From c810f9af2c0ef447a0282cb85662a52cc832b2fc Mon Sep 17 00:00:00 2001
From: Martin Polanka <PolankaMartin@gmail.com>
Date: Sat, 24 Feb 2018 15:03:04 +0100
Subject: [PATCH] Move monitor doc to README

---
 Installation.md         | 130 ++++++++--------------------------------
 System-configuration.md |  44 --------------
 2 files changed, 26 insertions(+), 148 deletions(-)

diff --git a/Installation.md b/Installation.md
index d2e5bfc..97d32ad 100644
--- a/Installation.md
+++ b/Installation.md
@@ -33,6 +33,32 @@ we are providing clickable installer including dependencies. Just for info, all
 components should be able to run on Windows, only broker was not tested and may
 require small tweaks to work properly.
 
+## Security
+
+One of the most important aspects of ReCodEx instance is security. It is crucial
+to keep gathered data safe and not to allow unauthorized users modify restricted
+pieces of information. Here is a small list of recommendations to keep running
+ReCodEx instance safe.
+
+- Secure MySQL installation. The installation script does not do any security
+  actions, so please run at least `mysql_secure_installation` script on database
+  computer.
+- Get HTTPS certificate and set it in Apache for web application and API.
+  Monitor should be proxied through the web server too with valid certificate.
+  You can get free DV certificate from [Let's
+  Encrypt](https://letsencrypt.org/). Do not forget to set up automatic
+  renewing!
+- Hide broker, workers and fileserver behind firewall, private subnet or IPsec
+  tunnel. They are not required to be reached from public internet, so it is
+  better keep them isolated.
+- Keep your server updated and well configured. For automatic installation of
+  security updates on CentOS system refer to `yum-cron` package. Configure SSH
+  and Apache to use only strong ciphers, some recommendations can be found
+  [here](https://bettercrypto.org/static/applied-crypto-hardening.pdf).
+- Do not put actually used credentials on web, for example do not commit your
+  passwords (in Ansible variables file) on GitHub.
+- Regularly check logs for anomalies.
+
 ## Ansible installer
 
 DEPRECATED - Ansible installer is no longer working!
@@ -152,110 +178,6 @@ just use component's YAML file instead of _recodex.yml_.
 Ansible expects to have password-less access to the remote machines. If you have
 not such setup, use options `--ask-pass` and `--ask-become-pass`.
 
