-
Notifications
You must be signed in to change notification settings - Fork 505
Installation on a production environment
Before you start: The production environment is great for running FIR with performance and stability in mind. If you want to test FIR just to get acquainted with it or if you want a quick install, we recommend you to run FIR using docker.
This will explain how to install FIR on a production environment. As an example, we will be using nginx as a reverse-proxy and MySQL as DBMS. Feel free to adapt it to you own needs (PostgreSQL, Apache, etc.)
This procedure was tested on a Ubuntu 22.04 system.
Install the prerequisites for running FIR with MySQL and nginx:
$ sudo apt update
$ sudo apt install mysql-server libmysqlclient-dev gettext python3-dev python3-pip python3-lxml git libxml2-dev libxslt1-dev libz-dev nginx pkg-config python-is-python3 python3-virtualenv redis libsasl2-dev libldap2-dev
Create users:
$ sudo mysql
> CREATE DATABASE fir;
> CREATE USER 'fir'@'localhost' IDENTIFIED BY 'THIS_IS_A_PASSWORD_CHANGE_ME_PLZ';
> GRANT USAGE ON *.* TO 'fir'@'localhost';
> GRANT ALL PRIVILEGES ON `fir`.* TO 'fir'@'localhost';
Create a folder /opt/fir owned by www-data
$ sudo install -d -o www-data -g www-data -m 755 /opt/fir
$ sudo -u www-data bash
$ cd /opt/fir
then, create a virtual environment and clone the git repo:
$ virtualenv env-FIR
$ source env-FIR/bin/activate
$ git clone https://github.com/certsocietegenerale/FIR.git
cd into the FIR directory and install Python dependencies:
$ cd FIR
$ find . -name requirements.txt -exec pip install -r {} \;
Create a production configuration file by copying the fir/config/production.py.sample to fir/config/production.py
$ cp fir/config/production.py.sample fir/config/production.py
Change the settings in the production.py file according to your setup. This includes the ALLOWED_HOSTS directive - change it to whatever vhost you're planning to use in your deployment.
Also, remember to change the timezone in base.py
If you want to enable the plugins, copy the fir/config/installed_apps.txt.sample file to fir/config/installed_apps.txt:
$ cp fir/config/installed_apps.txt.sample fir/config/installed_apps.txt
Create the tables in the database:
$ ./manage.py migrate --settings fir.config.production
Create a superuser:
$ ./manage.py createsuperuser --settings fir.config.production
You will be asked for super-user account credentials. Enter them to continue.
Import initial data (you can change these later from the Django backend):
$ ./manage.py loaddata incidents/fixtures/01_seed_data.json --settings fir.config.production
Collect static files (these will be cached for better performance)
$ ./manage.py collectstatic --settings fir.config.production
If you want to use internationalization:
$ cd incidents
$ django-admin compilemessages
This will generate a bunch of .mo files that Django will use for translating the UI. This command should also be run in the directories of plugins that support internationalization.
We need to install uWSGI in order to serve our application:
$ pip install uwsgi
then exit env-FIR virtualenv and www-data shell: you will need root permissions for the next steps
Create a directory for the socket:
$ sudo install -d -o www-data -g www-data -m 700 /run/fir
Next, create a file in /etc/systemd/system/fir.service with the following content:
[Unit]
Description=Fast Incident Response
After=syslog.target
[Service]
User=www-data
Group=www-data
WorkingDirectory=/opt/fir/FIR
ExecStart=/opt/fir/env-FIR/bin/uwsgi --socket /run/fir/fir.sock --chdir /opt/fir/FIR --module fir.wsgi
Restart=always
KillSignal=SIGQUIT
Type=Debug
StandardError=syslog
NotifyAccess=All
[Install]
WantedBy=multi-user.target
Then start FIR with the following commands:
$ sudo systemctl daemon-reload
$ sudo systemctl start fir.service # start FIR
$ sudo systemctl enable fir.service # configure FIR to start automatically on boot
Please note that it will only work if your configuration file is fir/config/production.py. Otherwise, you will need to update the file fir/wsgi.py with the correct settings module.
