Installation: Red Hat 8
Introduction
These installation instructions are a guide to installing an OCS reporting server built on Apache Nifi, PostgreSQL and Apache Superset. It is assumed by these instructions that the target platform is Red Hat 8.
It is strongly recommended that the following instructions are used to deploy the reporting services on to one or more dedicated hosts. It is particularly crucial that the reporting services are not installed on to an node that is running real time call control or OCS servers.
Pre-Requisites
These instructions rely on installing a variety of tools into a Linux-based server. The following pre-requisites are assumed for this installation guide:
- The server OS is Red Hat 8 (any version).
- For installation of Apache Superset, the server OS has full access to the internet. Apache Nifi and PostgreSQL can be installed with only
dnf
(oryum
access to official Red Hat repositories - or satellite repositories).
Install and Configure Apache
For proxying through standard HTTP ports, install a HTTP proxy. In these instructions Apache HTTPD is used:
dnf install httpd
Once installed, tweak SELinux. As Red Hat 8 uses SELinux for security, some restrictions must be lifted.
Allow proxying via http to work. As root:
/usr/sbin/setsebool -P httpd_can_network_connect 1
Apache Nifi
Installation
To install Apache Nifi, first install Java:
dnf install java-latest-openjdk
Download the latest Apache Nifi (v1.13 or later) from the Apache Nifi downloads page. Download the binary file:
cd /var/tmp/
VERSION=1.13.2
wget https://apache.inspire.net.nz/nifi/${VERSION}/nifi-${VERSION}-bin.tar.gz
The Nifi toolkit is not required. Next, uncompress and install the package:
cd /opt
tar zvfx /var/tmp/nifi-${VERSION}-bin.tar.gz
Then, install the new version of Nifi, assuming /opt/nifi
links to a previous install of Nifi:
rm /opt/nifi
ln -s nifi-${VERSION} nifi
Next, create the Nifi data directory, if it doesn’t exist:
mkdir -p /opt/nifi-data
Configuration
boostrap.conf
The bootstrap configuration file determines the basic variables for running Nifi. Of primary importance is the memory usage for Nifi. Real time processing of OCS EDRs requires sufficient memory for managing a relatively significant stream of data, even on smaller installations:
Edit bootstrap.conf
:
vi /opt/nifi/conf/bootstrap.conf
Update at least the following variables:
Variable | vALUE |
---|---|
java.arg.2 |
-Xms2048m |
java.arg.3 |
-Xmx2048m |
zookeeper.properties
Nifi uses Apache Zookeeper to handle Nifi node clustering. Nifi clustering is out of scope of this installation guide, however the Zookeeper configuration must still be correct.
Edit the zookeeper configuration:
vi /opt/nifi/conf/zookeeper.properties
Update at least the following variables:
variable | value |
---|---|
dataDir |
/opt/nifi-data/state/zookeeper |
nifi.properties
Apache Nifi uses a properties file to determine working directories and other system-specific configuration:
Edit the Nifi configuration:
vi /opt/nifi/conf/nifi.properties
Update at least the following variables:
variable | value |
---|---|
nifi.nar.working.directory |
/opt/nifi-data/work/nar |
nifi.documentation.working.directory |
/opt/nifi-data/work/docs/components |
nifi.database.directory |
/opt/nifi-data/database_repository |
nifi.flowfile.repository.directory |
/opt/nifi-data/flowfile_repository |
nifi.content.repository.directory.default |
/opt/nifi-data/content_repository |
nifi.provenance.repository.directory.default |
/opt/nifi-data/provenance_repository |
nifi.web.jetty.working.directory |
/opt/nifi-data/work/jetty |
nifi.sensitive.props.key |
Set this to a secure key |
Consider also changing nifi.web.http.host
to the local IP (not loopback) for access, however only perform this change if a HTTPS relay is not being used, and the host is within a secure environment (as Apache Nifi does not provide secure access).
stateless.properties
The final Nifi configuration file is “stateless” configuration. Edit the file:
vi /opt/nifi-data/conf/stateless.properties
variable | value |
---|---|
nifi.stateless.working.directory |
/opt/nifi-data/work/stateless |
Startup Configuration
To run Nifi automatically on system startup, configure and enable Superset using systemd
. As root
, place the following file contents in /etc/systemd/system/nifi.service
:
[Unit]
Description=Apache NiFi
After=network.target
[Service]
Type=forking
User=root
Group=root
ExecStart=/opt/nifi/bin/nifi.sh start
ExecStop=/opt/nifi/bin/nifi.sh stop
ExecRestart=/opt/nifi/bin/nifi.sh restart
[Install]
WantedBy=multi-user.target
Then to ensure the new configuration is loaded, run:
systemctl daemon-reload
Web Proxy
It is trivial to proxy to Apache Nifi through Apache HTTP (or any other web proxy). The following apache configuration can be placed in a file such as /etc/httpd/conf.d/nifi.conf
:
#
# N-Squared example Nifi proxy configuration
#
<VirtualHost *:80>
#ServerName nifi.nsquared.co.nz
RedirectMatch ^/$ /nifi
# Everything is proxied
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto "http"
# RequestHeader add X-ProxyHost "nifi.nsquared.co.nz"
RequestHeader set X-Forwarded-Port "80"
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
</VirtualHost>
Then restart apache:
systemctl restart httpd
BI Database Installation
The N-Squared OCS reporting database is deployed on PostgreSQL and utilises DbMaintain for schema maintenance. DbMaintain is a simple tool for managing databases as they change over time.
