User story #5178
Updated by Jonathan CLARKE over 10 years ago
Here are the install scripts content, tested on ubuntu 14.04 +rudder-relay-top+ <pre> #!/bin/bash # Declare server role manually, no packages for this role yet mkdir -p /opt/rudder/etc/server-roles.d touch /opt/rudder/etc/server-roles.d/rudder-relay-top /opt/rudder/etc/server-roles.d/rudder-front # add repository apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 474A19E8 sudo tee /etc/apt/sources.list.d/rudder.list <<EOF deb http://www.rudder-project.org/apt-2.11/ $(lsb_release -cs) main EOF # This is copied from http://www.rudder-project.org/rudder-doc-2.11/rudder-doc.html#relay-servers aptitude install -y rudder-agent apache2 apache2-utils rsyslog echo "Now fix the bug on /var/lib/dpkg/info/rudder-agent.postinst" echo "Then run aptitude install" bash -i a2enmod dav dav_fs a2dissite 000-default # remove 000- when using apache2.2 for i in /var/rudder/inventories/incoming /var/rudder/inventories/accepted-nodes-updates do mkdir -p ${i} chmod -R 1770 ${i} for group in apache www-data www; do if getent group ${group} > /dev/null; then chown -R root:${group} /var/rudder/inventories/incoming; break; fi done done for i in /opt/rudder/etc/htpasswd-webdav-initial /opt/rudder/etc/htpasswd-webdav do /usr/bin/htpasswd -bc ${i} rudder rudder done touch /opt/rudder/etc/rudder-networks.conf # remove .conf when using apache2.2 echo > /etc/apache2/sites-available/rudder-default.conf << EOF <VirtualHost *:80> ServerAdmin webmaster@localhost # Expose the server UUID through http Alias /uuid /opt/rudder/etc/uuid.hive <Directory /opt/rudder/etc> Order deny,allow Allow from all </Directory> # WebDAV share to receive inventories Alias /inventories /var/rudder/inventories/incoming <Directory /var/rudder/inventories/incoming> DAV on AuthName "WebDAV Storage" AuthType Basic AuthUserFile /opt/rudder/etc/htpasswd-webdav-initial Require valid-user Order deny,allow # This file is automatically generated according to # the hosts allowed by rudder. Include /opt/rudder/etc/rudder-networks.conf <LimitExcept PUT> Order allow,deny Deny from all </LimitExcept> </Directory> # WebDAV share to receive inventories Alias /inventory-updates /var/rudder/inventories/accepted-nodes-updates <Directory /var/rudder/inventories/accepted-nodes-updates> DAV on AuthName "WebDAV Storage" AuthType Basic AuthUserFile /opt/rudder/etc/htpasswd-webdav Require valid-user Order deny,allow # This file is automatically generated according to # the hosts allowed by rudder. Include /opt/rudder/etc/rudder-networks.conf <LimitExcept PUT> Order allow,deny Deny from all </LimitExcept> </Directory> # Logs ErrorLog /var/log/rudder/apache2/error.log LogLevel warn CustomLog /var/log/rudder/apache2/access.log combined </VirtualHost> EOF a2ensite rudder-default service apache2 restart # Set the policy server to be server 4 (rudder-web) echo "rudder-web" > /var/rudder/cfengine-community/policy_server.dat service rudder-agent restart # Store the UUID of this node for later user FRONT_UUID=$(cat /opt/rudder/etc/uuid.hive) echo "FRONT_UUID=$FRONT_UUID" # If you're using a firewall, allow the following incoming connections to this server: # - TCP port 80: all managed nodes # - TCP port 5309: all managed nodes # - UDP and TCP port 514: all managed nodes </pre> +rudder-ldap+ <pre> #!/bin/bash # add repository apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 474A19E8 sudo tee /etc/apt/sources.list.d/rudder.list <<EOF deb http://www.rudder-project.org/apt-2.11-nightly/ $(lsb_release -cs) main EOF aptitude update # Install Rudder server components aptitude install -y rudder-agent rudder-inventory-endpoint rudder-inventory-ldap echo "Now fix the bug on /var/lib/dpkg/info/rudder-agent.postinst" echo "Then run aptitude install" bash -i # Make LDAP listen on all interfaces sed -i "s/^IP=.