System Installation With Internet Access on Astra Linux

Note

Below is an example of system installation on Astra Linux 1.7.X "Smolensk"

Warning

The instruction is actual for installation of Universe MDM version 6.9 and later, as the system has switched from Elasticsearch to Opensearch

Before you start:

• Update the repository lists and install the main packages that allow you to work with files:

  sudo apt update && sudo apt upgrade && \
  sudo apt install mc vim -y
  

JAVA Installation

1. Run the following command:

   sudo apt install default-jdk
   

2. Check version (open JDK 11):

   javac -version
   

Installing Opensearch

It is recommended to install Opensearch 2.7.0 in a closed loop. See the link for detailed instructions.

PostgreSQL Installation

1. Configure the repositories. The contents of the /etc/apt/sources.list file should take the following form:

   # Astra Linux repository description https://wiki.astralinux.ru/x/0oLiC
   # Main repository
   deb https://dl.astralinux.ru/astra/stable/1.7_x86-64/repository-main/     1.7_x86-64 main contrib non-free
   # Operational updates to the main repository
   deb https://dl.astralinux.ru/astra/stable/1.7_x86-64/repository-update/   1.7_x86-64 main contrib non-free
   # Basic repository
   deb https://dl.astralinux.ru/astra/stable/1.7_x86-64/repository-base/     1.7_x86-64 main contrib non-free
   # Extended repository
   deb https://dl.astralinux.ru/astra/stable/1.7_x86-64/repository-extended/ 1.7_x86-64 main contrib non-free
   # Extended repository (astra-ce component)
   deb https://dl.astralinux.ru/astra/stable/1.7_x86-64/repository-extended/ 1.7_x86-64 astra-ce
   

2. After updating the file, execute the command:

   sudo apt update && sudo apt install postgresql-12 -y
   

3. Check if the daemon is running after installation:

   systemctl status postgresql
   

• Location of the main configuration files:

  /etc/postgresql/12/main/postgresql.conf /etc/postgresql/12/main/pg_hba.conf
  

Customizing PostgreSQL

1. Log in to the postgres service user session:

   sudo su postgres
   

2. Set the DBMS administrator password:

   psql -c "alter user postgres with password '<specify_password>'"
   

3. Instead of the text <password>, set your password

   • The password is enclosed in single quotes;

   • The entire command is enclosed in double quotes.

4. Create a database of the universe:

   psql -c "CREATE DATABASE universe"
   

5. End work in the postgres service user session:

   exit
   

Configuring postgresql.conf and pg_hba.conf

1. Configure postgresql.conf in a text editor:

   vi /etc/postgresql/12/main/postgresql.conf
   

2. Check the values and uncomment the following parameters (are default parameters):

   max_prepared_transactions = 300
   max_connections = 1000
   port = 5432
   listen_addresses = '*'
   

3. Configure postgresql.conf in a text editor:

   vi /etc/postgresql/12/main/pg_hba.conf
   

4. Sections of the /etc/postgresql/12/main/pg_hba.conf file should take the following form:

   # Database administrative login by Unix domain socket
   local   all             postgres                                peer
   
   # TYPE  DATABASE        USER            ADDRESS                 METHOD
   
   # "local" is for Unix domain socket connections only
   local   all             all                                     md5
   # IPv4 local connections:
   host    all             all             127.0.0.1/32            trust
   # IPv6 local connections:
   host    all             all             ::1/128                 trust
   # Allow replication connections from localhost, by a user with the
   # replication privilege.
   local   replication     all                                     peer
   host    replication     all             127.0.0.1/32            scram-sha-256
   host    replication     all             ::1/128                 scram-sha-256
   

5. To apply the changes, restart PostgreSQL:

   sudo systemctl restart postgresql
   

6. Configure active firewalls by allowing access to the postgresql network port (default is port 5432).

   • For the ufw network screen:

     sudo ufw allow 5432/tcp
     

   • For firewalld firewall:

     sudo firewall-cmd --add-service=postgresql --zone=internal --permanent
     

Possible problem when adding a port in ufw (may occur during dist update without reboot): ERROR: Couldn't determine iptables version

Solution:

sudo update-alternatives --set iptables /usr/sbin/iptables-legacy
sudo shutdown -r now
sudo ufw allow ssh
sudo ufw allow 5432/tcp
sudo ufw enable
sudo ufw status ##Checking status ufw

Installing Tomcat

1. Download the Tomcat 9 archive from the official website https://dlcdn.apache.org/tomcat/.

2. Create a user:

   sudo useradd -m -U -s /bin/false tomcat
   

3. The tomcat directory is located at /<OFFLINE_REP>/tomcat-9. After running the command above, a tomcat user will be created with the home directory /opt/tomcat-9.

4. Copy the folder to /opt/:

   sudo cp -rv /<OFFLINE_REP>/tomcat-9/* /opt/tomcat-9
   

5. To create the daemon, copy the file ./<OFFLINE_REP>/conf_files/tomcat.service to /etc/systemd/system/:

   cp -v MDM_6.X_Astra_1.7.X/conf_files/tomcat.service /etc/systemd/system/
   

6. Reload the daemons:

   systemctl daemon-reload
   

Installing Universe App

Universe is installed in offline mode. For detailed instructions, see the link.