Install PostgreSQL
The reporting database requires PostgreSQL to be installed:
dnf install dnf install postgresql-server
Create the postgres instance and enable:
postgresql-setup --initdb
systemctl enable postgresql
systemctl start postgresql
Change the auth approach for postgres to allow username/password logins:
vi /var/lib/pgsql/data/pg_hba.conf
and change:
host all all 127.0.0.1/32 ident
host all all ::1/128 ident
to:
host all all 127.0.0.1/32 md5
host all all ::1/128 md5
Once installed, the reporting database can be created.
For the reporting database, the OCS uses the following schemas which will be created in the n2reporting
database by the following instructions:
n2ocs
- The reporting schema for the OCS.
The content of this schema is then able to be created by the SQL in the /opt/nsquared/n2ocs/db/reportingdb/sql
directory.
Database Creation
Edit the configuration file /opt/nsquared/ocs/db/reportingdb/dbmaintain.properties
to configure the connection to the reporting database (i.e. usename, password, URL).
However, before running dbmaintain
the first time, the database itself needs
creation:
-
Change user to the
postgres
user:sudo su - postgres
-
Create a report writer, and report reader user for the database. Note that report readers may be configured based on organisation procedures other than shown here - however following instructions to configure Nifi and Superset connectivity will require changing. You will need to type in the password:
createuser -P n2ocs_report_writer createuser -P n2ocs_report_reader
-
Create the database (if it doesn’t already exist):
createdb -O n2ocs_report_writer n2reporting
-
Create the database schema, owned by the report writer user.
psql n2reporting CREATE SCHEMA n2ocs AUTHORIZATION n2ocs_report_writer;
-
Confirm database login works, and set the schema search path.
psql -h localhost -U n2ocs_report_writer n2reporting ALTER ROLE n2ocs_report_writer SET search_path TO n2ocs,public;
psql -h localhost -U n2ocs_report_reader n2reporting ALTER ROLE n2ocs_report_reader SET search_path TO n2ocs,public;
-
As the database superuser, grant login:
psql n2reporting ALTER ROLE n2ocs_report_writer LOGIN; ALTER ROLE n2ocs_report_reader LOGIN;
Database Server Creation and Updates
Once the reporting database is created database updates are all performed through DbMaintain. DbMaintain will automatically apply the necessary changes. To run:
-
Edit the
reportingdb/dbmaintain.properties
file and set database password appropriately. -
Run:
cd /opt/nsquared/ocs/db/ export DBMAINTAIN_JDBC_DRIVER=/usr/share/dbmaintain/postgresql-42.3.1.jar /usr/share/dbmaintain/dbmaintain.sh updateDatabase -config reportingdb/dbmaintain.properties
Apache Superset
User Creation
To ensure security, create a superset user. As root:
groupadd superset
useradd -d /opt/superset -g superset -m -s `which bash`
then set the superset user password:
passwd superset
Python venv Creation
Ensure that python 3.6
or later is installed:
dnf install python3-rpm python3-pip
Ensure that Python’s pip
is as up-to-date as possible. Use the RPM provided PIP to bootstrap a newer version. Do this as the superset user:
su - superset
python3 -m pip install --user --upgrade pip
and then install Python’s virtual environment solution:
python3 -m pip install --user virtualenv
and finally create the superset virtual environment as the superset
user:
cd /opt/superset
python3 -m venv env
Install Superset
Install Superset into the created virtual environment. This requires upgrading pip again, and then finally installing Apache Superset. As the superset
user:
. env/bin/activate
pip install --upgrade pip
pip install apache-superset
pip install gunicorn # for web server execution
Configure Superset
Most Superset configuration is performed in the GUI. Before the GUI can be accessed, run the following commands. These commands depend on the Superset version installed, so it is recommended that the official Superset installation instructions are checked as well.
As the superset
user:
superset db upgrade
export FLASK_APP=superset
superset fab create-admin
The last command will force you to create the first administration user. Set an appropriate administration username and password, then run:
superset init
Manual Startup
For testing and debuggin purposes, Superset can be started from the command line using the command:
superset run --host=0.0.0.0 -p 8088 --with-threads --reload --debugger
This runs Apache Superset using the built-in web server in the foreground on port 8088, accessible across all network interfaces available.
Startup Configuration
To run Superset automatically, configure and enable Superset using systemd
. As root
, place the following file contents in /etc/systemd/system/superset.service
:
[Unit]
Description = Apache Superset Webserver Daemon
After = network.target
[Service]
PIDFile = /opt/superset/superset-webserver.PIDFile
User = superset
Group = superset
Environment=SUPERSET_HOME=/opt/superset
Environment=PYTHONPATH=/opt/superset
WorkingDirectory = /opt/superset
ExecStart =/opt/superset/venv/bin/python3.6 /opt/superset/venv/bin/gunicorn --workers 8 --worker-class gevent --bind 0.0.0.0:8888 --pid /opt/superset/superset-webserver.PIDFile superset:app
ExecStop = /bin/kill -s TERM $MAINPID
[Install]
WantedBy=multi-user.target
Web Proxy
It is trivial to proxy to Apache Superset through Apache HTTP (or any other web proxy). The following apache configuration can be placed in a file such as /etc/httpd/conf.d/superset.conf
:
#
# N-Squared example superset proxy configuration
#
<VirtualHost *:80>
#ServerName superset.nsquared.co.nz
RedirectMatch ^/$ /superset/welcome
# Everything is proxied
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto "http"
RequestHeader set X-Forwarded-Port "80"
ProxyPass / http://127.0.0.1:8088/
ProxyPassReverse / http://127.0.0.1:8088/
</VirtualHost>
Then restart apache:
systemctl restart httpd