Personal Services Hub: memset miniserver install

Submitted by code_admin on Mon, 07/23/2018 - 11:25

Document details my steps and checks setting up Personal Services on my memset mini server.

Hard Disk and bandwidth look ok
RAM: I only have 512 and I already use most of it with Apache etc. putting Personal services on it might kill it.

Ram before I start:

  1. top - 16:10:06 up 25 days, 20:37,  1 user,  load average: 0.00, 0.03, 0.05
  2. Tasks:  78 total,   1 running,  77 sleeping,   0 stopped,   0 zombie
  3. %Cpu(s):  0.0 us,  0.3 sy,  0.0 ni, 99.7 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
  4. KiB Mem:    501572 total,   487716 used,    13856 free,    58484 buffers
  5. KiB Swap:        0 total,        0 used,        0 free.   154236 cached Mem
  6.  
  7.   PID USER      PR  NI    VIRT    RES    SHR S %CPU %MEM     TIME+ COMMAND
  8.     1 root      20   0   33408   3576   2280 S  0.0  0.7   0:01.21 init
  9.     2 root      20   0       0      0      0 S  0.0  0.0   0:00.00 kthreadd
  10.     3 root      20   0       0      0      0 S  0.0  0.0   0:01.35 ksoftirqd/0
  11.     4 root      20   0       0      0      0 S  0.0  0.0   0:00.00 kworker/0:0
  12.     5 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 kworker/0:0H
  13.     7 root      20   0       0      0      0 S  0.0  0.0   0:06.25 rcu_sched
  14.     8 root      20   0       0      0      0 S  0.0  0.0   0:00.00 rcu_bh
  15.     9 root      rt   0       0      0      0 S  0.0  0.0   0:00.00 migration/0
  16.    10 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 khelper
  17.    11 root      20   0       0      0      0 S  0.0  0.0   0:00.00 kdevtmpfs
  18.    12 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 netns
  19.    13 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 perf
  20.    14 root      20   0       0      0      0 S  0.0  0.0   0:02.70 kworker/u2:1
  21.    17 root      20   0       0      0      0 S  0.0  0.0   0:00.50 xenwatch
  22.    19 root      20   0       0      0      0 S  0.0  0.0   0:00.00 xenbus
  23.    23 root      20   0       0      0      0 S  0.0  0.0   0:00.63 khungtaskd
  24.    25 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 writeback
  25.    27 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 crypto
  26.    28 root      20   0       0      0      0 S  0.0  0.0   1:56.18 kworker/0:1
  27.    30 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 bioset
  28.    32 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 kblockd
  29.    55 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 rpciod
  30.    58 root      20   0       0      0      0 S  0.0  0.0   0:00.39 kswapd0
  31.    60 root      20   0       0      0      0 S  0.0  0.0   0:00.00 fsnotify_mark
  32.    62 root      20   0       0      0      0 S  0.0  0.0   0:00.00 ecryptfs-kthrea
  33.    64 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 nfsiod
  34.    65 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 cifsiod
  35.    67 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 xfsalloc
  36.    69 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 xfs_mru_cache
  37.    71 root       0 -20       0      0      0 S  0.0  0.0   0:00.00 xfslogd
  38.   169 root      20   0       0      0      0 S  0.0  0.0   0:00.00 khvcd                      

Server is ubuntu 14.04.
To make java install work:

  1. apt-get install software-properties-common

Install Java 8 using Java ubuntu install

Put hole in firewall

  1. iptables -L -nv
  2. iptables -A INPUT -p tcp --dport 8127 -j ACCEPT
  3. iptables -A INPUT -p tcp --dport 8128 -j ACCEPT
  4. iptables -A INPUT -p tcp --dport 5643 -j ACCEPT

I made the rules permanent by adding them to /etc/iptables.rules

  1. vi /etc/iptables.rules
  2. /etc/init.d/firewall stop
  3. /etc/init.d/firewall start

Create User for personal services to run as

  1. sudo useradd -d /home/pers_ser -m pers_ser
  2. sudo useradd pers_ser_data

Generate java Keystore

(See also Lets Encrypt)

Make SSL Key and Keystore from already generated key
Run commands as root

  1. mkdir ~/tmp_per_ser_ssl
  2. cd ~/tmp_per_ser_ssl

Setup some common vars to use in this process

  1. CERT=TODOCERTLOCATION.cert  <-Must use FULL Chain to work with IFTTT
  2. PRIVATE_KEY=TODOPRIVKEYLOCATION.key
  3. SSL_KEYSTORE_PASS=TODOSETPASS
  4. SSL_KEY_PASS=TODOSETPASS
  5. TMP_PASS=TODOSETTMPPASS

We now have a key and a signed cert for this key. We need to make a Java KeyStore for this. When prompted give the password TMPPASS.

