Howto install MeshCentral on NethServer

It was just a quick way to test with docker. It has a standard backup/restore process to use instead.

It’s a port conflict because it needs default port 80 and 443 for it’s api and no proxy and fail2ban etc is supported, not only for docker, it’s a main point in the docs.

Yes, this one.

EDIT:

The docker version works except of the agents go offline but are still reachable…I’m still playing around with the proxies…
I tried the native install but I’m stuck at compiling the backend with python manage.py migrate

(env) [root@testserver tacticalrmm]# python manage.py migrate
Traceback (most recent call last):
  File "manage.py", line 21, in <module>
    main()
  File "manage.py", line 17, in main
    execute_from_command_line(sys.argv)
  File "/opt/rmm/api/env/lib64/python3.8/site-packages/django/core/management/__init__.py", line 419, in execute_from_command_line
    utility.execute()
  File "/opt/rmm/api/env/lib64/python3.8/site-packages/django/core/management/__init__.py", line 395, in execute
    django.setup()
  File "/opt/rmm/api/env/lib64/python3.8/site-packages/django/__init__.py", line 24, in setup
    apps.populate(settings.INSTALLED_APPS)
  File "/opt/rmm/api/env/lib64/python3.8/site-packages/django/apps/registry.py", line 114, in populate
    app_config.import_models()
  File "/opt/rmm/api/env/lib64/python3.8/site-packages/django/apps/config.py", line 301, in import_models
    self.models_module = import_module(models_module_name)
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/importlib/__init__.py", line 127, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 1014, in _gcd_import
  File "<frozen importlib._bootstrap>", line 991, in _find_and_load
  File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 671, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 843, in exec_module
  File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
  File "/opt/rmm/api/tacticalrmm/clients/models.py", line 6, in <module>
    from agents.models import Agent
  File "/opt/rmm/api/tacticalrmm/agents/models.py", line 27, in <module>
    class Agent(BaseAuditModel):
  File "/opt/rmm/api/tacticalrmm/agents/models.py", line 325, in Agent
    args: list[str] = [],
TypeError: 'type' object is not subscriptable
Native installation notes:
# install le certs for 
# - api.domain.tld
# - mesh.domain.tld
# - rmm.domain.tld
# and check they are resolvable via DNS (either public and/or local)

# Create workdir
mkdir -p tactical
cd tactical

# Install prerequisites
yum -y install http://mirror.de-labrusse.fr/NethServer/7/x86_64/nethserver-stephdl-1.1.9-1.ns7.sdl.noarch.rpm
yum -y install https://mrmarkuz.dynu.net/mirror/mrmarkuz/7/noarch/nethserver-mrmarkuz-0.0.1-6.ns7.noarch.rpm
yum -y install nethserver-nginx rh-nodejs14 rh-mongodb36 nethserver-postgresql12 nethserver-redis git nethserver-rh-python38 gcc make rh-python38-python-devel

# Enable services
systemctl enable rh-mongodb36-mongod --now

# Create DB for tactical RMM - ignore permission errors
sudo -u postgres scl enable rh-postgresql12 "psql -p 55434 -c\"CREATE DATABASE tacticalrmm\""
sudo -u postgres scl enable rh-postgresql12 "psql -p 55434 -c\"CREATE USER tactical WITH PASSWORD 'SECRET'\""
sudo -u postgres scl enable rh-postgresql12 "psql -p 55434 -c\"ALTER ROLE tactical SET client_encoding TO 'utf8'\""
sudo -u postgres scl enable rh-postgresql12 "psql -p 55434 -c\"ALTER ROLE tactical SET default_transaction_isolation TO 'read committed'\""
sudo -u postgres scl enable rh-postgresql12 "psql -p 55434 -c\"ALTER ROLE tactical SET timezone TO 'UTC'\""
sudo -u postgres scl enable rh-postgresql12 "psql -p 55434 -c\"GRANT ALL PRIVILEGES ON DATABASE tacticalrmm TO tactical\""



# Get tacticalRMM
mkdir -p /opt/rmm
chown ${USER}:${USER} /opt/rmm
mkdir -p /var/log/celery
chown ${USER}:${USER} /var/log/celery
git clone https://github.com/wh1te909/tacticalrmm.git /opt/rmm/
cd /opt/rmm
git config user.email "admin@example.com"
git config user.name "Bob"
git checkout master

