Actions
User story #5178
closed
Installation procedure for distributed rudder server
Pull Request:
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
Fix check:
Regression:
Description
Here are the install scripts content, tested on ubuntu 14.04
rudder-relay-top
#!/bin/bash
# Declare server role manually, no packages for this role yet
mkdir -p /opt/rudder/etc/server-roles.d
touch /opt/rudder/etc/server-roles.d/rudder-relay-top
# add repository
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 474A19E8
sudo tee /etc/apt/sources.list.d/rudder.list <<EOF
deb http://www.rudder-project.org/apt-2.11/ $(lsb_release -cs) main
EOF
# This is copied from http://www.rudder-project.org/rudder-doc-2.11/rudder-doc.html#relay-servers
aptitude install -y rudder-agent apache2 apache2-utils rsyslog
echo "Now fix the bug on /var/lib/dpkg/info/rudder-agent.postinst"
echo "Then run aptitude install"
bash -i
a2enmod dav dav_fs
a2dissite 000-default # remove 000- when using apache2.2
for i in /var/rudder/inventories/incoming /var/rudder/inventories/accepted-nodes-updates
do
mkdir -p ${i}
chmod -R 1770 ${i}
for group in apache www-data www; do
if getent group ${group} > /dev/null; then chown -R root:${group} /var/rudder/inventories/incoming; break; fi
done
done
for i in /opt/rudder/etc/htpasswd-webdav-initial /opt/rudder/etc/htpasswd-webdav
do
/usr/bin/htpasswd -bc ${i} rudder rudder
done
touch /opt/rudder/etc/rudder-networks.conf
# remove .conf when using apache2.2
echo > /etc/apache2/sites-available/rudder-default.conf << EOF
<VirtualHost *:80>
ServerAdmin webmaster@localhost
# Expose the server UUID through http
Alias /uuid /opt/rudder/etc/uuid.hive
<Directory /opt/rudder/etc>
Order deny,allow
Allow from all
</Directory>
# WebDAV share to receive inventories
Alias /inventories /var/rudder/inventories/incoming
<Directory /var/rudder/inventories/incoming>
DAV on
AuthName "WebDAV Storage"
AuthType Basic
AuthUserFile /opt/rudder/etc/htpasswd-webdav-initial
Require valid-user
Order deny,allow
# This file is automatically generated according to
# the hosts allowed by rudder.
Include /opt/rudder/etc/rudder-networks.conf
<LimitExcept PUT>
Order allow,deny
Deny from all
</LimitExcept>
</Directory>
# WebDAV share to receive inventories
Alias /inventory-updates /var/rudder/inventories/accepted-nodes-updates
<Directory /var/rudder/inventories/accepted-nodes-updates>
DAV on
AuthName "WebDAV Storage"
AuthType Basic
AuthUserFile /opt/rudder/etc/htpasswd-webdav
Require valid-user
Order deny,allow
# This file is automatically generated according to
# the hosts allowed by rudder.
Include /opt/rudder/etc/rudder-networks.conf
<LimitExcept PUT>
Order allow,deny
Deny from all
</LimitExcept>
</Directory>
# Logs
ErrorLog /var/log/rudder/apache2/error.log
LogLevel warn
CustomLog /var/log/rudder/apache2/access.log combined
</VirtualHost>
EOF
a2ensite rudder-default
service apache2 restart
# Set the policy server to be server 4 (rudder-web)
echo "rudder-web" > /var/rudder/cfengine-community/policy_server.dat
service rudder-agent restart
# Store the UUID of this node for later user
FRONT_UUID=$(cat /opt/rudder/etc/uuid.hive)
echo "FRONT_UUID=$FRONT_UUID"
# If you're using a firewall, allow the following incoming connections to this server:
# - TCP port 80: all managed nodes
# - TCP port 5309: all managed nodes
# - UDP and TCP port 514: all managed nodes
rudder-ldap
