TACTIC Install - CentOS 6.2

TACTIC Install - CentOS 6.2

While there may be some slight variations in the steps in different versions of CentOS 6, this guide can be used for CentOS 6.x as a reference.

Requirements

TACTIC requires the following software to be installed:

  • Apache HTTP server 2.2

  • Postgres Database Server 8.4 or higher

  • Python 2.6 or 2.7 with the following Python modules:

    • Python Imaging Library 1.1.7

    • Python lxml 2.3.5

    • Pycrypto 2.3

    • Psycopg2 2.4.6

It should be noted that while there may be newer versions of these Python modules, TACTIC 3.9.0.rc04 has been tested with these particular versions.

Disabling Security for Testing

To get TACTIC up quickly without fiddling with OS security, it is prudent to disable firewalling and SELinux. This is by no means an endorsement to run your server without these services. Once you have TACTIC up and running, you are advised to read the section <TACTIC SECURITY>.

CentOS 6.2 uses the iptables service as a firewall. To disable this temporarily, you can issue the following commands as root.

/etc/init.d/iptables save
/etc/init.d/iptables stop

This will disable the firewall for the currently running CentOS session. Should you wish these settings to persist across reboots, you can issue the following command as root.

/sbin/chkconfig iptables off

To disable SELinux, edit the file /etc/selinux/config as root with your editor of choice and set the SELINUX variable to 'disabled'.

SELINUX=disabled

Since getting this setting to take effect requires a reboot, you can also issue the following command for it to take effect immediately.

echo 0 > /selinux/enforce

Installing Apache HTTP server

In case Apache 2.2 is not already pre-installed on CentOS 6.2, issue the following command as root:

yum install httpd

This package has several dependencies and they should be installed as well.

It would be good to familarize yourself with some of the more pertinent paths in the Apache installation on CentOS 6.2. They are listed below for your convenience.

Table 1. Common Paths in Apache 2.2
/etc/httpd/conf/httpd.conf Path to the main Apache configuration file.
/etc/httpd/conf.d/ Path to the Apache dynamic configuration directory.
/var/log/httpd/error.log Path the the Apache error log.
/var/www/html Path to the Document Root folder of the base Apache install.

It's best to test your Apache install at this point. The included main Apache configuration file is enough to get the server started. You will need create a small html file to do this. Using your editor of choice, create a file called index.html, with the content as follows:

<html>
  <head>
    <title>Apache Base Install</title>
  </head>
<body>
   <p>Apache Install Successful</p> 
</body>
</html>

Save the file in /var/www/html and issue the following command as root to ensure proper permissions are set:

chmod 755 /var/www/html/index.html

The Apache server can be started. As root, issue the following command:

/etc/init.d/httpd start

The service should start successfully. Otherwise, consult the Apache error log listed above to discover any problems that may have occured.

At last, you can point a web browser to the IP address associated with the server. If you see the text "Apache Install Successful", then your server is up and running and can serve pages properly.

Finally, to make the Apache service persist through reboots, issue the following command as root:

/sbin/chkconfig httpd on

Then reboot the server and make sure that httpd comes up on reboot and that you can view the test page properly. Later in the install, the Apache server will be configured to interact with TACTIC properly.

Installing Postgres Database Server

TACTIC requires PostgreSQL version 8.4 or higher. First we must make sure that we didn't include the default version Postgres in our base install. As root please issue the following command:

rpm -qva | grep -i postgres

This command will search your installed packages and filter the output for any packages containing the work postgres. If you receive any output from this command please uninstall the packages by issuing the following command:

rpm -e <package_name>

Where <package_name> is the name of the package you wish to uninstall. Consult the RPM or Yum manpages for further instructions on installing and uninstalling packages.

