Tuesday, May 13, 2014

Install OpenERP From Source

Hello Guys,

Welcome Back on my blog Today I will tell you about install OpenERP  from source as its most recommended   for production environment as an administrator we must know it.As This is the most stable way to install OpenERP.

Step 1. Build your server
I install just the bare minimum from the install routine (you may want to install the openssh-server during the install procedure or install subsequently depending on your needs).

After the server has restarted for the first time I install the openssh-server package (so we can connect to it remotely) and denyhosts to add a degree of brute-force attack protection. There are other protection applications available: I’m not saying this one is the best, but it’s one that works and is easy to configure and manage. If you don’t already, it’s also worth looking at setting up key-based ssh access, rather than relying on passwords. This can also help to limit the potential of brute-force attacks.
[NB: This isn't a How To on securing your server...]

#sudo apt-get install openssh-server denyhosts

Now make sure your server has all the latest versions & patches by doing an update:

#sudo apt-get update
#sudo apt-get dist-upgrade

Although not always essential it’s probably a good idea to reboot your server now and make sure it all comes back up and you can login via ssh.

Now we’re ready to start the OpenERP install.

Step 2. Create the OpenERP user that will own and run the application

#sudo adduser --system --home=/opt/openerp --group openerp -s /bin/bash

This is a “system” user. It is there to own and run the application, it isn’t supposed to be a person type user with a login etc. In Ubuntu, a system user gets a UID below 1000, has no shell (it’s actually /bin/false) and has logins disabled. Note that I’ve specified a “home” of /opt/openerp, this is where the OpenERP server code will reside and is created automatically by the command above. The location of the server code is your choice of course, but be aware that some of the instructions and configuration files below may need to be altered if you decide to install to a different location.

[Note: If you want to run multiple versions of OpenERP on the same server, the way I do it is to create multiple users with the correct version number as part of the name, e.g. openerp70, openerp61 etc. If you also use this when creating the Postgres users too, you can have full separation of systems on the same server. I also use similarly named home directories, e.g. /opt/openerp70, /opt/openerp61 and config and start-up/shutdown files. You will also need to configure different ports for each instance or else only the first will start.]

This will su your current terminal login to the openerp user (the “-” between su and openerp is correct) and use the shell /bin/bash. When this command is run you will be in openerp’s home directory: /opt/openerp.

When you have done what you need you can leave the openerp user’s shell by typing exit.

Step 3. Install and configure the database server, PostgreSQL

#sudo apt-get install postgresql

Then configure the OpenERP user on postgres:

First change to the postgres user so we have the necessary privileges to configure the database.

#sudo su - postgres

Now create a new database user. This is so OpenERP has access rights to connect to PostgreSQL and to create and drop databases. Remember what your choice of password is here; you will need it later on:

#createuser --createdb --username postgres --no-createrole --no-superuser --pwprompt openerp

Finally exit from the postgres user account:

exit

Step 4. Install the necessary Python libraries for the server

#sudo apt-get install python-dateutil python-docutils python-feedparser python-gdata \
python-jinja2 python-ldap python-libxslt1 python-lxml python-mako python-mock python-openid \
python-psycopg2 python-psutil python-pybabel python-pychart python-pydot python-pyparsing \
python-reportlab python-simplejson python-tz python-unittest2 python-vatnumber python-vobject \
python-webdav python-werkzeug python-xlwt python-yaml python-zsi

With that done, all the dependencies for installing OpenERP 7.0 are now satisfied (note that there are some new packages required since 6.1).

Step 5. Install the OpenERP server
I tend to use wget for this sort of thing and I download the files to my home directory.

Make sure you get the latest version of the application: at the time of writing this it’s 7.0. I got the download links from their download pages (note there are also deb, rpm and exe builds in this area too). There isn’t a static 7.0 release tarball as such anymore, but there is a nightly build of the 7.0 source tree which should be just as good and will contain patches as and when things get fixed. The link below is to the source tarball for the 7.0 branch.

Note: As an alternative method of getting the code onto your server, Jerome added a very useful comment showing how to get it straight from launchpad. Thanks!

#wget http://nightly.openerp.com/7.0/nightly/src/openerp-7.0-latest.tar.gz

Now install the code where we need it: cd to the /opt/openerp/ directory and extract the tarball there.

#cd /opt/openerp
#sudo tar xvf ~/openerp-7.0-latest.tar.gz

Next we need to change the ownership of all the the files to the OpenERP user and group we created earlier.

#sudo chown -R openerp: openerp

And finally, the way I have done this is to copy the server directory to something with a simpler name so that the configuration files and boot scripts don’t need constant editing (I called it, rather unimaginatively, server). I started out using a symlink solution, but I found that when it comes to upgrading, it seems to make more sense to me to just keep a copy of the files in place and then overwrite them with the new code. This way you keep any custom or user-installed modules and reports etc. all in the right place.

#sudo cp -a openerp-7.0 server

As an example, should OpenERP 7.0.1 come out soon, I can extract the tarballs into /opt/openerp/ as above. I can do any testing I need, then repeat the copy command so that the modified files will overwrite as needed and any custom modules, report templates and such will be retained. Once satisfied the upgrade is stable, the older 7.0 directories can be removed if wanted.

