Installing Bedework: Difference between revisions

Separate Data Volume

This thing is pretty big and has potential to get bigger still, so separate to a new filesystem.

Check what volume groups are present ... in this case vgs_webhost is SSD based disk and vgd_webhost is hard drives

  [root@webhost ~]# pvscan
    PV /dev/vdb1   VG vgd_webhost   lvm2 [3.90 GiB / 3.90 GiB free]
    PV /dev/vda2   VG vgs_webhost   lvm2 [31.00 GiB / 7.18 GiB free]
    Total: 2 [34.90 GiB] / in use: 2 [34.90 GiB] / in no VG: 0 [0   ]

Peel off a logical volume from the hard drive surce

  [root@webhost ~]# lvcreate -L 2G -n bedework vgd_webhost
    Logical volume "bedework" created.

Make the filesystem

  [root@webhost ~]# mkfs /dev/mapper/vgd_webhost-bedework 
  mke2fs 1.42.9 (28-Dec-2013)
  Filesystem label=
  OS type: Linux
  Block size=4096 (log=2)
  Fragment size=4096 (log=2)
  Stride=0 blocks, Stripe width=0 blocks
  131072 inodes, 524288 blocks
  26214 blocks (5.00%) reserved for the super user
  First data block=0
  Maximum filesystem blocks=536870912
  16 block groups
  32768 blocks per group, 32768 fragments per group
  8192 inodes per group
  Superblock backups stored on blocks: 
  	32768, 98304, 163840, 229376, 294912
  
  Allocating group tables: done                            
  Writing inode tables: done                            
  Writing superblocks and filesystem accounting information: done 

Add the new volume to fstab

  [root@webhost ~]# vi /etc/fstab

This is the entry

  /dev/mapper/vgd_webhost-bedework /var/lib/bedework          ext4    defaults        1 2

Make the mountpoint

  [root@webhost ~]# mkdir  /var/lib/bedework/

Use -a flag to double check /etc/fstab entry

[root@webhost ~]# mount -a

Check

  [root@webhost ~]# df -h /var/lib/bedework/
  Filesystem                        Size  Used Avail Use% Mounted on
  /dev/mapper/vgd_webhost-bedework  2.0G  3.0M  1.9G   1% /var/lib/bedework

Privilege Separation

Bedework comes as an all in one self contained system in the style of the old school Unix days. However, given the large number of moving parts, this isn't a bad plan. In order to prevent any other processes using anything in the bedework zone of operations, and vice versa, bedework has it's own user account and group, the files all go in the bedework home directory, to which only the bedework user has access.

All of the following is based on procedures from The Bedework Manual

Create the group

  # groupadd -r bedework

Find out the gid

  # getent group bedework
  bedework:x:508:

A local system account with a home directory in /var/lib and that gid

  # useradd -r -g 508 -c "Bedework User" -d /var/lib/bedework -m -s /bin/bash bedework

Check the account

  # fgrep bede /etc/passwd
  bedework:x:542:508:Bedework User:/var/lib/bedework:/bin/bash

No need for a password, this user will be accessed either from root, or by ssh key.

Download and install

Download Bedework Here

Login as user bedework

Fetch the zipfile, warning, it's 350+ Megabytes

  [bedework@webhost ~]$ wget "http://dev.bedework.org/downloads/3.10.2/quickstart-3.10.2.zip"
  --2015-12-03 23:52:50--  http://dev.bedework.org/downloads/3.10.2/quickstart-3.10.2.zip
  Resolving dev.bedework.org (dev.bedework.org)... 128.113.2.72
  Connecting to dev.bedework.org (dev.bedework.org)|128.113.2.72|:80... connected.
  HTTP request sent, awaiting response... 200 OK
  Length: 383332167 (366M) [application/zip]
  Saving to: ‘quickstart-3.10.2.zip’
  
  100%[=============================================================================>] 383,332,167  860KB/s   in 6m 39s 
  
  2015-12-03 23:59:29 (939 KB/s) - ‘quickstart-3.10.2.zip’ saved [383332167/383332167]

Then unpack it