This is valid for all 16.xx, 18.xx and 20.xx versions
You MUST update and upgrade before installing anything else
As root or sudo :
apt -y update
apt -y upgrade
Then install these as root or sudo : (apt will check first if already installed)
apt -y install tcsh
apt -y install zip
apt -y install unzip
apt -y install perl
apt -y install net-tools
apt -y install openssh-server
apt -y install openssl
apt -y install imagemagick
apt -y install ghostscript
apt -y install ntpdate
apt -y install apache2
apt -y install tcpdump
apt -y install traceroute
apt -y install systemd
apt -y install icinga2
apt -y install file
Centos 8 uses dnf NOT yum
We suggest you use Centos 8 if you are NOT going to subscribe to RedHat maintenance as much of the doc and extras are behind the paywall
You MUST upgrade before installing anything else
As root or sudo :
dnf -y upgrade
Then run these as root or sudo : (dnf will check first if already installed)
dnf -y install tcsh
dnf -y install zip
dnf -y install unzip
dnf -y install perl
dnf -y install openssl
dnf -y install httpd
dnf -y install mod_ssl
dnf -y install file
dnf -y install crony
dnf -y install sshpass
dnf -y install systemd
dnf -y install psmisc
dnf -y install network-scripts
dnf -y install curl
dnf -y install traceroute
dnf -y install tcpdump
dnf -y install ftp
dnf -y install GraphicsMagick
dnf -y install ghostscript
You MUST upgrade before installing anything else
As root or sudo :
yum -y upgrade
Then run these as root or sudo : (yum will check first if already installed)
yum -y install tcsh
yum -y install zip
yum -y install unzip
yum -y install perl
yum -y install openssl
yum -y install httpd
yum -y install mod_ssl
yum -y install file
yum -y install ntpdate
yum -y install sshpass
yum -y install systemd
yum -y install psmisc
yum -y install network-scripts
yum -y install curl
yum -y install traceroute
yum -y install tcpdump
yum -y install ftp
yum -y install ImageMagick
yum -y install ghostscript
All this section will be using root or sudo
If the instance is a virtual instance, use the AWS/GCP/DigitalOcean/whatever CONSOLE until you add a root password and also allow SSH access inbound.
if needed
List all
locale -a
List current
localectl status
make sure UTF8 version of your country/language locale exists and is current (normally en_US.utf8 or en_GB.utf8 or en_CA.utf8)
to set, for example:
localectl set-locale LANG=en_US.utf8
to check:
localectl status
On Ubuntu, install/manage all locales via the UI or, if using the command line:
apt-get install language-pack-eu
dpkg-reconfigure locales
FIP requires following incoming ports open
TCP 22 for ssh
TCP 20/21 and hihports for ftp
TCP 80 for http/apache
TCP 443 for https/apache
UDP 9001-9009 for fipnet (note UDP)
TCP 9140-9149 for fipbalance
check/all any/all ip addresses and hostnames of FIP servers
check/add nameserver addresses
check it exists and that hosts is set correctly for your environment
hosts files dns
If you do NOT wish to automatically upgrade everynight, leave the apt/yum/dnf commented out
# UBUNTU and CENTOS 6/7 ................
# time
2 0 * * * /usr/sbin/ntpdate 0.centos.pool.ntp.org
# UBUNTU ..............................
#5 7 * * * /usr/bin/apt -y update && /usr/bin/apt -y upgrade
# CENTOS 6/7 ...........................
# upgrade
#5 7 * * * /usr/bin/yum -y update
# CENTOS 8 .............................
# upgrade
#5 7 * * * /usr/bin/dnf -y update
Fip requires perl to be /perl/bin/perl
mkdir -p /perl/bin
which perl
ln -s `which perl` /perl/bin
ls -l /perl/bin
/perl/bin/perl -v
which tcsh
mkdir /fip
useradd -d /home/fip -m -s /usr/bin/tcsh fip
or
usermod -s /usr/bin/tcsh fip
passwd fip
Make a copy of /etc/ssh/sshd_config and edit acordingly : Other Users/logins should be added if required - fip is the only necessary one Make sure to comment out lines with the same keywords further down the file
Be very careful editing this file as you can lock yourself out completely very easily .. and you have to trash the instance and restart !
PermitRootLogin no
AllowUsers fip fipdata
X11Forwarding no
PermitTunnel no
restart
systemctl status sshd.service
systemctl restart sshd.service
systemctl status sshd.service
Fip requires the access time, Atime, to be tracked on all files/folders. If not Fip will run the system at 100% !
more /etc/fstab and if the option 'noatime' is on ANY disk you want Fip to poll,
- copy /etc/fstab
- edit /etc/fstab
- remove the 'noatime' option from that disk
- reboot to check
turn it off if client will accept
check status
which sestatus
/sbin/sestatus
change status
vi /etc/selinux/config
SELINUX=disabled
##SELINUX=enforcing
...and ++++ REBOOT ++++
if selinux must remain on
semanage fcontext -a -t system_u "/fip"
semanage fcontext -a -t object_r "/fip"
semanage fcontext -a -t httpd_sys_content_t "/fip(/.*)?"
