MWA2 and RHEL7

456 views
Skip to first unread message

Gregory Neagle

unread,
May 6, 2016, 1:15:39 PM5/6/16
to munki-w...@googlegroups.com
I've added some notes on getting MWA2 up and running on RHEL7 here: https://github.com/munki/mwa2/wiki/RHEL7-setup-notes

If anyone has set it up with mod_wsgi and Apache, would love to see a write-up of that.

-Greg

David Nelson

unread,
May 6, 2016, 7:01:04 PM5/6/16
to munki-w...@googlegroups.com
I followed the instructions up to the point of creating a test server on port 8080 and that worked fine.

Then I tried setting it up with mod_wsgi using the instructions from the original munkiwebadmin. It lets me log in and shows the navigation/buttons at the top of the page, but the lists of manifests and packages are just blank. 

If anyone has ideas about what I might be doing wrong, I’d love to hear it. If I get it working I would be glad to write up what I did and share that. 

David

David Nelson

unread,
May 6, 2016, 7:01:04 PM5/6/16
to munki-w...@googlegroups.com
Well, this probably goes without saying but I didn’t exactly follow the steps from the original munkiwebadmin docs. But I used them as a reference point and adapted as I went. :) 

Gregory Neagle

unread,
May 6, 2016, 7:16:36 PM5/6/16
to munki-w...@googlegroups.com
On May 6, 2016, at 3:48 PM, David Nelson <da...@davidnelson.net> wrote:

I followed the instructions up to the point of creating a test server on port 8080 and that worked fine.

Depending on the number of admin users who might be using MWA2 at once, the development server might be all you need. Unlike MWA(1), since Munki clients don't send reports to MWA2, it doesn't have to scale to support many simultaneous connections.


Then I tried setting it up with mod_wsgi using the instructions from the original munkiwebadmin. It lets me log in and shows the navigation/buttons at the top of the page, but the lists of manifests and packages are just blank. 

If anyone has ideas about what I might be doing wrong, I’d love to hear it.

Sounds like you need to set up Apache to serve the static elements (css, images, javascript, etc):




If I get it working I would be glad to write up what I did and share that. 

David


On May 6, 2016, at 10:15 AM, Gregory Neagle <gregn...@mac.com> wrote:

I've added some notes on getting MWA2 up and running on RHEL7 here: https://github.com/munki/mwa2/wiki/RHEL7-setup-notes

If anyone has set it up with mod_wsgi and Apache, would love to see a write-up of that.

-Greg

--
You received this message because you are subscribed to the Google Groups "MunkiWebAdmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to munki-web-adm...@googlegroups.com.
Visit this group at https://groups.google.com/group/munki-web-admin.
For more options, visit https://groups.google.com/d/optout.

David Nelson

unread,
May 6, 2016, 10:05:38 PM5/6/16
to munki-w...@googlegroups.com
Thanks for your reply. The /static directory is accessible via a browser and seems to show the right stuff. Maybe I'll just redo it again from the start. I might have missed something or put a file in the wrong place. 
David 

Gregory Neagle

unread,
May 7, 2016, 12:00:17 AM5/7/16
to munki-w...@googlegroups.com
On May 6, 2016, at 7:05 PM, David Nelson <dmne...@gmail.com> wrote:

Thanks for your reply. The /static directory is accessible via a browser and seems to show the right stuff.

You might need to do a `python manage.py collectstatic` to cause all of the static files from all of the apps to be collected together in a single directory.
This also might entail defining STATIC_ROOT in settings.py.

-Greg

walter

unread,
Oct 31, 2016, 9:57:58 AM10/31/16
to MunkiWebAdmin
what steps did you use to setup mod_wsgi?  i've followed the original mwa instructions, slightly modifying the .wsgi file and virtualhost conf in httpd, but can't get it to run.  it does, however, run fine under django itself

Marco Segovia

unread,
Nov 3, 2016, 6:15:41 PM11/3/16
to MunkiWebAdmin
I'm having a similar issue getting MWA2 working correctly on a fresh ubuntu 16.04 server install. I have everything working to the point where MySQL is the DB backend (I'm pretty sure I got that part right) and Apache is serving something, but I think something is wrong with my apache config. I basically followed these instructions taking into account some of the changes in the RHEL7 set up documentation for MWA2 for using django 1.9.x. 

