT_SSL = 443; --------------------------------------------------------------------------- - Optional: Using NGINX as a proxy -------------------------------- NGINX can be used to proxy HTTP, HTTPS, and WebSockets traffic. Among other @@ -530,13 +601,21 @@ for installing WebSockets support. 1. Install NGINX if not already present: + +.(Debian/Ubuntu) [source, bash] --------------------------------------------------------------------------- apt-get install nginx --------------------------------------------------------------------------- + +.(Rocky/RHEL) +[source, bash] +----------------------- +yum install nginx +----------------------- ++ 2. Copy the example NGINX configuration file into place and remove default. + +.(Debian/Ubuntu) [source, bash] --------------------------------------------------------------------------- cd /path/to/opensrf-OSRFVERSION @@ -545,21 +624,36 @@ ln -s /etc/nginx/sites-available/osrf-ws-http-proxy /etc/nginx/sites-enabled/osr rm /etc/nginx/sites-enabled/default --------------------------------------------------------------------------- + -3. Edit `/etc/nginx/sites-available/osrf-ws-http-proxy` to set the location +.(Rocky/RHEL) +[source, bash] +--------------------------------------------------------------------------- +cp examples/nginx/osrf-ws-http-proxy /etc/nginx/conf.d/ +--------------------------------------------------------------------------- ++ +3. Edit `/etc/nginx/sites-available/osrf-ws-http-proxy` (Debian/Ubuntu) or + `/etc/nginx/conf.d/osrf-ws-http-proxy` (Rocky/RHEL) to set the location of the SSL certificate and private key. 4. Generate a dhparam file in the directory specified in the nginx config. + +.(Debian/Ubuntu) [source, bash] --------------------------------------------------------------------------- # Default config stores dhparam.pem in the Apache2 ssl directory. openssl dhparam -out /etc/apache2/ssl/dhparam.pem 2048 --------------------------------------------------------------------------- + +.(Rocky/RHEL) +[source, bash] +--------------------------------------------------------------------------- +mkdir /etc/httpd/ssl +openssl dhparam -out /etc/httpd/ssl/dhparam.pem 2048 +--------------------------------------------------------------------------- ++ 5. Start NGINX + [source, bash] --------------------------------------------------------------------------- -/etc/init.d/nginx start +systemctl start nginx --------------------------------------------------------------------------- Optional: Using HAProxy as a proxy diff --git a/src/extras/Makefile.install b/src/extras/Makefile.install index 808042b..13d66c9 100644 --- a/src/extras/Makefile.install +++ b/src/extras/Makefile.install @@ -16,11 +16,15 @@ # - or - # make -f Makefile.install debian-jessie # - or - -# make -f Makefile.install ubuntu-bionic +# make -f Makefile.install ubuntu-bionic # - or - -# make -f Makefile.install ubuntu-focal +# make -f Makefile.install ubuntu-focal # - or - # make -f Makefile.install fedora +# - or - +# make -f Makefile.install rocky +# - or - +# make -f Makefile.install rhel # # --------------------------------------------------------------------- @@ -31,6 +35,12 @@ SHELL=/bin/bash LBITS=$(shell getconf LONG_BIT) APT_TOOL=apt-get -yq +FEDORA_YUM_TOOL=dnf -y +ROCKY_YUM_TOOL=dnf -y +RHEL_YUM_TOOL=yum -y +EJABBERD_VERSION=20.01 +EJABBERD_URL=https://www.process-one.net/downloads/downloads-action.php?file=/$(EJABBERD_VERSION) +EJABBERD_RPM=ejabberd-$(EJABBERD_VERSION)-0.x86_64.rpm # Debian dependencies DEBS = \ @@ -80,12 +90,11 @@ DEBS = \ zip\ zlib1g-dev -FEDORAS = \ +RPMS = \ autoconf \ automake \ check \ check-devel \ - ejabberd \ expat-devel \ gcc \ gdbm-devel \ @@ -96,35 +105,40 @@ FEDORAS = \ libmemcached \ libmemcached-devel \ libtool \ - libxml-libxml-perl \ - libxml-libxslt-perl \ libxml2-devel \ libxslt-devel \ make \ memcached \ mod_perl \ + perl-B-COW \ perl-Cache-Memcached \ - perl-Class-DBI \ - perl-Class-DBI-AbstractSearch \ - perl-Class-DBI-SQLite \ + perl-Clone \ + perl-CPAN \ + perl-CPAN-Meta-Check \ + perl-DateTime \ perl-DateTime-Format-Builder \ perl-DateTime-Format-ISO8601 \ perl-DateTime-Format-Mail \ - perl-DateTime-Set \ + perl-DBI \ perl-devel \ + perl-Devel-Peek \ perl-Error \ - perl-File-Find-Rule \ perl-JSON-XS \ perl-libwww-perl \ perl-Log-Log4perl \ perl-Module-Build \ perl-Net-DNS \ perl-Net-Server \ - perl-SQL-Abstract-Limit \ + perl-open \ + perl-Pod-Parser \ + perl-Sub-Quote \ perl-Template-Toolkit \ + perl-Test \ perl-Test-Deep \ perl-Test-Exception \ perl-Test-Pod \ + perl-Test-Warn \ + perl-Text-Balanced \ perl-Tie-IxHash \ perl-UNIVERSAL-require \ perl-Unix-Syslog \ @@ -133,7 +147,8 @@ FEDORAS = \ perl-XML-Simple \ psmisc \ readline-devel \ - tar + tar \ + wget DEB_APACHE_MODS = \ ssl @@ -163,6 +178,46 @@ EXTRA_DEBS_UBUNTU = \ apache2-dev \ libncurses5-dev +EXTRA_RPMS_FEDORA = \ + ejabberd \ + perl-Class-DBI \ + perl-Class-DBI-AbstractSearch \ + perl-Class-DBI-SQLite \ + perl-SQL-Abstract-Limit + +CPAN_MODULES_RHEL = \ + Test::More \ + Class::DBI \ + SQL::Abstract \ + SQL::Abstract::Limit \ + Class::DBI::AbstractSearch \ + Class::DBI::SQLite \ + Params::Validate \ + DateTime::Set \ + +PIP_MODULES_RHEL = \ + simplejson + +EXTRA_RPMS_FEDORA = \ + ejabberd \ + perl-Class-DBI \ + perl-Class-DBI-AbstractSearch \ + perl-Class-DBI-SQLite \ + perl-SQL-Abstract-Limit + +CPAN_MODULES_RHEL = \ + Test::More \ + Class::DBI \ + SQL::Abstract \ + SQL::Abstract::Limit \ + Class::DBI::AbstractSearch \ + Class::DBI::SQLite \ + Params::Validate \ + DateTime::Set \ + +PIP_MODULES_RHEL = \ + simplejson + # ---------------------------------------------------------------------------- all: @@ -177,7 +232,9 @@ stretch: install_extra_debs install_extra_debs_stretch debian_sys_config jessie: install_extra_debs_jessie debian_sys_config generic_debian: install_debs -fedora: install_fedora_rpms +fedora: install_rpms_fedora install_extra_rpms_fedora +rocky: install_powertools_rocky install_epel_rocky install_rpms_rhel install_cpan_modules_rhel install_ejabberd +rhel: enable_builder_repo_rhel install_epel_rhel install_rpms_rhel install_cpan_modules_rhel install_ejabberd ubuntu-bionic: generic_ubuntu ubuntu-focal: generic_ubuntu @@ -223,8 +280,40 @@ apache_mpm_prefork_mods: apache_perl_mod: a2enmod perl -# Fedora -install_fedora_rpms: - yum -y install $(FEDORAS) +# Rocky/RHEL +enable_builder_repo_rhel: + subscription-manager repos --enable codeready-builder-for-rhel-8-x86_64-rpms + +install_powertools_rocky: + $(ROCKY_YUM_TOOL) install dnf-plugins-core + $(ROCKY_YUM_TOOL) config-manager --set-enabled powertools + +install_epel_rocky: + $(ROCKY_YUM_TOOL) install epel-release + +install_epel_rhel: + $(RHEL_YUM_TOOL) install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm + +install_cpan_modules_rhel: + for m in $(CPAN_MODULES_RHEL); do cpan $$m; done; + +install_ejabberd: + wget -O /tmp/$(EJABBERD_RPM) $(EJABBERD_URL)/$(EJABBERD_RPM) + $(RHEL_YUM_TOOL) install /tmp/$(EJABBERD_RPM) + cp /opt/ejabberd-$(EJABBERD_VERSION)/bin/ejabberd.service /lib/systemd/system/ + systemctl daemon-reload + systemctl enable --now ejabberd.service + ln -sf /opt/ejabberd-$(EJABBERD_VERSION)/bin/ejabberdctl /usr/local/sbin/ejabberdctl + for i in erl iex epmd; do ln -sf /opt/ejabberd-$(EJABBERD_VERSION)/bin/$$i /usr/local/bin/$$i; done; + +# Fedora/Rocky +install_rpms_fedora: + $(FEDORA_YUM_TOOL) install $(RPMS) + +install_rpms_rhel: + $(RHEL_YUM_TOOL) install $(RPMS) + +install_extra_rpms_fedora: + $(FEDORA_YUM_TOOL) install $(EXTRA_RPMS_FEDORA) # vim:noet:sw=4:ts=4: -- 2.11.0