Install Mideye Server 5 on RHEL/CentOS Linux

Overview

This guide walks you through installing Mideye Server 5 on Red Hat Enterprise Linux (RHEL) or CentOS. You’ll learn how to install the RPM package, configure MariaDB, set up firewall rules, and start the Mideye services.

What this guide covers:

Installing the Mideye Server RPM package
Setting up MariaDB database
Configuring application-prod.yml
Opening firewall ports with firewalld
Enabling and starting the mideyeserver service

Make sure that the requirements in the Pre-install checklist are met before continuing with the installation.

Installing MideyeServer consists of the following steps:

Install MideyeServer Package.
Install a database.
Configure MideyeServer application-prod.yml.
Open firewall ports.
Configure MideyeServer.

Install MideyeServer

Update RHEL server.
Terminal window
```
sudo yum update
```
Download appropriate MideyeServer rhel package from Mideye Server Downloads
Copy the rhel package to the RHEL server. See below example for using scp to copy the file to the servers /tmp/ directory:
```
scp ~/Downloads/mideyeserver-5.6.8-9001.el7.noarch.rpm username@10.20.30.40:/tmp/
```
Install the MideyeServer package from /tmp/ directory:
Terminal window
```
yum -y install /tmp/MideyeServer6-<version>.rpm
```

Install SQL-Server

Install MariaDB.
Terminal window
```
sudo yum -y install mariadb-server
```
Start MariaDB and enable it after reboot.
Terminal window
```
systemctl enable mariadb
```
Terminal window
```
systemctl start mariadb
```
Remove default databases and create a root user password. The root password is empty by default.
Terminal window
```
mysql_secure_installation
```

Configure SQL-Server

Create database and user for MideyeServer. Start with connecting to the database from the shell.

mysql -uroot -p
Enter password: <password you set in mysql_secure_installation>

Then execute following SQL commands. Change username and password for production environments.

CREATE DATABASE MideyeServer_DB CHARACTER SET utf8 COLLATE utf8_swedish_ci;
CREATE USER 'mideye'@'localhost' IDENTIFIED BY 'user_password';
GRANT ALL PRIVILEGES ON MideyeServer_DB.* TO  'mideye'@'localhost';
FLUSH PRIVILEGES;

Configure MideyeServer database connection.
Terminal window
```
vim /opt/mideyeserver/config/application-prod.yml
```
Add following to configuration file, change username and password to those set in the previous step.
```
        url: jdbc:mariadb://localhost:3306/MideyeServer_DB
        username: mideye
        password: user_password
```
!!!Note Syntax is very important in yml files. If the spaces are not correct the server will not start.
Server is installed and database is configured. It is time to enable and start the service.
Terminal window
```
systemctl enable mideyeserver
systemctl restart mideyeserver
```

Configure Mideye Server

Mideye Server is configured through the Mideye Web GUI which by default uses port HTTPS/8443 in Linux. Example address:
https://mideyeserverip:8443
First visit will show the setup wizard. Here you can choose between configuring a new installation as described in the Configuration Wizard, or importing data from an old installation as described in the Migration Wizard.

Further instructions for configuration in the webportal can be found in the Reference guide.

Configure Firewall

RHEL 8 default firewall is firewalld.

Enable and start the firewalld service.

systemctl enable firewalld
systemctl start firewalld

Open tcp/8443 and udp/1812 in nftables

firewall-cmd --zone=public --add-port=8443/tcp --permanent
firewall-cmd --zone=public --add-port=1812/udp --permanent
firewall-cmd --reload

If you want to add the ports as services. Add following xml files to /usr/lib/firewalld/services/ directory.

vim /usr/lib/firewalld/services/mideye-radius.xml

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Mideye RADIUS</short>
  <description>Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service.</description>
  <port protocol="udp" port="1812"/>
</service>

vim /usr/lib/firewalld/services/mideye-https.xml

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Mideye HTTPS</short>
  <description>HTTPS is a modified HTTP used to serve Web pages when security is important. Examples are sites that require logins like stores or web mail. This option is not required for viewing pages locally or developing Web pages. You need the httpd package installed for this option to be useful.</description>
  <port protocol="tcp" port="8443"/>
</service>

To load the services in firewalld

firewall-cmd --complete-reload

Enable service in public firewall.

firewall-cmd --zone=public --add-service=mideye-https --permanent
firewall-cmd --zone=public --add-service=mideye-radius --permanent
firewall-cmd --reload

Remove port form public fireall.

firewall-cmd --zone=public --remove-port=8443/tcp --permanent
firewall-cmd --zone=public --remove-port=1812/udp --permanent
firewall-cmd --reload

Add range of ports

firewall-cmd --zone=public --permanent --add-port=1812-1814/udp

Display firewall rules

firewall-cmd --list-all

Backup

Backup Mideye Server file system

To take a backup of the Mideye Server, copy or compress the whole Mideye Server installation directory. The default directory is:

/opt/mideyeserver

Backup Database

To take a backup of the Mideye Server database on MySQL, run the following command:

# mysqldump -u[username] -p[password] [database name] > mideye_backup.sql

where [username]/[password] are the database login credentials.