Lastly before installing any new Postgres repository, we want to make sure to exclude the default version of Postgres from showing up in the base and update Yum repositories included with the operating system itself. Using a text editor, edit the file /etc/yum.repos.d/CentOS-Base.repo to include the line under both the [base] section and the [updates] section of the file. :

exclude=postgresql*

Save the file. For more information on the Yum installer and repository system please see the manpages for yum or the yum website http://yum.baseurl.com

Once we have uninstalled any previous versions of Postgres, we can then proceed installing a new Yum repository that contains the version of Postgres we want to install. As root issue the following commands:

rpm -Uvh http://yum.postgresql.org/9.2/redhat/rhel-6-x86_64/pgdg-centos92-9.2-6.noarch.rpm

At the time of writing the current version of Postgres was 9.2-6, for more current installation versions please visit http://yum.pgrpms.org/repopackages.php and view the available repository RPMs for your operating system and architecture.

Lastly, we will install the proper Postgres version 9.2 RPMs. As root, issue the following command:

yum install postgresql postgresql-server postgresql-contrib postgresql-devel

Now that Postgres is installed, you are advised to make some basic configuration to make sure the installation is ready for use with TACTIC.

Here are the pertinent Postgres file paths that will be used throughout the install:

Table 2. Common Paths in Postgres 9.2 on CentOS 6.2
/var/lib/pgsql/9.2 Path to the main Postgres directory.
/var/lib/pgsql/data/pg_hba.conf Path to the host based authentication file for Postgres.
/var/lib/pgsql/9.2/pgstartup.log Path to the Postgres startup log.
/var/lib/pgsql/9.2/data/pg_log Path to Postgres database logs.

Initialize the database:

su - postgres -c /usr/pgsql-9.2/bin/initdb

Once that command successfully completes we can then start the service. As root issue the following command:

service postgresql-9.2 start

If the service starts successfully, we can move forward. Otherwise, you can review any startup errors in the Postgres startup log. Further troubleshooting help can be found at http://postgresql.org.

Lastly, to make sure the Postgres service persist through reboots. you will issue the following command:

chkconfig --levels 235 postgresql-9.2 on

Reboot your server to ensure the service comes up appropriately.

Installing Python Devel for the preinstalled Python

As noted above TACTIC requires version 2.6 or 2.7 of Python. In CentOS 5.x, we used to recommend installing Python 2.7 along side the built-in Python 2.4. In CentOS 6.2, the built-in Python 2.6.6 already suffices.

First, we need to install some development libraries and a compiler. As root issue the following command:

yum install gcc zlib-devel libxslt-devel libxml2-devel 

yum install python-devel

This will install the Python Devel and all the other relevant libraries to install the various Python modules.

Installing Python Modules

Installing lxml 2.3.5

TACTIC requires lxml version 2.2 or above. 2.3.5 is used at the time of writing. As root, issue the following commands:

cd /tmp
wget http://lxml.de/files/lxml-2.3.5.tgz
tar -zxvf lxml-2.3.5.tgz
cd lxml-2.3.5
python setup.py install

Verify the installation by running your custom python binary and trying to import the module. As root issue the following command:

python

You should receive a python environment and prompt similar to this:

Python 2.6.6 (r271:86832, Apr 12 2011, 16:16:18)
[GCC 4.1.2 20080704 (Red Hat 4.1.2-51)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> 

At the prompt please type the following:

import lxml

If you receive another prompt and no error occurs, the import was successful and LXML is installed. We will use the same procedure to check the veracity of our other modules installations as well.

Installing Python Imaging Library 1.1.7

We follow the same procedure to install the Python Imaging Library. As root issue the following commands:

cd /tmp
wget http://effbot.org/downloads/Imaging-1.1.7.tar.gz
tar -zxvf Imaging-1.1.7.tar.gz
cd Imaging-1.1.7
/opt/python2.7/bin/python2.7 setup.py install

Check the installation of the module by loading python and issuing the following command at the python prompt:

import PIL
Installing Pycrypto 2.3

The installation of Pycrypto also follows this template. As root issue the following commands:

cd /tmp
wget http://pypi.python.org/packages/source/p/pycrypto/pycrypto-2.3.tar.gz
tar -zxvf pycrypto-2.3.tar.gz
cd pycrypto-2.3
python setup.py install

