Project

General

Profile

Actions

User story #5178

closed

Installation procedure for distributed rudder server

Added by Benoît PECCATTE over 10 years ago. Updated about 10 years ago.

Status:
Released
Priority:
N/A
Category:
Documentation
Target version:
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
Fix check:
Regression:

Description

Here are the install scripts content, tested on ubuntu 14.04

rudder-relay-top

#!/bin/bash
# Declare server role manually, no packages for this role yet
mkdir -p /opt/rudder/etc/server-roles.d
touch /opt/rudder/etc/server-roles.d/rudder-relay-top

# add repository
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 474A19E8
sudo tee /etc/apt/sources.list.d/rudder.list <<EOF
deb http://www.rudder-project.org/apt-2.11/ $(lsb_release -cs) main
EOF

# This is copied from http://www.rudder-project.org/rudder-doc-2.11/rudder-doc.html#relay-servers
aptitude install -y rudder-agent apache2 apache2-utils rsyslog
echo "Now fix the bug on /var/lib/dpkg/info/rudder-agent.postinst" 
echo "Then run aptitude install" 
bash -i

a2enmod dav dav_fs
a2dissite 000-default # remove 000- when using apache2.2

for i in /var/rudder/inventories/incoming /var/rudder/inventories/accepted-nodes-updates
do
  mkdir -p ${i}
  chmod -R 1770 ${i}
  for group in apache www-data www; do
    if getent group ${group} > /dev/null; then chown -R root:${group} /var/rudder/inventories/incoming; break; fi
  done
done

for i in /opt/rudder/etc/htpasswd-webdav-initial /opt/rudder/etc/htpasswd-webdav
do
  /usr/bin/htpasswd -bc ${i} rudder rudder
done

touch /opt/rudder/etc/rudder-networks.conf

# remove .conf when using apache2.2
echo > /etc/apache2/sites-available/rudder-default.conf << EOF
<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        # Expose the server UUID through http
        Alias /uuid /opt/rudder/etc/uuid.hive
        <Directory /opt/rudder/etc>
                Order deny,allow
                Allow from all
        </Directory>
        # WebDAV share to receive inventories
        Alias /inventories /var/rudder/inventories/incoming
        <Directory /var/rudder/inventories/incoming>
                DAV on
                AuthName "WebDAV Storage" 
                AuthType Basic
                AuthUserFile /opt/rudder/etc/htpasswd-webdav-initial
                Require valid-user
                Order deny,allow
                # This file is automatically generated according to
                # the hosts allowed by rudder.
                Include /opt/rudder/etc/rudder-networks.conf
                <LimitExcept PUT>
                        Order allow,deny
                        Deny from all
                </LimitExcept>
        </Directory>
        # WebDAV share to receive inventories
        Alias /inventory-updates /var/rudder/inventories/accepted-nodes-updates
        <Directory /var/rudder/inventories/accepted-nodes-updates>
                DAV on
                AuthName "WebDAV Storage" 
                AuthType Basic
                AuthUserFile /opt/rudder/etc/htpasswd-webdav
                Require valid-user
                Order deny,allow
                # This file is automatically generated according to
                # the hosts allowed by rudder.
                Include /opt/rudder/etc/rudder-networks.conf
                <LimitExcept PUT>
                        Order allow,deny
                        Deny from all
                </LimitExcept>
        </Directory>
        # Logs
        ErrorLog /var/log/rudder/apache2/error.log
        LogLevel warn
        CustomLog /var/log/rudder/apache2/access.log combined

</VirtualHost>
EOF

a2ensite rudder-default
service apache2 restart
# Set the policy server to be server 4 (rudder-web)
echo "rudder-web" > /var/rudder/cfengine-community/policy_server.dat
service rudder-agent restart

# Store the UUID of this node for later user
FRONT_UUID=$(cat /opt/rudder/etc/uuid.hive)
echo "FRONT_UUID=$FRONT_UUID" 

# If you're using a firewall, allow the following incoming connections to this server:
# - TCP port 80: all managed nodes
# - TCP port 5309: all managed nodes
# - UDP and TCP port 514: all managed nodes  

rudder-ldap

#!/bin/bash

# add repository
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 474A19E8
sudo tee /etc/apt/sources.list.d/rudder.list <<EOF
deb http://www.rudder-project.org/apt-2.11-nightly/ $(lsb_release -cs) main
EOF
aptitude update

# Install Rudder server components
aptitude install -y rudder-agent rudder-inventory-endpoint rudder-inventory-ldap
echo "Now fix the bug on /var/lib/dpkg/info/rudder-agent.postinst" 
echo "Then run aptitude install" 
bash -i

# Make LDAP listen on all interfaces
sed -i "s/^IP=.*$/IP=*/" /etc/default/rudder-slapd
service rudder-slapd restart

# Make jetty listen on all interfaces
sed  -i "s/\(-Dfile.encoding=UTF-8\)/\1\n-Djetty.host=0.0.0.0/" /etc/default/rudder-jetty
# Change memory limits in /opt/rudder/etc/rudder-jetty.conf
sed  -i "s/JAVA_XMX=.*/JAVA_XMX=384/" /opt/rudder/etc/rudder-jetty.conf
sed  -i "s/JAVA_MAXPERMSIZE=.*/JAVA_MAXPERMSIZE=128/" /opt/rudder/etc/rudder-jetty.conf
service rudder-jetty restart

