Install RatticDB on CentOS 7

[Beni Peled]

I Installed RatticDB with the steps below, Based on this guide: https://wiki.gutzmann.com/confluence/display/HowTo/How+To+Install+RatticDB+on+CentOS+6.5

Install CentOS 7

Install CentOS 7 with 'minimal install' option

• yum install epel-release
  
• yum update
  
• yum upgrade
  
• yum groupinstall development
  
• yum groupinstall "Web Server"
  
• yum install gcc openldap-devel bzip2-devel sqlite-devel libxml2-devel libxslt-devel wget openssl-devel python-pip cryptsetup mod_wsgi vim
  
• yum install tk-devel ncurses-devel readline-devel mysql-devel ntp
  
• yum install httpd-devel python-devel
  
• chkconfig ntpd on
  
• service ntpd start
  

Disable SELINUX

NOTE: With CentOS 6.6 i have managed to move mysql to encrypted partition when SELINUX is enable, i haven't managed to do it with CentOS 7.

• vim /etc/selinux/config
  

-  SELINUX=enforcing

+ SELINUX=disabled

• reboot
  

Install and Set up MySQL

• rpm -Uvh http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm
  
• yum -y install mysql-community-server
  
• /usr/bin/systemctl start mysqld
  
• /usr/bin/mysql_secure_installation
  

Change the root password? [Y/n] Y

Remove anonymous users? [Y/n] y

Disallow root login remotely? [Y/n] y

Remove test database and access to it? [Y/n] y

Reload privilege tables now? [Y/n] y

• mysql -u root -p 
  

create database rattic;

create user rattic@localhost identified by '***rattic-db-password***';

grant all on rattic.* to rattic;

Set  up encrypted device for MySQL

• cryptsetup luksFormat /dev/sdb1
  
• cryptsetup luksOpen /dev/sdb1 rattic_encrypted
  
• pvcreate /dev/mapper/rattic_encrypted
  
• vgcreate rattic_VG /dev/mapper/rattic_encrypted
  
• lvcreate -l 100%VG -n rattic_LV rattic_VG
  
• mkfs.ext4 /dev/mapper/rattic_VG-rattic_LV
  
• mkdir /opt/apps/mysql
  
• mount /dev/mapper/rattic_VG-rattic_LV /opt/apps/mysql
  

Change MySQL Database directory

• systemctl stop mysqld.service
  
• cp -r /var/lib/mysql/* /opt/apps/mysql
  
• mv /var/lib/mysql /var/lib/mysql_OLD
  
• ln -s /opt/apps/mysql /var/lib/mysql
  
• chown -R mysql:mysql mysql
  
• vim /etc/my.cnf
  

- datadir=/var/lib/mysql

- socket=/var/lib/mysql/mysql.sock

+ datadir=/opt/apps/mysql

+ socket=/opt/apps/mysql/mysql.sock

• systemctl start mysql.service
  

Configure RatticDB

• cd /tmp
  
• wget https://github.com/tildaslash/RatticWeb/archive/v1.3.1.tar.gz
  
• tar -xf v1.3.1.tar.gz
  
• mv RatticWeb-1.3.1 /opt/apps/RatticWeb
  
• cd /opt/apps/RatticWeb
  
• pip install -r requirements-mysql.txt
  
• mkdir /opt/apps/RatticWeb/static
  
• chown -R rattic /opt/apps/RatticWeb
  
• useradd -c "RatticWeb" -m rattic
  
• su - rattic
  
• vim /opt/apps/RatticWeb/conf/local.cfg
  

[ratticweb]

debug = False

secretkey = ***rattic-secret-key***

hostname = ratticdb

[filepaths]

static = /opt/apps/RatticWeb/static

[database]

