CentOS relay installation
- Relay version 0.4
- Machine: Macbook Pro (10.11.6)
- VirtualBox (5.1.6 r110634)
- CentOS 7 (ISO)
You must use the ROOT user for the whole process:
$ su - Put_Root_Password
Prerequisites (on a new CentOS installation)
Default CentOS 7 installation requires some modifications to configure and enable networks access.
Check Internet access from the CentOS Server. From a command line, run:
$ ping www.google.com
A normal response should be:
$ 64 bytes from a23-195-55-163.deploy.static.akamaitechnologies.com (188.8.131.52): icmp_seq=1 ttl=54 time=52.7 ms ...
If Internet access does not work properly, the command returns:
$ ping -c 3 www.apple.com ping: cannot resolve www.apple.com: Unknown host
If the CentOS machine cannot access Internet, you need to configure the network access:
- Configure Network (only required if the CentOS machine can not access the network)
Locate and open the network file for editing:
$ sudo vi /etc/sysconfig/network
Add the following lines to the file to activate the network:
... NETWORKING=yes HOSTNAME=centos7 GATEWAY=10.0.0.1 ...
Locate and open the resolv.conf file for editing:
$ vi /etc/resolv.conf
Add the following lines to the resolv.conf file to activate the network:
... nameserver 184.108.40.206 nameserver 220.127.116.11 ...
Check the internet connexion ID and status:
$ nmcli dev status DISPOSITIVO TIPO ESTADO CONEXIÓN enp0s3 ethernet conectado enp0s3 lo loopback sin gestión -
- The file number may vary. Make sure you adapt the command line accordingly.
Locate and open the ifcfg-enp0s3 file for editing:
$ vi /etc/sysconfig/network-scripts/ifcfg-enp0s3
Add the following lines to the ifcfg-enp0s3 file to activate the network:
... BOOTPROTO=dhcp ... DNS1=18.104.22.168 DNS2=22.214.171.124 ONBOOT=yes ...
Restart the service to implement the changes:
$ systemctl restart network
Update the system.
Check with system administrator if this is a client machine.
$ yum -y update $ yum -y upgrade
Set the system date and time zone. This is done to avoid problems with the certificate date limit.
... timedatectl set-timezone Europe/Madrid ...
Install the following programs to proceed with the installation:
$ yum install dialog $ yum install java $ yum install wget
If any of these programs are already installed, you will be notified and you won't need to continue with the installation of the program.
Download the Devo relay
Go to the temporary folder:
$ mkdir /tmp/relay $ cd /tmp/relay
Download the relay installation file from a terminal. Note that the exact name of the file may vary depending upon the product version.
$ wget "http://repository.logtrust.net/packages/logtrust-relay.tar.gz"
Check the downloaded file:
$ ls -l logtrust-relay.tar.gz logtrust-relay.tar.gz
Decompress the downloaded file:
$ tar -zxvf logtrust-relay.tar.gz
Move opt and etc folders to their final location:
Check the folder structure carefully before moving the folders and files.
$ cp -R /tmp/relay/logtrust-relay-0.4/opt/* /opt/ $ cp -R /tmp/relay/logtrust-relay-0.4/etc/logtrust/* /etc/
Check the directory structure to make sure all files were copied. See Example of the usual relay folder structure near the end of this article for an example of the directory structure.
Installing the Devo relay
First, change the mode of the /opt/logtrust/relay/install.sh and /opt/logtrust/relay/lt-compress files.
$ chmod 755 /opt/logtrust/relay/install.sh $ chmod 755 /etc/cron.d/lt-compress
The lt-compress file is sometimes referenced as being in the /opt/logtrust/relay/ folder.
Locate and launch the install script. Note that the folder name will change depending upon the Devo release number.
$ cd /tmp/relay/logtrust-relay-0.4/ $ ./postinstall.sh
An error may appear when you run this script if the Devo user or group already exists. If this happens, open the script and comment out the first lines that create the user, then run the script again.
Reload the profile
Reboot the system to make sure all modifications take effect.
% reboot -h now
Check the environment parameters:
$ java -version openjdk version "1.8.0_102" OpenJDK Runtime Environment (build 1.8.0_102-b14) OpenJDK 64-Bit Server VM (build 25.102-b14, mixed mode) $ echo $SCOJA_HOME /opt/logtrust/scoja
If the information has not been actualized, you need to repeat the process.
Configure the Devo relay
Run the install script to launch the configuration process:
$ chmod 755 /opt/logtrust/relay/install.sh $ ./opt/logtrust/relay/logtrust-relay-configure
Refer to the In-house relay software package article for details about the configuration options.
Activate the relay
- Go to Administration → Relays, select the newly created relay, click the ellipsis icon, and select Activate.
- Force the Devo server to download a new certificate:
- Go to Administration → Relays and click on the relay name. The Rule window appears.
