Difference between revisions of "Network/zm setup notes"

From Makers Local 256
Jump to: navigation, search
(Overview: break ldap config into a separate config file to prevent package update issues and tweak for current stable)
(Addendum: update)
 
(4 intermediate revisions by 2 users not shown)
Line 6: Line 6:
 
## make sure its hostname is "zoneminder"
 
## make sure its hostname is "zoneminder"
 
# As root, install sudo, create a user, add it to sudoers
 
# As root, install sudo, create a user, add it to sudoers
 +
# Add a source for the zoneminder repo (the one in the debian repos is very stale)
 +
#* echo "deb https://zmrepo.zoneminder.com/debian/release-1.36 bullseye/" > /etc/apt/sources.list.d/zoneminder.list
 +
# Install gnupg
 +
#* apt install apt-transport-https gnupg
 +
# Add the key for the zoneminder repo
 +
#* wget -O - https://zmrepo.zoneminder.com/debian/archive-keyring.gpg | sudo apt-key add -
 +
# Update apt since a new repo was added
 +
#* apt update
 
# Install zoneminder  
 
# Install zoneminder  
## sudo apt update
+
#* apt install zoneminder
## sudo apt upgrade
+
## sudo apt dist-upgrade
+
## sudo apt install php mariadb-server php-mysql libapache2-mod-php7.3
+
## sudo mysql_secure_installation
+
## sudo cp /etc/mysql/mariadb.conf.d/50-server.cnf /etc/mysql/my.cnf
+
## sudo nano /etc/mysql/my.cnf
+
### character-set-server = latin1
+
### collation-server = latin1_swedish_ci
+
## sudo service mariadb restart
+
## sudo nano /etc/apt/sources.list
+
### deb http://www.deb-multimedia.org stretch main non-free
+
## sudo apt install deb-multimedia-keyring
+
## wget http://www.deb-multimedia.org/pool/main/d/deb-multimedia-keyring/deb-multimedia-keyring_2016.8.1_all.deb
+
## sudo dpkg -i deb-multimedia-keyring_2016.8.1_all.deb
+
## sudo apt update
+
## sudo apt upgrade
+
## sudo apt dist-upgrade
+
## sudo apt install zoneminder vlc-plugin-base php7.3-gd
+
## sudo chmod 740 /etc/zm/zm.conf
+
## sudo chown root:www-data /etc/zm/zm.conf
+
 
## systemctl enable zoneminder.service
 
## systemctl enable zoneminder.service
## sudo adduser www-data video
+
## systemctl start zoneminder.service
## sudo systemctl start zoneminder.service
+
## a2enconf zoneminder
## sudo systemctl status zoneminder.service
+
## systemctl restart apache2
## sudo a2enmod cgi
+
## sudo a2enmod rewrite
+
## sudo a2enconf zoneminder
+
## sudo sed -i "s/;date.timezone =/date.timezone = $(sed 's/\//\\\//' /etc/timezone)/g" /etc/php/7.3/apache2/php.ini
+
## sudo chown -R www-data:www-data /usr/share/zoneminder/
+
## sudo service apache2 restart
+
 
# Modify zoneminder to use the Makers LDAP
 
# Modify zoneminder to use the Makers LDAP
## sudo a2enmod ldap
+
## a2enmod ldap
## sudo a2enmod authnz_ldap
+
## a2enmod authnz_ldap
## sudo nano /etc/apache2/conf-available/zoneminder-ml256.conf
+
## a2enmod php7.4
### Add the following to the config file
+
## Create /etc/apache2/conf-available/zoneminder-ml256.conf with these contents
#### <Location /zm>
+
### <Location /zm>
#### AuthType Basic
+
### AuthType Basic
#### AuthBasicProvider ldap
+
### AuthBasicProvider ldap
#### AuthLDAPURL ldap://newldap.256.makerslocal.org/dc=makerslocal,dc=org?uid
+
### AuthLDAPURL ldap://newldap.256.makerslocal.org/dc=makerslocal,dc=org?uid
#### AuthName "LDAP user plz"
+
### AuthName "LDAP user plz"
#### AuthType Basic
+
### AuthType Basic
#### Require valid-user
+
### Require valid-user
#### </Location>
+
### </Location>
## sudo a2enconf zoneminder-ml256
+
## a2enconf zoneminder-ml256
## sudo systemctl status apache2.service
+
## systemctl restart apache2
## sudo systemctl restart apache2
+
 
# Make new zm pc work in the makers local infrastructure
 
# Make new zm pc work in the makers local infrastructure
## sudo hostnamectl set-hostname zoneminder
+
## vim /etc/network/interfaces -> change nameserver to 10.56.0.1
## sudo vim /etc/network/interfaces -> change nameserver to 10.56.0.1
+
## vim /etc/network/interfaces -> set the ip to static 10.56.0.19
## sudo vim /etc/network/interfaces -> set the ip to static 10.56.0.19
+
 