engine = django.db.backends.mysql

name = rattic

user = rattic

password = ***rattic-db-password***

host = localhost

port = 3306

• exit (back to root)
• cd /opt/apps/RatticWeb/
  
• ./manage.py syncdb --noinput
  
• ./manage.py migrate --all
  
• ./manage.py collectstatic -c --noinput
  
• ./manage.py demosetup

Configure Apache

• vim /etc/httpd/conf.d/rattic.conf
  

<VirtualHost *:80>

ServerName ratticdb

ServerAlias ratticdb

Redirect permanent / https://ratticdb

</VirtualHost>

Alias /robots.txt /opt/apps/RatticWeb/static/robots.txt

Alias /favicon.ico /opt/apps/RatticWeb/static/favicon.ico

AliasMatch ^/([^/]*\.css) /opt/apps/RatticWeb/static/styles/$1

Alias /media/ /opt/apps/RatticWeb/media/

Alias /static/ /opt/apps/RatticWeb/static/

<Directory /opt/apps/RatticWeb/static>

#Order deny,allow

#Allow from all

Require all granted

</Directory>

<Directory /opt/apps/RatticWeb/media>

#Order deny,allow

#Allow from all

Require all granted

</Directory>

#WSGISocketPrefix run/wsgi

WSGIScriptAlias / /opt/apps/RatticWeb/ratticweb/wsgi.py

WSGIPassAuthorization On

WSGIDaemonProcess rattic processes=2 threads=25 home=/opt/apps/RatticWeb/ python-path=/opt/apps/RatticWeb display-name=%{GROUP}

WSGIProcessGroup rattic

<Directory /opt/apps/RatticWeb/ratticweb>

<Files wsgi.py>

#Order deny,allow

#Allow from all

Require all granted

</Files>

</Directory>

• systemctl start httpd.service
  

Modify firewall

• iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
  
• iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
  

Go to: https://ratticdb

[Kon]

Thank you for the guide. One of the biggest things that's not mentioned here is that the hostname you put on the local.cfg file must be exactly the same as the fqdn you put in the httpd.conf. And on that, can you expand a bit more maybe what else you needed for apache to work on https? 

[Kon]

Replying to my own question, the only thing you need to is to install the mod_ssl package and install the certificates if you have any.

[Beni Peled]

Hi!

If you install all the package exactly like the yum commands above you just need to open the 443 port ('Modify firewall' stage).

The 'web server' group includes the 'mod_ssl' package.

Take a look into httpd error log file [error_log / ssl_error_log] to find more details.

If it still doesn't work please upload your local.cfg & rattic.conf.

[Kon]

Thank you Beni. I installed as per the instructions, but the mod_ssl didn't install along with the group, it was easy to fix though and everything is working now. Now.. to the hard part to fix ad integration :)

Thanks again for the guide.

[Beni Peled]

Hello Kon

Take a look at the attached screenshot,

But it doesn't really matter if everything works for you now.

Beni. 

[Simon Seidel]

Hi,

i did everything like you discribed in this one but nothing is working for me -.-
maybe u can give me a little help?

so everything that's happening are errors ;) best example:
when i try to perform ./manage.py syncdb --noinput i get this stuff

File "./manage.py", line 10, in <module>
    execute_from_command_line(sys.argv)
  File "/usr/lib/python2.7/site-packages/django/core/management/__init__.py", line 399, in execute_from_command_line
    utility.execute()
  File "/usr/lib/python2.7/site-packages/django/core/management/__init__.py", line 392, in execute
    self.fetch_command(subcommand).run_from_argv(self.argv)
  File "/usr/lib/python2.7/site-packages/django/core/management/__init__.py", line 261, in fetch_command
    commands = get_commands()
  File "/usr/lib/python2.7/site-packages/django/core/management/__init__.py", line 107, in get_commands
    apps = settings.INSTALLED_APPS
  File "/usr/lib/python2.7/site-packages/django/conf/__init__.py", line 54, in __getattr__
    self._setup(name)
  File "/usr/lib/python2.7/site-packages/django/conf/__init__.py", line 49, in _setup
    self._wrapped = Settings(settings_module)
  File "/usr/lib/python2.7/site-packages/django/conf/__init__.py", line 132, in __init__
    % (self.SETTINGS_MODULE, e)
ImportError: Could not import settings 'ratticweb.settings' (Is it on sys.path? Is there an import error in the settings file?): No module named ldap


i hope u can help me out :)

regards simon

[Fabien GRAGLIA]

Hi Simon,

Try with this edit

https://github.com/csakoda/RatticWeb/commit/6758574e917cde2a9efd42f6cb1312f9819f04ff

and relaunch command :

sudo pip install -r requirement-base.txt

[ismail]

• ./manage.py syncdb --noinput
  
• ./manage.py migrate --all
  
• ./manage.py collectstatic -c --noinput
  
• ./manage.py demosetup

i don't know why this not work for me can someone help me on that i stuck here (im a student) 

https://wiki.gutzmann.com/confluence/display/HowTo/How+To+Install+RatticDB+on+CentOS+6.5

[sheik mohamad]

Hi Beni,

After all the setup completion I am facing the internal 500 error on browser, kindly check with the apache configuration and let us know the steps to access the password manager in browser clearly.

Thankyou.