How to install OpenEMM on RHEL and its forks
Posted: Tue Nov 23, 2021 9:50 pm
Hello,
After attempting to install OpenEMM on several different operating systems, following several guides listed at https://wiki.openemm.org/doku.php , for about 2 weeks. I have finally managed to get it running. Below is a guide I have tested by rebuilding a working OpenEMM at least 5 times to make sure I have all the steps documented correctly:
On a brand new install of CentOS/Rocky/Alma, after you've set up networking to your preferences (I will be using Rocky linux for this guide, some commands such as dnf can be replaced with yum, no functionality will be lost):
### Initial settings & config changes
### Initial Package Installation:
### Run update afterwards to update all libraries
### Open firewall for traffic:
### Adding openemm user and making initial directory structure for OpenEMM
### Grabbing tomcat-native. (for whatever reason, this package is left out of the openemm installer tool, and its installation is sparsely covered in ### the guides provided by Agnitas)
### Installing tomcat-native. This is needed for TLS and HTTPS
##### From another machine with the same network access, scp the openemm-runtime tar provided by Agnitas by email to the openemm machine:
### Initializing the DB
systemctl enable mariadb;
systemctl start mariadb;
mysql_secure_installation;
Set root password? [Y/n] y
Disallow root login remotely? [Y/n] n
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y
### journalctl changes:
### Maillog changes:
# open and override the following file with the contents below:
# vim /etc/logrotate.d/syslog
### permissions modification:
### Postfix Settings:
### vim /etc/postfix/main.cf and add the following to the bottom of the file. You will need to jump to around line 135 to comment out both inet* lines
# add to /etc/postfix/master.cf, making sure that the f in flags is under the i in mailloop. ie; two spaces
### Unpacking of OpenEMM runtime tar and setting system file limits. I moved this step to the end of part 1, to minimize restarts needed.
### This log is not created by the installer for whatever reason, tomcat will not run if this does not exist, so you'll have to create it manually
### and adjust the permissions accordingly:
### No clue what the console user is supposed to do, it is mentioned very briefly in a OMT.py script. If you try and set up your URL in later steps, the ### installer tool will attempt to place keys and grab certain
### config files in /home/console. This can be fixed by simply linking console to openemm.
# System value for maximum parallel files open (= ulimit) is 1024. Must be at least 16384.
# Change it now (N/y, Blank => Cancel):
> y
reboot < -- required by system after changing system limits
### Continued in the next post
After attempting to install OpenEMM on several different operating systems, following several guides listed at https://wiki.openemm.org/doku.php , for about 2 weeks. I have finally managed to get it running. Below is a guide I have tested by rebuilding a working OpenEMM at least 5 times to make sure I have all the steps documented correctly:
On a brand new install of CentOS/Rocky/Alma, after you've set up networking to your preferences (I will be using Rocky linux for this guide, some commands such as dnf can be replaced with yum, no functionality will be lost):
### Initial settings & config changes
Code: Select all
hostnamectl set-hostname hostname
echo 'export PATH=$PATH:/usr/sbin' >> /etc/skel/.bash_profile;
sed -i -e 's/SELINUX=enforcing/SELINUX=permissive/' /etc/sysconfig/selinux;
Code: Select all
dnf module enable python38 -y;
dnf install wget xorg-x11-fonts-75dpi zlib fontconfig freetype libX11 libXext libXrender urw-fonts vim java-11-openjdk sendmail-milter python38 -y;
dnf install mariadb-server mariadb mariadb-devel mariadb-connector-c gcc-c++ bzip2-devel gdbm-devel libgcrypt-devel python38-devel postfix -y;