#!/bin/bash # add repository apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 474A19E8 sudo tee /etc/apt/sources.list.d/rudder.list <<EOF deb http://www.rudder-project.org/apt-2.11-nightly/ $(lsb_release -cs) main EOF aptitude update # Install Rudder server components aptitude install -y rudder-agent rudder-inventory-endpoint rudder-inventory-ldap echo "Now fix the bug on /var/lib/dpkg/info/rudder-agent.postinst" echo "Then run aptitude install" bash -i # Make LDAP listen on all interfaces sed -i "s/^IP=.*$/IP=*/" /etc/default/rudder-slapd service rudder-slapd restart # Make jetty listen on all interfaces sed -i "s/\(-Dfile.encoding=UTF-8\)/\1\n-Djetty.host=0.0.0.0/" /etc/default/rudder-jetty # Change memory limits in /opt/rudder/etc/rudder-jetty.conf sed -i "s/JAVA_XMX=.*/JAVA_XMX=384/" /opt/rudder/etc/rudder-jetty.conf sed -i "s/JAVA_MAXPERMSIZE=.*/JAVA_MAXPERMSIZE=128/" /opt/rudder/etc/rudder-jetty.conf service rudder-jetty restart # Set the policy server to be server 4 (rudder-web) echo "rudder-web" > /var/rudder/cfengine-community/policy_server.dat service rudder-agent restart # If you're using a firewall, allow the following incoming connections to this server: # - TCP port 389: Server 4 (rudder-web) # - TCP port 8080: Server 4 (rudder-web) + Server 1 (rudder-relay-top)
rudder-db
#!/bin/bash # add repository apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 474A19E8 sudo tee /etc/apt/sources.list.d/rudder.list <<EOF deb http://www.rudder-project.org/apt-2.11-nightly/ $(lsb_release -cs) main EOF aptitude update aptitude install -y rudder-agent rudder-reports postgresql-client echo "Now fix the bug on /var/lib/dpkg/info/rudder-agent.postinst" echo "Then run aptitude install" bash -i # Allow all internal connections to PostgreSQL echo "listen_addresses = '*'" >> /etc/postgresql/*/main/postgresql.conf # add rudder-web and rudder-relay-top IP #echo "host all all x.x.x.x/32 trust" >> /etc/postgresql/*/main/pg_hba.conf service postgresql restart >> /tmp/log 2>&1 # Disable rsyslog remote listening rm /etc/rsyslog.d/rudder.conf # rsyslog-pgsql bug rm /etc/rsyslog.d/pgsql.conf service rsyslog restart # Set the policy server to be server 4 (rudder-web) echo "rudder-web" > /var/rudder/cfengine-community/policy_server.dat service rudder-agent restart # If you're using a firewall, allow the following incoming connections to this server: # - TCP port 5432: Server 4 (rudder-web) # - TCP port 5432: Server 1 (rudder-relay-top)
rudder-web
#!/bin/bash
# add repository
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 474A19E8
sudo tee /etc/apt/sources.list.d/rudder.list <<EOF
deb http://www.rudder-project.org/apt-2.11-nightly/ $(lsb_release -cs) main
EOF
aptitude update
# Inform Rudder about the various roles so installation can proceed successfully
mkdir -p /var/rudder/cfengine-community/inputs
echo > /var/rudder/cfengine-community/inputs/rudder-server-roles.conf << EOF
# Fill out this file with your hostnames from the other servers
rudder-ldap: rudder-ldap
rudder-inventory-endpoint: rudder-ldap
rudder-db: rudder-db
rudder-relay-top: rudder-relay-top
rudder-web: rudder-web
EOF
# Install components
aptitude install -y rudder-agent rudder-webapp rudder-techniques rsyslog rsyslog-pgsql apache2 apache2-utils
echo "Now fix the bug on /var/lib/dpkg/info/rudder-agent.postinst"
echo "Then run aptitude install"
bash -i
# Initialize the server
/opt/rudder/bin/rudder-init
# Fill in interactive question (or provide answer as command line arguments for automation)
# Now, accept the other three servers in the web interface (it may take up to 5 minutes for them to appear in "Accept new nodes")
# Then, use the UUID of server 1 (rudder-front) we stored above and run this command
/opt/rudder/bin/rudder-node-to-relay ${FRONT_UUID}
+ DNS / Hostnames +
Modify /etc/hosts our your DNS server to enable resolution of the 5 host names :- rudder-inventory-endpoint (should point to rudder-ldap)
- rudder-ldap
- rudder-db
- rudder-relay-top
- rudder-web
Updated by 
Updated by 
Updated by 
Updated by Nicolas PERRON 
Updated by
Actions