Difference between revisions of "AppSuite:Open-Xchange Installation Guide for CentOS 6"
|Line 74:||Line 74:|
$ tail -f -n200 /var/log/open-xchange/open-xchange.log.0
$ tail -f -n200 /var/log/open-xchange/open-xchange.log.0
Revision as of 19:28, 23 January 2013
- 1 Open-Xchange App Suite on CentOS6 Linux
- 2 Requirements
- 3 Add Open-Xchange Repository
- 4 Updating repositories and installing packages
- 5 Open-Xchange configuration
- 6 Configure services
- 7 Adding services to runlevels
- 8 Creating contexts and users
- 9 Log files and issue tracking
- 10 Performance & Tuning Tips
Open-Xchange App Suite on CentOS6 Linux
This article will guide you through the installation of OX App Suite, it describes the basic configuration and software requirements. As it is intended as a quick walk-through it assumes an existing installation of the operating system and requires average system administration skills. More, this guide will show you how to setup a basic installation with none of the typically used distributed environment settings. The objective of this guide is:
- To setup a single server installation
- To setup a database for a single database service, no replication
- To setup a single Open-Xchange instance, no cluster
- To provide a basic configuration setup, no mailserver configuration
- Plain installed CentOS6 with latest updates
- A configured internet connection
- httpd - Apache web server
Add Open-Xchange Repository
Open-Xchange maintains public available software repositories for different platforms, such as RHEL. This repository should be added to the RHEL installation to enable simple installation and updates.
Start a console and create a software repository file for Open-Xchange:
$ vim /etc/yum.repos.d/ox.repo
[ox-appsuiteui] name=Open-Xchange-appsuiteui baseurl=http://software.open-xchange.com/products/appsuite/stable/appsuiteui/RHEL6/ gpgkey=http://software.open-xchange.com/oxbuildkey.pub enabled=1 gpgcheck=1 metadata_expire=0m [ox-backend] name=Open-Xchange-backend baseurl=http://software.open-xchange.com/products/appsuite/stable/backend/RHEL6/ gpgkey=http://software.open-xchange.com/oxbuildkey.pub enabled=1 gpgcheck=1 metadata_expire=0m # if you have a valid maintenance subscription, please uncomment the # following and add the ldb account data to the url so that the most recent # packages get installed [ox-updates-appsuiteui] name=Open-Xchange Updates-appsuiteui baseurl=http://LDBACCOUNT:LDBPASSWORD@software.open-xchange.com/products/appsuite/stable/appsuiteui/updates/RHEL6/ gpgkey=http://software.open-xchange.com/oxbuildkey.pub enabled=1 gpgcheck=1 metadata_expire=0m [ox-updates-backend] name=Open-Xchange Updates-backend baseurl=http://LDBACCOUNT:LDBPASSWORD@software.open-xchange.com/products/appsuite/stable/backend/updates/RHEL6/ gpgkey=http://software.open-xchange.com/oxbuildkey.pub enabled=1 gpgcheck=1 metadata_expire=0m
In case there are issues with an username and password containing URL unsafe characters, e.g. an @, they have to be entered URL encoded. Details can be found at http://www.w3schools.com/tags/ref_urlencode.asp
Updating repositories and installing packages
Reload the package index. This will download the package descriptions available at the software repositories:
$ yum update
The following command starts the download and installation process of all required package for Open-Xchange deployment:
If you want to install everything on a single server, just run
$ yum install open-xchange open-xchange-authentication-database open-xchange-grizzly \ open-xchange-admin open-xchange-appsuite \ open-xchange-appsuite-backend open-xchange-appsuite-manifest
Note 1: You have to choose between one of the available authentication packages depending on your requirements.
To avoid confusion right at the start notice that Open-Xchange uses multiple administration levels and requires different credentials at some stages at the installation and server management. Note that the passwords chosen at this guide are weak and should be replaced by stronger passwords.
