Actions
User story #5178
closed
Installation procedure for distributed rudder server
Pull Request:
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
Fix check:
Regression:
Description
Here are the install scripts content, tested on ubuntu 14.04
rudder-relay-top
#!/bin/bash
# Declare server role manually, no packages for this role yet
mkdir -p /opt/rudder/etc/server-roles.d
touch /opt/rudder/etc/server-roles.d/rudder-relay-top
# add repository
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 474A19E8
sudo tee /etc/apt/sources.list.d/rudder.list <<EOF
deb http://www.rudder-project.org/apt-2.11/ $(lsb_release -cs) main
EOF
# This is copied from http://www.rudder-project.org/rudder-doc-2.11/rudder-doc.html#relay-servers
aptitude install -y rudder-agent apache2 apache2-utils rsyslog
echo "Now fix the bug on /var/lib/dpkg/info/rudder-agent.postinst"
echo "Then run aptitude install"
bash -i
a2enmod dav dav_fs
a2dissite 000-default # remove 000- when using apache2.2
for i in /var/rudder/inventories/incoming /var/rudder/inventories/accepted-nodes-updates
do
mkdir -p ${i}
chmod -R 1770 ${i}
for group in apache www-data www; do
if getent group ${group} > /dev/null; then chown -R root:${group} /var/rudder/inventories/incoming; break; fi
done
done
for i in /opt/rudder/etc/htpasswd-webdav-initial /opt/rudder/etc/htpasswd-webdav
do
/usr/bin/htpasswd -bc ${i} rudder rudder
done
touch /opt/rudder/etc/rudder-networks.conf
# remove .conf when using apache2.2
echo > /etc/apache2/sites-available/rudder-default.conf << EOF
<VirtualHost *:80>
ServerAdmin webmaster@localhost
# Expose the server UUID through http
Alias /uuid /opt/rudder/etc/uuid.hive
<Directory /opt/rudder/etc>
Order deny,allow
Allow from all
</Directory>
# WebDAV share to receive inventories
Alias /inventories /var/rudder/inventories/incoming
<Directory /var/rudder/inventories/incoming>
DAV on
AuthName "WebDAV Storage"
AuthType Basic
AuthUserFile /opt/rudder/etc/htpasswd-webdav-initial
Require valid-user
Order deny,allow
# This file is automatically generated according to
# the hosts allowed by rudder.
Include /opt/rudder/etc/rudder-networks.conf
<LimitExcept PUT>
Order allow,deny
Deny from all
</LimitExcept>
</Directory>
# WebDAV share to receive inventories
Alias /inventory-updates /var/rudder/inventories/accepted-nodes-updates
<Directory /var/rudder/inventories/accepted-nodes-updates>
DAV on
AuthName "WebDAV Storage"
AuthType Basic
AuthUserFile /opt/rudder/etc/htpasswd-webdav
Require valid-user
Order deny,allow
# This file is automatically generated according to
# the hosts allowed by rudder.
Include /opt/rudder/etc/rudder-networks.conf
<LimitExcept PUT>
Order allow,deny
Deny from all
</LimitExcept>
</Directory>
# Logs
ErrorLog /var/log/rudder/apache2/error.log
LogLevel warn
CustomLog /var/log/rudder/apache2/access.log combined
</VirtualHost>
EOF
a2ensite rudder-default
service apache2 restart
# Set the policy server to be server 4 (rudder-web)
echo "rudder-web" > /var/rudder/cfengine-community/policy_server.dat
service rudder-agent restart
# Store the UUID of this node for later user
FRONT_UUID=$(cat /opt/rudder/etc/uuid.hive)
echo "FRONT_UUID=$FRONT_UUID"
# If you're using a firewall, allow the following incoming connections to this server:
# - TCP port 80: all managed nodes
# - TCP port 5309: all managed nodes
# - UDP and TCP port 514: all managed nodes
rudder-ldap
#!/bin/bash # add repository apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 474A19E8 sudo tee /etc/apt/sources.list.d/rudder.list <<EOF deb http://www.rudder-project.org/apt-2.11-nightly/ $(lsb_release -cs) main EOF aptitude update # Install Rudder server components aptitude install -y rudder-agent rudder-inventory-endpoint rudder-inventory-ldap echo "Now fix the bug on /var/lib/dpkg/info/rudder-agent.postinst" echo "Then run aptitude install" bash -i # Make LDAP listen on all interfaces sed -i "s/^IP=.*$/IP=*/" /etc/default/rudder-slapd service rudder-slapd restart # Make jetty listen on all interfaces sed -i "s/\(-Dfile.encoding=UTF-8\)/\1\n-Djetty.host=0.0.0.0/" /etc/default/rudder-jetty # Change memory limits in /opt/rudder/etc/rudder-jetty.conf sed -i "s/JAVA_XMX=.*/JAVA_XMX=384/" /opt/rudder/etc/rudder-jetty.conf sed -i "s/JAVA_MAXPERMSIZE=.*/JAVA_MAXPERMSIZE=128/" /opt/rudder/etc/rudder-jetty.conf service rudder-jetty restart # Set the policy server to be server 4 (rudder-web) echo "rudder-web" > /var/rudder/cfengine-community/policy_server.dat service rudder-agent restart # If you're using a firewall, allow the following incoming connections to this server: # - TCP port 389: Server 4 (rudder-web) # - TCP port 8080: Server 4 (rudder-web) + Server 1 (rudder-relay-top)