semanage fcontext -a -t httpd_sys_script_exec_t "/fip/bin(/.*)?"
semanage fcontext -a -t httpd_sys_script_exec_t "/fip/local(/.*)?"
semanage fcontext -a -t httpd_sys_script_exec_t "/fip/web(/.*)?"
restorecon -R -v /fip
semanage fcontext -a -t httpd_sys_script_exec_t "/var/www/html/nono(/.*)?"
restorecon -R -v /var/www/html/nono
semanage fcontext -a -t httpd_sys_script_exec_t "/perl/bin(/.*)?"
restorecon -R -v /perl/bin
is cgi enabled for http access?
getsebool -a | grep http
should yield
httpd_enable_cgi -> on
if not, run
setsebool -P httpd_enable_cgi 1
Then
chcon -R -t httpd_sys_rw_content_t /fip
chcon -R -t httpd_sys_script_exec_t /fip/bin
chcon -R -t httpd_sys_script_exec_t /fip/local
chcon -R -t httpd_sys_script_exec_t /fip/web/fip-cgi
chcon -R -t httpd_sys_content_t /fip/help
chcon -R -t httpd_sys_content_t /fip/info
chcon -R -t httpd_sys_content_t /fip/sfftables
chcon -R -t httpd_sys_content_t /fip/tables
chcon -R -t httpd_sys_content_t /fip/zsav
chcon -R -t httpd_sys_script_exec_t /perl/bin
For Windows 10 you MUST run Explorer and CMD in Administrator mode by right-clicking and selecting : Run as Administrator
Windows Explorer hides certain files and extensions by default. During the Fingerpost Installation process, you must be able to verify that certain files have the correct extensions. Use Folder Options/View tab in Windows Explorer and ensure that you:
During the installation process, you must edit certain Fingerpost parameter files using Notepad. When you save a file with Notepad, ensure that you put quotes on either side of the file name e.g. “NTM.FIP” when saving the file to ensure that Notepad does not add the .txt extension to the file.
Specify a path to the D:\Fip\bin folder by adding it to the environment variable PATH
Make sure Index server tracking is off by opening an Explorer and :
ActivePerl now requires a license
Using Explorer, Double click on the dowloaded StrawBerryPerl Msi
change:
C:\Strawberry
to
(fipdrive):\
click "Next", click "Install", Deselect "Read me", click "Finish"
This will create \perl\bin containing perl.exe needed for all FIP cgis - ON THE SAME DRIVE AS /fip
It will also automatically write paths to Environment variables
Check/update System Environment variables
Click : Windows Button -> Run -> system
select Environment Variables
CHECK Strawberry Perl path exists and is on the FipDrive
OPTIONALLY if Fip w4 admin uses Apache
Check that fip.conf file for Apache contains SetEnv PERL5LIB (fipdrive):/fip/web/fip-cgi
if not, add and re-start Apache
Open a NEW CMD window (NOT an existing one started before changing/checking the Environment variables) and navigate to the FipDrive eg D:
Type 'set' Check the PATH env includes the correct path for Strawberry Perl
Type perl -v
This should respond with a banner of a few lines such as :
This is perl 5, version 26, subversion 1 (v5.26.1) built for x86_64-linux-gnu-thread-multi
(with 67 registered patches, see perl -V for more detail)
Type \perl\bin\perl -v
This should respond with the same banner
Create /fip/zsav/Strawberry on the FipDrive
Move these files + folders in the Top Level '\' to /fip/zsav/Strawberry
\DISTRIBUTIONS.txt
\README.txt
\relocation.txt
\c
\cpan
\licenses
\win32
REBOOT
The apache install program may be found either in the Release Media under the folder fip/3rdParty or can be downloaded from www.apache.org
As each Apache install is different, please refer to their documentation.
Depending on the version of Apache, either Copy fip.conf to the \ApacheXX\conf\extra folder or edit the http.conf in \ApacheXX\conf file, adding
Alias /fip-pages/ "/fip/web/pages/"
ScriptAlias /fip-cgi/ "/fip/web/fip-cgi/"
In some versions of Apache, you may have to also add
<Directory "/fip/web/fip-cgi">
AllowOverride None
Options ExecCGI
Order allow,deny
Allow from all
</Directory>
If your are installing on a NEW SERVER ONLY, you will need to add the OpenSSL layer. This comprises of two 'exe' files which need to be installed
THIS NEEDS TO BE DONE ONCE ONLY – there is no need to re-install on every Fip build.
Microsoft Visual C++ 2008 Redistributable Package
Win32 OpenSSL v0.9.8l Light
Open an Explorer window, navigate to your installation folder and double click on vcredit_x86.exe to run/install
Then double click on Win32OpenSSL_Light-0_9_8l.exe to run/install
In both cases, please accept all default settings for any prompts.
