Thursday, June 23, 2016

Installing RatticDB - OpenSource Password Manager On CentOS7


Installing RatticDB - OpenSource Password Manager On CentOS7


Install CentOS 7

Install CentOS 7 with 'minimal install' option
  • yum install epel-release
  • yum update
  • yum upgrade
  • yum groupinstall development
  • yum groupinstall "Web Server"
  • yum install gcc openldap-devel bzip2-devel sqlite-devel libxml2-devel libxslt-devel wget openssl-devel python-pip cryptsetup mod_wsgi vim
  • yum install tk-devel ncurses-devel readline-devel mysql-devel ntp
  • yum install httpd-devel python-devel
  • chkconfig ntpd on
  • service ntpd start

Setup the hostname:

#vim /etc/hostname

pwdmngr.example.com

Disable SELINUX
NOTE: With CentOS 6.6 i have managed to move mysql to encrypted partition when SELINUX is enable, i haven't managed to do it with CentOS 7.
  • vim /etc/selinux/config
-  SELINUX=enforcing
+ SELINUX=disabled
  • reboot
Install and Set up MySQL (You can also install MariaDB with epel repo)
Change the root password? [Y/n] Y
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
  • mysql -u root -p 
create database rattic;
create user rattic@localhost identified by '***rattic-db-password***';
grant all on rattic.* to rattic;

Optional: Set  up encrypted device for MySQL
  • cryptsetup luksFormat /dev/sdb1
  • cryptsetup luksOpen /dev/sdb1 rattic_encrypted
  • pvcreate /dev/mapper/rattic_encrypted
  • vgcreate rattic_VG /dev/mapper/rattic_encrypted
  • lvcreate -l 100%VG -n rattic_LV rattic_VG
  • mkfs.ext4 /dev/mapper/rattic_VG-rattic_LV
  • mkdir /opt/apps/mysql
  • mount /dev/mapper/rattic_VG-rattic_LV /opt/apps/mysql

Optional: Change MySQL Database directory
  • systemctl stop mysqld.service
  • cp -r /var/lib/mysql/* /opt/apps/mysql
  • mv /var/lib/mysql /var/lib/mysql_OLD
  • ln -s /opt/apps/mysql /var/lib/mysql
  • chown -R mysql:mysql mysql
  • vim /etc/my.cnf
- datadir=/var/lib/mysql
- socket=/var/lib/mysql/mysql.sock
+ datadir=/opt/apps/mysql
+ socket=/opt/apps/mysql/mysql.sock
  • systemctl start mysql.service

Configure RatticDB
  • cd /tmp
Download latest stable version from github
  • wget https://github.com/tildaslash/RatticWeb/archive/master.zip
  • unzip master.zip
  • mv RatticWeb /opt/apps/RatticWeb
  • cd /opt/apps/RatticWeb
  • pip install -r requirements-mysql.txt
  • mkdir /opt/apps/RatticWeb/static
  • chown -R rattic /opt/apps/RatticWeb
  • useradd -c "RatticWeb" -m rattic
  • su - rattic
Note: Change hostname with your hostname, set any secret key, set the myql password here.
  • vim /opt/apps/RatticWeb/conf/local.cfg
[ratticweb]
debug = False
secretkey = ***rattic-secret-key***
hostname = ratticdb

[filepaths]
static = /opt/apps/RatticWeb/static

[database]
engine = django.db.backends.mysql
name = rattic
user = rattic
password = ***rattic-db-password***
host = localhost
port = 3306
  • exit (back to root)

Configure Apache

Note: Change the "Server Name, Server Alias and Redirect Permanent url with hostname
  • vim /etc/httpd/conf.d/rattic.conf
<VirtualHost *:80>
ServerName ratticdb
ServerAlias ratticdb
Redirect permanent / https://ratticdb
</VirtualHost>
Alias /robots.txt /opt/apps/RatticWeb/static/robots.txt
Alias /favicon.ico /opt/apps/RatticWeb/static/favicon.ico
AliasMatch ^/([^/]*\.css) /opt/apps/RatticWeb/static/styles/$1
Alias /media/ /opt/apps/RatticWeb/media/
Alias /static/ /opt/apps/RatticWeb/static/
<Directory /opt/apps/RatticWeb/static>
#Order deny,allow
#Allow from all
Require all granted
</Directory>
<Directory /opt/apps/RatticWeb/media>
#Order deny,allow
#Allow from all
Require all granted
</Directory>
#WSGISocketPrefix run/wsgi
WSGIScriptAlias / /opt/apps/RatticWeb/ratticweb/wsgi.py
WSGIPassAuthorization On
WSGIDaemonProcess rattic processes=2 threads=25 home=/opt/apps/RatticWeb/ python-path=/opt/apps/RatticWeb display-name=%{GROUP}
WSGIProcessGroup rattic
<Directory /opt/apps/RatticWeb/ratticweb>
<Files wsgi.py>
#Order deny,allow
#Allow from all
Require all granted
</Files>
</Directory>
  • systemctl start httpd.service

Modify firewall
  • iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
  • iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT



# cd /usr/local/lib/python2.7/dist-packages # this path probably varies from system to system # rm -rf kombu/transport/django/migrations djcelery/migrations # mv kombu/transport/django/south_migrations kombu/transport/django/migrations # mv djcelery/south_migrations djcelery/migrations


To sync db follow the below stepls


# pip install -r requirements-base.txt

./manage.py scripts
./manage.py syncdb --noinput
./manage.py migrate --all
./manage.py collectstatic -c --noinput
./manage.py demosetup

No comments: