Making work fxa-dev Vagrant VM from a vanilla fedora20 VM without database.

procedure.md

The following steps are things that aren’t been handled by Ansible and that were required to do manually so we could run FxA on a Vagrant VM using mozilla/fxa-dev.

Note that this procedure has been made after the steps described in mozilla/fxa-dev#81

Procedure

Database HTTP layer

1. Inside the VM, create manually the database

    sudo -s
    mysql
    create database fxa;
    quit
    cd /data/fxa-auth-db-server/
   

2. make sure config/staging.json has root has no password

    su app
    NODE_ENV=stage node bin/db_patcher.js chdir=/data/fxa-auth-db-server
    exit
    supervisorctl restart fxa-auth-db-server
    cd /data/fxa-auth-server/
    su app
   

3. as per scripts/start-server.sh, run manually without STDERR

    node ./bin/key_server.js | node ./bin/notifier.js
   

4. boom npm module isn’t found at that version anymore, change package.json from '2.x.x' to '~2.6'

    vi /data/fxa-auth-server/node_modules/hawk/node_modules/cryptiles/package.json
   

5. Try again

    npm update
    exit
    mkdir /data/fxa-auth-server/node_modules/fxa-auth-db-mem/node_modules
    chown app:app /data/fxa-auth-server/node_modules/fxa-auth-db-mem/node_modules
    su app
    npm update
    exit
    mkdir /data/fxa-auth-server/node_modules/grunt/node_modules/grunt-legacy-log/node_modules/colors
    chown app:app /data/fxa-auth-server/node_modules/grunt/node_modules/grunt-legacy-log/node_modules/colors
   

6. Complaints about no permission, trying as root now.

    npm update
   

7. Module not found "libs/minimal"

    cd /data/fxa-auth-server/node_modules/browserid-crypto/libs/
    su app
    ./bundle.sh
    cd /data/fxa-auth-server
    node /data/fxa-auth-server/scripts/gen_keys.js
    node ./bin/key_server.js | node ./bin/notifier.js
   

8. If it doesn’t die, we are good to go

    exit
    supervisorctl start fxa-auth-server
   

OAuth server

1. OAuth server now

    supervisorctl start fxa-oauth-server
    supervisorctl status
   

2. But it dies

    cd ../fxa-oauth-server/
    su app
   

3. Run directly without STDERR redirection

    CONFIG_FILES="/data/fxa-oauth-server/config/awsbox.json,/data/fxa-oauth-server/config/local.json" node /data/fxa-oauth-server/bin/server.js
   

4. Its a database access problem

    vi config/local.json
   

5. Adjust password field. Here is how its configured in ansible config

    // From fxa-dev checkout
    vi roles/oauth/defaults/main.yml
    // Adjust the `oauth_db_password` field, otherwise python will write "None" and will try to connect to DB using "None" as a password.
   

6. Back in the VM, try again

    su app
    CONFIG_FILES="/data/fxa-oauth-server/config/awsbox.json,/data/fxa-oauth-server/config/local.json" node /data/fxa-oauth-server/bin/server.js
   

7. If it doesn’t die, we’re good to go

    exit
    supervisorctl start fxa-oauth-server
   

FxA RP

	supervisorctl start fxa-rp

Might say its not running. To fix;

	cd ../fxa-rp/
	cat /etc/supervisor.d/fxa-rp.conf

1. Missing certificate

    su app
    node scripts/gen_keys.js
    exit
    supervisorctl start fxa-rp
   

2. Check the logs

    tail /var/log/fxa-rp.log
    // ... Error: Cannot find module 'ejs'
   

3. Missing modules w/ npm modules

    suu app
    npm install
   

4. Dependencies doesn’t have their dependencies handled ^^;;;;;

    cd node_modules/connect-fonts/
    npm install
    cd ../../
    cd node_modules/connect-fonts/node_modules/node-font-face-generator/
    npm install
   

5. Try again

    cd ../../../../
    CONFIG_FILES="/data/fxa-rp/config.json,/data/fxa-rp/local.json" node /data/fxa-rp/server.js
    exit
   

6. If fxa-rp doesn’t die, we’re good to go there too.

Note that the Redis error is fine if you are in dev mode though.

