Installing red
Reading overview.txt
is a very good idea before trying to install. ??? there is no overview.txt
any more.
Note: This is not a turn key solution. It will require programming, etc to work properly.
Red is designed to write to your computer's system files. Probably a good idea to get it up and running in a test environment with a test destination server that can be borked. Don't test on a live production server!
Requirements
- MySQL
- PHP
- Apache
Installation
Database
- Database. Red only supports MySQL. To begin, create database (e.g.
red
) and import red/docs/sql/initialize.sql. You can safely ignore the remaining dated sql files - you will need to import them if you are upgrading, but not if you are installing from scratch.
- Create a mysql user for the client program that has select, update, delete, and insert privileges (such as red-ui).
GRANT ALL ON red.* to 'red-ui'@'localhost' identified by 'secret';
- Create a mysql user (e.g.
red-node
) for the server program using the following grant statements (to limit access to the bare minimum).
GRANT SELECT ON red.* to 'red-node'@'server_domain' identified by 'secret'; GRANT UPDATE ON red.red_item to 'red-node'@'server_domain'; GRANT INSERT ON red.red_error_log to 'red-node'@'server_domain';
UI
The ui directory contains all the files necessary for the web gui to work.
- Copy red/ui/etc/config.inc.php.sample to
ui/etc/config.inc.php
and edit it.- Set
$config['notify_host'] = false
(because we haven't setup the server yet). - Update with the details of the
red-ui
user account you created above. - Find the line that sets
$base
and change it to the red root directory. - If you are not going to be using https, uncomment this line:
$config['secure_cookies'] = false;
- Set
- Configure your web server so it can use the www directory in the ui folder as the
DocumentRoot
- Test the UI. Login with user
admin
and passwordadmin23
. You should be able to add new items, which will be in the status "pending-insert".
- On Fedora you need install the
php-process
package to get theposix_getuid
function.
- Ensure the hostname for the node you are configuring resolves correctly
node
- Your node computer must be able to access the database on your UI. You may need to configure your MySQL server on the UI to listen on a network IP address.
- You can checkout the red code anywhere you want, however,
/usr/local/share/red
is the canonical location.
- You should create a
/usr/local/etc/red
directory as well and copy the contents of red/node/etc/red/ to this directory.
- Configure. Enter the etc/red directory. Copy all
*.sample
files to the name without.sample
Most files are configured to be used on a default debian configured system, so don't require additional editing. The red_node.conf is the only file that requires editing:
- Configure it with the MySQL login details for the red-node user you created above.
- Edit the line that says
$node = 'localhost';
and replace localhost with the hostname for the node.
- Test the node update command. Execute red-node-update passing the path to the red_node.conf file (the default location is
/usr/local/etc/red/red_node.conf
, you don't need to pass the path as the second argument if your conf file is already located there). For example:node/sbin/red-node-update /path/to/etc/red/red-node.conf
- It should run silently, creating all the items that were in a pending state, changing the status to "active".
Setup ssh triggering
- As the user who your web server runs as, create an ssh private/public key pair, leaving the passphrase empty:
ssh-keygen -t rsa
- On each destination node, create a
/root/.ssh/authorized_keys
file for the user that you want red to be logging in as. In a real world environment, you will want this to be the root user (or a user with password-less sudo privs). You should add a line that includes the command option to limit access to executing thered-node-update
command, for example:command="/usr/local/share/red/server/sbin/red-node-update" ssh-rsa AAAAB3NzaC1yc etc...
- As the user who your web server runs as, test the connection and accept the key fingerprint (if it is correct).
- Now - you can change your ui configuration setting to enable the notify variable to be true.