rudder-db
#!/bin/bash # add repository apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 474A19E8 sudo tee /etc/apt/sources.list.d/rudder.list <<EOF deb http://www.rudder-project.org/apt-2.11-nightly/ $(lsb_release -cs) main EOF aptitude update aptitude install -y rudder-agent rudder-reports postgresql-client echo "Now fix the bug on /var/lib/dpkg/info/rudder-agent.postinst" echo "Then run aptitude install" bash -i # Allow all internal connections to PostgreSQL echo "listen_addresses = '*'" >> /etc/postgresql/*/main/postgresql.conf # add rudder-web and rudder-relay-top IP #echo "host all all x.x.x.x/32 trust" >> /etc/postgresql/*/main/pg_hba.conf service postgresql restart >> /tmp/log 2>&1 # Disable rsyslog remote listening rm /etc/rsyslog.d/rudder.conf # rsyslog-pgsql bug rm /etc/rsyslog.d/pgsql.conf service rsyslog restart # Set the policy server to be server 4 (rudder-web) echo "rudder-web" > /var/rudder/cfengine-community/policy_server.dat service rudder-agent restart # If you're using a firewall, allow the following incoming connections to this server: # - TCP port 5432: Server 4 (rudder-web) # - TCP port 5432: Server 1 (rudder-relay-top)
rudder-web
#!/bin/bash
# add repository
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 474A19E8
sudo tee /etc/apt/sources.list.d/rudder.list <<EOF
deb http://www.rudder-project.org/apt-2.11-nightly/ $(lsb_release -cs) main
EOF
aptitude update
# Inform Rudder about the various roles so installation can proceed successfully
mkdir -p /var/rudder/cfengine-community/inputs
echo > /var/rudder/cfengine-community/inputs/rudder-server-roles.conf << EOF
# Fill out this file with your hostnames from the other servers
rudder-ldap: rudder-ldap
rudder-inventory-endpoint: rudder-ldap
rudder-db: rudder-db
rudder-relay-top: rudder-relay-top
rudder-web: rudder-web
EOF
# Install components
aptitude install -y rudder-agent rudder-webapp rudder-techniques rsyslog rsyslog-pgsql apache2 apache2-utils
echo "Now fix the bug on /var/lib/dpkg/info/rudder-agent.postinst"
echo "Then run aptitude install"
bash -i
# Initialize the server
/opt/rudder/bin/rudder-init
# Fill in interactive question (or provide answer as command line arguments for automation)
# Now, accept the other three servers in the web interface (it may take up to 5 minutes for them to appear in "Accept new nodes")
# Then, use the UUID of server 1 (rudder-front) we stored above and run this command
/opt/rudder/bin/rudder-node-to-relay ${FRONT_UUID}
+ DNS / Hostnames +
Modify /etc/hosts our your DNS server to enable resolution of the 5 host names :- rudder-inventory-endpoint (should point to rudder-ldap)
- rudder-ldap
- rudder-db
- rudder-relay-top
- rudder-web
Updated by Benoît PECCATTE over 10 years ago
rudder-ldap
#!/bin/bash # add repository apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 474A19E8 sudo tee /etc/apt/sources.list.d/rudder.list <<EOF deb http://www.rudder-project.org/apt-2.11-nightly/ $(lsb_release -cs) main EOF aptitude update # Install Rudder server components aptitude install -y rudder-agent rudder-inventory-endpoint rudder-inventory-ldap echo "Now fix the bug on /var/lib/dpkg/info/rudder-agent.postinst" echo "Then run aptitude install" bash -i # Make LDAP listen on all interfaces sed -i "s/^IP=.*$/IP=*/" /etc/default/rudder-slapd service rudder-slapd restart # Make jetty listen on all interfaces sed -i "s/\(-Dfile.encoding=UTF-8\)/\1\n-Djetty.host=0.0.0.0/" /etc/default/rudder-jetty # Change memory limits in /opt/rudder/etc/rudder-jetty.conf sed -i "s/JAVA_XMX=.*/JAVA_XMX=384/" /opt/rudder/etc/rudder-jetty.conf sed -i "s/JAVA_MAXPERMSIZE=.*/JAVA_MAXPERMSIZE=128/" /opt/rudder/etc/rudder-jetty.conf service rudder-jetty restart # Set the policy server to be server 4 (rudder-webapp) echo "rudder-webapp" > /var/rudder/cfengine-community/policy_server.dat service rudder-agent restart # If you're using a firewall, allow the following incoming connections to this server: # - TCP port 389: Server 4 (rudder-webapp) # - TCP port 8080: Server 4 (rudder-webapp) + Server 1 (rudder-front)
