We assume that you have an Apache2 and MySQL database installed. This example was done on Ubuntu 14.04 LTS.
Install dependencies
We are using the python virtualenv. So the installation will get all correct versions of its depending python modules.
We also need to install some development packages:
apt-get install python-dev python-virtualenv libldap2-dev libsasl2-dev libmysqlclient-dev
We will install privacyidea to /srv/privacyidea:
cd /srv virtualenv privacyidea cd privacyidea source bin/activate
Note: source bin/activate will enter the python virtualenv. All python packages you install via pip will not be installed to your main system but to /srv/privacyidea.
We assume that you downloaded the privacyidea version 1.0dev0. (Or install it directly from pypi)
pip install privacyIDEA-1.0dev0.tar.gz
This will also install all dependencies. Some of the packages need to be compiled, this is why we installed the development packages in the first step.
As we will use MySQL as the database, we need to install the python package:
pip install MySQL-python
Now we will create the database and the database user:
$ mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 42 Server version: 5.5.35-1ubuntu1 (Ubuntu) Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql> create database privacyidea; Query OK, 1 row affected (0.00 sec)mysql> grant all privileges on privacyidea.* to "privacyidea"@"localhost" identified by "yourPassword"; Query OK, 0 rows affected (0.00 sec) mysql> flush privileges; Query OK, 0 rows affected (0.00 sec)mysql> quit; Bye
Prepare configuration
Create the configuration directory:
mkdir /etc/privacyidea
Add the user, the wsgi script will run as:
useradd -r privacyidea
Copy the configuration examples:
cp etc/privacyidea/* /etc/privacyidea/ mv /etc/privacyidea/privacyidea.ini.example /etc/privacyidea/privacyidea.ini
In /etc/privacyidea/privacyidea.ini adapt the following lines:
sqlalchemy.url = mysql://privacyidea:yourPassword@localhost/privacyidea args = ('/var/log/privacyidea/privacyidea.log','a', 10000000, 4) who.log_file = /var/log/privacyidea/privacyidea.log privacyideaURL = https://yourServer privacyideaURL.disable_SSL=True
create your own encryption key:
privacyidea-create-enckey -f /etc/privacyidea/privacyidea.ini
Fix access rights:
privacyidea-fix-access-rights -f /etc/privacyidea/privacyidea.ini -u privacyidea
Create the database:
paster setup-app /etc/privacyidea/privacyidea.ini
Create admin users
In the first step, we will use admin users from a password file /etc/privacyidea/admin-users. Later you can define realms in privacyidea.ini, that contain admin users.
privacyidea-create-pwidresolver-user -u admin -i 1000 > /etc/privacyidea/admin-users
If you create an admin user “admin”, you can login as “admin@admin”.
Setup Apache
Finally we setup Apache, we install mod-wsgi and enable a bunch of modules:
apt-get install libapache2-mod-wsgi a2enmod headers a2enmod auth_digest a2enmod ssl a2dissite 000-default
Copy the example apache config to its place:
cp etc/apache2/sites-available/privacyidea /etc/apache2/sites-available/
Note: With Apache 2.4 the file needs to be renamed to privacyidea.conf
Now adapt privaycyidea.conf:
WSGIScriptAlias / /etc/privacyidea/privacyideaapp.wsgi WSGIPythonHome /srv/privacyideasi
Note: With Apache 2.4 you need to change the access statement to “Require all granted”, otherwise you will get “AH01630: client denied by server configuration”.
As we want to run with SSL, you need to create self signed certificates:
privacyidea-create-certificate -f /etc/apache2/sites-available/privacyidea.conf privacyidea-create-certificate -f /etc/apache2/sites-available/privacyidea
Now enable your site:
a2ensite privacyidea
Restart apache and login with the administrator “admin@admin” you created earlier.