wiki:control-panel/hacking/install

Version 8 (modified by Ben Dean-Kawamura, 8 years ago) (diff)

--

Installing red

Reading overview.txt is a very good idea before trying to install.

Note: This is not a turn key solution. It will require programming, etc to work properly.

Red is designed to write to your computer's system files. Probably a good idea to get it up and running in a test environment with a test destination server that can be borked. Don't test on a live production server!

Requirements

  • MySQL
  • PHP
  • Apache

Installation

Database

  • Database. Red only supports MySQL. To begin, create database (e.g. red) and import the tables.sql and data.sql files from the sql directory. You can safely ignore the remaining dated sql files - you will need to import them if you are upgrading, but not if you are installing from scratch.
  • Create a mysql user for the client program that has select, update, delete, and insert privileges (such as red-ui).
GRANT ALL ON red.* to 'red-ui'@'localhost' identified by 'secret';
  • Create a mysql user (e.g. red-node) for the server program using the following grant statements (to limit access to the bare minimum).
GRANT SELECT ON red.* to 'red-node'@'server_domain' identified by 'secret';
GRANT UPDATE ON red.red_item to 'red-node'@'server_domain';
GRANT INSERT ON red.red_error_log to 'red-node'@'server_domain';

UI

The ui directory contains all the files necessary for the web gui to work.

  • Copy the etc/config.inc.php.sample file to etc/config.inc.php and edit it.
    • Set $config['notify_host'] = false (because we haven't setup the server yet).
    • Update with the details of the red-ui user account you created above.
    • Find the line that sets $base and change it to the red root directory.
    • If you are not going to be using https, uncomment this line: $config['secure_cookies'] = false;
  • In share/ihtml copy the .sample files to files without the .sample suffix. Edit if you want.
  • In ui/www copy the extra.css.sample to extra.css. Edit if you want.
  • Configure your web server so it can use the www directory in the ui folder as the DocumentRoot
  • Test the UI. Login with user admin and password admin23. You should be able to add new items, which will be in the status "pending-insert."
  • On Fedora you need install the php-process package to get the posix_getuid function.
  • Ensure the hostname for the node you are configuring resolves correctly

node

  • Your node computer must be able to access the database on your UI. You may need to configure your MySQL server on the UI to listen on a network IP address.
  • You can checkout the red code anywhere you want, however, /usr/local/share/red is the canonical location.
  • You should create a /usr/local/etc/red directory as well and copy the contents of node/etc/red/ to this directory.
  • Configure. Enter the etc/red directory. Copy all *.sample files to the name without ".sample"

Most files are configured to be used on a default debian configured system, so don't require additional editing. The red_node.conf is the only file that requires editing:

  • Configure it with the MySQL login details for the red-node user you created above.
  • Edit the line that says $node = 'localhost'; and replace localhost with the hostname for the node.
  • Test the node update command. Execute red-node-update passing the path to the red_node.conf file (the default location is /usr/local/etc/red/red_node.conf, you don't need to pass the path as the second argument if your conf file is already located there). For example:
      node/sbin/red-node-update /path/to/etc/red/red-node.conf
    
  • It should run silently, creating all the items that were in a pending state, changing the status to "active."

Setup ssh triggering

  • As the user who your web server runs as, create an ssh private/public key pair, leaving the passphrase empty:
    ssh-keygen -t rsa
    
  • On each destination node, create a /root/.ssh/authorized_keys file for the user that you want red to be logging in as. In a real world environment, you will want this to be the root user (or a user with password-less sudo privs). You should add a line that includes the command option to limit access to executing the red-node-update command, for example:
    command="/usr/local/share/red/server/sbin/red-node-update" ssh-rsa AAAAB3NzaC1yc etc...
    
  • As the user who your web server runs as, test the connection and accept the key fingerprint (if it is correct).
  • Now - you can change your ui configuration setting to enable the notify variable to be true.