On 31 Jul 2014, the cloud based login manager “Mitro” was published under the GPL on github. In this blogpost, I’ll go through the steps of setting up the server and browser extensions.
The login manager Mitro has been developed by a small team based in NYC, wich was recently aquired by Twitter. Part of the deal, as I recall, was that the Mitro project had to be published under an open source license, which is great since I contacted the devs a few months ago if there is going to be an on-premise version of it. Well now there is, but it takes a bit of work to get everything up and running.
At the time of writing, I do not see Mitro On-Premise as production ready software as there are a few issues that have to be sorted out. But I’ll do my best to help get it there and I’m happy to see that many others are actively working towards the same goal.
If you just want to install Mitro without understanding what you’re doing – you can use my mitro-debian-setup.sh script which should do all of this automatically. Make sure to check the REAME.md for instructions first and run
tail -f mitro-debian-setup.log in a second shell to catch problems like this:
You can avoid this completely by running
apt-get update && apt-get upgrade prior to the script. Also, just to be on the same page – this is what my Debian image looks like:
A few notes before we get started – for those of you actually reading this…
I will generally not work under the
root user but under
admin with sudo. I will not print whole files but mark the changes like this:
user@host: $ vi /etc/example.conf + added line - removed line
Or with numbered lines if the file is to huge or similar lines exist.
user@host: $ vi /etc/example.conf 98: + added line 98: - removed line
While I always try to make things understandable even for unexperienced users, keep in mind that this is a very critical application and you should know what you’re doing before you attempt to host it for yourself or even others. Therefore, I will not go into any detail on basic commands such as how to exit vim or login via ssh. If you can’t do that, you lack serious basics for this post!
For now, I got the server up and running under Debian 7, and the extensions working with my server with chromium-browser in Kubuntu 14.04. Keep in mind that right now, everything is in a state of constant change, so I’ll either update this blogpost or look for a better way to keep the info up to date.
The whole setup consists of three main parts
- The mitro server daemon
- The mitro mailing daemon
- The mitro browser extensions
I’ll try to get any changes I make in the code or scripts into the official Mitro repository, but I will note all important changes in this blogpost. If you’re missing anything, you can always checkout my fork on github for commits that haven’t been merged yet
Some general info about the environment I used for this setup.
Server OS: Debian 7 Non-GUI (Connect via SSH) Server VM: Virtualbox - 192.168.0.110 Client OS: Kubuntu 14.04 64bit Client VM: Virtualbox - Git Mitro: https://github.com/mitro-co/mitro Git Fork: https://github.com/fredericmohr/mitro
Before you do anything, make sure that your server has installed all package updates.
root@debian:~ # apt-get update && apt-get upgrade
Since this is a critical application, we’ll try to keep security in mind from the beginning.
admin user with sudo rights and one called
mitro to run the services under. You should of course choose different, and strong password for both users as they build the foundation of your new login manager!
root@debian:~ # echo mitro-server > /etc/hostname root@debian:~ # vi /etc/hosts - 127.0.0.1 localhost + 127.0.0.1 localhost mitro-server root@debian:~ # hostname -F /etc/hostname root@mitro-server:~ # adduser admin root@mitro-server:~ # adduser mitro
And in case you haven’t done so during the installation of your os, set a strong password for root as well.
root@mitro-server:~ # passwd root
Next, grant sudo rights to
admin, logout as
root and login as admin.
root@mitro-server:~ # apt-get install sudo root@mitro-server:~ # visudo -f /etc/sudoers.d/mitro + # admin user to manage mitro server + admin ALL=(ALL:ALL) ALL root@mitro-server:~ # exit
Test if sudo works properly and move on to the next part if it does.
admin@mitro-server:~ $ sudo whoami [sudo] password for admin: root
Mitro Server Setup
Before we begin with the actual server, there are a few things we have to take care of such as setting up the directory and installing the base packages.
admin@mitro-server:~$ sudo mkdir /srv/mitro/ admin@mitro-server:~$ cd /srv/mitro/ admin@mitro-server:~$ sudo chown -R mitro:mitro /srv/mitro admin@mitro-server:~$ sudo chmod g+s /srv/mitro admin@mitro-server:~$ sudo chmod u+s /srv/mitro admin@mitro-server:~$ sudo chmod 755 /srv/mitro
This is how the folder permissions should look like. The sticky bit will make sure, that the user and group ownership will be
mitro throughout the setup.