To change the backend I subbed the following in the MWA2 settings file:

Under DATABASES, make the following changes:
'ENGINE': 'django.db.backends.mysql’,
'NAME': 'munkiwebadmin',
'USER': 'munkiwebadmin',
'PASSWORD': ‘*my password*’
'HOST': ‘’,
'PORT': ‘’,

-----------

my apache conf is as follows:

-----------

# Base configuration
Alias /catalogs/ /var/www/html/catalogs/
Alias /manifests/ /var/www/html/manifests/
Alias /pkgs/ /var/www/html/pkgs/
Alias /icons/ /var/www/html/icons/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>

# Munki Web Admin
Alias /static/ /usr/local/munkiwebadmin_env/mwa2/munkiwebadmin/static/
<Directory /usr/local/munkiwebadmin_env/mwa2/munkiwebadmin/static>
Order allow,deny
Allow from all
Require all granted
</Directory>

WSGIDaemonProcess munkiwebadmin python-path=/usr/local/munkiwebadmin_env/mwa2:/usr/local/munkiwebadmin_env/lib/python2.7/site-packages
WSGIProcessGroup munkiwebadmin
WSGIScriptAlias / /usr/local/munkiwebadmin_env/mwa2/munkiwebadmin/wsgi.py

<Directory /usr/local/munkiwebadmin_env/mwa2/munkiwebadmin>
<Files wsgi.py>
Order allow,deny
Allow from all
Require all granted
</Files>
</Directory>

# Munki Repo
<Directory /var/www/html>
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
Require all granted
</Directory>


    SSLCertificateFile    /etc/ssl/certs/munkiwebadmin.crt
    SSLCertificateKeyFile /etc/ssl/private/munkiwebadmin.key

-----------------

Using that I can get to the munkiwebadmin page, then log in, but after that I get a 403 error about not having permission to access the /manifest/ directory.

Looking in the apache logs I see this error:

No matching DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm) found, and server-generated directory index forbidden by Options directive 

If I change <Directory /var/www/html>   ->  Options FollowSymLinks -> Options +FollowSymLinks, I don't get the error anymore, but all I see is the directory structure of that folder. Maybe I'll try not using MySQL to see if that makes a difference.  ¯\_(ツ)_/¯

Marco Segovia

unread,
Nov 8, 2016, 12:39:24 PM11/8/16
to MunkiWebAdmin
Just a small update. I redid my munki server vm, leaving the settings file database section alone, but no dice. Apache still give me permission errors when serving MWA2. I'm pretty sure it's just my apache conf that's messed up, I just can't see where -_-  Any ideas?

Martin Abrahamsson

unread,
Jun 28, 2017, 9:12:40 AM6/28/17
to MunkiWebAdmin
I got mwa2 with wsgi over apache working properly now I have updated the mwa2 wiki with the information.


- Martin

Gregory Neagle

unread,
Jun 28, 2017, 11:22:57 AM6/28/17
to munki-w...@googlegroups.com
Thanks for your contribution!

Questions (which you may want to answer in the wiki):

1) Why did you choose to serve the app on port 8080? Alternate ports are needed when using alternate web servers like the Django development server, but if you are configuring Apache to serve MWA2, why not make it easier for everyone and serve on the default ports?

2) What does TraceEnable off do, and why did you choose it for this?

3) I see you've defined a user and group form the WSGIDaemonProcess. I might be wrong, but don't those require that Apache itself is running as root (which is an uncommon configuration)?

-Greg

Martin Abrahamsson

unread,
Jul 11, 2017, 5:37:27 AM7/11/17
to MunkiWebAdmin
Hi Greg,

your welcome.

1. I run a multiple instances of mwa/mwa2/ on my server. 8080 is my testing port, that the reason used it. I only run direct munki traffic with aliases for the different shares on port 443 all types of management servers run on their own ports. I do this so that the different sub companies have their own ports. I can change the port to 80 or 443 in the config.

2. TraceEnable is a part of our IT Security Guidelines I have to have it set to off in all my configs. Here is a link of what it can do, I will remove it from the wiki, since its not really needed for a normal configuration. I added a link so you can read up on what it does.

3. I need this for write access to the sqlite database. if I don't setup these two lines:
"WSGIDaemonProcess companymwa user=munkiwebadmin group=munki"
"WSGIProcessGroup companymwa"

OperationalError at /

attempt to write a readonly database
Request Method:POST
Request URL:https://xxxxxxxx1337.company.com:8080/
Django Version:1.9.1
Exception Type:OperationalError
Exception Value:
attempt to write a readonly database



-Martin
Reply all
Reply to author
Forward
0 new messages