Automated Installation
Step 1: Installation requirements
You need a valid Baruwa enterprise subscription, which provides you with a server entitlement as well as an activation key to activate the entitlement.
Enable the EPEL repository
The EPEL repository is a volunteer-based community effort from the Fedora project to create a repository of high-quality add-on packages for Red Hat Enterprise (RHEL) and its compatible spinoffs such as CentOS, Oracle Enterprise Linux or Scientific Linux. You can find more details on EPEL including how to add it to your host at http://fedoraproject.org/wiki/EPEL and http://fedoraproject.org/wiki/EPEL/FAQ#howtouse.
You need to enable this repo in order to access required packages:
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
Install Spacewalk client packages
Baruwa Enterprise Edition entitlements are managed by the Baruwa Network. The Baruwa Network uses the Spacewalk server to manage entitlements. In order to access the Baruwa Enterprise Edition repository you need to install the Spacewalk client tools. These tools are provided by the Spacewalk project via a yum repository which you need to enable:
rpm -Uvh http://yum.spacewalkproject.org/1.9/RHEL/6/x86_64/spacewalk-client-repo-1.9-1.el6.noarch.rpm
Having enabled the Spacewalk repository you can now install the Spacewalk client packages:
yum install rhn-client-tools rhn-check rhn-setup rhnsd m2crypto yum-rhn-plugin -y
Install Baruwa signing keys
The packages in the Baruwa Centos/RHEL/SL enterprise repository are cryptographically signed using GPG keys. The package containing these GPG keys needs to be manually installed before continuing to the next step:
rpm -Uvh https://www.baruwa.com/downloads/baruwa-enterprise-release-6-2.noarch.rpm
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-BARUWA-ENTERPRISE-6
Activate Entitlement
The Baruwa Centos/RHEL/SL enterprise repository is available to subscribers only. To install from this repo you need to activate the entitlement for the server that you are installing.
The server entitlement activation key
is emailed to you when you purchase a
subscription. Use the activation key
to register your server with the
Baruwa Network using the command below:
rhnreg_ks --serverUrl=https://bn.baruwa.com/XMLRPC --activationkey=<activation-key>
Step 2: Installation
Install any available system updates:
yum upgrade -y
Install puppet:
yum install puppet -y
Download and install the puppet toaster from the baruwa.com website:
curl -O https://www.baruwa.com/downloads/puppet-toaster-latest.tar.bz2
tar xjvf puppet-toaster-latest.tar.bz2 -C /etc/puppet/
Create a puppet host manifest for your host by copying the provided sample:
export NCFG=/etc/puppet/manifests/toasters/baruwa/init.pp
export CCFG=/etc/puppet/manifests/toasters/baruwa/$(hostname).pp
cp ${NCFG} ${CCFG}
chown root:root ${CCFG}
chmod 0600 ${CCFG}
Edit the manifest file and set the options to reflect the host you are installing.
Make sure you change the following options
Note
Don’t use the '
, "
, @
, #
and :
characters in the passwords or usernames
Option | Description |
---|---|
$pgsql_password | Postgresql admin password |
$baruwa_admin_user | Baruwa admin username |
$baruwa_admin_email | Baruwa admin user email |
$baruwa_admin_passwd | Baruwa admin user password |
$baruwa_pgsql_passwd | Baruwa Postgresql password |
$baruwa_timezone | Server Timezone |
$baruwa_session_secret | Session encryption key |
$baruwa_app_uuid | Baruwa application UUID |
$baruwa_rabbitmq_passwd | Baruwa RabbitMQ password |
$baruwa_quarantine_host_url | Quarantine URL |
$baruwa_web_vhost | Baruwa virtual host name |
$baruwa_web_serveraliases | Baruwa server aliases |
$baruwa_mail_host | Mail server hostname |
$baruwa_bayes_pgsql_pass | Bayes Postgresql password |
$baruwa_cluster_peers | Hostnames of other nodes that are in the cluster. Must be hostnames not IP Addresses |
$baruwa_cluster_peer_ips | IP addresses of other nodes that are in the cluster Must be IP addresses not hostnames |
$baruwa_cluster_id | The cluster ID of this node Must be an integer |
$baruwa_quarantine_shared | Enables and disables shared quarantine features |
$baruwa_theme_path | Sets the Themes directory |
$baruwa_custom_name | Sets the custom product name for rebranding |
$baruwa_custom_url | Sets the url for the product |
$sphinx_enable_wildcard | Enable Sphinx wildcard indexing, enabling this will use more disk space |
$baruwa_dkim_selector | Sets the DKIM selector name |
$openssl_country_code | SSL Certificate country code |
$openssl_ca_name | SSL CA name |
$openssl_province_name | SSL Certificate province |
$openssl_city_name | SSL city name |
$openssl_org_name | SSL organization name |
Review the other settings and set accordingly.
SSL Certificates
The Baruwa web interface should ran over SSL/TLS, other services such as SMTP AUTH
only work over SSL/TLS as well. So you need to either purchase a valid SSL certificate
or puppet will automatically generate one non recognised SSL certificate for you using
the openssl_
options you have configured in the manifest file. This certificate
that is automatically generated uses the hostname
of the server.
Note
We have partnered with the SSLShop to bring you discounted
SSL certificate pricing. RapidSSL CA
signed certificates can
be purchased at discounted pricing using the Discount coupon
“BARUWA” from http://www.sslshop.co.za
If you have a SSL certificate that is issued by a recognised CA and would like Baruwa to use it, install it prior to running puppet:
mkdir -p /etc/pki/baruwa/{certs,private}
Create the following files
/etc/pki/baruwa/certs/$(hostname).pem
with the contents of your SSL certificate/etc/pki/baruwa/private/$(hostname).key
with the contents of your SSL private key
If your hostname
is different from the name you would like to use to access
the web interface, you need to create a certificate/key pair for that name.
Replace baruwa.example.com
with your web name. This web name should be the same
as what you have set as $baruwa_web_vhost
in the manifest file
/etc/puppet/manifests/toasters/baruwa/$(hostname).pp
.
/etc/pki/baruwa/private/baruwa.example.com.key
/etc/pki/baruwa/certs/baruwa.example.com.pem
If your hostname
is different from the mail server hostname you would like to
use, then you need to create a certificate/key pair for that in the following files.
Replace baruwa.example.com
with your mail server hostname. The mail server
hostname should correspond with the setting $baruwa_mail_host
in the manifest file
/etc/puppet/manifests/toasters/baruwa/$(hostname).pp
.
/etc/pki/baruwa/certs/baruwa.example.com.pem
/etc/pki/baruwa/private/baruwa.example.com.key
If you have a wildcard certificate with all your names being subdomains of that domain to which the certificate is issued then you can create symlinks to each of the names for the certificates and keys.
Run Puppet
Run puppet using the manifest file that you created. This will take some time while it sets up your server. When the command finishes you will have a fully working Baruwa installation:
puppet apply /etc/puppet/manifests/toasters/baruwa/$(hostname).pp
Note
If any of the tasks fails, rerun the above command. If you still have failures after running the command multiple times, then contact Support.
Step 3: Finalize configuration
Now that the installation and setup are complete, you need to finalize the setup by Adding a scanning Node, Add an Organization, Adding a Domain and Adding an Account.
Review the Administrators guide for other configuration and setup options available.
Step 4: Advanced options
Baruwa Enterprise Edition supports clustering, addons, additional AV engines as well as customisation using themes. If you intend on using these features read the following topics.
Step 5: Getting help
Support and assistance are available to you, refer to Support for details on how to get help.