You are here

Installation of FromDual Ops Center for MariaDB and MySQL

Installation of FromDual Ops Center for MariaDB and MySQL

Table of Contents

From Ubuntu or Debian repository

debian.png ubuntu.png

Add the FromDual APT repository as described here.

Then install focmm with the following command:

apt install focmm

Continue with Securing focmm under Debian and Ubuntu.

DEB package on Debian 10/11 DEB or Ubuntu 20.04/22.04

debian.png ubuntu.png

To install FromDual Ops Center for MariaDB and MySQL manually you can download it from our download site and store it under /tmp.

apt update
VERSION="1.2.0"
apt install /tmp/focmm_${VERSION}-1_all.deb

Continue with Securing focmm under Debian and Ubuntu.

Tarball on Debian 10/11 or Ubuntu 20.04/22.04

ubuntu.png debian.png

To install FromDual Ops Center for MariaDB and MySQL manually you can download it from our download site and store it under /tmp. Please check Prerquisites first before continuing!

VERSION=1.2.0
tar -C /var/www/html -xf /tmp/focmm-${VERSION}.tar.gz
cd /var/www/html
chown -R www-data: /var/www/html/focmm-${VERSION}
ln -s focmm-${VERSION} focmm
chown -h www-data: focmm
mkdir /etc/focmm
chown www-data: /etc/focmm

Continue with Securing focmm under Debian and Ubuntu.

Securing focmm under Debiand and Ubuntu

If you are not allowed to modify your web-server configuration files please consider to use our .htaccess template (tpl/htaccess.template).

SSL

To configure the focmm web-server to use https/SSL you have to create some certificates first:

mkdir /etc/apache2/ssl
chmod 700 /etc/apache2/ssl
openssl req -x509 -newkey rsa:4096 -keyout /etc/apache2/ssl/focmm.key -out /etc/apache2/ssl/focmm.crt -days 3650 -nodes

a2enmod ssl
a2ensite default-ssl

Then change your Apache configuration file as follows:

# /etc/apache2/sites-available/default-ssl.conf

SSLEngine on
SSLCertificateFile    /etc/apache2/ssl/focmm.crt
SSLCertificateKeyFile /etc/apache2/ssl/focmm.key

and then create an apache focmmm configuration file:

cat >/etc/apache2/conf-available/focmm.conf <<_EOF
#
# /etc/apache2/conf-available/focmm.conf
#

<Directory /var/www/html/focmm>

  RewriteEngine On
  RewriteCond %{HTTPS} !=on
  RewriteRule (.*) https://%{SERVER_NAME}/focmm/$1 [R,L]
</Directory>
_EOF

Do not forget to restart Apache afterwards with:

a2enmod rewrite
a2enconf focmm
systemctl restart apache2

http basic access authentication

If you want additionally use http "basic access authentication" to add another layer of security. You have to add the following lines to the /etc/apache2/conf-available/focmm.conf file:

  AuthType Basic
  AuthName "focmm admin"
  AuthUserFile /var/www/html/.htpasswd-focmm
  Require valid-user

And then to set a password:

htpasswd -c -b /var/www/html/.htpasswd-focmm admin admin
systemctl restart apache2

Remember the user (admin) and the password (admin) for later login.

Continue with Preparing Repository Database.

From Redhat 7 repository

centos.png redhat.png

Add the FromDual RPM repository as described here.

Then install focmm with the following command:

yum install focmm

Continue with Securing focmm under RHEL 7.

RPM on Redhat 7

centos.png redhat.png

To install FromDual Ops Center for MariaDB and MySQL manually you can download it from our download site and store it under /tmp.

VERSION="1.2.0"
cd /tmp
yum localinstall focmm-${VERSION}-1.el7.noarch.rpm 

Continue with Securing focmm under RHEL 7.

Tarball on Redhat 7

centos.png redhat.png

To install FromDual Ops Center for MariaDB and MySQL manually you can download it from our download site and store it under /tmp.

yum install httpd php php-mysqli mariadb-server php-posix php-mysqli redhat-lsb-core mod_ssl openssl

VERSION=1.2.0
tar -C /var/www/html -xf /tmp/focmm-${VERSION}.tar.gz
cd /var/www/html
chown -R apache: /var/www/html/focmm-${VERSION}
ln -s focmm-${VERSION} focmm
chown -h apache: focmm
mkdir /etc/focmm
chown apache: /etc/focmm

Continue with Securing focmm under RHEL 7.