Upgrade

Mideye Server 4.x to 5.x

It is not possible to do a straight upgrade from Mideye Server 4.x to 5.x. Please see Upgrade Mideye Server 4.x to 5.x for more information.

Mideye Server 5.x to 5.x

Before proceeding with an upgrade, take a backup of the Mideye Server file system and the Mideye database. Some files containing customized settings may need to be replaced after the update.

Note: To execute the installation/upgrade package, local administrator privileges are required.

Edit mideye.repo

Edit mideye.repo and enter either configuration.

/etc/yum.repos.d/mideye.repo

[Mideye-release]
name=MideyeServer 5 release repository.
baseurl=http://yum.mideye.se/el7/final
gpgkey=http://www.mideye.se/RPM-GPG-KEY-pmanager
gpgcheck=1

Update Mideye Server

To update the Mideye Server run:

yum update mideyeserver -y

After the Mideye Server is updated restart the Mideye Server service.

systemctl restart mideyeserver

Uninstall

To uninstall the Mideye Server run:

yum remove mideyeserver

Removing the Mideye Server keeps the database, configuration and log files intact. These can be removed manually.

Troubleshooting

Files

MideyeServer Home: /opt/mideyeserver
log-config: /opt/mideyeserver/config/logback.xml
logs: /opt/mideyeserver/log/mideyeserver.log
error-logs: /opt/mideyeserver/log/mideyeserver.error
config-file: /opt/mideyeserver/config/application-prod.yml
certificates: /opt/mideyeserver/config/keystore.p12
systemd-service: /etc/systemd/system/mideyeserver.service

Service ports

MideyeServer needs two ports to start correctly. A port for WebGUI and a port for RADIUS traffic. The WebGUI Port can be changed.

Webgui: tcp/8443
RADIUS: udp/1812

Verify that MideyeServer is listetning on the ports with netstat.

verify WebGUI 8443 port: netstat -tnlp
verify RADIUS 1812 port: netstat -unlp

If netstat is not installed it can be installed with following command.

sudo yum install net-tools

MideyeServer Service

Check if MideyeServer is running

root@myvm:~# systemctl status mideyeserver
● mideyeserver.service - Mideye Server Service
     Loaded: loaded (/etc/systemd/system/mideyeserver.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2021-11-16 09:32:59 UTC; 10min ago

Verify in the logs that MideyeServer Is running.

First time MideyeServer is started there should be a SETUP CHALLENGE in the logs.

2021-11-16 09:49:20.636Z INFO  [main] RadiusServerService: loaded
2021-11-16 09:49:20.796Z WARN  [main] SetupService: ************************************
2021-11-16 09:49:20.797Z WARN  [main] SetupService: ******* SETUP CHALLENGE: sCTtlFTEZk
2021-11-16 09:49:20.797Z WARN  [main] SetupService: ************************************
2021-11-16 09:49:21.725Z INFO  [main] AuthenticationLogCleanupService: OnLoaded: cronExpression: [0 0 * * * *]

When MideyeServer is listening for webtraffic it will show following in the logs.

2021-11-16 09:49:27.145Z INFO  [main] MideyeServerApp:
----------------------------------------------------------
    Application MideyeServer is running! Access URLs:
    Local:     https://localhost:8443
    External:   https://127.0.0.1:8443
    Profile(s):   [prod]
----------------------------------------------------------

Server not starting

If nothing shows up in the logs when starting the server the Database Fail Timeout in application-prod.yml could be changed to get a faster fail. Change 3600000 to 10000. Restart mideyeserver and check the logs after 10 seconds.

initializationFailTimeout: 10000

Error message: ERROR [XNIO-2 task-19] HikariPool: HikariPool-2 - Exception during pool initialization.java.sql.SQLException: Login failed for user 'user.name'.

This error message is due to invalid credentials to the SQL database. Verify the configuration in:

/opt/mideyeserver/config/application-prod.yml

Also, check the database log files. Manually start the Mideye Server service.

Corrupt keystore when reinstalling same version

When uninstalling Mideye Server and reinstalling the same version, the keystore must be manually removed before installing the Mideye Server again.

After a successful uninstall, delete /opt/mideyeserver/config/keystore.p12. Once removed, the same version of Mideye Server can be installed again.