Difference between revisions of "Installing Onepoint on CentOS 7 with Hashicorp Vault"

From Onepoint Systems Integration
Jump to: navigation, search
(Enabling auth AppRole)
Line 11: Line 11:
 
== Enabling auth AppRole ==
 
== Enabling auth AppRole ==
 
For Onepoint logging on Hashicorp Vault, it must be enabled AppRole Authentication Backend on Hashicorp Vault.
 
For Onepoint logging on Hashicorp Vault, it must be enabled AppRole Authentication Backend on Hashicorp Vault.
#Create
+
For more information about AppRole auth backend, see [https://www.vaultproject.io/docs/auth/approle/ AppRole Auth Method]
#Bla
+
 
 +
Logged on as the root token or a token with the root policy, perform the following steps:
 +
#Enable AppRole (if it isn't already enabled)
 +
  $ vault auth enable approle
 +
#Create a role on Vault with no secret_id_ttl nor secret_id_num_uses nor token_num_uses
 +
  $ vault write auth/approle/role/my-role \
 +
    token_ttl=20m \
 +
    token_max_ttl=30m \
 +
    policies="default,secret-full"
 +
#Get the role ID for configuring Onepoint
 +
  $ vault read auth/approle/role/my-role/role-id
 +
  role_id    db02de05-fa39-4855-059b-67221c5c2f63
 +
#Generate a secret ID for configuring Onepoint
 +
  $ vault write -f auth/approle/role/my-role/secret-id
 +
  secret_id              6a174c20-f6de-a53c-74d2-6018fcceff64
 +
  secret_id_accessor      c454f7e5-996e-7230-6074-6ef26b7bcf86
 +
#Save role_id and secret_id catched on the previous two steps for configuring onepoint later.
  
 
= MariaDB =
 
= MariaDB =

Revision as of 12:02, 9 April 2020

Other Required Repositores

The following repositories are required for installing Onepoint. Please, make sure they're enabled once installed (property enabled=1 in the respective /etc/yum.repos.d/REPONAME.repo repository file)

Hashicorp Vault

Vault is a secret store that works as also a Vault Backend for Onepoint.

Enabling auth AppRole

For Onepoint logging on Hashicorp Vault, it must be enabled AppRole Authentication Backend on Hashicorp Vault. For more information about AppRole auth backend, see AppRole Auth Method

Logged on as the root token or a token with the root policy, perform the following steps:

  1. Enable AppRole (if it isn't already enabled)
 $ vault auth enable approle
  1. Create a role on Vault with no secret_id_ttl nor secret_id_num_uses nor token_num_uses
 $ vault write auth/approle/role/my-role \
   token_ttl=20m \
   token_max_ttl=30m \
   policies="default,secret-full"
  1. Get the role ID for configuring Onepoint
 $ vault read auth/approle/role/my-role/role-id
 role_id     db02de05-fa39-4855-059b-67221c5c2f63
  1. Generate a secret ID for configuring Onepoint
 $ vault write -f auth/approle/role/my-role/secret-id
 secret_id               6a174c20-f6de-a53c-74d2-6018fcceff64
 secret_id_accessor      c454f7e5-996e-7230-6074-6ef26b7bcf86
  1. Save role_id and secret_id catched on the previous two steps for configuring onepoint later.

MariaDB

First, make sure MariaDB - packages mariadb and mariadb-server - is installed on the system. If you want to use an external MariaDB database for the installation, this step is not required. You will need to create an empty database for installing Onepoint (for example, database onepoint)

 Tip: You shall make sure TCP/IP (bind-address) access is enabled for MariaDB / MySQL.

You also need to have a database created on MariaDB to host Onepoint. If you don't have one, you will need to create one. The default name is onepoint, but you can change it as you need, and then reflect the change in the database configuration part.

For creating the database, assuming the database name onepoint:

 mysql> create database onepoint;

Apache Web Server

You will need the Apache Web Server installed on the system for installing Onepoint You can install it running the following command:

 ]# yum install httpd

PHP

You will need PHP 7.2 or higher to install Onepoint. You'll need to install the following packages:

  • php72-php
  • php72-php-common
  • php72-php-bz2
  • php72-php-curl
  • php72-php-ldap
  • php72-php-gd
  • php72-php-gmp
  • php72-php-imap
  • php72-php-mbstring
  • php72-php-mcrypt
  • php72-php-soap
  • php72-php-mysqlnd
  • php72-php-xml
  • php72-php-zip
  • php72-php-json

You can install them running the following command (once Remi is installed):

 ]# yum install php72-php php72-php-common php72-php-bz2 php72-php-curl php72-php-ldap php72-php-gd php72-php-gmp php72-php-imap php72-php-mbstring php72-php-mcrypt php72-php-soap php72-php-mysqlnd php72-php-xml php72-php-zip php72-php-json

Python

You will need Python 2.7. You'll need to install the following packages:

  • python
  • python-pip
  • python-requests
  • python-ldap
  • python-paramiko

You can install them running the following command:

 ]# yum install python-pip python-requests python-ldap python-paramiko

Other Libraries

You will need to install the following libraries:

You can install them running the following command:

 ]# yum install curl http://download-ib01.fedoraproject.org/pub/epel/6/x86_64/Packages/c/curlpp-0.7.3-5.el6.x86_64.rpm
    • libssh
    • json-c
    • json-cpp

You can install them running the following command:

 ]# yum install libssh json-c jsoncpp

Other tools

  • psutils
  • psmisc
  • telnet (Client)
  • SSH Server
  • SSH Client

You can install them running the following command:

 ]# yum install psutils psmisc telnet ssh

Install Onepoint

Install the repository for your operating system version below. After this, install the onepoint package, through yum:

 ]# yum install http://repo.onepoint.net.br/yum/centos/repo/onepoint-repo-0.1-1centos.noarch.rpm
 ]# yum install onepoint

Configure Database Parameters

Database parameters are on /usr/share/onepoint/onepoint/application/config/database.php. Use your favorite text editor to specify them.

Initialize Onepoint Database

Run the setup script, accessing http://<HOSTNAME>/onepoint/ui/setup.

Configuring Onepoint Worker Daemon

Onepoint Worker is on /usr/share/onepoint/onepoint-worker. To configure it, set the credentials in /usr/share/onepoint/onepoint-worker/cfg/config.json, and put the startup script in the root's crontab. Like this:

 @reboot /usr/share/onepoint/onepoint-worker/start-onepoint-worker-su-30

You can start the service manually using

 ]# /usr/share/onepoint/onepoint-worker/start-onepoint-worker-su

And you can stop the service manually using

 ]# /usr/share/onepoint/onepoint-worker/stop-onepoint-worker

Finished

Now, Onepoint is ready. You can access it on http://<HOSTNAME>/onepoint

Links