The FIP system must by under /fip
So if the fip binaries and tables are phsyically anywhere else on the disk create symbolic link from /fip. For example:
ln -s /home/fip fip
chown -R fip:fip /fip
at this point there should be:
/fip/bin
/fip/fix
/fip/tables
/fip/sfftables
/fip/local
/fip/web
... but no temporary directories (such as /fip/spool/* or /fip/x, etc) yet
Copy FIP license to /fip/fix. License should file be named "fiplick" with hostname extension, for example
fiplick.fip01
If you don't yet have a license you can generate a temporary one HERE
Run
/fip/bin/ipmgr -install
Any errors, doublecheck: hostname, ip address, name of fiplick file in /fip/fix
in /fip/tables/sys replace old hostname(s) with new hostname(s) in:
REDUN
BALANCE
DEST_REDUN
TABLES_HOSTS
in tables/route grep all files with lines beginning:
%SZ:
or
SZ:
...and replace hostname(s)
in /etc/apache2/envvars make 'fip' user and group
export APACHE_RUN_USER=fip
export APACHE_RUN_GROUP=fip
in /etc/apache2/ports.conf check that it has both ports 443 and 80
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
Run:
a2enmod cgi
a2enmod mime
a2enmod ssl
a2enmod rewrite
in /etc/apache2/sites-available add 50-fipsite.conf file
vi /etc/apache2/sites-available/50-fipsite.conf and change ServerName under port 80 and port 443
ServerName yourserver
copy (or create) SSL certificate and key files and place in /fip/tables/cert (see openssl doc for self-signed certs if you have none)
create DocumentRoot directory and copy over index.html
mkdir /var/www/html/nono
cp /fip/web/setup/index.html /var/www/html/nono
Run and check for errors:
apachectl -S
if OK re-start and test from browser
apachectl stop ; apachectl start
set to start automatically
systemctl enable apache2
Synchronizing state of apache2.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable apache2
systemctl daemon-reload
systemctl restart apache2
systemctl status apache2
apache is under /etc/httpd
cd /etc/httpd
http.conf - copy original and modify
conf/httpd.conf conf/httpd.(date)
vi conf/httpd.conf
in conf/http.conf change user and group to fip
#User apache
#Group apache
User fip
Group fip
...and add .pl to "AddHandler cgi-script" line
AddHandler cgi-script .api .pl
...and check that this line is NOT commented out:
IncludeOptional conf.d/*.conf
...and add ports 80 and - if using https - port 443
Port 80
Port 443
cp /fip/local/50-centos7.generic.conf /etc/httpd/conf.d/50-centos7.NAME.conf
vi conf.d/50-centos7.NAME.conf
change instances of ServerName to hostname
ServerName yourserver
copy (or create) SSL certificate and key files and place in /fip/tables/cert (see openssl doc for self-signed certs if you have none)
create DocumentRoot directory and copy over index.html
mkdir /var/www/html/nono
cp /fip/web/setup/index.html /var/www/html/nono
Run and check for errors:
apachectl -S
if OK re-start and test from browser
systemctl enable httpd.service
systemctl stop httpd.service
systemctl start httpd.service
systemctl status httpd.service
Required files in /fip/local:
Run and note if graphical or multi-user
systemctl get-default
...then vi fipSYSD.service and make sure last parameter matches 'systemctl get-default'
Put fipSYSD.service in place and install
cp /fip/local/fipSYSD.service /etc/systemd/system
chmod 664 /etc/systemd/system/fipSYSD.service
systemctl enable fipSYSD
systemctl daemon-reload
systemctl status fipSYSD
test by reboot
If the software is to be on the 'D' drive, on the ‘D’ drive, Create the ‘fip’ folder
C:>D:
D:>mkdir \fip
Move the binaries from bWin2k.bins.(date).zip so they are the folder
d:\fip\bin
There should be no subfolders under \fip\bin.
Move the parameter files from Fip.(yourcode).(date).zip to
d:\fip
These subfolders are named
d:\fip\fix
d:\fip\help
d:\fip\info
d:\fip\install
d:\fip\local
d:\fip\tables
d:\fip\web
Move the parameter files from Fip.3rdparty.(date).zip to
d:\fip\3rdParty
Navigate to D:\fip\bin
D:
cd \fip\bin
Then run
ipmgr -install
...and check that the Fip Licence is correct
In a CMD window, navigate to \fip\bin on the correct drive and run
ipntsvce –install
Navigate to Start Menu->Windows Administrative Tools->Services
Locate the Fip Comms Manager Service, right click on it and select Properties
If needed: In the Properties window change under the Log On tab change Log on as: from "Local System account" to whichever account will have admin access to read/write files on remote drives
In the Properties window in the General tab change Startup type: to Automatic
Also in the Properties window under Service status: select Start
A message should confirm that the service installed correctly. Any errors should be noted and reported.
In a CMD window run ip (FIP command line interface)
d:\fip\bin\ip
...and check to see if processes have started
s all
...and check for errors
f
In Scheduled tasks, the D:\Fip\local\zapfiplog.cmd script should be set to run every night.
Navigate to Start Menu->Windows Administrative Tools->Task Scheduler
Under Actions select Create Basic Task, and in Basic Task Wizard enter:
In fip maintenance Properties window select Changer User or Group to whichever logon is set for the FIP Comms Manager service
Also select Run whether user is logged on or not
Click OK