admin@mitro-server:~$ ls -lh /srv/ drwsr-sr-x 2 mitro mitro 4.0K Sep 19 19:17 mitro admin@mitro-server:~$ cd /srv/mitro
Install all Debian packages necessary to build and run the server and create the necessary binary links, since there are a few files called incorrectly. — We should probably fix the build scripts…
admin@mitro-server:~$ sudo apt-get install git screen postgresql postgresql-contrib postgresql-pltcl-9.1 ant make g++ curl unzip admin@mitro-server:/srv/mitro$ sudo curl -sL https://deb.nodesource.com/setup | sudo bash - admin@mitro-server:/srv/mitro$ sudo apt-get install nodejs
initdb is present. If not, you need to create a link to the executable.
admin@mitro-server:/srv/mitro$ which initdb admin@mitro-server:/srv/mitro$ sudo ln -s /usr/lib/postgresql/9.1/bin/initdb /usr/bin/initdb admin@mitro-server:/srv/mitro$ which initdb /usr/bin/initdb
According to the Mitro README, the server should be run with the official Oracle Java JDK 7. However, I haven’t had any problems with the openjdk version and since it’s easier to maintain updates through apt-get, I am going to stick with it.
admin@mitro-server:/srv/mitro$ sudo apt-get install openjdk-7-jdk libpostgresql-jdbc-java
Just to be sure, trace back the current java executable and check if it really is jdk-7. In my case jdk-6 was still being used so I had to change it.
admin@mitro-server:/srv/mitro$ which java /usr/bin/java admin@mitro-server:/srv/mitro$ file /usr/bin/java /usr/bin/java: symbolic link to `/etc/alternatives/java' admin@mitro-server:/srv/mitro$ file /etc/alternatives/java /etc/alternatives/java: symbolic link to `/usr/lib/jvm/java-6-openjdk-amd64/jre/bin/java' admin@mitro-server:/srv/mitro$ sudo rm /etc/alternatives/java admin@mitro-server:/srv/mitro$ sudo ln -s /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java /etc/alternatives/java
The following code-block shows some optional settings which I haven’t tried myself. But I’ll put them there in case anyone wants to try them.
# The sysctl.conf part is optional - depending wether or not you need/want multiple postgresql instances running. # Edit /etc/sysctl.conf to add the following lines: # run multiple instances of postgres kern.sysv.shmmax=1610612736 kern.sysv.shmall=393216 kern.sysv.shmmin=1 kern.sysv.shmmni=32 kern.sysv.shmseg=8 # Then run the following for each line above sudo sysctl -w <line>
Preparing the postgresql database
According to the docs, the postgresql database service must be running as the same user as the mitro service is running – which in this case means the unix user “mitro”.
To get this done, you need to follow these steps:
# Stop Database admin@mitro-server:/srv/mitro$ sudo /etc/init.d/postgres stop admin@mitro-server:/srv/mitro$ sudo netstat -antp # if postgres is still running for whatever reason admin@mitro-server:/srv/mitro$ sudo killall -9 postgres # prepare to start postgres as "mitro" admin@mitro-server:/srv/mitro$ sudo chown -R mitro:mitro /var/run/postgresql/
pg_ctl, but Debian has switched to
pg_ctlcluster so the build process fails! To fix that, you need to create a link for
admin@mitro-server:/srv/mitro$ sudo ln -s /usr/lib/postgresql/9.1/bin/pg_ctl /usr/bin/pg_ctl
Before we can continue, we need to checkout the repository. I advise you to take the official repo and not my fork, as the latter might not be working at times since I tend to break things and push them – you have been warned!
admin@mitro-server:/srv$ sudo git clone https://github.com/mitro-co/mitro.git Cloning into 'mitro'... remote: Counting objects: 5516, done. remote: Total 5516 (delta 0), reused 0 (delta 0) Receiving objects: 100% (5516/5516), 65.85 MiB | 640 KiB/s, done. Resolving deltas: 100% (1049/1049), done.
