Centos/RHEL/SL Manual installation

Enable the EPEL repository

The EPEL repository is a volunteer-based community effort from the Fedora project to create a repository of high-quality add-on packages for Red Hat Enterprise (RHEL) and its compatible spinoffs such as CentOS, Oracle Enterprise Linux or Scientific Linux. You can find more details on EPEL including how to add it to your host at http://fedoraproject.org/wiki/EPEL and http://fedoraproject.org/wiki/EPEL/FAQ#howtouse.

You need to enable this repo in order to access required packages:

rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

Install Spacewalk client packages

Baruwa Enterprise Edition entitlements are managed by the Baruwa Network. The Baruwa Network uses the Spacewalk server to manage entitlements. In order to access the Baruwa Enterprise Edition repository you need to install the Spacewalk client tools. These tools are provided by the Spacewalk project via a yum repository which you need to enable:

rpm -Uvh http://yum.spacewalkproject.org/1.9/RHEL/6/x86_64/spacewalk-client-repo-1.9-1.el6.noarch.rpm

Having enabled the Spacewalk repository you can now install the Spacewalk client packages:

yum install rhn-client-tools rhn-check rhn-setup rhnsd m2crypto yum-rhn-plugin -y

Install Baruwa signing keys

The packages in the Baruwa Centos/RHEL/SL enterprise repository are cryptographically signed using GPG keys. The package containing these GPG keys needs to be manually installed before continuing to the next step:

rpm -Uvh https://www.baruwa.com/downloads/baruwa-enterprise-release-6-2.noarch.rpm
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-BARUWA-ENTERPRISE-6

Activate Entitlement

The Baruwa Centos/RHEL/SL enterprise repository is available to subscribers only. To install from this repo you need to activate the entitlement for the server that you are installing.

The server entitlement activation key is emailed to you when you purchase a subscription. Use the activation key to register your server with the Baruwa Network using the command below:

rhnreg_ks --serverUrl=https://bn.baruwa.com/XMLRPC --activationkey=<activation-key>

Step 2a: PostgreSQL

This is the database backend used by Baruwa to store data. You only have to install the server if you are going to run the database on the system system as Baruwa:

yum install postgresql-server postgresql-plpython -y

We now need to set a password on the postgresql postgres admin account, we use the password strongPgP4ss change this for your environment.:

chown postgres.postgres /var/lib/pgsql
echo "strongPgP4ss" > /tmp/ps
su postgres -c "/usr/bin/initdb /var/lib/pgsql/data --auth='password' --pwfile=/tmp/ps -E UTF8"
rm -rf /tmp/ps

You now need to configure the authentication settings on your postgresql server, edit your pg_hba.conf file and change the entries to the following:

cat > /var/lib/pgsql/data/pg_hba.conf << 'EOF'
# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
local   all         all                               md5
host    all         all         127.0.0.1/32          md5
host    all         all         ::1/128               md5
EOF

Configure the server to use the UTC timezone as the default timezone:

sed -e "s/^#timezone = \(.*\)$/timezone = 'UTC'/" -i /var/lib/pgsql/data/postgresql.conf

Restart the service for the configuration changes to take effect:

service postgresql restart

With the server now started you can proceed to configuration. Here we will create a Baruwa postgresql database user account as well as a database to store Baruwa data.

We’re going to assume that the database is called baruwa, the postgresql user is called baruwa, and the password is verysecretpw.

Create the database user:

psql -Upostgres postgres -c "CREATE ROLE baruwa WITH LOGIN PASSWORD 'verysecretpw';"

Create the database:

createdb -U postgres -E UTF8 -O baruwa -T template1 baruwa

Baruwa uses functions written in the plpgsql and plpythonu procedural languages. Enable these languages in the db:

psql -U postgres baruwa -c "CREATE LANGUAGE plpgsql;"
psql -U postgres baruwa -c "CREATE LANGUAGE plpythonu;"

Step 2b: RabbitMQ

The RabbitMQ server is used as the message broker to handle the processing on backend tasks such as releasing messages, reading queues and providing host status information.

Run the following commands to install and start RabbitMQ on your system.:

yum install rabbitmq-server -y
service rabbitmq-server start

Now create a virtual host and a RabbitMQ user to be used by Baruwa.

We’re going to assume that the virtual host is called baruwa, the RabbitMQ user is called baruwa, and the password is mysecretpwd.

