User story #5178
closedInstallation procedure for distributed rudder server
Description
Here are the install scripts content, tested on ubuntu 14.04
rudder-relay-top
#!/bin/bash # Declare server role manually, no packages for this role yet mkdir -p /opt/rudder/etc/server-roles.d touch /opt/rudder/etc/server-roles.d/rudder-relay-top # add repository apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 474A19E8 sudo tee /etc/apt/sources.list.d/rudder.list <<EOF deb http://www.rudder-project.org/apt-2.11/ $(lsb_release -cs) main EOF # This is copied from http://www.rudder-project.org/rudder-doc-2.11/rudder-doc.html#relay-servers aptitude install -y rudder-agent apache2 apache2-utils rsyslog echo "Now fix the bug on /var/lib/dpkg/info/rudder-agent.postinst" echo "Then run aptitude install" bash -i a2enmod dav dav_fs a2dissite 000-default # remove 000- when using apache2.2 for i in /var/rudder/inventories/incoming /var/rudder/inventories/accepted-nodes-updates do mkdir -p ${i} chmod -R 1770 ${i} for group in apache www-data www; do if getent group ${group} > /dev/null; then chown -R root:${group} /var/rudder/inventories/incoming; break; fi done done for i in /opt/rudder/etc/htpasswd-webdav-initial /opt/rudder/etc/htpasswd-webdav do /usr/bin/htpasswd -bc ${i} rudder rudder done touch /opt/rudder/etc/rudder-networks.conf # remove .conf when using apache2.2 echo > /etc/apache2/sites-available/rudder-default.conf << EOF <VirtualHost *:80> ServerAdmin webmaster@localhost # Expose the server UUID through http Alias /uuid /opt/rudder/etc/uuid.hive <Directory /opt/rudder/etc> Order deny,allow Allow from all </Directory> # WebDAV share to receive inventories Alias /inventories /var/rudder/inventories/incoming <Directory /var/rudder/inventories/incoming> DAV on AuthName "WebDAV Storage" AuthType Basic AuthUserFile /opt/rudder/etc/htpasswd-webdav-initial Require valid-user Order deny,allow # This file is automatically generated according to # the hosts allowed by rudder. Include /opt/rudder/etc/rudder-networks.conf <LimitExcept PUT> Order allow,deny Deny from all </LimitExcept> </Directory> # WebDAV share to receive inventories Alias /inventory-updates /var/rudder/inventories/accepted-nodes-updates <Directory /var/rudder/inventories/accepted-nodes-updates> DAV on AuthName "WebDAV Storage" AuthType Basic AuthUserFile /opt/rudder/etc/htpasswd-webdav Require valid-user Order deny,allow # This file is automatically generated according to # the hosts allowed by rudder. Include /opt/rudder/etc/rudder-networks.conf <LimitExcept PUT> Order allow,deny Deny from all </LimitExcept> </Directory> # Logs ErrorLog /var/log/rudder/apache2/error.log LogLevel warn CustomLog /var/log/rudder/apache2/access.log combined </VirtualHost> EOF a2ensite rudder-default service apache2 restart # Set the policy server to be server 4 (rudder-web) echo "rudder-web" > /var/rudder/cfengine-community/policy_server.dat service rudder-agent restart # Store the UUID of this node for later user FRONT_UUID=$(cat /opt/rudder/etc/uuid.hive) echo "FRONT_UUID=$FRONT_UUID" # If you're using a firewall, allow the following incoming connections to this server: # - TCP port 80: all managed nodes # - TCP port 5309: all managed nodes # - UDP and TCP port 514: all managed nodes
rudder-ldap
#!/bin/bash # add repository apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 474A19E8 sudo tee /etc/apt/sources.list.d/rudder.list <<EOF deb http://www.rudder-project.org/apt-2.11-nightly/ $(lsb_release -cs) main EOF aptitude update # Install Rudder server components aptitude install -y rudder-agent rudder-inventory-endpoint rudder-inventory-ldap echo "Now fix the bug on /var/lib/dpkg/info/rudder-agent.postinst" echo "Then run aptitude install" bash -i # Make LDAP listen on all interfaces sed -i "s/^IP=.*$/IP=*/" /etc/default/rudder-slapd service rudder-slapd restart # Make jetty listen on all interfaces sed -i "s/\(-Dfile.encoding=UTF-8\)/\1\n-Djetty.host=0.0.0.0/" /etc/default/rudder-jetty # Change memory limits in /opt/rudder/etc/rudder-jetty.conf sed -i "s/JAVA_XMX=.*/JAVA_XMX=384/" /opt/rudder/etc/rudder-jetty.conf sed -i "s/JAVA_MAXPERMSIZE=.*/JAVA_MAXPERMSIZE=128/" /opt/rudder/etc/rudder-jetty.conf service rudder-jetty restart # Set the policy server to be server 4 (rudder-web) echo "rudder-web" > /var/rudder/cfengine-community/policy_server.dat service rudder-agent restart # If you're using a firewall, allow the following incoming connections to this server: # - TCP port 389: Server 4 (rudder-web) # - TCP port 8080: Server 4 (rudder-web) + Server 1 (rudder-relay-top)