Updated by Benoît PECCATTE over 10 years ago
#!/bin/bash # add repository apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 474A19E8 sudo tee /etc/apt/sources.list.d/rudder.list <<EOF deb http://www.rudder-project.org/apt-2.11-nightly/ $(lsb_release -cs) main EOF aptitude update aptitude install -y rudder-agent rudder-reports postgresql-client echo "Now fix the bug on /var/lib/dpkg/info/rudder-agent.postinst" echo "Then run aptitude install" bash -i # Allow all internal connections to PostgreSQL echo "listen_addresses = '*'" >> /etc/postgresql/*/main/postgresql.conf # add rudder-web and rudder-relay-top IP #echo "host all all x.x.x.x/32 trust" >> /etc/postgresql/*/main/pg_hba.conf service postgresql restart >> /tmp/log 2>&1 # Disable rsyslog remote listening rm /etc/rsyslog.d/rudder.conf # rsyslog-pgsql bug rm /etc/rsyslog.d/pgsql.conf service rsyslog restart # Set the policy server to be server 4 (rudder-webapp) echo "rudder-webapp" > /var/rudder/cfengine-community/policy_server.dat service rudder-agent restart # If you're using a firewall, allow the following incoming connections to this server: # - TCP port 5432: Server 4 (rudder-webapp) # - TCP port 5432: Server 1 (rudder-front)
Updated by Benoît PECCATTE over 10 years ago
- Description updated (diff)
Ignore comments, they are badly formatted
Updated by Jonathan CLARKE over 10 years ago
- Description updated (diff)
Updated installation procedures:
- Use "<" pre ">" tags to display script content
- Rename rudder-front to rudder-relay-top
Updated by Lionel Le Folgoc over 10 years ago
-echo > /var/rudder/cfengine-community/inputs/rudder-server-roles.conf << EOF +cat >/var/rudder/cfengine-community/inputs/rudder-server-roles.conf <<EOF
Small typo, but annoying consequences (this is the reason why we've always had issues to set up our distributed rudder infra :).
Updated by Benoît PECCATTE over 10 years ago
Lionel Le Folgoc wrote:
[...]
Small typo, but annoying consequences (this is the reason why we've always had issues to set up our distributed rudder infra :).
Yes typical mistake.
This problem was in the informal installation procedure. It has been corrected when the script was pushed to github.
The up to date source for these scripts is https://github.com/Normation/rudder-tools/tree/master/scripts/rudder-multiserver-setup
Updated by Lionel Le Folgoc over 10 years ago
It has been corrected when the script was pushed to github.
A notice in this bug report would have been nice, otherwise I'd never know (this may not look like it, but I've not been having fun with buggy instructions for the distributed setup. :)
Thanks.
Updated by Lionel Le Folgoc over 10 years ago
if [ "$OS" = "RHEL" ] ; then
$PM_COMMAND rudder-agent rudder-reports postgresql-client
At least here on CentOS 6, it's called postgresql, not postgresql-client (this is a Debian/Ubuntu package name ;-).
Thanks.
Updated by Nicolas PERRON over 10 years ago
Lionel Le Folgoc wrote:
It has been corrected when the script was pushed to github.
A notice in this bug report would have been nice, otherwise I'd never know (this may not look like it, but I've not been having fun with buggy instructions for the distributed setup. :)
Thanks.
Sorry about that.
This ticket is an user story and does not permit to add Pull Request. A subticket (#5295) has been added in order to add and follow the github Pull Request Benoit made.
Updated by Jonathan CLARKE about 10 years ago
- Category set to Documentation
- Status changed from New to 15
- Assignee set to Benoît PECCATTE
- Target version set to 2.11.3
Updated by Jonathan CLARKE about 10 years ago
- Status changed from 15 to Pending release
Updated by Vincent MEMBRÉ about 10 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 2.11.3, which was released on the 25/09/2014.
- Announcement
- Changelog
- Download information: https://www.rudder-project.org/site/get-rudder/downloads/
Actions