- The MySQL database user
- Username: openexchange
- Password used at this guide: db_password
- Responsibility: Execute all kinds of database operations
- The Open-Xchange Admin Master
- Username: oxadminmaster
- Password used at this guide: admin_master_password
- Responsibility: Manage contexts, manage all kinds of low level server configuration
- The Context Admin
- Username: oxadmin
- Password used at this guide: admin_password
- Responsibility: Manage users/groups/resources inside a context
As stated above we assume the MySQL service has been installed previously, and it is running and available.
A good idea is to add the Open-Xchange binaries to PATH:
$ echo PATH=$PATH:/opt/open-xchange/sbin/ >> ~/.bashrc && . ~/.bashrc
Now we have to initialize the Open-Xchange configdb database. This can all be done by executing the initconfigdb script.
$ /opt/open-xchange/sbin/initconfigdb --configdb-pass=db_password -a --mysql-root-passwd=root_password
Use the --mysql-root-passwd option to supply the MySQL root password as configured during database installation.
Add the -i option if you want to remove an already existing open-xchange configdb.
Note: The -a parameter adds an openexchange account to MySQL. This account will be used for database connections from the OX App Suite middleware and requires some privileges. You can also create that account manually during database installation / configuration, in which case you can (should) skip the -a parameter here.
Before starting any service, all basic configuration files need to be set up correctly. The --configdb-pass option indicates the password of the openexchange database user previously created, the --master-pass options specifies the password of the Open-Xchange adminmaster user that will be created when executing the oxinstaller script.
Important: You should have your Open-Xchange license code at hand. If you do not plan to license Open-Xchange, you can use the option --no-license instead. Please also check OXReportClient documentation for more information about configuring a supported and maintained Open-Xchange server.
Important: For MAX_MEMORY_FOR_JAVAVM a rule of thumb for simple installations is half available system memory. The value must be in MB. For example "1024" for 1GB .
$ /opt/open-xchange/sbin/oxinstaller --add-license=YOUR-OX-LICENSE-CODE \ --servername=oxserver --configdb-pass=db_password \ --master-pass=admin_master_password --ajp-bind-port=localhost --servermemory MAX_MEMORY_FOR_JAVAVM
Note: In a clustered setup, --ajp-bind-port must be set to *
Now is a good time to configure the way OX will authenticate to your mail server. Edit the file /opt/open-xchange/etc/mail.properties and change the com.openexchange.mail.loginSource to use. This is very important for servers that require your full email address to log in with.
# adjust com.openexchange.mail.loginSource $ vim /opt/open-xchange/etc/mail.properties
After initializing the configuration, start the Open-Xchange service by executing:
$ /etc/init.d/open-xchange start
Next we have to register the local server at the Open-Xchange configdb database:
$ /opt/open-xchange/sbin/registerserver -n oxserver -A oxadminmaster -P admin_master_password
Now we have to create a local directory that should be used as Open-Xchange filestore. This directory will contain all Infostore content and files attached to groupware objects. To maintain access by the Open-Xchange Groupware service, it is required to grant permissions to the open-xchange system user.
$ mkdir /var/opt/filestore $ chown open-xchange:open-xchange /var/opt/filestore
Now register the directory as a filestore at the Open-Xchange server:
$ /opt/open-xchange/sbin/registerfilestore -A oxadminmaster -P admin_master_password \ -t file:/var/opt/filestore -s 1000000
Note: You might want to adapt the value provided with -s, the "The maximum size of the filestore in MB", see registerfilestore --help.
Note 2: If you are setting up OX App Suite, you need a shared filestore accross your OX servers even though you do not plan to have the OX Files feature enabled for your customers.