Check the installation of the module by loading python and issuing the following command at the Python prompt:

import Crypto
Installing Psycopg2 2.4.6

Psycopg2 is a Postgres database adapter for Python. The install is akin to the previous 3 except that since we've customized our Postgres install, we have to let Psycopg2 know that as well. First lets get the package and uncompress it. As root issue the following:

yum install postgresql-libs

cd /tmp
wget http://initd.org/psycopg/tarballs/PSYCOPG-2-4/psycopg2-2.4.6.tar.gz
tar -zxvf psycopg2-2.4.6.tar.gz
cd psycopg2-2.4.6

Now we have to modify the pg_config variable in the file setup.cfg. Using your editor to open /tmp/psycopg2-2.4.6/setup.cfg and edit the pg_config entry to match the following:

pg_config=/usr/pgsql-9.2/bin/pg_config

Now we should be able to install Psycopg2 properly. As root issue the following command:

python setup.py install

Check the installation of the module by loading python and issuing the following command at the python prompt:

import psycopg2

Now that all the TACTIC components are installed, we can begin running the TACTIC installer.

Installing Tactic 3.9.0.rc04

First we have to download the TACTIC source from the Southpaw Community website. Using a web browser navigate to http://community.southpawtech.com. After you have logged in, please click on "Downloads" in the upper right hand corner of the website. Once you are on the downloads page, you should see the download link for the latest TACTIC Enterprise. Save the TACTIC Enterprise zip file in /tmp on the server.

Once we have the Tactic source we need to unpack it. As root issue the following commands:

cd /tmp
unzip tactic-3.9.0.rc04.zip

Once the TACTIC source is unpacked, you should familarize yourself with its directory structure. The prefix of the paths will change during install; however, the directory structure will remain the same.

Table 3. Common Paths in Tactic 3.9.0.rc04
/tmp/tactic-3.9.0.rc04/doc Path to the Tactic documentation.
/tmp/tactic-3.9.0.rc04/src Path to the Tactic source files.
/tmp/tactic-3.9.0.rc04/src/install Path to the Tactic install script and configuration files for Tactic dependencies.

Before we run the Tactic installer, we must further configure Postgres to ensure proper installation of Tactic.

Configuring Postgres

Tactic supplies a custom host based authentication file for Postgres. After stopping the Postgres service we will install the file in question, restart the service and verify that the configuration has been properly put in place. As root issue the following commands:

service postgresql-9.2 stop
mv /var/lib/pgsql/9.2/data/pg_hba.conf /var/lib/pgsql/9.2/data/pg_hba.conf.INSTALL 
cp /tmp/tactic-3.9.0.rc04/src/install/postgresql/pg_hba.conf /var/lib/pgsql/9.2/data/pg_hba.conf
chown postgres:postgres /var/lib/pgsql/9.2/data/pg_hba.conf
service postgresql-9.2 start

If the service starts successfully we can then proceed to verification. If not please consult the Postgres startup log for error information. Postgres must be running as a service during the Tactic install. Next we will test the install. As root, issue the following command:

psql -U postgres template1

This command should fire up a prompt like this:

template1=# 

If you can see this prompt without being asked for a password, the configuration changes have been successful. Type \q to exit.

Installing Tactic

python /tmp/tactic-3.9.0.rc03/src/install/install.py

The installer will ask you a number of questions. You should be prompted by the following:

Please enter the base path of the TACTIC installation:

(/home/apache) -> /opt/tactic

Choose your custom Tactic path, this will be the base directory for your Tactic installation. We have chosen /opt/tactic. Next you will be asked to identify the user used to run the Apache service.

Please enter the user Apache Web Server is run under:

(apache) ->

In many cases the default user "apache" is correct. However you can verify this easily in another shell by issueing the following command as root:

ps -ef | grep httpd

The first column of output is the username Apache is running under. Should you receive no output, make sure your httpd service is running. Under CentOS 6.2 the apache user is "apache" so we will accept the default the installer gives us.

The installer will then install the Tactic databases, configure Tactic and copy the source code into the Tactic base directory.

Configuring Apache

Lastly Tactic requires us to install the custom Apache configuration file it has created during the installation process. As root issue the following commands:

cp /opt/tactic/tactic_data/config/tactic.conf /etc/httpd/conf.d

To test this we should first verify that /etc/httpd/conf.d is an included module path in the main Apache configuration file. As root issue the following command:

cat /etc/httpd/conf/httpd.conf | grep conf.d

If you receive the following as output we have installed the Tactic Apache configuration file correctly.