rudder-db
#!/bin/bash # add repository apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 474A19E8 sudo tee /etc/apt/sources.list.d/rudder.list <<EOF deb http://www.rudder-project.org/apt-2.11-nightly/ $(lsb_release -cs) main EOF aptitude update aptitude install -y rudder-agent rudder-reports postgresql-client echo "Now fix the bug on /var/lib/dpkg/info/rudder-agent.postinst" echo "Then run aptitude install" bash -i # Allow all internal connections to PostgreSQL echo "listen_addresses = '*'" >> /etc/postgresql/*/main/postgresql.conf # add rudder-web and rudder-relay-top IP #echo "host all all x.x.x.x/32 trust" >> /etc/postgresql/*/main/pg_hba.conf service postgresql restart >> /tmp/log 2>&1 # Disable rsyslog remote listening rm /etc/rsyslog.d/rudder.conf # rsyslog-pgsql bug rm /etc/rsyslog.d/pgsql.conf service rsyslog restart # Set the policy server to be server 4 (rudder-web) echo "rudder-web" > /var/rudder/cfengine-community/policy_server.dat service rudder-agent restart # If you're using a firewall, allow the following incoming connections to this server: # - TCP port 5432: Server 4 (rudder-web) # - TCP port 5432: Server 1 (rudder-relay-top)
rudder-web
#!/bin/bash # add repository apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 474A19E8 sudo tee /etc/apt/sources.list.d/rudder.list <<EOF deb http://www.rudder-project.org/apt-2.11-nightly/ $(lsb_release -cs) main EOF aptitude update # Inform Rudder about the various roles so installation can proceed successfully mkdir -p /var/rudder/cfengine-community/inputs echo > /var/rudder/cfengine-community/inputs/rudder-server-roles.conf << EOF # Fill out this file with your hostnames from the other servers rudder-ldap: rudder-ldap rudder-inventory-endpoint: rudder-ldap rudder-db: rudder-db rudder-relay-top: rudder-relay-top rudder-web: rudder-web EOF # Install components aptitude install -y rudder-agent rudder-webapp rudder-techniques rsyslog rsyslog-pgsql apache2 apache2-utils echo "Now fix the bug on /var/lib/dpkg/info/rudder-agent.postinst" echo "Then run aptitude install" bash -i # Initialize the server /opt/rudder/bin/rudder-init # Fill in interactive question (or provide answer as command line arguments for automation) # Now, accept the other three servers in the web interface (it may take up to 5 minutes for them to appear in "Accept new nodes") # Then, use the UUID of server 1 (rudder-front) we stored above and run this command /opt/rudder/bin/rudder-node-to-relay ${FRONT_UUID}
+ DNS / Hostnames +
Modify /etc/hosts our your DNS server to enable resolution of the 5 host names :- rudder-inventory-endpoint (should point to rudder-ldap)
- rudder-ldap
- rudder-db
- rudder-relay-top
- rudder-web
Updated by Benoît PECCATTE over 10 years ago
rudder-ldap
#!/bin/bash # add repository apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 474A19E8 sudo tee /etc/apt/sources.list.d/rudder.list <<EOF deb http://www.rudder-project.org/apt-2.11-nightly/ $(lsb_release -cs) main EOF aptitude update # Install Rudder server components aptitude install -y rudder-agent rudder-inventory-endpoint rudder-inventory-ldap echo "Now fix the bug on /var/lib/dpkg/info/rudder-agent.postinst" echo "Then run aptitude install" bash -i # Make LDAP listen on all interfaces sed -i "s/^IP=.*$/IP=*/" /etc/default/rudder-slapd service rudder-slapd restart # Make jetty listen on all interfaces sed -i "s/\(-Dfile.encoding=UTF-8\)/\1\n-Djetty.host=0.0.0.0/" /etc/default/rudder-jetty # Change memory limits in /opt/rudder/etc/rudder-jetty.conf sed -i "s/JAVA_XMX=.*/JAVA_XMX=384/" /opt/rudder/etc/rudder-jetty.conf sed -i "s/JAVA_MAXPERMSIZE=.*/JAVA_MAXPERMSIZE=128/" /opt/rudder/etc/rudder-jetty.conf service rudder-jetty restart # Set the policy server to be server 4 (rudder-webapp) echo "rudder-webapp" > /var/rudder/cfengine-community/policy_server.dat service rudder-agent restart # If you're using a firewall, allow the following incoming connections to this server: # - TCP port 389: Server 4 (rudder-webapp) # - TCP port 8080: Server 4 (rudder-webapp) + Server 1 (rudder-front)