Finally register the groupware database, this is a separated database where all groupware specific data is stored:
$ /opt/open-xchange/sbin/registerdatabase -A oxadminmaster -P admin_master_password \ -n oxdatabase -p db_password -m true
Now as the Open-Xchange Server has been set up and the database is running, we have to configure the Apache webserver and the mod_proxy_ajp module to access the groupware frontend. To gain better GUI performance, the usage of mod_expires and mod_deflate is strongly recommended. Those modules will limit the amount of client requests and compress the delivered content. The default installation of the Apache webserver on CentOS provides a welcome screen which is not necessary for server operation, it can be removed by deleting the corresponding configuration file:
$ rm /etc/httpd/conf.d/welcome.conf
Configure the mod_proxy_ajp module by creating a new Apache configuration file.
$ vim /etc/httpd/conf.d/proxy_ajp.conf
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so <IfModule mod_proxy_ajp.c> ProxyRequests Off ProxyStatus On # Please note that the servlet path to the soap API has changed: <Location /webservices> # restrict access to the soap provisioning API Order Deny,Allow Deny from all Allow from 127.0.0.1 # you might add more ip addresses / networks here # Allow from 192.168 10 172.16 </Location> # The old path is kept for compatibility reasons <Location /servlet/axis2/services> Order Deny,Allow Deny from all Allow from 127.0.0.1 </Location> # Enable the balancer manager mentioned in # http://oxpedia.org/wiki/index.php?title=AppSuite:Running_a_cluster#Updating_a_Cluster <IfModule mod_status.c> <Location /balancer-manager> SetHandler balancer-manager Order Deny,Allow Deny from all Allow from 127.0.0.1 </Location> </IfModule> <Proxy balancer://oxcluster> Order deny,allow Allow from all # multiple server setups need to have the hostname inserted instead localhost BalancerMember ajp://localhost:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=APP1 # Enable and maybe add additional hosts running OX here # BalancerMember ajp://oxhost2:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=APP2 ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On </Proxy> # The standalone documentconverter(s) within your setup (if installed) # Make sure to restrict access to backends only # See: http://httpd.apache.org/docs/$YOUR_VERSION/mod/mod_authz_host.html#allow for more infos #<Proxy balancer://oxcluster_docs> # Order Deny,Allow # Deny from all # Allow from backend1IP # BalancerMember ajp://converter_host:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 keepalive=On route=APP3 # ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On # SetEnv proxy-initial-not-pooled # SetEnv proxy-sendchunked #</Proxy> # When specifying additional mappings via the ProxyPass directive be aware that the first matching rule wins. Overlapping urls of # mappings have to be ordered from longest URL to shortest URL. # # Example: # ProxyPass /ajax balancer://oxcluster_with_100s_timeout/ajax # ProxyPass /ajax/test balancer://oxcluster_with_200s_timeout/ajax/test # # Requests to /ajax/test would have a timeout of 100s instead of 200s # # See: # - http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass Ordering ProxyPass Directives # - http://httpd.apache.org/docs/current/mod/mod_proxy.html#workers Worker Sharing ProxyPass /ajax balancer://oxcluster/ajax ProxyPass /appsuite/api balancer://oxcluster/ajax ProxyPass /drive balancer://oxcluster/drive ProxyPass /infostore balancer://oxcluster/infostore ProxyPass /servlet balancer://oxcluster/servlet ProxyPass /webservices balancer://oxcluster/webservices #ProxyPass /documentconverterws balancer://oxcluster_docs/documentconverterws ProxyPass /usm-json balancer://oxcluster/usm-json ProxyPass /Microsoft-Server-ActiveSync balancer://oxcluster/Microsoft-Server-ActiveSync </IfModule>
Modify the default website settings to display the Open-Xchange GUI
$ vim /etc/httpd/conf.d/ox.conf
<VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www/html <Directory /var/www/html> Options -Indexes +FollowSymLinks +MultiViews AllowOverride None Order allow,deny allow from all RedirectMatch ^/$ /appsuite/ </Directory> <Directory /var/www/html/appsuite> Options None +SymLinksIfOwnerMatch AllowOverride Indexes FileInfo </Directory> </VirtualHost>
If you want to secure your Apache setup via HTTPS (which is highly recommended) or if you have proxies in front of your Apache please follow the instructions at:
to properly instruct the backend about the security status of the connection and the remote IP used to contact the backend.