Prepare postgresql database
mitro@mitro-server:/srv/mitro/mitro-core$ mkdir -p /srv/mitro/mitro-core/build/postgres mitro@mitro-server:/srv/mitro/mitro-core$ initdb --pgdata=/srv/mitro/mitro-core/build/postgres -E 'UTF-8' --lc-collate='en_US.UTF-8' --lc-ctype='en_US.UTF-8'
Start postgresql daemon and create the database
mitro@mitro-server:/srv/mitro/mitro-core$ pg_ctl -D /srv/mitro/mitro-core/build/postgres -l logfile start mitro@mitro-server:/srv/mitro/mitro-core$ createdb -O mitro mitro
Check if postgresql is running properly
netstat -antp |grep "postgres" tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 7061/postgres tcp6 0 0 ::1:5432 :::* LISTEN 7061/postgres
Installing and configuring the server
We only need the server files, which reside in mitro-core. Make sure that the right permissions are set and switch back to mitro before creating the database and running
#To avoid this, change at beginning of blogpost... admin@mitro-server:/srv/mitro$ sudo mv ./mitro/mitro-core . admin@mitro-server:/srv/mitro$ cd ../ admin@mitro-server:/srv$ sudo chown -R mitro:mitro mitro/ admin@mitro-server:/srv$ sudo su - mitro mitro@mitro-server:~$ cd /srv/mitro/mitro-core/ mitro@mitro-server:/srv/mitro/mitro-core$ ant test [...] BUILD SUCCESSFUL Total time: 50 seconds
If you find this during the test run, don’t worry. We’ll take care of this later.
[junit] WARN [2014-09-20 07:50:22,425Z] co.mitro.core.server.Manager: Not creating constraint groups_name_scope: DB is not Postgres [junit] WARN [2014-09-20 07:50:22,425Z] co.mitro.core.server.Manager: Not creating constraint group_secret_svs_group: DB is not Postgres [junit] ERROR [2014-09-20 07:50:22,463Z] co.mitro.access.servlets.ManageAccessEmailer: missing or invalid email: null
I’m actually not quite sure if the build script is really neede after going through all these steps manually.
# you don't need it - the script is trash... mitro@mitro-server:/srv/mitro/mitro-core$ ./build.sh
To run the server, just type the following:
mitro@mitro-server:/srv/mitro/mitro-core$ ant server
I suggest you only run the server this way for testing purposes. If you want the server to run in the background, login as admin and type
admin@mitro-server:/srv/mitro/mitro-core$ screen -S mitro-server admin@mitro-server:/srv/mitro/mitro-core$ su - mitro mitro@mitro-server:~$ cd /srv/mitro/mitro-core/ mitro@mitro-server:/srv/mitro/mitro-core$ ant server > server_run.log 2>&1 [CTRL]+[A] [D] admin@mitro-server:/srv/mitro/mitro-core$ tail -f server_run.log [...] [CTRL]+[C]
If you’ve made it this far, then mitro server is running. You can verify this by visiting this url: https://yourmitroserver:8443/mitro-core/api/BuildMetadata
I have added everything I found in the blogpost above so you shouldn’t run into these problems, however if you do this might help you! Unfortunately I have forgotten to document most of the error messages, so I’ll add the here in case I run into them again.
mitro@mitro-server:/srv/mitro/mitro-core$ ant server Buildfile: /srv/mitro/mitro-core/build.xml compile: jar: [exec] Result: 128 [propertyfile] Updating property file: /srv/mitro/mitro-core/build/java/src/build.properties [exec] shutil.rmtree(tempdir) [exec] Traceback (most recent call last): [exec] File "tools/jarpackager.py", line 109, in <module> [exec] main() [exec] File "tools/jarpackager.py", line 92, in main [exec] unpack_jar(path, tempdir) [exec] File "tools/jarpackager.py", line 29, in unpack_jar [exec] process = subprocess.Popen(args) [exec] File "/usr/lib/python2.7/subprocess.py", line 679, in __init__ [exec] errread, errwrite) [exec] File "/usr/lib/python2.7/subprocess.py", line 1259, in _execute_child [exec] raise child_exception [exec] OSError: [Errno 2] No such file or directory [exec] Result: 1 [echo] Built build/mitrocore.jar
sudo apt-get install unzip
mitro@debian:~$ pg_ctl -D /srv/mitro/mitro-core/build/postgres start pg_ctl: another server might be running; trying to start server anyway server starting mitro@debian:~$ FATAL: lock file "postmaster.pid" already exists HINT: Is another postmaster (PID 3468) running in data directory "/srv/mitro/mitro-core/build/postgres"?
[*] If you can't see postgres running, you need to kill the old process first [-] root: killall -9 postgres [-] root: rm /srv/mitro/mitro-core/build/postgres/postmaster.pid