From Redhat 8 and 9 repository

centos.png redhat.png rocky_logo.png almalinuxlogo.png oracle_linux.png

CentOS, Redhat, Oracle Linux, Rocky Linux and AlmaLinux are currently not supported any more because of problems with O/S interaction. Please let us know if you need these distributions...

Securing focmm under Redhat 7

Set firewall rules and load some default SElinux policies:

systemctl enable mariadb
systemctl start mariadb
systemctl enable httpd
systemctl start httpd

iptables -L
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --reload

sestatus
VERSION=1.2.0
semodule -i /var/www/html/focmm-${VERSION}/tpl/focmm.pp
semodule --list | grep focmm

Important: Please note that focmm does currently not work correctly with SElinux enabled.
To make focmm working correctly set SElinux to permissive:

setenforce 0
sed -i 's/^SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config

If you are not allowed to modify your web-server configuration files please consider to use our .htaccess template (tpl/htaccess.template).

SSL

To configure the focmm web-server to use https/SSL you have to create some certificates first:

mkdir /etc/ssl/private
chmod 700 /etc/ssl/private
openssl req -x509 -newkey rsa:4096 -keyout /etc/ssl/private/focmm.key -out /etc/ssl/certs/focmm.crt -days 3650 -nodes

Then change your Apache configuration file as follows:

# /etc/httpd/conf.d/ssl.conf

SSLEngine on
SSLCertificateFile    /etc/ssl/certs/focmm.crt
SSLCertificateKeyFile /etc/ssl/private/focmm.key

systemctl restart httpd

and then create an apache focmmm configuration file:

cat >/etc/httpd/conf.d/focmm.conf <<_EOF
#
# /etc/httpd/conf.d/focmm.conf
#

<Directory /var/www/html/focmm>

  RewriteEngine On
  RewriteCond %{HTTPS} !=on
  RewriteRule (.*) https://%{SERVER_NAME}/focmm/$1 [R,L]
</Directory>
_EOF

Do not forget to restart Apache afterwards with:

# /etc/httpd/conf.modules.d/00-base.conf
LoadModule rewrite_module modules/mod_rewrite.so

systemctl restart httpd

http basic access authentication

If you want additionally use http "basic access authentication" to add another layer of security. You have to add the following lines to the /etc/httpd/conf.d/focmm.conf file:

  AuthType Basic
  AuthName "focmm admin"
  AuthUserFile /var/www/html/.htpasswd-focmm
  Require valid-user

And then to set a password:

htpasswd -c -b /var/www/html/.htpasswd-focmm admin admin
systemctl restart httpd

Remember the user (admin) and the password (admin) for later login.

Continue with Preparing Repository Database.

Preparing repository database

Create the Ops Center Schema in the repository database as follows:

mysql --user=root

CREATE SCHEMA focmm;
CREATE USER 'focmm_owner'@'127.0.0.1' IDENTIFIED BY 'secret';
GRANT ALL ON focmm.* to 'focmm_owner'@'127.0.0.1';

Continue with Creating Ops Center Repository.

Creating Ops Center Repository

Now you have to connect with your browser to the FromDual Ops Center. The URL looks like this: https://192.168.56.101/focmm/. If you are using self signed certificates you possible get some warnings of your web browser:

ops-center-install-1.png

More information about this topic you can find on the Mozilla website.

If you have configured http "Basic Access Authentication" above you will be prompted for the user and the password:

ops-center-install0.png

When you have logged in and you did it the first time Ops Center tries to do some basic checks and lets you know about the diagnosis:

Ops Center diagnosis

If you get an error code 3002 or 3004 and/or the following error in your Apache error log, then it is most probably SElinux which causes troubles:

PHP Warning:  error_log(/var/www/html/focmm-v1.2.0/log/error.log): failed to open stream: Permission denied in /var/www/html/focmm-v1.2.0/lib/Log.inc on line 109

sestatus 
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31

setenforce 0

Before you continue installing Ops Center you can Test the connection with the button:

ops-center-install1b_0.png

At the end you have to enter the connect information for your Ops Center Repository Database you have created above. The Ops Center will start installing the Repository.

Ops Center installing repository

If everything completed successful you can login. The defaul user/password is admin/admin.

Ops Center Login

After the login you reach the Ops Center dashboard. Currently it will be empty and thus shows a nice architecture overview.

Ops Center Dashboard

If you reached this step Ops Center is installed and needs to be configured.