After the configuration is done, restart the Apache webserver
$ /etc/init.d/httpd restart
Adding services to runlevels
The new services are now installed and configured, but to make them start up on a server boot, they need to be added to some runlevels:
$ chkconfig --level 345 mysqld on $ chkconfig --level 345 httpd on $ chkconfig --level 345 open-xchange on
Creating contexts and users
Now as the whole setup is complete and you already should get a login screen when accessing the server with a webbrowser, we have to setup a context and a default user as the last step of this tutorial.
The mapping defaultcontext will allow you to set this context as the default one of the entire system so that users which will be created within this context can login into Open-Xchange Server without specifying their domain at the login screen. Only one context can be specified as defaultcontext. The oxadmin user that will be created by this command is the default admin of the created context. This account will gather additional functions that are also described in the administration manual. The context id parameter must to be unique and numeric, otherwise the server will complain when you try to create a context. New contexts must be created by the oxadminmaster user, user accounts inside a context are created with the credentials of the contexts oxadmin account. The access-combination-name property defines the set of available modules and functions for users of the context.
$ /opt/open-xchange/sbin/createcontext -A oxadminmaster -P admin_master_password -c 1 \ -u oxadmin -d "Context Admin" -g Admin -s User -p secret -L defaultcontext \ -e firstname.lastname@example.org -q 1024 --access-combination-name=all
Create a user for testing purposes:
$ /opt/open-xchange/sbin/createuser -c 1 -A oxadmin -P secret -u testuser \ -d "Test User" -g Test -s User -p secret -e email@example.com \ --imaplogin testuser --imapserver 127.0.0.1 --smtpserver 127.0.0.1
Now connect to the server with a webbrowser and login using the credentials testuser / secret.
Log files and issue tracking
Whenever unexpected or erroneous behavior takes place, it will be logged depending on the configured loglevel. All logfiles are stored at the operating systems default location. Events triggered by the Open-Xchange Groupware services are logged to a rotating file open-xchange.log, events triggered by the Open-Xchange Administration service are logged to open-xchange-admin.log. Those files are the very first place to monitor.
$ tail -f -n200 /var/log/open-xchange/open-xchange.log.0
Performance & Tuning Tips
Depending on your setup and the user accounts, it´s often helpful to know, how to get a better performance from the complete system. This section will try to assist you, how to tune the components within an OX setup, before you need to install a second server, add more RAM, add new CPU to existing servers.
Since OX itself used very specific features from MySQL like InnoDB instead of MyISAM as DB Engine, it´s often needed, how to increase performance of the OX databases. In general, you should always monitor your MySQL system via tools like "munin", to see when your system reaches it´s limits. Once, you recognized, the system responds more and more slowly, you start to read and research on the internet how to change your mysql configuration, specially, the my.cnf file. But due to the fact, that nearly every system is different in regards of hardware etc. you cannot just copy&paste existing configurations. At this point, a tool called "mysqltuner.pl" can help you. MySQLTuner is a script written in Perl that will assist you with your MySQL configuration and make recommendations for increased performance and stability. Within seconds, it will display statistics about your MySQL installation and the areas where it can be improved. To work with this tool, you need unrestricted read access to the MySQL server (OS root access is recommended). Just download and execute as shown below, and modify your existing my.cnf configuration file.
IMPORTANT INFO: The MySQL system must run for several days, to gather statistics and informations about queries etc. from OX. After these days, you should execute mysqltuner.pl script. It does not work if you run it directly after installing an OX/MySQL setup. You can force traffic to OX while writing automatic testcases or jmeter plans.
As already said, this is just ONE way to analyze MySQL systems. You can also check MYSQL.com for a consultant service or similar.
Make the PERL script executable:
$ chmod +x mysqltuner.pl
Execute the PERL script:
If prompted, enter your MySQL credentials and read carefully through the complete output of the script. Now you have very good informations, how to change your mysql system.