# Set the policy server to be server 4 (rudder-web)
echo "rudder-web" > /var/rudder/cfengine-community/policy_server.dat
service rudder-agent restart

# If you're using a firewall, allow the following incoming connections to this server:
# - TCP port 389: Server 4 (rudder-web)
# - TCP port 8080: Server 4 (rudder-web) + Server 1 (rudder-relay-top)

rudder-db

#!/bin/bash

# add repository
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 474A19E8
sudo tee /etc/apt/sources.list.d/rudder.list <<EOF
deb http://www.rudder-project.org/apt-2.11-nightly/ $(lsb_release -cs) main
EOF
aptitude update

aptitude install -y rudder-agent rudder-reports postgresql-client
echo "Now fix the bug on /var/lib/dpkg/info/rudder-agent.postinst" 
echo "Then run aptitude install" 
bash -i

# Allow all internal connections to PostgreSQL
echo "listen_addresses = '*'" >> /etc/postgresql/*/main/postgresql.conf
# add rudder-web and rudder-relay-top IP
#echo "host all all x.x.x.x/32 trust" >> /etc/postgresql/*/main/pg_hba.conf
service postgresql restart >> /tmp/log 2>&1

# Disable rsyslog remote listening
rm /etc/rsyslog.d/rudder.conf
# rsyslog-pgsql bug
rm /etc/rsyslog.d/pgsql.conf
service rsyslog restart

# Set the policy server to be server 4 (rudder-web)
echo "rudder-web" > /var/rudder/cfengine-community/policy_server.dat
service rudder-agent restart

# If you're using a firewall, allow the following incoming connections to this server:
# - TCP port 5432: Server 4 (rudder-web)
# - TCP port 5432: Server 1 (rudder-relay-top)

rudder-web

#!/bin/bash

# add repository
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 474A19E8
sudo tee /etc/apt/sources.list.d/rudder.list <<EOF
deb http://www.rudder-project.org/apt-2.11-nightly/ $(lsb_release -cs) main
EOF
aptitude update

# Inform Rudder about the various roles so installation can proceed successfully
mkdir -p /var/rudder/cfengine-community/inputs
echo > /var/rudder/cfengine-community/inputs/rudder-server-roles.conf << EOF
# Fill out this file with your hostnames from the other servers
rudder-ldap: rudder-ldap
rudder-inventory-endpoint: rudder-ldap
rudder-db: rudder-db
rudder-relay-top: rudder-relay-top
rudder-web: rudder-web
EOF

# Install components
aptitude install -y rudder-agent rudder-webapp rudder-techniques rsyslog rsyslog-pgsql apache2 apache2-utils
echo "Now fix the bug on /var/lib/dpkg/info/rudder-agent.postinst" 
echo "Then run aptitude install" 
bash -i

# Initialize the server
/opt/rudder/bin/rudder-init
# Fill in interactive question (or provide answer as command line arguments for automation)

# Now, accept the other three servers in the web interface (it may take up to 5 minutes for them to appear in "Accept new nodes")
# Then, use the UUID of server 1 (rudder-front) we stored above and run this command
/opt/rudder/bin/rudder-node-to-relay ${FRONT_UUID}

+ DNS / Hostnames +

Modify /etc/hosts our your DNS server to enable resolution of the 5 host names :
  • rudder-inventory-endpoint (should point to rudder-ldap)
  • rudder-ldap
  • rudder-db
  • rudder-relay-top
  • rudder-web

Subtasks 2 (0 open2 closed)

User story #5295: Add documentation to install Rudder in distributed modeRejectedJonathan CLARKE2014-07-22Actions
User story #5222: Write documentation to install distributed rudderReleasedJonathan CLARKE2014-07-04Actions
Actions #1

Updated by Benoît PECCATTE over 10 years ago

rudder-ldap

#!/bin/bash

# add repository
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 474A19E8
sudo tee /etc/apt/sources.list.d/rudder.list <<EOF
deb http://www.rudder-project.org/apt-2.11-nightly/ $(lsb_release -cs) main
EOF
aptitude update

# Install Rudder server components
aptitude install -y rudder-agent rudder-inventory-endpoint rudder-inventory-ldap
echo "Now fix the bug on /var/lib/dpkg/info/rudder-agent.postinst" 
echo "Then run aptitude install" 
bash -i

# Make LDAP listen on all interfaces
sed -i "s/^IP=.*$/IP=*/" /etc/default/rudder-slapd
service rudder-slapd restart

# Make jetty listen on all interfaces
sed  -i "s/\(-Dfile.encoding=UTF-8\)/\1\n-Djetty.host=0.0.0.0/" /etc/default/rudder-jetty
# Change memory limits in /opt/rudder/etc/rudder-jetty.conf
sed  -i "s/JAVA_XMX=.*/JAVA_XMX=384/" /opt/rudder/etc/rudder-jetty.conf
sed  -i "s/JAVA_MAXPERMSIZE=.*/JAVA_MAXPERMSIZE=128/" /opt/rudder/etc/rudder-jetty.conf
service rudder-jetty restart