- Select the Force Generate New Certificate check box.
- Click the Apply Configuration button.
- The new certificate will be downloaded to the server where the relay has been installed.
Reload the context
$ source /etc/profile$ ./etc/profile
Test the new relay
Once installed and activated, you can now test the relay. There are several actions you can take to make sure the relay is working as needed.
Test the basic login and data entry
Install the nc program that will be used to send events to the relay.
$ yum install nc
Once installed, you can use the nc command to test the relay:
- Send events to port 13000 (pure relay).
- Use the test.keep.free tag (test table).
$ for i in `seq 1 100`; do (echo "<14>Jan 1 00:00:00 xxx test.keep.free: evento de prueba $i"|nc localhost 13000); done
The events will appear in the Data Search area of Devo, under the test.keep.free tag. If the table is new, the results will take some time to appear.
Ensure that the Java process is running
Run the command below to produce a response that confirms if Java is running or not.
$ ps auxwww|grep java|grep scoja|grep -v grep
This should return something similar to:
root 18767 0.1 8.7 2630284 192772 pts/0 Sl sep26 0:16 java -server -Xms200M -Xmx200M -XX:+UseConcMarkSweepGC -classpath :/opt/logtrust/scoja/scoja.jar:/opt/logtrust/scoja/scoja-cc.jar:/opt/logtrust/scoja/scoja-compression.jar:/opt/logtrust/scoja/scoja-rpc.jar:/opt/logtrust/scoja/scoja-beep.jar:/opt/logtrust/scoja/jython.jar -Djava.library.path=/opt/logtrust/scoja -Dscoja.home=/opt/logtrust/scoja -Xms500M -Xmx500M org.scoja.server.Scoja -r 5s -G /etc/logtrust/scoja/current/all-me.conf -j /etc/logtrust/scoja/current/all-var.conf
Make sure the ports are open and listening
Run the following filtered netstat command:
$ netstat -atun --program|grep `pgrep -f org.scoja.server.Scoja`| grep LISTEN
This should return the list of listening ports (12999 to 13002 and 5140):
tcp6 0 0 :::13002 :::* LISTEN 11231/java tcp6 0 0 127.0.0.1:5140 :::* LISTEN 11231/java tcp6 0 0 :::13000 :::* LISTEN 11231/java tcp6 0 0 :::13001 :::* LISTEN 11231/java
Check the downloaded certificate
Check the key:
$ ls -al /etc/logtrust/scoja/current/keys/
This should return:
drwx------. 2 root root 36 sep 28 21:17 . drwxr-xr-x. 5 root root 4096 sep 28 21:17 .. -rw-r--r--. 1 root root 8049 sep 28 21:33 client.jks lrwxrwxrwx. 1 root root 43 sep 28 19:40 me.jks -> /etc/logtrust/scoja/current/keys/client.jks
Check the relay logs
Check the relay tail log using this command:
$ tail /var/log/lt-relay.log
If the relay is working properly this command should returns:
… 2016-09-28 19:53:01.829299 [SUCCESS] No changes in the Relay Configuration 2016-09-28 19:54:02.236072 [SUCCESS] No changes in the Relay Configuration 2016-09-28 19:55:01.593954 [SUCCESS] No changes in the Relay Configuration
|Error||Problem and solution|
|2016-01-28 10:16:01.374445 [ERROR] Property 'api.key' not found in conf file.|
The API key was not correctly defined.
Run the configuration process again and enter the API key. Open Devo and go to Administration → Credentials, then click Show to display and copy the API key to your clipboard. To paste the API key into the configuration script window, use SHIFT + INS
|2016-01-28 10:23:00.488298 [SUCCESS] Relay activation is still pending, waiting for user to activate the Relay.|
The relay is not active.
Go to Administration → Relays, select the relay, click the ellipsis icon, and select Activate.
|2016-01-28 10:24:01.331976 [SUCCESS] Relay is active, deploying new configuration set.||A new certificate is being downloaded.|
|2016-01-28 10:25:01.794021 [SUCCESS] No changes in the Relay Configuration.||If the relay reports NO change but is still not working, try downloading a new certificate. Go to Administration → Relays then click on the relay link and select Force Generate New Certificate → Apply Configuration.|
Check the configuration of the ports
There is a configuration file for each open port:
$ cat /etc/logtrust/scoja/version1/rules/rule-13000.pconf $ cat /etc/logtrust/scoja/version1/rules/rule-13001.pconf $ cat /etc/logtrust/scoja/version1/rules/rule-13002.pconf
This will return the port configuration:
source( port = 13000, udpThreads = 2, udpReceiveBuffer = None, maxPacketSize = 32*1024, tcpThreads = 2, tcpReceiveBuffer = None ) rule(order = 0)
Example of the usual relay folder structure