Installing NOMASX-1 on Linux
Table of contents
TIP
PODMAN is fastest way to install NOMASX-1. Even if it is possible to install each component separately, using podman is better because all is preconfigured
1. Requirements
- RAM : 8Go
- DISK : 60 Go
- CPU : 2vCPU
The server should have an access to internet to download all images and applications sources from Github and Oracle Registry Container.
Podman works rootless, you can create a user to start all containers with a specific user and without using root
groupadd nomasx1
useradd -g nomasx1 nomasx1
Check if SELINUX is enabled and change mode to permissive
sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
********************
** CHECK MODE **
Current mode: enforcing
Mode from config file: enforcing
********************
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 31
Set secure Linux to permissive by editing the “/etc/selinux/config” file, making sure the SELINUX flag is set as follows.
SELINUX=permissive
Once the change is complete, restart the server or run the following command.
setenforce Permissive
Disable firewall
systemctl stop firewalld
systemctl disable firewalld
systemctl status firewalld
2. Install Podman
dnf -y install podman podman-docker buildah skopeo dnf-utils zip unzip tar gzip git
dnf -y update
Add the user created previously to be able to start container rootless
touch /etc/subuid /etc/subgid
usermod --add-subuids 100000-165535 --add-subgids 100000-165535 nomasx1
podman system migrate
Set storage for images and volume (optional). By default, if podman is running rootless, stoage path is into $HOME directory for the user. You can change the path by modifying the config file /etc/containers/storage.conf
# Storage path for rootless users
#
# rootless_storage_path = "$HOME/.local/share/containers/storage"
rootless_storage_path = "/app/containers/$USER/storage"
3. Enable service and check status
systemctl enable --now podman.socket
systemctl status podman.socket
4. Download components
The Repository is private because this application is under licence. Ask for credentials to download
git clone https://github.com/fblettner/nomasx1-containers.git
Enter login and password
cd nomasx1-containers/data
./getdata.sh (this will download and unzip the preconfigured Oracle Database)
Give rights for user inside the container
podman unshare chown -R 54321:54321 data/oradata
5. Start all containers
Login to OCI to be able to start all containers (this is a one time only task)
podman login https://lhr.ocir.io
Enter login and password
Start the containers
podman play kube nomasx1w.yaml --configmap .nomasx1.yaml,.rundeck.yaml
6. Configure services
Create directory for systemd into $USER directory
mkdir $HOME/.config/systemd/user
cd $HOME/.config/systemd/user
loginctl enable-linger $USER
export XDG_RUNTIME_DIR=/run/user/$(id -u)
Create unit files
podman generate systemd --files --name nomasx1
Enable services
systemctl --user daemon-reload
systemctl --user enable pod-nomasx1.service
systemctl --user start pod-nomasx1.service
7. Known issues on linux
Issue with network card when starting a container
/etc/sysconfig/network-scripts/ifcfg-ens192
PREFIX=8 (modify to 24)
Issue with permissions : connect with a user with root privileges
loginctl enable-linger nomasx1
Issue with latest version of podman : downgrade to the previous verions
dnf downgrade podman