# Set the policy server to be server 4 (rudder-webapp)
echo "rudder-webapp" > /var/rudder/cfengine-community/policy_server.dat
service rudder-agent restart

# If you're using a firewall, allow the following incoming connections to this server:
# - TCP port 389: Server 4 (rudder-webapp)
# - TCP port 8080: Server 4 (rudder-webapp) + Server 1 (rudder-front)
Actions #2

Updated by Benoît PECCATTE over 10 years ago

#!/bin/bash

# add repository
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 474A19E8
sudo tee /etc/apt/sources.list.d/rudder.list <<EOF
deb http://www.rudder-project.org/apt-2.11-nightly/ $(lsb_release -cs) main
EOF
aptitude update

aptitude install -y rudder-agent rudder-reports postgresql-client
echo "Now fix the bug on /var/lib/dpkg/info/rudder-agent.postinst" 
echo "Then run aptitude install" 
bash -i

# Allow all internal connections to PostgreSQL
echo "listen_addresses = '*'" >> /etc/postgresql/*/main/postgresql.conf
# add rudder-web and rudder-relay-top IP 
#echo "host    all         all         x.x.x.x/32       trust" >> /etc/postgresql/*/main/pg_hba.conf
service postgresql restart >> /tmp/log 2>&1

# Disable rsyslog remote listening
rm /etc/rsyslog.d/rudder.conf
# rsyslog-pgsql bug
rm /etc/rsyslog.d/pgsql.conf
service rsyslog restart

# Set the policy server to be server 4 (rudder-webapp)
echo "rudder-webapp" > /var/rudder/cfengine-community/policy_server.dat
service rudder-agent restart

# If you're using a firewall, allow the following incoming connections to this server:
# - TCP port 5432: Server 4 (rudder-webapp)
# - TCP port 5432: Server 1 (rudder-front)
Actions #3

Updated by Benoît PECCATTE over 10 years ago

  • Description updated (diff)

Ignore comments, they are badly formatted

Actions #4

Updated by Jonathan CLARKE over 10 years ago

  • Description updated (diff)

Updated installation procedures:
- Use "<" pre ">" tags to display script content
- Rename rudder-front to rudder-relay-top

Actions #5

Updated by Lionel Le Folgoc over 10 years ago

-echo > /var/rudder/cfengine-community/inputs/rudder-server-roles.conf << EOF
+cat >/var/rudder/cfengine-community/inputs/rudder-server-roles.conf <<EOF

Small typo, but annoying consequences (this is the reason why we've always had issues to set up our distributed rudder infra :).

Actions #6

Updated by Benoît PECCATTE over 10 years ago

Lionel Le Folgoc wrote:

[...]

Small typo, but annoying consequences (this is the reason why we've always had issues to set up our distributed rudder infra :).

Yes typical mistake.
This problem was in the informal installation procedure. It has been corrected when the script was pushed to github.
The up to date source for these scripts is https://github.com/Normation/rudder-tools/tree/master/scripts/rudder-multiserver-setup

Actions #7

Updated by Lionel Le Folgoc over 10 years ago

It has been corrected when the script was pushed to github.

A notice in this bug report would have been nice, otherwise I'd never know (this may not look like it, but I've not been having fun with buggy instructions for the distributed setup. :)
Thanks.

Actions #8

Updated by Lionel Le Folgoc over 10 years ago

https://github.com/Normation/rudder-tools/blob/master/scripts/rudder-multiserver-setup/rudder-db.sh#L8

if [ "$OS" = "RHEL" ] ; then
$PM_COMMAND rudder-agent rudder-reports postgresql-client

At least here on CentOS 6, it's called postgresql, not postgresql-client (this is a Debian/Ubuntu package name ;-).
Thanks.

Actions #9

Updated by Nicolas PERRON over 10 years ago

Lionel Le Folgoc wrote:

It has been corrected when the script was pushed to github.

A notice in this bug report would have been nice, otherwise I'd never know (this may not look like it, but I've not been having fun with buggy instructions for the distributed setup. :)
Thanks.

Sorry about that.
This ticket is an user story and does not permit to add Pull Request. A subticket (#5295) has been added in order to add and follow the github Pull Request Benoit made.

Actions #10

Updated by Jonathan CLARKE over 10 years ago

  • Category set to Documentation
  • Status changed from New to 15
  • Assignee set to Benoît PECCATTE
  • Target version set to 2.11.3
Actions #11

Updated by Jonathan CLARKE over 10 years ago

  • Status changed from 15 to Pending release
Actions #12

Updated by Vincent MEMBRÉ about 10 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 2.11.3, which was released on the 25/09/2014.

Actions

Also available in: Atom PDF