That’s the OpenERP server software installed. The last steps to a working system is to set up the configuration file and associated boot script so OpenERP starts and stops automatically when the server itself stops and starts.

Step 6. Configuring the OpenERP application
The default configuration file for the server (in /opt/openerp/server/install/) is actually very minimal and will, with only one small change work fine so we’ll simply copy that file to where we need it and change it’s ownership and permissions:

#sudo cp /opt/openerp/server/install/openerp-server.conf /etc/
#sudo chown openerp: /etc/openerp-server.conf
#sudo chmod 640 /etc/openerp-server.conf

The above commands make the file owned and writeable only by the openerp user and group and only readable by openerp and root.

To allow the OpenERP server to run initially, you should only need to change one line in this file. Toward to the top of the file change the line db_password = False to the same password you used back in step 3. Use your favourite text editor here. I tend to use nano, e.g.

#sudo vim /etc/openerp-server.conf

One other line we might as well add to the configuration file now, is to tell OpenERP where to write its log file. To complement my suggested location below add the following line to the openerp-server.conf file:

#logfile = /var/log/openerp/openerp-server.log

Once the configuration file is edited and saved, you can start the server just to check if it actually runs.

#sudo su - openerp -s /bin/bash 
#/opt/openerp/server/openerp-server

If you end up with a few lines eventually saying OpenERP is running and waiting for connections then you are all set.

The Ubuntu 12.04 packaged version of the python gdata client library is not quite recent enough, so to install a more up-to-date version I did the following (exit from the openerp user’s shell if you are still in it first):

#sudo apt-get install python-pip
#sudo pip install gdata --upgrade

Going back and repeating the commands to start the server resulted in no further warnings

#sudo su - openerp -s /bin/bash
#/opt/openerp/server/openerp-server

If there are errors, you’ll need to go back and find out where the problem is.

Otherwise simply enter CTL+C to stop the server and then exit to leave the openerp user account and go back to your own shell.

Step 7. Installing the boot script
For the final step we need to install a script which will be used to start-up and shut down the server automatically and also run the application as the correct user. There is a script you can use in /opt/openerp/server/install/openerp-server.init but this will need a few small modifications to work with the system installed the way I have described above. Here’s a link to the one I’ve already modified for 7.0.

Similar to the configuration file, you need to either copy it or paste the contents of this script to a file in /etc/init.d/ and call it openerp-server. Once it is in the right place you will need to make it executable and owned by root:

#sudo chmod 755 /etc/init.d/openerp-server
#sudo chown root: /etc/init.d/openerp-server

In the configuration file there’s an entry for the server’s log file. We need to create that directory first so that the server has somewhere to log to and also we must make it writeable by the openerp user:

#sudo mkdir /var/log/openerp
#sudo chown openerp:root /var/log/openerp

Step 8. Testing the server
To start the OpenERP server type:

#sudo /etc/init.d/openerp start

You should now be able to view the logfile and see that the server has started.

#less /var/log/openerp/openerp-server.log

If there are any problems starting the server you need to go back and check. There’s really no point ploughing on if the server doesn’t start…

Here is the file which you need to copy paste in /etc/init.d/openerp

#!/bin/sh

### BEGIN INIT INFO
# Provides:             openerp-server
# Required-Start:       $remote_fs $syslog
# Required-Stop:        $remote_fs $syslog
# Should-Start:         $network
# Should-Stop:          $network
# Default-Start:        2 3 4 5
# Default-Stop:         0 1 6
# Short-Description:    Enterprise Resource Management software
# Description:          Open ERP is a complete ERP and CRM software.
### END INIT INFO

PATH=/bin:/sbin:/usr/bin
DAEMON=/opt/openerp/server/openerp-server
NAME=openerp-server
DESC=openerp-server

# Specify the user name (Default: openerp).
USER=openerp

# Specify an alternate config file (Default: /etc/openerp-server.conf).
CONFIGFILE="/etc/openerp-server.conf"

# pidfile
PIDFILE=/var/run/$NAME.pid

# Additional options that are passed to the Daemon.
DAEMON_OPTS="-c $CONFIGFILE"

[ -x $DAEMON ] || exit 0
[ -f $CONFIGFILE ] || exit 0

checkpid() {
    [ -f $PIDFILE ] || return 1
    pid=`cat $PIDFILE`
    [ -d /proc/$pid ] && return 0
    return 1
}

case "${1}" in
        start)
                echo -n "Starting ${DESC}: "

                start-stop-daemon --start --quiet --pidfile ${PIDFILE} \
                        --chuid ${USER} --background --make-pidfile \
                        --exec ${DAEMON} -- ${DAEMON_OPTS}

                echo "${NAME}."
                ;;

        stop)
                echo -n "Stopping ${DESC}: "

                start-stop-daemon --stop --quiet --pidfile ${PIDFILE} \
                        --oknodo

                echo "${NAME}."
                ;;

        restart|force-reload)
                echo -n "Restarting ${DESC}: "

                start-stop-daemon --stop --quiet --pidfile ${PIDFILE} \
                        --oknodo
      
                sleep 1

                start-stop-daemon --start --quiet --pidfile ${PIDFILE} \
                        --chuid ${USER} --background --make-pidfile \
                        --exec ${DAEMON} -- ${DAEMON_OPTS}

                echo "${NAME}."
                ;;

        *)
                N=/etc/init.d/${NAME}
                echo "Usage: ${NAME} {start|stop|restart|force-reload}" >&2
                exit 1
                ;;
esac

exit 
#--------------------------------------------------------------

Enjoy.................