Updated by Benoît PECCATTE over 10 years ago
#!/bin/bash # add repository apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 474A19E8 sudo tee /etc/apt/sources.list.d/rudder.list <<EOF deb http://www.rudder-project.org/apt-2.11-nightly/ $(lsb_release -cs) main EOF aptitude update aptitude install -y rudder-agent rudder-reports postgresql-client echo "Now fix the bug on /var/lib/dpkg/info/rudder-agent.postinst" echo "Then run aptitude install" bash -i # Allow all internal connections to PostgreSQL echo "listen_addresses = '*'" >> /etc/postgresql/*/main/postgresql.conf # add rudder-web and rudder-relay-top IP #echo "host all all x.x.x.x/32 trust" >> /etc/postgresql/*/main/pg_hba.conf service postgresql restart >> /tmp/log 2>&1 # Disable rsyslog remote listening rm /etc/rsyslog.d/rudder.conf # rsyslog-pgsql bug rm /etc/rsyslog.d/pgsql.conf service rsyslog restart # Set the policy server to be server 4 (rudder-webapp) echo "rudder-webapp" > /var/rudder/cfengine-community/policy_server.dat service rudder-agent restart # If you're using a firewall, allow the following incoming connections to this server: # - TCP port 5432: Server 4 (rudder-webapp) # - TCP port 5432: Server 1 (rudder-front)
Updated by Benoît PECCATTE over 10 years ago
- Description updated (diff)
Ignore comments, they are badly formatted
Updated by Jonathan CLARKE over 10 years ago
- Description updated (diff)
Updated installation procedures:
- Use "<" pre ">" tags to display script content
- Rename rudder-front to rudder-relay-top
Updated by Lionel Le Folgoc over 10 years ago
-echo > /var/rudder/cfengine-community/inputs/rudder-server-roles.conf << EOF +cat >/var/rudder/cfengine-community/inputs/rudder-server-roles.conf <<EOF
Small typo, but annoying consequences (this is the reason why we've always had issues to set up our distributed rudder infra :).
Updated by Benoît PECCATTE over 10 years ago
Lionel Le Folgoc wrote:
[...]
Small typo, but annoying consequences (this is the reason why we've always had issues to set up our distributed rudder infra :).
Yes typical mistake.
This problem was in the informal installation procedure. It has been corrected when the script was pushed to github.
The up to date source for these scripts is https://github.com/Normation/rudder-tools/tree/master/scripts/rudder-multiserver-setup
Updated by Lionel Le Folgoc over 10 years ago
It has been corrected when the script was pushed to github.
A notice in this bug report would have been nice, otherwise I'd never know (this may not look like it, but I've not been having fun with buggy instructions for the distributed setup. :)
Thanks.
Updated by Lionel Le Folgoc over 10 years ago
if [ "$OS" = "RHEL" ] ; then
$PM_COMMAND rudder-agent rudder-reports postgresql-client
At least here on CentOS 6, it's called postgresql, not postgresql-client (this is a Debian/Ubuntu package name ;-).
Thanks.
Updated by Nicolas PERRON over 10 years ago
Lionel Le Folgoc wrote:
It has been corrected when the script was pushed to github.
A notice in this bug report would have been nice, otherwise I'd never know (this may not look like it, but I've not been having fun with buggy instructions for the distributed setup. :)
Thanks.
Sorry about that.
This ticket is an user story and does not permit to add Pull Request. A subticket (#5295) has been added in order to add and follow the github Pull Request Benoit made.
Updated by Jonathan CLARKE over 10 years ago
- Category set to Documentation
- Status changed from New to 15
- Assignee set to Benoît PECCATTE
- Target version set to 2.11.3
Updated by Jonathan CLARKE over 10 years ago
- Status changed from 15 to Pending release
Updated by Vincent MEMBRÉ about 10 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 2.11.3, which was released on the 25/09/2014.
- Announcement
- Changelog
- Download information: https://www.rudder-project.org/site/get-rudder/downloads/