Project

General

Profile

Actions

User story #5178

closed

Installation procedure for distributed rudder server

Added by Benoît PECCATTE over 10 years ago. Updated about 10 years ago.

Status:
Released
Priority:
N/A
Category:
Documentation
Target version:
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
Fix check:
Regression:

Description

Here are the install scripts content, tested on ubuntu 14.04

rudder-relay-top

#!/bin/bash
# Declare server role manually, no packages for this role yet
mkdir -p /opt/rudder/etc/server-roles.d
touch /opt/rudder/etc/server-roles.d/rudder-relay-top

# add repository
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 474A19E8
sudo tee /etc/apt/sources.list.d/rudder.list <<EOF
deb http://www.rudder-project.org/apt-2.11/ $(lsb_release -cs) main
EOF

# This is copied from http://www.rudder-project.org/rudder-doc-2.11/rudder-doc.html#relay-servers
aptitude install -y rudder-agent apache2 apache2-utils rsyslog
echo "Now fix the bug on /var/lib/dpkg/info/rudder-agent.postinst" 
echo "Then run aptitude install" 
bash -i

a2enmod dav dav_fs
a2dissite 000-default # remove 000- when using apache2.2

for i in /var/rudder/inventories/incoming /var/rudder/inventories/accepted-nodes-updates
do
  mkdir -p ${i}
  chmod -R 1770 ${i}
  for group in apache www-data www; do
    if getent group ${group} > /dev/null; then chown -R root:${group} /var/rudder/inventories/incoming; break; fi
  done
done

for i in /opt/rudder/etc/htpasswd-webdav-initial /opt/rudder/etc/htpasswd-webdav
do
  /usr/bin/htpasswd -bc ${i} rudder rudder
done

touch /opt/rudder/etc/rudder-networks.conf

# remove .conf when using apache2.2
echo > /etc/apache2/sites-available/rudder-default.conf << EOF
<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        # Expose the server UUID through http
        Alias /uuid /opt/rudder/etc/uuid.hive
        <Directory /opt/rudder/etc>
                Order deny,allow
                Allow from all
        </Directory>
        # WebDAV share to receive inventories
        Alias /inventories /var/rudder/inventories/incoming
        <Directory /var/rudder/inventories/incoming>
                DAV on
                AuthName "WebDAV Storage" 
                AuthType Basic
                AuthUserFile /opt/rudder/etc/htpasswd-webdav-initial
                Require valid-user
                Order deny,allow
                # This file is automatically generated according to
                # the hosts allowed by rudder.
                Include /opt/rudder/etc/rudder-networks.conf
                <LimitExcept PUT>
                        Order allow,deny
                        Deny from all
                </LimitExcept>
        </Directory>
        # WebDAV share to receive inventories
        Alias /inventory-updates /var/rudder/inventories/accepted-nodes-updates
        <Directory /var/rudder/inventories/accepted-nodes-updates>
                DAV on
                AuthName "WebDAV Storage" 
                AuthType Basic
                AuthUserFile /opt/rudder/etc/htpasswd-webdav
                Require valid-user
                Order deny,allow
                # This file is automatically generated according to
                # the hosts allowed by rudder.
                Include /opt/rudder/etc/rudder-networks.conf
                <LimitExcept PUT>
                        Order allow,deny
                        Deny from all
                </LimitExcept>
        </Directory>
        # Logs
        ErrorLog /var/log/rudder/apache2/error.log
        LogLevel warn
        CustomLog /var/log/rudder/apache2/access.log combined

</VirtualHost>
EOF

a2ensite rudder-default
service apache2 restart
# Set the policy server to be server 4 (rudder-web)
echo "rudder-web" > /var/rudder/cfengine-community/policy_server.dat
service rudder-agent restart

# Store the UUID of this node for later user
FRONT_UUID=$(cat /opt/rudder/etc/uuid.hive)
echo "FRONT_UUID=$FRONT_UUID" 

# If you're using a firewall, allow the following incoming connections to this server:
# - TCP port 80: all managed nodes
# - TCP port 5309: all managed nodes
# - UDP and TCP port 514: all managed nodes  

rudder-ldap

#!/bin/bash

# add repository
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 474A19E8
sudo tee /etc/apt/sources.list.d/rudder.list <<EOF
deb http://www.rudder-project.org/apt-2.11-nightly/ $(lsb_release -cs) main
EOF
aptitude update

# Install Rudder server components
aptitude install -y rudder-agent rudder-inventory-endpoint rudder-inventory-ldap
echo "Now fix the bug on /var/lib/dpkg/info/rudder-agent.postinst" 
echo "Then run aptitude install" 
bash -i

