Felenasoft

[bill_mcgonigle]

I'm working on evaluating Xeoma for a surveillance server here, using CentOS 7 on a Xen virtual machine. I figured I'd put some notes here - others who may be in the same boat are encouraged to contribute. The website claims 'CentOS 6 or higher' but it's not quite that simple.

I'm running in 'Free' mode at the moment as I don't have a 4-hour block of time to dedicate to evaluation at this point. From what I can make of the docs, for a headless server I'll need to have 'remote' mode which means I'll need a 'lite' license at least. I have no problem paying for a license for good software. Once this gets running it seems pretty decent - getting it running required a bunch of debugging with strace, though.

So far I have, for install:

Code: Select All Code

tar -zxvf xeoma_beta_linux64.tgz
sudo ./xeoma.app -install -coreauto
sudo yum -y install xorg-x11-xauth mesa-libGLU mesa-dri-drivers
sudo ln -s /usr/lib64/libX11.so.6 /usr/lib64/libX11.so
sudo /sbin/chkconfig XeomaCoreService on
sudo /sbin/service XeomaCoreService start
XAUTHORITY=$HOME/.Xauthority ./xeoma.app


I'm not sure why ldconfig on EL7 doesn't make unversioned .so links, but it doesn't, so the linker will fail with the default binary. Just as an aside, this is the point where I'd fix the Makefile in an open source project and issue a pull request.

I have /usr/local/Xeoma mounted as a separate partition for storing images. It's disappointing that it's chmod 777 as I'd like to secure this, even though it's a dedicated VM.

Still TODO if I want to deploy this typically:

1) configure a dedicated user for xeoma and fix permissions
2) build a systemd service file
3) build a monit config to keep it running (had it stop once - not sure why yet)
4) put TLS in front of it, per http://felenasoft.com/forum/viewtopic.php?f=8&t=581&p=1459&hilit=localhost#p1459
5) figure out how to get it to bind to 0.0.0.0:8090 instead of 127.0.0.1:8090, so I can do the X11 client on another machine. I don't know why it's having a problem finding Xauthority, but I'd just as soon have no X on the surveillance server.
6) make an RPM or puppet module to deploy it consistently.
7) setup rsync/sshfs or maybe seafile for offsite backup of images, over secure transport

I'd really love if Felenasoft had a repo I could just use with all of the above, of course. It's clear that much work has been put into this product - just need that last 5% to make it easy.

[kdoswald]

1) configure a dedicated user for xeoma and fix permissions
777 is BAD
2) build a systemd service file
This can set the user, and if you set proper folder permissions. 700 best but not always doable. This will also monitor the service to make sure it is always running.
example:
[Unit]
Description=Xeoma

[Service]
Type=simple
User=xeoma
Group=xeoma
ExecStart=/root/bin/Xeoma/xeoma -service -startdelay 10
ExecStop=/bin/true
Restart=on-abnormal

[Install]
WantedBy=multi-user.target

3) build a monit config to keep it running (had it stop once - not sure why yet)
not needed systemd takes care of it

4) put TLS in front of it, per http://felenasoft.com/forum/viewtopic.php?f=8&t=581&p=1459&hilit=localhost#p1459
Alternative you can use haproxy to handle the ssl and off load.
5) figure out how to get it to bind to 0.0.0.0:8090 instead of 127.0.0.1:8090, so I can do the X11 client on another machine. I don't know why it's having a problem finding Xauthority, but I'd just as soon have no
X on the surveillance server.
That is hacking the code, so should not be done. Just buy the lite license. To use it localy on system since I am just using free version I just installed basic x server and vnc server

6) make an RPM or puppet module to deploy it consistently.
Could just treat it real basic, store the app in puppet file folder have it pull it down and just run startup command. RPM could create user etc.. Easiest way to do that.. check out check http://asic-linux.com.mx/~izto/checkinstall/ or https://github.com/jordansissel/fpm Then add a pre install script to create the user etc.

7) setup rsync/sshfs or maybe seafile for offsite backup of images, over secure transport

rsynca -avz -e ssh /usr/local/xeoma/ user@remoteip:/backup

I have my on ubuntu server, but going to try it with centos under kvm.

[luminarycrush]

I'll echo some of your difficulties running in a similar environment for evaluation. I'm running headless in a KVM VM. Currently it's Ubuntu but that's only because I'm using the same VM to evaluate also Bluecherry which is Debian-based only packaging. Normally I'd run CentOS7.

This application has some nice features, but seems to be one of the *worst* behaved Linux apps I've had to deal with in a long time.

* 4-hour evaluation - are you serious? Geez, most softwares give you a month, or a week. 4 hours is ridiculous.
* the headless install is awful - can't specify a path to install so you get /usr/local, or a mess in your home directory.
* must run as root - who runs a software around security as a "root" user?
* only in the GUI can you specify an alternate install directory, but you can't do that without X11, and the point of the VM is to be headless and w/o VM. I did try to run it via remote X and it fails.
* why the heck is the binary getting installed to my home directory despite the rest of the install going to, say, /opt?
* if I move the binary to a location that basically every other *NIX application ever made uses (eg <install dir>/bin) and specify the full path to run just -client (so I can connect to a remote install on the headless server) it still creates a blob in my home directory. How do I make it stop that?

Bluecherry lacks several Xeoma features but has the merit of being well-behaved in the Linux world. I hope I can resolve some of these Xeoma install/deploy issues but so far I'm a bit frustrated.

[Admin_P]

Hello!

On a headless server Xeoma Pro can be configured via .config files when used as Your Cloud. More on that here: http://felenasoft.com/xeoma/en/pro/manual/

I hope this helps!