Install Relution on CentOS
Preparation
Make sure your system is up-to-date.
sudo yum -y update
During this installation some files will need to be edited manually. If you are familiar with vim set it as default editor with the commands below. If you are not familiar with vim please skip this and keep using the default editor. |
sudo yum -y install vim
sudo update-alternatives --install /usr/bin/editor editor /usr/bin/vim 100
Install dependencies
Install the required packages, including Java.
We currently recommend the use of OpenJDK 11 (JRE). Most vendors treat this version as a long term support (LTS) release. Make sure to read our change log for the most up-to-date information. |
sudo yum -y install java-11-openjdk unzip wget
Configure Java home
echo "export JAVA_HOME=/usr" | sudo tee -a /etc/profile.d/relution_profile.sh
source /etc/profile
Verify the changes have taken effect.
echo $JAVA_HOME
You should see the configured path (/usr
).
Create a Relution user
Create an unprivileged user to be used by the Relution service.
sudo useradd -s /usr/bin/false -r relution
This creates an unprivileged user with the name relution that will be
used to run the Relution service. This is done for security reasons
since running services with root
privileges is not recommended.
Download Relution
Download and extract the latest Relution package.
sudo wget https://repo.relution.io/package/latest/relution-package.zip --directory-prefix=/opt
sudo unzip /opt/relution-package.zip -d /opt
Change owner of the relution
directory:
sudo chown -R relution:relution /opt/relution
Basic Relution configuration
Change to /opt/relution:
cd /opt/relution
Download Relution configuration file:
sudo wget https://raw.githubusercontent.com/relution-io/relution-setup/master/native/Linux/opt/relution/application.yml.template
Edit the application.yml.template
which is stored at /opt/relution and adjust it to your environment.
All values that must be replaced have placeholders in the form of
%VALUE%
, for example %MYSQL_PASSWORD%
. You must at least replace the
following values:
Placeholder | Description |
---|---|
%EXT_HOSTNAME_URL% |
The external URL of your Relution server, e.g. https://mdm.example.com |
%MYSQL_PASSWORD% |
The password of the |
%SMTP_HOSTNAME% |
The hostname of your SMTP server |
%SMTP_PORT% |
The port of your SMTP server (default: 25) |
%SMTP_USERNAME% |
The username of a user on the SMTP server |
%SMTP_PASSWORD% |
The password of a user on the SMTP server |
%SYSTEM_ADMIN_PASSWORD% |
The initial password of the system administrator. Change this after first sign in |
%SYSTEM_ADMIN_EMAIL% |
The system administrator’s email address |
%ORG_UNIQUE_NAME% |
The unique name of the initial Relution organization to create. Must only contain alphanumeric characters and no blanks. |
%ORG_DISPLAY_NAME% |
The name of the initial Relution organization to create |
%ADM_USERNAME% |
The username of the organization administrator. Must only contain alphanumeric characters and no blanks. |
%ADM_PASSWORD% |
The initial password of the organization administrator. Change this after first sign in |
%ADM_FIRST_NAME% |
The name of the organization administrator |
%ADM_LAST_NAME% |
The family name of the organization administrator |
Consider the use of pwgen to generate the initial password for
your administrative account. We recommend to change the password after
you sign in for the first time.
|
Move the file to the Relution server’s installation directory:
sudo mv application.yml.template /opt/relution/application.yml
Make sure only root can edit this file and allow relution to read it.
sudo chown root:relution /opt/relution/application.yml
sudo chmod 640 /opt/relution/application.yml
Verify installation
To verify that setup until this point is correct, start the Relution service in the foreground.
cd /opt/relution
sudo -u relution JAVA_HOME=/usr bin/relution-foreground.sh
Wait for the Relution service to start up. Once the terminal output has stopped moving you should be able to connect to the service with a browser. To connect from a remote machine, make sure port 8080 is open in the machine’s firewall. For security reasons you should close this port once the service has been configured. Users will connect to the service using ports 80/443 served by nginx.
http://<hostname>:8080
To temporarily allow connections on port 8080 until the next server reboot:
sudo firewall-cmd --zone=public --add-port=8080/tcp
If everything is working, you should see the Relution portal and you can
log in with the administrative account configured in the
application.yml
. For security reasons you should change the password
of the administrator after you sign in. Consider removing the initial
organization and administrator configuration from the application.yml
for security reasons.
If you receive errors, verify that you completed all steps above. Use
Ctrl+C
to stop the service and wait for the service to shut down. If
the service does not stop, use Ctrl+C
again to force it to stop.
Create systemd service file
To start Relution as a system service, create a systemd service file for Relution. You can download the file from our GitHub repository.
sudo wget https://raw.githubusercontent.com/relution-io/relution-setup/master/native/Linux/etc/systemd/system/relution.service.template
Move the file to the systemd directory
sudo mv relution.service.template /etc/systemd/system/relution.service
Reload the systemd daemon to pick up the new service.
sudo systemctl daemon-reload
Make sure Relution’s directories are still accessible to the service. If
the application was previously started as root
it may otherwise be
unable to write to its log file or temp directory.
sudo chown -R relution:relution /opt/relution
sudo chown -R relution:relution /tmp/relution.tmp
Start Relution and make sure the service is started automatically after a system reboot.
sudo systemctl start relution
sudo systemctl enable relution
To monitor the service’s startup you can follow its log file (Press Ctrl+C to exit).
tail -f /opt/relution/log/relution.log
Wait for the Relution service to start up. You should once again be able to connect to the service with a browser.
http://<hostname>:8080
It is also a good idea to close the firewall port that was opened for testing at this point. Otherwise the port will remain open until the next system reboot. If nginx will be installed on another machine you can skip this step and continue with the firewall configuration below.
sudo firewall-cmd --zone=public --remove-port=8080/tcp
Firewall configuration
If you install nginx on another machine, you need to permanently open
port 8080
on this machine, so nginx can talk to Relution. If nginx is
going to be installed on the same machine you can skip these steps.
Replace ADDRESS with the IP address and netmask of the
machine or network you want to grant access to this Relution instance.
Examples: Use 192.168.0.1/32 to grant access to the machine with the
IP address 192.168.0.1. Use 192.168.0.0/24 to grant access to any
machine in the IP address range 192.168.0.x. When in doubt, consult
your network administrator.
|
sudo firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="###ADDRESS###" port protocol="tcp" port="8080" accept'
sudo firewall-cmd --reload