  1. openssl pkcs12 -export -in ${CERT} -inkey ${PRIVATE_KEY} -out ~/tmp_per_ser_ssl/dev_mylinkedthings_com.p12 -name dev_mylinkedthings_com

Convert the PKCS12 to a Java Keystore File.

  1. keytool -importkeystore -deststorepass ${SSL_KEYSTORE_PASS} -destkeypass ${SSL_KEY_PASS} -destkeystore ~/tmp_per_ser_ssl/keystore.jks -srckeystore ~/tmp_per_ser_ssl/dev_mylinkedthings_com.p12 -srcstoretype PKCS12 -srcstorepass ${TMP_PASS} -alias dev_mylinkedthings_com

Finally copy the keystore into the correct location and let the personal services user alter it:

  1. mkdir /home/pers_ser/javakeystore
  2. mv ~/tmp_per_ser_ssl/keystore.jks /home/pers_ser/javakeystore/.
  3. cd ~
  4. rm -rf tmp_per_ser_ssl
  5. cd /home/pers_ser
  6. chown -R pers_ser javakeystore/
  7. chgrp -R pers_ser javakeystore/

This was then automated as lets encrypt certs are renewed every 90 days

Setup

Before setting up su to per_ser

Then follow ubuntu setup process with the following options:

  1. Multi Node Server
  2. Host: dev.mylinkedthings.com
  3. Port: Standard
  4. Type: WEBSERVER
  5. Server Name: My Linked Things - Development
  6. AdminWebServerPort: 8127
  7. Java keystore: /home/pers_ser/javakeystore/keystore.jks

Free ram after install and running

  1. top - 16:44:03 up 25 days, 21:11,  1 user,  load average: 0.25, 0.25, 0.18
  2. Tasks:  79 total,   1 running,  78 sleeping,   0 stopped,   0 zombie
  3. %Cpu(s):  0.0 us,  0.0 sy,  0.0 ni, 99.7 id,  0.0 wa,  0.0 hi,  0.0 si,  0.3 st
  4. KiB Mem:    501572 total,   491632 used,     9940 free,    11796 buffers
  5. KiB Swap:        0 total,        0 used,        0 free.   139588 cached Mem

Almost run out. May cause problems
Tried connecting:
https://dev.mylinkedthings.com:8127/app

It wasn't working. I don't think memset has a firewall.
I tried checking it was listening:

  1. lsof -i :8127

I checked my server was running and I ran the command on the server:

  1. wget https://dev.mylinkedthings.com:8127/app --no-check-certificate

I verified that I got the log in page.

For some reason it worked once it was a proper filewall rule. Maybe because the firewall rules need to be added in order.

Setup custom svcControl.sh which won't be overwritten

Reinstalls will write new svcControl scripts.
Copy to a custom one so we don't have a problem with overwriting:

  1. cp /home/pers_ser/PersonalServices/svcControl.sh /home/pers_ser/PersonalServices/svcControlCUSTOM.sh

Setup Start at correct run level

Switch to root

  1. ln -s /home/pers_ser/PersonalServices/svcControlCUSTOM.sh /etc/init.d/personalservices
  2. chown -R pers_ser_data /home/pers_ser/PersonalServices/log
  3. chgrp -R pers_ser_data /home/pers_ser/PersonalServices/log
  4. chown -R pers_ser_data /home/pers_ser/PersonalServices/Data
  5. chgrp -R pers_ser_data /home/pers_ser/PersonalServices/Data

Not documented - changes to .svcControl so it correctly starts and stops services under pers_ser_data user
Command to check it is working

  1. ps -u pers_ser_data

Make it run if the server reboots:

  1. update-rc.d personalservices defaults

Tags

RJM Article Type
Work Notes