*$/IP=*/" /etc/default/rudder-slapd service rudder-slapd restart # Make jetty listen on all interfaces sed -i "s/\(-Dfile.encoding=UTF-8\)/\1\n-Djetty.host=0.0.0.0/" /etc/default/rudder-jetty # Change memory limits in /opt/rudder/etc/rudder-jetty.conf sed -i "s/JAVA_XMX=.*/JAVA_XMX=384/" /opt/rudder/etc/rudder-jetty.conf sed -i "s/JAVA_MAXPERMSIZE=.*/JAVA_MAXPERMSIZE=128/" /opt/rudder/etc/rudder-jetty.conf service rudder-jetty restart # Set the policy server to be server 4 (rudder-web) echo "rudder-web" > /var/rudder/cfengine-community/policy_server.dat service rudder-agent restart # If you're using a firewall, allow the following incoming connections to this server: # - TCP port 389: Server 4 (rudder-web) # - TCP port 8080: Server 4 (rudder-web) + Server 1 (rudder-relay-top) </pre> (rudder-front) +rudder-db+ <pre> #!/bin/bash # add repository apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 474A19E8 sudo tee /etc/apt/sources.list.d/rudder.list <<EOF deb http://www.rudder-project.org/apt-2.11-nightly/ $(lsb_release -cs) main EOF aptitude update aptitude install -y rudder-agent rudder-reports postgresql-client echo "Now fix the bug on /var/lib/dpkg/info/rudder-agent.postinst" echo "Then run aptitude install" bash -i # Allow all internal connections to PostgreSQL echo "listen_addresses = '*'" >> /etc/postgresql/*/main/postgresql.conf # add rudder-web and rudder-relay-top IP #echo "host all all x.x.x.x/32 trust" >> /etc/postgresql/*/main/pg_hba.conf service postgresql restart >> /tmp/log 2>&1 # Disable rsyslog remote listening rm /etc/rsyslog.d/rudder.conf # rsyslog-pgsql bug rm /etc/rsyslog.d/pgsql.conf service rsyslog restart # Set the policy server to be server 4 (rudder-web) echo "rudder-web" > /var/rudder/cfengine-community/policy_server.dat service rudder-agent restart # If you're using a firewall, allow the following incoming connections to this server: # - TCP port 5432: Server 4 (rudder-web) # - TCP port 5432: Server 1 (rudder-relay-top) </pre> (rudder-front) +rudder-web+ <pre> #!/bin/bash # add repository apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 474A19E8 sudo tee /etc/apt/sources.list.d/rudder.list <<EOF deb http://www.rudder-project.org/apt-2.11-nightly/ $(lsb_release -cs) main EOF aptitude update # Inform Rudder about the various roles so installation can proceed successfully mkdir -p /var/rudder/cfengine-community/inputs echo > /var/rudder/cfengine-community/inputs/rudder-server-roles.conf << EOF # Fill out this file with your hostnames from the other servers rudder-ldap: rudder-ldap rudder-inventory-endpoint: rudder-ldap rudder-db: rudder-db rudder-relay-top: rudder-relay-top rudder-front: rudder-front rudder-web: rudder-web EOF # Install components aptitude install -y rudder-agent rudder-webapp rudder-techniques rsyslog rsyslog-pgsql apache2 apache2-utils echo "Now fix the bug on /var/lib/dpkg/info/rudder-agent.postinst" echo "Then run aptitude install" bash -i # Initialize the server /opt/rudder/bin/rudder-init # Fill in interactive question (or provide answer as command line arguments for automation) # Now, accept the other three servers in the web interface (it may take up to 5 minutes for them to appear in "Accept new nodes") # Then, use the UUID of server 1 (rudder-front) we stored above and run this command /opt/rudder/bin/rudder-node-to-relay ${FRONT_UUID} </pre> + DNS / Hostnames + Modify /etc/hosts our your DNS server to enable resolution of the 5 4 host names : * rudder-inventory-endpoint (should point to rudder-ldap) rudder-ldap * rudder-ldap * rudder-db * rudder-relay-top rudder-front * rudder-web