Download uwsgi params:
$ sudo wget https://raw.githubusercontent.com/nginx/nginx/master/conf/uwsgi_params -P /etc/nginx
Remove the default configuration file:
$ sudo rm /etc/nginx/sites-enabled/default
Create a /etc/nginx/sites-available/fir file with the following contents:
upstream fir {
server unix:///run/fir/fir.sock;
}
server {
server_name FIR.DOMAIN.COM;
location / {
uwsgi_pass fir;
include /etc/nginx/uwsgi_params;
}
location /static/ {
alias /opt/fir/FIR/static/;
}
}
Make sure you replace FIR.DOMAIN.COM with the host you will be using to host your FIR install. This should match what you specified in the ALLOWED_HOSTS directive in production.py. (This solves error 400 problems as described in #46)
Enable the configuration:
$ sudo ln -s /etc/nginx/sites-available/fir /etc/nginx/sites-enabled/fir
$ sudo systemctl reload nginx
Some plugins, such as fir_notification or fir_abuse, are using celery workers to process asynchronous tasks. If you enabled these plugins, you may want to create a systemd service for the worker.
create a file in /etc/systemd/system/fir_worker.service with the following content:
[Unit]
Description=Fast Incident Response worker
After=syslog.target
[Service]
User=www-data
Group=www-data
WorkingDirectory=/opt/fir/FIR
ExecStart=/opt/fir/env-FIR/bin/celery -A fir_celery.celeryconf.celery_app worker -l info
Environment="DJANGO_SETTINGS_MODULE=fir.config.production"
Restart=always
KillSignal=SIGQUIT
Type=Debug
StandardError=syslog
NotifyAccess=All
[Install]
WantedBy=multi-user.target
Then, enable the worker:
$ sudo systemctl daemon-reload
$ sudo systemctl start fir_worker.service # start FIR celery worker
$ sudo systemctl enable fir_worker.service # configure celery worker to start automatically on boot
Since you're not inputing any test data, you must manually populate different elements needed for FIR to work: users, incident categories, business lines / customers, and some labels. Everything can be done from the admin panel on http://localhost/admin with superuser credentials.
Labels are used to populate choices in some incident fields:
- Detection source
- Actions taken
- Actor
- Plan
FIR uses these "label groups" to know how where to map the labels. If you followed the steps above, labels should already be set with some defaults.
The four mandatory label groups are detection, action, actor, and plan. You can add these through the admin interface in the "Label groups" section.
You should then specify options for each of the labels. Remember that an incident has a mandatory detection field, and comments have a mandatory action field; You'll need to populate at least those two. Other fields are optional, but we strongly encourage you to use them. For a more complete list of what we recommend you to use, inspire yourself from the fixtures in incident/fixtures/01_seed_data.json
Point your web browser to http://fir.domain.com/admin/ and log in with the superuser credentials you specified during install. If you imported users from the provided fixtures, the default superuser credentials are admin:admin.
Once you're logged in, click on the Add button in the Users row. Fill-in the fields and click on save. On the next screen, go to the Groups section, click on "incident handlers", and on the arrow to add it to the column "Chosen groups". Click on Save at the bottom of the screen.
Next, you need to add a profile to the user (this will be automated in future releases). Still logged in as the super-user, click on "Add" in the "Profiles" row of the admin panel. Select the created user and chose the number of incidents they will see in their view. Click "Save", and log out.
You made it! You can now log-in with the newly created user and start handling incidents like a boss by pointing your browser to http://fir.yourdomain.com/.
Pull the repo:
$ git pull
Apply migrations, if any:
$ ./manage.py migrate --settings fir.config.production
Update static files, if necessary:
$ ./manage.py collectstatic --settings fir.config.production
Restart the server:
$ sudo systemctl restart fir