Create the user account, the virtual host and give the user permissions on the virtual host:

rabbitmqctl add_user baruwa mysecretpwd
rabbitmqctl add_vhost baruwa
rabbitmqctl set_permissions -p baruwa baruwa ".*" ".*" ".*"

Remove the guest user:

rabbitmqctl delete_user guest

Step 2c: Sphinx

The Sphinx search server provides fast indexed search results to queries submitted via Baruwa.

Run the following commands to install and start sphinx on your system:

yum install sphinx

Set the required database settings:

sed -i -e 's:sql_host =:sql_host = 127.0.0.1:' \
        -e 's:sql_user =:sql_user = baruwa:' \
        -e 's:sql_pass =:sql_pass = verysecretpw:' \
        -e 's:sql_db =:sql_db = baruwa:' /etc/sphinx/sphinx.conf

Start the Sphinx server:

service searchd restart

Step 2d: Memcached

Memcached is used to cache data and alleviate the load on the database backend as well as store sessions:

yum install memcached -y
service memcached start

Step 2e: MailScanner

MailScanner is the integrated engine that performs the various checks used to identify and classify spam and various threats.

Baruwa manages the MailScanner configuration by storing the configurations in the PostgreSQL Database. MailScanner signatures can also be managed using Baruwa for both domains and individual users.

Install MailScanner:

yum install mailscanner -y

Sample configuration files for MailScanner and exim are provided in the source under extras/config/exim and extras/config/mailscanner. Please review and reuse.

Step 2f: Nginx

Nginx is the web server available in Baruwa Enterprise. Install it by running:

yum install nginx -y

Create the Baruwa Nginx configuration file /etc/nginx/conf.d/baruwa.conf with the following contents.

# -*- coding: utf-8 -*-
# Baruwa - Web 2.0 MailScanner front-end.
# Copyright (C) 2010-2012  Andrew Colin Kissa <andrew@topdog.za.net>
# vim: ai ts=4 sts=4 et sw=4
upstream baruwacluster {
    ip_hash;
    server unix:///var/run/baruwa/baruwa.sock;
}

server {
        listen [::]:80;
        server_name _;
        access_log /var/log/nginx/baruwa-access.log combined;
        error_log /var/log/nginx/baruwa-error.log;
        charset utf-8;
        keepalive_requests    50;
        keepalive_timeout     300 300;
        server_tokens off;
        root /usr/lib/python2.6/site-packages/baruwa/public;
        index index.html index.htm;
        client_max_body_size 25M;
        location ~*/(imgs|js|css)/ {
          root /usr/lib/python2.6/site-packages/baruwa/public;
          expires max;
          add_header Cache-Control "public";
          break;
        }
        location = /favicon.ico {
          root /usr/lib/python2.6/site-packages/baruwa/public/imgs;
          expires max;
          add_header Cache-Control "public";
          break;
        }
        location / {
          uwsgi_pass baruwacluster;
          include uwsgi_params;
          uwsgi_param SCRIPT_NAME '';
          uwsgi_param UWSGI_SCHEME $scheme;
        }
}

Start the Nginx service:

service nginx restart

Step 4a: Create configuration files

Create the configuration file:

paster make-config baruwa /etc/baruwa/production.ini

Set the sqlalchemy database url:

sed -i -e 's|baruwa:@127.0.0.1:5432/baruwa|baruwa:verysecretpw@127.0.0.1:5432/baruwa|' \
        /etc/baruwa/production.ini

Set the broker password and enable the queues:

sed -i -e 's:broker.password =:broker.password = mysecretpwd:' \
        -e "s:snowy.local:$(hostname):g" \
        -e 's:^#celery.queues:celery.queues:'/etc/baruwa/production.ini

Check the configuration file and ensure that the baruwa.timezone option matches the timezone configured on your server. Take time to review the other options to ensure that they are correct for your setup.

Step 4b: Populate the database

Creation of functions written in plpythonu requires PostgreSQL admin user access. So we create them in this step using the postgres admin account:

psql -U postgres baruwa -f /usr/lib/python2.6/site-packages/baruwa/config/sql/admin-functions.sql

The creation of all database tables, addition of initial data and the creation of an admin user is taken care of via this Pylons command:

paster setup-app /etc/baruwa/production.ini

Step 4c: Create the sphinx indexes

The initial sphinx search indexes need to be created by running the command:

indexer --all --rotate

Step 4d: Start the celery daemon

Start the celeryd daemon:

service baruwa start

Step 4e: Link uwsgi configuration

Link the Baruwa configuration to the uwsgi configuration directory:

ln -s /etc/baruwa/production.ini /etc/uwsgi
service uwsgi restart