	supervisorctl start fxa-rp
	supervisorctl status
	elasticsearch                    RUNNING    pid 17636, uptime 1:18:41
	fxa-auth-db-server               RUNNING    pid 18116, uptime 0:56:41
	fxa-auth-mailer                  FATAL      Exited too quickly (process log may have details)
	fxa-auth-server                  RUNNING    pid 18872, uptime 0:16:46
	fxa-content-server               RUNNING    pid 17635, uptime 1:18:41
	fxa-customs-server               RUNNING    pid 17631, uptime 1:18:41
	fxa-oauth-server                 RUNNING    pid 18987, uptime 0:09:25
	fxa-profile:profile-server       RUNNING    pid 17646, uptime 1:18:41
	fxa-profile:profile-static       RUNNING    pid 17642, uptime 1:18:41
	fxa-profile:profile-worker       RUNNING    pid 17643, uptime 1:18:41
	fxa-rp                           RUNNING    pid 19277, uptime 0:00:14
	hekad                            RUNNING    pid 17649, uptime 1:18:41

fxa-auth-mailer

	cd ../fxa-auth-mailer
	vi /etc/supervisor.d/fxa-auth-mailer.conf
	su app
	node /data/fxa-auth-mailer/bin/server.js

1. Something about an error w/ Restify

    npm install
   

2. Try again, should work now

    node /data/fxa-auth-mailer/bin/server.js
   

3. If it doesn’t die, we’re good to go

    exit
    supervisorctl start fxa-auth-mailer
   

Everything should be RUNNING now

	supervisorctl status
	elasticsearch                    RUNNING    pid 17636, uptime 1:28:15
	fxa-auth-db-server               RUNNING    pid 18116, uptime 1:06:15
	fxa-auth-mailer                  RUNNING    pid 19400, uptime 0:00:06
	fxa-auth-server                  RUNNING    pid 18872, uptime 0:26:20
	fxa-content-server               RUNNING    pid 17635, uptime 1:28:15
	fxa-customs-server               RUNNING    pid 17631, uptime 1:28:15
	fxa-oauth-server                 RUNNING    pid 18987, uptime 0:18:59
	fxa-profile:profile-server       RUNNING    pid 17646, uptime 1:28:15
	fxa-profile:profile-static       RUNNING    pid 17642, uptime 1:28:15
	fxa-profile:profile-worker       RUNNING    pid 17643, uptime 1:28:15
	fxa-rp                           RUNNING    pid 19277, uptime 0:09:48
	hekad                            RUNNING    pid 17649, uptime 1:28:15

---

Networking issues

Now that we have everything running, we need to have it accessible from outside the VM.

    iptables -L
    sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
    sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
    iptables --flush

We’ll have to deal with this later #TODO

Ref

• http://www.if-not-true-then-false.com/2011/install-nginx-php-fpm-on-fedora-centos-red-hat-rhel/

• http://serverfault.com/questions/634294/nodejs-nginx-error-13-permission-denied-while-connecting-to-upstream/634470#634470

  yum install policycoreutils-python nmap
  nmap -p 8080 localhost
  semanage port --list | grep http_port_t
  > http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000
  

1. List all ports we need and make sure they are http_port_t. #TODO

2. Enable them in SELinux manually the ones missing

    semanage port --add --type http_port_t --proto tcp 9010
    semanage port --add --type http_port_t --proto tcp 9011
    semanage port --add --type http_port_t --proto tcp 9012
    semanage port --add --type http_port_t --proto tcp 7000
    semanage port --add --type http_port_t --proto tcp 1113
    semanage port --add --type http_port_t --proto tcp 8000
    semanage port --add --type http_port_t --proto tcp 3030
    semanage port --add --type http_port_t --proto tcp 4900
   

3. Change port of fxa-oauth-server

    vi /data/fxa-oauth-server/config/local.json
   

4. Add a block:

    "server": {"port": 9110},
   

5. Ensure its open

    supervisorctl restart fxa-oauth-server
    semanage port --add --type http_port_t --proto tcp 9110
    nmap -p 9110 localhost
   

NGINX services

vi /etc/nginx/conf.d/upstream/http_fxa_oauth.conf
server 127.0.0.1:9110

FxA content server didnt have npm modules installed

cd /data/fxa-content-server
npm install
su data
bower install
exit
grunt build:dist
chown -R app:app dist/

Make sure we have dist/bower_components with more than 2 folders

supervisorctl restart fxa-content-server