Include conf.d/*.conf

If you do not receive this output, using your editor as root edit the file /etc/httpd/conf/httpd.conf and at the bottom of the file insert the statement listed above. Save the file.

Lastly we will create a redirect for Tactic using the index.html file at the document root of the Apache server. Using a text editor as root, edit the file /var/www/html/index.html to contain only the following line:

<META http-equiv="refresh" content="0;URL=/tactic">

Restart the Apache service to make sure the configuration hasn't caused any problems. As root issue the following command:

/etc/init.d/httpd restart

Lastly we need to ensure that the Apache server has loaded the modules needed for proxying and load balancing the Tactic service. As root issue the following command:

/usr/sbin/httpd -t -D DUMP_MODULES

In the resulting output look for the following modules:

rewrite_module (shared)
proxy_module (shared)
proxy_http_module (shared)
proxy_balancer_module (shared)
deflate_module (shared)

The CentOS 6.2 install of Apache includes a large array of modules enabled by default, including the ones required by Tactic.

Starting Tactic in Development Mode

We are now prepared to start the Tactic service for the first time. Tactic must be run as the Apache user. Usually we would su to the apache user, however since its a system account without a login this will not work without optionally telling su to give the Apache user a shell environment. In a shell with the LD_LIBRARY_PATH set as laid out in the section "Installing Python 2.7 Modules", as root issue the following command:

su apache -s /bin/bash -c "/opt/python2.7/bin/python2.7 /opt/tactic/tactic/src/bin/startup_dev.py"

You should see the following output:

Registering site ... admin
Registering site ... sthpw
Registering site ... default

Starting TACTIC ...

Starting Scheduler ....
[08/Nov/2011:23;13:20] ENGINE Bus STARTING
[08/Nov/2011:23;13:20] ENGINE Started monitor thread '_TimeoutMonitor'.
[08/Nov/2011:23;13:20] ENGINE Started monitor thread 'Autoreloader'
[08/Nov/2011:23;13:21] ENGINE Serving on 127.0.0.1:8081
[08/Nov/2011:23;13:21] ENGINE Bus STARTED

You should now be able to navigate a web browser to http://localhost/tactic/admin. Alternatively, use the non-local IP address or fully qualified domain name you have assigned to your TACTIC server in place of localhost. You should see the TACTIC login screen.

TACTIC defines an administrative user by default. The login information is:

Username: admin, Password: (set it on your first login)

In 3.9, the login screen requires you to change the password immediately. You will have to type it in twice to confirm.

Installing TACTIC as a Service

The TACTIC service file is simple to install

Use the key combination CTRL+c in the shell running TACIC in Development mode to stop it first when you are ready to run TACTIC as a service.

Change the following line in the file /opt/tactic/tactic/src/install/service/tactic:

su - $TACTIC_USER -m -c "$LAUNCH" >> $LOG 2>&1 &

to this:

su $TACTIC_USER -s /bin/bash -m -c "$LAUNCH" >> $LOG 2>&1 &

Save the file.

Now as root, type the following:

cp /opt/tactic/tactic/src/install/service/tactic /etc/init.d/tactic
chmod 755 /etc/init.d/tactic
/sbin/chkconfig tactic on
/etc/init.d/tactic start

TACTIC should now start properly as a service. Test this by launching a web browser and navigating to the TACTIC login page as you did previously. If you are having trouble, the following error logs will help you diagnose your problems:

Table 4. Common Error Logs
/opt/tactic/tactic_temp/log/stdout.log Path to the TACTIC standard out log assuming you have chosen /opt/tactic as the base installation path
/var/log/tactic Path to the TACTIC error log in service mode
/var/log/httpd/error_log Path to the Apache error log
/var/log/httpd/access_log Path to the Apache access log

Finally, reboot the server and test whether the TACTIC service continues to perform across reboots. You are advised to set up log rotation by reviewing the Rotate Log section in the Sys Admin documentation.