### auto enp3s0
 
### auto enp3s0
 
### iface enp3s0 inet static
 
### iface enp3s0 inet static
Line 70: Line 50:
 
# The old vm was shut down, and the PC was booted
 
# The old vm was shut down, and the PC was booted
 
# Success!
 
# Success!
 +
 +
=== Addendum ===
 +
A lot of the information above will get you connected to various LDAP authenticated apps.  The following is some good info.
 +
* If your app needs a read only user, you can use your user account.  Ex:  uid=omegix,ou=people,dc=makerslocal,dc=org
 +
** "LDAP usr plz" is a prompt provided to the user logging in and is meant to be literal.
 +
* If your app needs to know Base DN for listing users:  ou=people,dc=makerslocal,dc=org
 +
* Our LDAP does not use encryption, and is on port 389
 +
* The application [https://sourceforge.net/projects/ldapadmin/ LDAP Admin] makes it easy to browse a lot of this information, and provides a quick tool for copying and pasting dn's
  
 
== Next Steps ==
 
== Next Steps ==

Latest revision as of 15:08, 6 November 2024

Overview

Steps to configure a zoneminder integration.

  1. Install the latest debian (currently buster)
    1. make sure its hostname is "zoneminder"
  2. As root, install sudo, create a user, add it to sudoers
  3. Add a source for the zoneminder repo (the one in the debian repos is very stale)
  4. Install gnupg
    • apt install apt-transport-https gnupg
  5. Add the key for the zoneminder repo
  6. Update apt since a new repo was added
    • apt update
  7. Install zoneminder
    • apt install zoneminder
    1. systemctl enable zoneminder.service
    2. systemctl start zoneminder.service
    3. a2enconf zoneminder
    4. systemctl restart apache2
  8. Modify zoneminder to use the Makers LDAP
    1. a2enmod ldap
    2. a2enmod authnz_ldap
    3. a2enmod php7.4
    4. Create /etc/apache2/conf-available/zoneminder-ml256.conf with these contents
      1. <Location /zm>
      2. AuthType Basic
      3. AuthBasicProvider ldap
      4. AuthLDAPURL ldap://newldap.256.makerslocal.org/dc=makerslocal,dc=org?uid
      5. AuthName "LDAP user plz"
      6. AuthType Basic
      7. Require valid-user
      8. </Location>
    5. a2enconf zoneminder-ml256
    6. systemctl restart apache2
  9. Make new zm pc work in the makers local infrastructure
    1. vim /etc/network/interfaces -> change nameserver to 10.56.0.1
    2. vim /etc/network/interfaces -> set the ip to static 10.56.0.19
      1. auto enp3s0
      2. iface enp3s0 inet static
      3. address 10.56.0.19
      4. gateway 10.56.0.1
      5. netmask 255.255.255.0
  10. log into the new ZM using your ML256 creds and modify the options to match the old zm
    1. ensure the PATH_ZMS on the Paths tab is "/zm/cgi-bin/nph-zms", among other things.
  11. The PC was then connected to the DMZ net (200) by updating a switch port on the ProCurve switch to use that network.
  12. Edit /etc/systemd/system$ cd multi-user.target.wants/zoneminder.service
    1. change 'Restart=on-abnormal' to 'Restart=always' and restart the service.
  13. The old vm was shut down, and the PC was booted
  14. Success!

Addendum

A lot of the information above will get you connected to various LDAP authenticated apps. The following is some good info.

  • If your app needs a read only user, you can use your user account. Ex: uid=omegix,ou=people,dc=makerslocal,dc=org
    • "LDAP usr plz" is a prompt provided to the user logging in and is meant to be literal.
  • If your app needs to know Base DN for listing users: ou=people,dc=makerslocal,dc=org
  • Our LDAP does not use encryption, and is on port 389
  • The application LDAP Admin makes it easy to browse a lot of this information, and provides a quick tool for copying and pasting dn's

Next Steps

  1. Soak up the eudaimonia

Deep Gratitude from Phil to:

  • Kinsey
  • Tyler
  • Hunter


Lessons Learned

  • the reverse proxy works by mapping shop.ml.org/zm to zoneminder.ml.org
    • this is done in nginx on the remoteproxy VM in the /etc/nginx/sites-enabled folder. (specifically the shop.makerslocal.org.conf)
    • routing for zoneminder.makerslocal.org is handled by the edge router. it updates its hosts file from reported client hostnames and adds them as fqdns to the network
    • this is neat
Retrieved from "https://256.makerslocal.org/wiki/index.php?title=Network/zm_setup_notes&oldid=24183"