# Make LDAP listen on all interfaces
sed -i "s/^IP=.*$/IP=*/" /etc/default/rudder-slapd
service rudder-slapd restart

# Make jetty listen on all interfaces
sed  -i "s/\(-Dfile.encoding=UTF-8\)/\1\n-Djetty.host=0.0.0.0/" /etc/default/rudder-jetty
# Change memory limits in /opt/rudder/etc/rudder-jetty.conf
sed  -i "s/JAVA_XMX=.*/JAVA_XMX=384/" /opt/rudder/etc/rudder-jetty.conf
sed  -i "s/JAVA_MAXPERMSIZE=.*/JAVA_MAXPERMSIZE=128/" /opt/rudder/etc/rudder-jetty.conf
service rudder-jetty restart

# Set the policy server to be server 4 (rudder-web)
echo "rudder-web" > /var/rudder/cfengine-community/policy_server.dat
service rudder-agent restart

# If you're using a firewall, allow the following incoming connections to this server:
# - TCP port 389: Server 4 (rudder-web)
# - TCP port 8080: Server 4 (rudder-web) + Server 1 (rudder-relay-top)

rudder-db

#!/bin/bash

# add repository
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 474A19E8
sudo tee /etc/apt/sources.list.d/rudder.list <<EOF
deb http://www.rudder-project.org/apt-2.11-nightly/ $(lsb_release -cs) main
EOF
aptitude update

aptitude install -y rudder-agent rudder-reports postgresql-client
echo "Now fix the bug on /var/lib/dpkg/info/rudder-agent.postinst" 
echo "Then run aptitude install" 
bash -i

# Allow all internal connections to PostgreSQL
echo "listen_addresses = '*'" >> /etc/postgresql/*/main/postgresql.conf
# add rudder-web and rudder-relay-top IP
#echo "host all all x.x.x.x/32 trust" >> /etc/postgresql/*/main/pg_hba.conf
service postgresql restart >> /tmp/log 2>&1

# Disable rsyslog remote listening
rm /etc/rsyslog.d/rudder.conf
# rsyslog-pgsql bug
rm /etc/rsyslog.d/pgsql.conf
service rsyslog restart

# Set the policy server to be server 4 (rudder-web)
echo "rudder-web" > /var/rudder/cfengine-community/policy_server.dat
service rudder-agent restart

# If you're using a firewall, allow the following incoming connections to this server:
# - TCP port 5432: Server 4 (rudder-web)
# - TCP port 5432: Server 1 (rudder-relay-top)

rudder-web

#!/bin/bash

# add repository
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 474A19E8
sudo tee /etc/apt/sources.list.d/rudder.list <<EOF
deb http://www.rudder-project.org/apt-2.11-nightly/ $(lsb_release -cs) main
EOF
aptitude update

# Inform Rudder about the various roles so installation can proceed successfully
mkdir -p /var/rudder/cfengine-community/inputs
echo > /var/rudder/cfengine-community/inputs/rudder-server-roles.conf << EOF
# Fill out this file with your hostnames from the other servers
rudder-ldap: rudder-ldap
rudder-inventory-endpoint: rudder-ldap
rudder-db: rudder-db
rudder-relay-top: rudder-relay-top
rudder-web: rudder-web
EOF

# Install components
aptitude install -y rudder-agent rudder-webapp rudder-techniques rsyslog rsyslog-pgsql apache2 apache2-utils
echo "Now fix the bug on /var/lib/dpkg/info/rudder-agent.postinst" 
echo "Then run aptitude install" 
bash -i

# Initialize the server
/opt/rudder/bin/rudder-init
# Fill in interactive question (or provide answer as command line arguments for automation)

# Now, accept the other three servers in the web interface (it may take up to 5 minutes for them to appear in "Accept new nodes")
# Then, use the UUID of server 1 (rudder-front) we stored above and run this command
/opt/rudder/bin/rudder-node-to-relay ${FRONT_UUID}

+ DNS / Hostnames +

Modify /etc/hosts our your DNS server to enable resolution of the 5 host names :
  • rudder-inventory-endpoint (should point to rudder-ldap)
  • rudder-ldap
  • rudder-db
  • rudder-relay-top
  • rudder-web

Subtasks 2 (0 open2 closed)

User story #5295: Add documentation to install Rudder in distributed modeRejectedJonathan CLARKE2014-07-22Actions
User story #5222: Write documentation to install distributed rudderReleasedJonathan CLARKE2014-07-04Actions
Actions

Also available in: Atom PDF