User:Dominik.epple: Difference between revisions

From Open-Xchange
No edit summary
No edit summary
Line 100: Line 100:
=== Install OX software ===
=== Install OX software ===


You need an ldb user and password for updates and proprietary repos. If you dont have such a user, you can still install the free components.
You need an ldb user and password for updates and proprietary repos. If you dont have such a user, you can still install the free components. You'll get a lot of authentication failed warnings however from apt tools unless you deconfigure the closed repos.


  wget http://software.open-xchange.com/oxbuildkey.pub -O - | apt-key add -
  wget http://software.open-xchange.com/oxbuildkey.pub -O - | apt-key add -
Line 113: Line 113:
**if you want to have separate frontend (apache) and middleware (open-xchange) systems, make sure to install packages which require apache as dependency on the frontend nodes, and packages which require java as a dependency on the middleware nodes. Currently this results in the split
**if you want to have separate frontend (apache) and middleware (open-xchange) systems, make sure to install packages which require apache as dependency on the frontend nodes, and packages which require java as a dependency on the middleware nodes. Currently this results in the split
*** Middleware nodes: open-xchange open-xchange-authentication-database open-xchange-grizzly open-xchange-admin open-xchange-appsuite-backend open-xchange-appsuite-manifest
*** Middleware nodes: open-xchange open-xchange-authentication-database open-xchange-grizzly open-xchange-admin open-xchange-appsuite-backend open-xchange-appsuite-manifest
*** Frontend nodes: apt-get install open-xchange-appsuite
*** Frontend nodes: open-xchange-appsuite
** If you want to use an object store, install the corresponding open-xchange-filestore-xyz package, like open-xchange-filestore-s3
** If you want to use an object store, install the corresponding open-xchange-filestore-xyz package, like open-xchange-filestore-s3
=== Install database schemas ===
If the DB runs on localhost and you have root access, you can use
/opt/open-xchange/sbin/initconfigdb --configdb-pass=secret -a
cluster note:
on all db (write) instances:
mysql -e 'grant all privileges on *.* to "openexchange"@"%" identified by "secret";'
/opt/open-xchange/sbin/initconfigdb --configdb-user=openexchange --configdb-pass=secret --configdb-host=configdb-writehost
(initconfigdb needs to be run only once on one cluster node)
=== Initial configuration ===

Revision as of 10:52, 28 July 2017

Install Guide

About this document

The aim of this document is to replace the existing quickinstall guides to provide a more extensive view on "single node and beyond" topics, follow closer to existing "best practices" and point out what needs to be changed in clustered installations.

Most of the commands given in this document thus assume a high level design of "single-node, all-in-one".

This document was created on Debian Stretch (which, as of time of writing, is not even supported yet) --

Preparations

System update

You want to start on latest patchlevel of your OS:

apt-get update
apt-get dist-upgrade
apt-get install less vim pwgen
reboot

Prepare database

In real-world installations this will probably be multiple galera clusters of a supported flavor and version. For educational purposes a standalone DB on our single-node machine is sufficient.

Even for single-node, don't forget to apply database tuning. See our oxpedia articles for default tunings. Note that typically you need to re-initialize the MySQL datadir after changing InnoDB sizing values, and subsequently start the service:

mysql_install_db
service mysql restart

We aim to create secure-by-default documentation, so here we go: Run mysql_secure_installation, set a root password (e.g. pwgen 12 1)

For convenience, put this into /root/.my.cnf:

[client]
user=root
password=...

This also needs to be put in /etc/mysql/debian.cnf.

Prepare OX user

While the packages will create the user automatically if it does not exist, we want to prepare the filestore now, and we need the user therefore.

useradd -r open-xchange

In a clustered environment, you might prefer to hard-wire the userid and groupid to the same fixed value. Otherwise, if you want to use a NFS filestore, you'll run into permissions problems.

groupadd -r -g 999 open-xchange
useradd -r -g 999 -u 999 open-xchange


Prepare filestore

There are several options here.

Single-Node: local directory

For a single-node installation, you can just prepare a local directory:

mkdir /var/opt/filestore
chown open-xchange:open-xchange /var/opt/filestore
NFS

If using NFS:

Setup on the NFS server:

apt-get install nfs-kernel-server
service nfs-kernel-server restart

Configure /etc/exports. This is for traditional ip based access control; krb5 or other security configuration is out of scope of this document.

mkdir /var/opt/filestore
chown open-xchange:open-xchange /var/opt/filestore
echo "/var/opt/filestore 192.168.1.0/24(rw,sync,fsid=0,no_subtree_check)" >> /etc/exports
exportfs -a

Clients can then mount using

mkdir /var/opt/filestore
mount -t nfs -o vers=4 nfs-server:/filestore /var/opt/filestore

Or using fstab entries like

nfs-server:/filestore /var/opt/filestore nfs4 defaults 0 0
Object Store

You can use an object store. For lab environments Ceph is a convenient option. For demo / educational purpuses a "single node Ceph cluster" even co-located on your "single-node machine" is reasonble, but its setup is out of scope of this document. If you want to use this, be prepared to provide information about endpoint, bucket name, access key, secret key.

No filestore

If you dont want to provide a filestore, you can configure OX later to run without filestore. (Q: do we still need a dummy registerfilestore on a local directory in that event?)

Prepare mail system

Out of scope of this document. Let's assume you've got a mail system with smtp and imap endpoints where users can authenticate using their email address and a password. We assume separate / exsting provisioning for the scope of this document.

Install OX software

You need an ldb user and password for updates and proprietary repos. If you dont have such a user, you can still install the free components. You'll get a lot of authentication failed warnings however from apt tools unless you deconfigure the closed repos.

wget http://software.open-xchange.com/oxbuildkey.pub -O - | apt-key add -
wget -O/etc/apt/sources.list.d/ox.list http://software.open-xchange.com/products/DebianJessie.list
ldbuser=...
ldbpassword=...
sed -i -e "s/LDBUSER:LDBPASSWORD/$ldbuser:$ldbpassword/" /etc/apt/sources.list.d/ox.list
apt-get update
apt-get install open-xchange open-xchange-authentication-database open-xchange-grizzly open-xchange-admin open-xchange-appsuite-backend open-xchange-appsuite-manifest open-xchange-appsuite
  • Cluster notes:
    • if you want to have separate frontend (apache) and middleware (open-xchange) systems, make sure to install packages which require apache as dependency on the frontend nodes, and packages which require java as a dependency on the middleware nodes. Currently this results in the split
      • Middleware nodes: open-xchange open-xchange-authentication-database open-xchange-grizzly open-xchange-admin open-xchange-appsuite-backend open-xchange-appsuite-manifest
      • Frontend nodes: open-xchange-appsuite
    • If you want to use an object store, install the corresponding open-xchange-filestore-xyz package, like open-xchange-filestore-s3

Install database schemas

If the DB runs on localhost and you have root access, you can use

/opt/open-xchange/sbin/initconfigdb --configdb-pass=secret -a


cluster note: on all db (write) instances: mysql -e 'grant all privileges on *.* to "openexchange"@"%" identified by "secret";' /opt/open-xchange/sbin/initconfigdb --configdb-user=openexchange --configdb-pass=secret --configdb-host=configdb-writehost (initconfigdb needs to be run only once on one cluster node)

Initial configuration