# Get NATS server
NATS_SERVER_VER=$(grep "^NATS_SERVER_VER" /rmm/api/tacticalrmm/tacticalrmm/settings.py | awk -F'[= "]' '{print $5}')
nats_tmp=$(mktemp -d -t nats-XXXXXXXXXX)
wget https://github.com/nats-io/nats-server/releases/download/v${NATS_SERVER_VER}/nats-server-v${NATS_SERVER_VER}-linux-amd64.tar.gz -P ${nats_tmp}
tar -xzf ${nats_tmp}/nats-server-v${NATS_SERVER_VER}-linux-amd64.tar.gz -C ${nats_tmp}
sudo mv ${nats_tmp}/nats-server-v${NATS_SERVER_VER}-linux-amd64/nats-server /usr/local/bin/
sudo chmod +x /usr/local/bin/nats-server
sudo chown ${USER}:${USER} /usr/local/bin/nats-server
rm -rf ${nats_tmp}

# Install meshcentral
MESH_VER=$(grep "^MESH_VER" /opt/rmm/api/tacticalrmm/tacticalrmm/settings.py | awk -F'[= "]' '{print $5}')

useradd -r -s /sbin/nologin meshcentral
mkdir -p /opt/meshcentral/meshcentral-data
chown meshcentral:meshcentral -R /opt/meshcentral
cd /opt/meshcentral
scl enable rh-nodejs14 "npm update"
scl enable rh-nodejs14 "npm install meshcentral@${MESH_VER}"
chown meshcentral:meshcentral -R /opt/meshcentral

meshcfg="$(cat << EOF
{
  "settings": {
    "Cert": "${meshdomain}",
    "MongoDb": "mongodb://127.0.0.1:27017",
    "MongoDbName": "meshcentral",
    "WANonly": true,
    "Minify": 1,
    "Port": 4430,
    "AliasPort": 443,
    "RedirPort": 800,
    "AllowLoginToken": true,
    "AllowFraming": true,
    "_AgentPing": 60,
    "AgentPong": 300,
    "AllowHighQualityDesktop": true,
    "TlsOffload": "127.0.0.1",
    "agentCoreDump": false,
    "Compression": true,
    "WsCompression": true,
    "AgentWsCompression": true,
    "MaxInvalidLogin": { "time": 5, "count": 5, "coolofftime": 30 }
  },
  "domains": {
    "": {
      "Title": "Tactical RMM",
      "Title2": "Tactical RMM",
      "NewAccounts": false,
      "CertUrl": "https://mesh.mrmarkuz.ddnss.eu:443/",
      "GeoLocation": true,
      "CookieIpCheck": false,
      "mstsc": true
    }
  }
}
EOF
)"
echo "${meshcfg}" > /opt/meshcentral/meshcentral-data/config.json

# Configure components
localvars="$(cat << EOF
SECRET_KEY = "SECRET"

DEBUG = False

ALLOWED_HOSTS = ['mesh.mrmarkuz.ddnss.eu']

ADMIN_URL = "admin/"

CORS_ORIGIN_WHITELIST = [
    "https://rmm.mrmarkuz.ddnss.eu"
]

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql',
        'NAME': 'tacticalrmm',
        'USER': 'tactical',
        'PASSWORD': 'SECRET',
        'HOST': 'localhost',
        'PORT': '55434',
    }
}

MESH_USERNAME = "tactical"
MESH_SITE = "https://mesh.mrmarkuz.ddnss.eu"
REDIS_HOST    = "localhost"
KEEP_SALT = False
ADMIN_ENABLED = True
EOF
)"
echo "${localvars}" > /opt/rmm/api/tacticalrmm/tacticalrmm/local_settings.py


cp /opt/rmm/natsapi/bin/nats-api /usr/local/bin
chown ${USER}:${USER} /usr/local/bin/nats-api
chmod +x /usr/local/bin/nats-api

# Installing the backend

cd /opt/rmm/api
scl enable rh-python38 bash
python -m venv env
source /opt/rmm/api/env/bin/activate
cd /opt/rmm/api/tacticalrmm
SETUPTOOLS_VER=$(grep "^SETUPTOOLS_VER" /opt/rmm/api/tacticalrmm/tacticalrmm/settings.py | awk -F'[= "]' '{print $5}')
WHEEL_VER=$(grep "^WHEEL_VER" /opt/rmm/api/tacticalrmm/tacticalrmm/settings.py | awk -F'[= "]' '{print $5}')
pip install --no-cache-dir --upgrade pip
pip install --no-cache-dir setuptools==${SETUPTOOLS_VER} wheel==${WHEEL_VER}
pip install --no-cache-dir -r /opt/rmm/api/tacticalrmm/requirements.txt
python manage.py migrate

EDIT2:

It’s working with docker and proxy, I’ll share a howto…

2 Likes