Skip to content

Latest commit

 

History

History
178 lines (141 loc) · 5.01 KB

INSTALL.md

File metadata and controls

178 lines (141 loc) · 5.01 KB
Raw

Hardware requirements

As the service doesn't actively store all the results from the data sources, there is no need for a large disk space. An average server with 4GB RAM and 50GB HDD will be good enough to start.

Database

Continue as root. MongoDB is being used as a local database. Install the latest version according the official tutorial: https://docs.mongodb.com/manual/administration/install-on-linux/.

Start and enable a database service:

systemctl start mongod
systemctl enable mongod

MongoDB setup:

  1. Run a database shell:
mongosh
  1. Create a new database:
use graphoscope
  1. Add a user with minimal needed permissions:
db.createUser(
  {
    user: "graphoscope",
    pwd: passwordPrompt(),
    roles: [
       { role: "readWrite", db: "graphoscope" }
    ]
  }
)

... enter a password when asked and exit the MongoDB shell.

  1. Edit /etc/mongod.conf to enable authorization:
security:
  authorization: enabled
  1. Restart the service to apply changes:
systemctl restart mongod

Get the source code for the dev. environment

Create directories and copy the source in there:

mkdir -p /opt/go/src/github.com/cert-lv
cd /opt/go/src/github.com/cert-lv
git clone https://github.com/cert-lv/graphoscope
mkdir -p graphoscope/build/plugins

Makefile and Docker are used to test, build and deploy Graphoscope on a remote server.

cd /opt/go/src/github.com/cert-lv/graphoscope/
cp Makefile.example Makefile

and edit Makefiles according to your needs: set a REMOTE variable to your remote user and host, replace docker command with podman in case it's being used in your system.

Development host setup

⚠️ To simplify things here we use the same database for everything.

Configure a Graphoscope service:

cd /opt/go/src/github.com/cert-lv/graphoscope/
cp definitions/sources/demo.yaml.example definitions/sources/demo.yaml
cp files/groups.json.example files/groups.json
cp files/formats.yaml.example files/formats.yaml
cp graphoscope.yaml.example graphoscope.yaml
cp Dockerfile.example Dockerfile

Edit graphoscope.yaml:

  • Set database's user/password from the previous setup
  • Enter a unique authenticationKey, encryptionKey in a sessions section
  • Set certFile and keyFile to certs/graphoscope.crt and certs/graphoscope.key

Install the latest official version of Golang and run:

export GOPATH=/opt/go
apt install gcc make
go get
make plugins-local
go run *.go

Open in a browser: https://server:443, where server is your host IP.

Production server setup

Dev. host can be used to deploy the necessary files on a prod. server, local installation from a release archive also is possible. On the prod. server install a musl, C standard library.

On DEB based systems:

apt install musl-dev make
ln -s /usr/lib/x86_64-linux-musl/libc.so /lib/libc.musl-x86_64.so.1

To deploy from a dev. host:

cd $GOPATH/src/github.com/cert-lv/graphoscope
make compile
make install-remote

With a local installation download the latest release from https://github.com/cert-lv/graphoscope/releases to the remote host and run:

mkdir graphoscope
tar xf graphoscope-linux-amd64-*.tar.gz -C graphoscope
cd graphoscope
cp Makefile.example Makefile
make install

Edit /etc/graphoscope/graphoscope.yaml according to your needs and paths:

  • database's url: mongodb://localhost:27017, user/password from the previous steps
  • unique authenticationKey, encryptionKey in a sessions section. The last one must be exactly 18 characters long
  • leave environment: dev at the moment

Start the service:

systemctl start graphoscope
systemctl enable graphoscope

Now there is an HTTPS service running on port TCP 443. If there are no errors - replace default graphoscope.crt and graphoscope.key with your own HTTPS cert & key and restart a Graphoscope service:

systemctl restart graphoscope

It is useful from time to time to remove all dangling docker images to free disk space:

docker image prune
docker volume prune

Updating

Download the latest release from https://github.com/cert-lv/graphoscope/releases to update a local installation and run:

mkdir graphoscope
tar xf graphoscope-linux-amd64-*.tar.gz -C graphoscope
cd graphoscope
cp Makefile.example Makefile
make update
systemctl start graphoscope

or update a remote server from a dev. environment:

make compile
make update-remote
ssh root@<server-ip> systemctl start graphoscope

... where <server-ip> is a remote host. Copy graphoscope.yaml if its structure was changed.

Postinstallation setup

Sign up to the Web GUI, press top-right Options icon and follow the documentation section Administration to set administrators and connect your own data sources. After that in /etc/graphoscope/graphoscope.yaml you can set environment: prod and restart the Graphoscope service.