dnf install libffi-devel libxml2-devel ncurses-devel openssl-devel readline-devel sqlite-devel zlib-devel xz xz-devel python38-pip procmail -y;
dnf install rsyslog unixODBC unixODBC-devel openssl-devel apr-devel redhat-rpm-config java-11-openjdk-devel gcc make python38-requests -y;
dnf install https://github.com/wkhtmltopdf/packaging/releases/download/0.12.6-1/wkhtmltox-0.12.6-1.centos8.x86_64.rpm -y;
pip3.8 install py3dns xlrd xlwt xlutils paramiko pyspf dnspython dkimpy pycrypto requests httpie setproctitle inotify aiodns aiohttp aiohttp-xmlrpc aiosmtpd mariadb;
alternatives --set python3 /usr/bin/python3.8;
Code: Select all
dnf update -y;
Code: Select all
firewall-cmd --zone=public --add-port=8080/tcp --permanent && firewall-cmd --zone=public --add-port=25/tcp --permanent;
firewall-cmd --zone=public --add-forward-port=port=80:proto=tcp:toport=8080 --permanent && firewall-cmd --reload;
Code: Select all
groupadd openemm && useradd -m -g openemm -s /bin/bash openemm;
passwd openemm;
mkdir /home/openemm/opt;
cd /home/openemm/opt;
Code: Select all
wget https://dlcdn.apache.org/tomcat/tomcat-connectors/native/1.2.31/source/tomcat-native-1.2.31-src.tar.gz
Code: Select all
tar -xvf tomcat-native-1.2.31-src.tar.gz
rm -rf tomcat-native-1.2.31-src.tar.gz
cd tomcat-native-1.2.31-src/native/
./configure --with-apr=/usr/bin/apr-1-config --with-ssl=yes --prefix=/home/openemm/opt/tomcat-native-1.2.31 --with-java-home=/usr/lib/jvm/java
make
make install
ln -s /home/openemm/opt/tomcat-native-1.2.31 /home/openemm/opt/tomcat-native
Code: Select all
scp -rp openemm-runtime-21.10.XXX.tar.gz root@host:/home/openemm/
systemctl enable mariadb;
systemctl start mariadb;
mysql_secure_installation;
Set root password? [Y/n] y
Remove anonymous users? [Y/n] Yyour password here
Disallow root login remotely? [Y/n] n
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y
### journalctl changes:
Code: Select all
echo 'module(load="imjournal" StateFile="imjournal.state" ratelimit.interval="10" ratelimit.burst="10000")' >> /etc/systemd/journald.conf;
systemctl restart systemd-journald
# open and override the following file with the contents below:
# vim /etc/logrotate.d/syslog
Code: Select all
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
{
missingok
sharedscripts
chmod 0644
postrotate
/usr/bin/systemctl kill -s HUP rsyslog.service >/dev/null 2>&1 || true
endscript
}
Code: Select all
chmod 644 /var/log/maillog
Code: Select all
alternatives --set mta /usr/sbin/sendmail.postfix
Code: Select all
inet_interfaces = all
inet_protocols = all
mailbox_command = /usr/bin/procmail
mailbox_size_limit = 0
message_size_limit = 0
maximal_queue_lifetime = 1d
bounce_queue_lifetime = 1d
smtp_tls_security_level = may
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_ciphers = high
smtp_tls_mandatory_ciphers = $smtp_tls_ciphers
hash_queue_depth = 2
enable_long_queue_ids = yes
relay_domains = /home/openemm/var/run/relay.domains
transport_maps = hash:/home/openemm/var/run/transport.maps
smtpd_milters = unix:/home/openemm/var/run/bav.sock
myhostname = hostname
Code: Select all
mailloop unix - n n - - pipe
flags=RX user=openemm argv=/usr/bin/procmail /home/openemm/lib/bav.rc
Code: Select all
systemctl enable postfix;
systemctl restart postfix;
Code: Select all
cd /home/openemm
chown -R openemm:openemm .
tar -xvf openemm-runtime-21.10.030.tar.gz
rm -rf openemm-runtime-21.10.030.tar.gz
### and adjust the permissions accordingly:
Code: Select all
touch /home/openemm/tomcat/logs/catalina.out && chmod 0660 /home/openemm/tomcat/logs/catalina.out
### config files in /home/console. This can be fixed by simply linking console to openemm.
Code: Select all
ln -s /home/openemm/ /home/console
Code: Select all
cd /home/openemm
bin/OMT.sh
# Change it now (N/y, Blank => Cancel):
> y
reboot < -- required by system after changing system limits
### Continued in the next post