-## Manual installation
-
-### Monitor
-
-For monitor functionality there are some required packages. All of them are
-listed in _requirements.txt_ file in the repository and can be installed by
-`pip` package manager as
-
-```
-$ pip install -r requirements.txt
-```
-
-**Description of dependencies:**
-
-- zmq -- binding to ZeroMQ framework
-- websockets -- framework for communication over WebSockets
-- asyncio -- library for fast asynchronous operations
-- pyyaml -- parsing YAML configuration files
-- argparse -- parsing command line arguments
-
-Installation will provide you following files:
-
-- `/usr/bin/recodex-monitor` -- simple startup script located in PATH
-- `/etc/recodex/monitor/config.yml` -- configuration file
-- `/etc/systemd/system/recodex-monitor.service` -- systemd startup script
-- code files will be installed in location depending on your system settings,
-  mostly into `/usr/lib/python3.5/site-packages/monitor/` or similar
-
-Systemd script runs monitor binary as specific _recodex_ user, so in `postinst`
-script user and group of this name are created. Also, ownership of configuration
-file will be granted to that user.
-
-- RPM distributions can make and install binary package. This can be done like
-  this:
-	- run command
-	```
-	$ python3 setup.py bdist_rpm --post-install ./install/postints
-	```
-	to generate binary `.rpm` package or download precompiled one from releases
-	tab of monitor GitHub repository (it is architecture independent package)
-	- install package using
-	```
-	# yum install ./dist/recodex-monitor-<version>-1.noarch.rpm
-	```
-- Other Linux distributions can install cleaner straight
-	```
-	$ python3 setup.py install --install-scripts /usr/bin
-	# ./install/postinst
-	```
-	
-#### Usage
-
-Preferred way to start monitor as a service is via systemd as the other parts of
-ReCodEx solution.
-
-- Running monitor is fairly simple:
-```
-# systemctl start recodex-monitor.service
-```
-- Current state can be obtained by
-```
-# systemctl status recodex-monitor.service
-```
-You should see green **Active (running)**.
-- Setting up monitor to be started on system startup:
-```
-# systemctl enable recodex-monitor.service
-```
-
-Alternatively monitor can be started directly from command line with specifying
-path to configuration file. Note that this command will not start monitor as a
-daemon.
-
-```
-$ recodex-monitor -c /etc/recodex/monitor/config.yml
-```
-
-
-## Security
-
-One of the most important aspects of ReCodEx instance is security. It is crucial
-to keep gathered data safe and not to allow unauthorized users modify restricted
-pieces of information. Here is a small list of recommendations to keep running
-ReCodEx instance safe.
-
-- Secure MySQL installation. The installation script does not do any security
-  actions, so please run at least `mysql_secure_installation` script on database
-  computer.
-- Get HTTPS certificate and set it in Apache for web application and API.
-  Monitor should be proxied through the web server too with valid certificate.
-  You can get free DV certificate from [Let's
-  Encrypt](https://letsencrypt.org/). Do not forget to set up automatic
-  renewing!
-- Hide broker, workers and fileserver behind firewall, private subnet or IPsec
-  tunnel. They are not required to be reached from public internet, so it is
-  better keep them isolated.
-- Keep your server updated and well configured. For automatic installation of
-  security updates on CentOS system refer to `yum-cron` package. Configure SSH
-  and Apache to use only strong ciphers, some recommendations can be found
-  [here](https://bettercrypto.org/static/applied-crypto-hardening.pdf).
-- Do not put actually used credentials on web, for example do not commit your
-  passwords (in Ansible variables file) on GitHub.
-- Regularly check logs for anomalies.
-
 
 <!---
 // vim: set formatoptions=tqn flp+=\\\|^\\*\\s* textwidth=80 colorcolumn=+1:
diff --git a/System-configuration.md b/System-configuration.md
index bd7b59c..a0191a6 100644
--- a/System-configuration.md
+++ b/System-configuration.md
@@ -3,50 +3,6 @@
 This section describes configuration of ReCodEx components. Bold items in lists
 describing the values are mandatory, italic ones are optional.
 
-## Monitor
-
-Configuration file is located in directory `/etc/recodex/monitor/` by default.
-It is in YAML format as all of the other configurations.
-
-### Configuration items
-
-Description of configurable items, bold ones are required, italics ones are
-optional.
-
-- _websocket_uri_ -- URI where is the endpoint of WebSocket connection. Must be
-  visible to the clients (directly or through public proxy)
-	- string representation of IP address or a hostname
-	- port number
-- _zeromq_uri_ -- URI where is the endpoint of ZeroMQ connection from broker.
-  Could be hidden from public internet.
-	- string representation of IP address or a hostname
-	- port number
-- _logger_ -- settings of logging
-	- _file_ -- path with name of log file. Defaults to
-	  `/var/log/recodex/monitor.log`
-	- _level_ -- logging level, one of "debug", "info", "warning", "error" and
-	  "critical"
-	- _max-size_ -- maximum size of log file before rotation in bytes
-	- _rotations_ -- number of rotations kept
-
-### Example configuration file
-
-```{.yml}
----
-websocket_uri:
-    - "127.0.0.1"
-    - 4567
-zeromq_uri:
-    - "127.0.0.1"
-    - 7894
-logger:
-    file: "/var/log/recodex/monitor.log"
-    level: "debug"
-    max-size: 1048576  # 1 MB
-    rotations: 3
-...
-```
-
 ## REST API
 
 The API can be configured in `config.neon` and `config.local.neon` files in