If you want a shell script so let me know ..

Thursday, May 8, 2014

Install Syslog Server (Syslog-ng) on CentOS

Syslog-NG and CentOS 6.x


Requirements:

  • CentOS 6.x (or other Redhat based flavor)
  • Internet Connectivity
  • chkconfig (yum install chkconfig)
  • wget (yum install wget)

Installation:

Install the prerequisite first.
 # yum install chkconfig wget

Install EPEL Repositories:
  1. Login to your server as root (or su root)
  2. Type: cd /root
  3. Type (Current link as of this post):
#wget http://dl.fedoraproject.org/pub/epel/6Server/i386/epel-release-6-8.noarch.rpm
 #rpm -Uvh /root/epel-release-6-8.noarch.rpm
#yum repolist
Install Syslog-NG:
 Run update check:
 #yum check-update
To see if this will impact any other software on your system.
Check the availability of Syslog-NG by typing:
yum list *syslog-ng*

Configure CentOS Services, Stop Rsyslog, and Start Syslog-NG:
Disable rsyslog: 
#chkconfig rsyslog off
Confirm rsyslog is disabled:
#chkconfig syslog-ng on

service rsyslog stop
service syslog-ng start
  1. Example Configuration for Syslog-NG:
    1. Add the following to the END of /etc/syslog-ng/syslog-ng.conf:
      # My Switches
      source s_navneet { 
              udp(ip(0.0.0.0) port(514));
              tcp(ip(0.0.0.0) port(514)); 
      };
      
      destination d_navneet {
              file(
                      "/var/log/navneet/$HOST-$YEAR$MONTH$DAY.log"
                      perm(644)
                      create_dirs(yes)
              );
      };
      
       
      log { source(s_navneet); destination(d_navneet); };
      This will basically take ALL (udp/tcp 0.0.0.0) syslog data and place it into /var/log/navneet. The names of the files are based off the host name and date. For example, if you have switch named MYSWITCH and the current date is May 8th, 2014… the full path and file name would be: /var/log/navneet/nrathi-VBox-20140508.log
    2. *** DO NOT modify any other portion of the file unless you are certain you know what you are doing!
    3. Restart the syslog-ng service to implement changes:
      [root@myserver syslog-ng]# service syslog-ng restart
      Stopping syslog-ng:                                        [  OK  ]
      Starting syslog-ng:                                        [  OK  ]
    4. Delete Old Syslog-NG Files:
    5. Login as root Type:  
    6. crontab -e
    7. Add the following to your crontab file:
# Delete Old Syslog Files
# 3 AM, Every Sunday
0 3 * * 0 /usr/bin/find /var/log/cisco -maxdepth 1 -mtime 90 -name *.log -exec rm {} \;
Change the "90" to your desired number of days.

ClamAV Installation and Scanning on CentOS

  ClamAV open source antivirus engine


ClamAV is an open source (GPL) antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats. It is the de facto standard for mail gateway scanning. It provides a high performance mutli-threaded scanning daemon, command line utilities for on demand file scanning, and an intelligent tool for automatic signature updates

CentOS 6 – 32-bit
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

 CentOS 6 – 64-bit

rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

 CentOS 5 – 32-bit

rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm

 CentOS 5 – 64-bit

rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
After running the above commands for your relevant CentOS version, the following file is created:
/etc/yum.repos.d/epel.repo
The above file can be edited directly to enable or disable the EPEL repo.

2. Install required ClamAV packages
yum install clamav clamd

3. Start the clamd service and set it to auto-start

/etc/init.d/clamd on
chkconfig clamd on
/etc/init.d/clamd start

4. Update ClamAV’s signatures

/usr/bin/freshclam
Note: ClamAV will update automatically, as part of /etc/cron.daily/freshclam.

B. Configure Daily Scan

In this example, we will configure a cronjob to scan the /home/ directory every day:

1. Create cron file:

vim /etc/cron.daily/manual_clamscan
Add the following to the file above. Be sure to change SCAN_DIR to the directory that you want to scan:
#!/bin/bash
SCAN_DIR="/home"
LOG_FILE="/var/log/clamav/manual_clamscan.log"
/usr/bin/clamscan -i -r $SCAN_DIR >> $LOG_FILE
Give our cron script executable permissions:
chmod +x /etc/cron.daily/manual_clamscan
You can even run the above script to ensure that it works correctly.
And you’re done! That should be the minimum required to
 00 10 * * * * root freshclam 
This command will update ClamAV database at 10 am every day.
Good Luck ....!!!