본 가이드는 OS 설치 및 기본 세팅 후, 매우 예외 없는 상황 및 환경에서 일반적인 시나리오로 CloudHub 기본 세팅 및 구동을 위해 빠르게 따라할 수 있도록 작성되었습니다.
따라서, 특별한 상황 즉, 이미 여러 종류의 App들이 설치 운용되고 있는 복합적 상황 등의 경우에는 정식 Installation guide를 참고 바랍니다.
사전 점검
OS
CentOS 7 x86_64 기준
방화벽 점검 및 세팅
https://seversky.atlassian.net/wiki/spaces/CSHD/pages/217022681/Installing+Server+Node#CloudHub%EC%97%90%EC%84%9C-%EC%82%AC%EC%9A%A9%EB%90%98%EB%8A%94-Port 를 참고 하여 Firewall을 세팅합니다.
기 설치된 Docker 버전 확인 및 이전 버전 삭제
버전 : Docker version 18.09.4 이상
$ docker --version Docker version 18.09.4, build d14af54266
버전이 낮으면 이전 버전을 삭제 후 설치
이전 버전 삭제
$ yum remove docker \ docker-client \ docker-client-latest \ docker-common \ docker-latest \ docker-latest-logrotate \ docker-logrotate \ docker-engine
의존성 설치
Docker 설치
저장소 설정 및 추가
$ yum install -y yum-utils \ device-mapper-persistent-data \ lvm2 $ yum-config-manager \ --add-repo \ https://download.docker.com/linux/centos/docker-ce.repoInstall Docker Engine - Community
$ yum install docker-ce docker-ce-cli containerd.io
Docker Compose 설치
버전 : Docker Compose version 1.24 이상
$ docker-compose --version docker-compose version 1.24.0, build 0aa59064
버전이 낮거나 미 설치 시 Docker Compose [재]설치
파일 다운로드
$ rm -f /usr/local/bin/docker-compose $ curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
실행 권한 부여
$ sudo chmod +x /usr/local/bin/docker-compose
버전 확인
$ docker-compose --version docker-compose version 1.29.2, build 5becea4c
Docker log rotation 설정
Log 설정 파일 :
$ vim /etc/logrotate.d/docker-container/var/lib/docker/containers/*/*.log { daily rotate 7 missingok dateext compress notifempty }
Docker 서비스 실행
$ systemctl enable docker
$ systemctl start docker
$ systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2020-03-09 05:30:36 EDT; 3s ago
Docs: https://docs.docker.com
Main PID: 2036 (dockerd)
Tasks: 8
Memory: 42.1M
CGroup: /system.slice/docker.service
└─2036 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
...
...
Hint: Some lines were ellipsized, use -l to show in full.
Git 설치
$ yum install -y git
CloudHub Components 설치
Snetsystems/Sandbox 구동
Clone Snetsystems/Sandbox
$ cd {Sandbox 다운로드 할 디렉토리 이동}
$ git clone https://github.com/snetsystems/sandbox.git
Sandbox 실행
$ cd sandbox
$ ./sandbox up
$ docker-compose ps
/usr/lib/python2.7/site-packages/requests/__init__.py:91: RequestsDependencyWarning: urllib3 (1.24.3) or chardet (2.2.1) doesn't match a supported version!
RequestsDependencyWarning)
Name Command State Ports
--------------------------------------------------------------------------------------------------------------------------------------------------------------
sandbox_influxdb_1 /entrypoint.sh influxd Up 0.0.0.0:8082->8082/tcp,:::8082->8082/tcp, 0.0.0.0:8086->8086/tcp,:::8086->8086/tcp,
0.0.0.0:8089->8089/udp,:::8089->8089/udp
sandbox_kapacitor_1 /entrypoint.sh kapacitord Up 0.0.0.0:9094->9092/tcp,:::9094->9092/tcp
SaltStack 설치
SaltStack 저장소 등록
$ yum install -y epel-release $ rpm --import https://repo.saltproject.io/py3/redhat/7/x86_64/archive/3001.4/SALTSTACK-GPG-KEY.pub $ curl -fsSL https://repo.saltproject.io/py3/redhat/7/x86_64/archive/3001.4.repo | sudo tee /etc/yum.repos.d/salt.repo $ yum clean expire-cache
Salt-Master, Salt-API, Salt-Minion 설치
$ yum install -y salt-master salt-api salt-minion
snetsystems/salt 모듈로 overwrite
Copy $(git cloned path)/salt/modules/* to standard installed Salt module path(usually,/usr/lib/python3.6/site-packages/salt/modules)$ git clone https://github.com/snetsystems/salt.git $ cp -rf salt/salt/modules/* /usr/lib/python3.6/site-packages/salt/modules/
Config 설정
Salt-Master의 Config 와 Salt-API의 Config 파일을 설정해야 합니다.
Salt-Master :
$ vim /etc/salt/master.d/master.conf주의 Host에 여러 Interface가 있을 경우 Salt-Minion과 연결 가능한 네트워크 Interface IP로 설정해야 합니다.
ex) interface: 61.254.65.58
아래 예와 같이 any(0.0.0.0)로 설정해도 master ↔︎ minion 간 통신은 문제가 없으나,
CloudHub UI에서 원하지 않는 IP로 표시될 수 있습니다.## log_level ## # One of 'garbage', 'trace', 'debug', info', 'warning'(default), 'error', 'critical'. log_level: info ##### Primary configuration settings ##### ########################################## # The address of the interface to bind to: interface: 0.0.0.0 # The tcp port used by the publisher: publish_port: 4505 # Allow minions to push files to the master. This is disabled by default, for # security purposes. file_recv: True ##### State System settings ##### ########################################## # The state system uses a "top" file to tell the minions what environment to # use and what modules to use. The state_top file is defined relative to the # root of the base environment as defined in "File Server settings" below. state_top: top.sls ##### File Server settings ##### ########################################## # Salt runs a lightweight file server written in zeromq to deliver files to # minions. This file server is built into the master daemon and does not # require a dedicated port. # The file server works on environments passed to the master, each environment # can have multiple root directories, the subdirectories in the multiple file # roots cannot match, otherwise the downloaded files will not be able to be # reliably ensured. A base environment is required to house the top file. file_roots: base: - /srv/salt/prod qa: - /srv/salt/qa - /srv/salt/prod dev: - /srv/salt/dev - /srv/salt/qa - /srv/salt/prod # File Server Backend # # Salt supports a modular fileserver backend system, this system allows # the salt master to link directly to third party systems to gather and # manage the files available to minions. Multiple backends can be # configured and will be searched for the requested file in the order in which # they are defined here. The default setting only enables the standard backend # "roots" which uses the "file_roots" option. fileserver_backend: - roots ##### Security settings ##### ########################################## # The external auth system uses the Salt auth modules to authenticate and # validate users to access areas of the Salt system. external_auth: pam: saltdev: - .* - '@runner' - '@wheel' - '@jobs' # Allow eauth users to specify the expiry time of the tokens they generate. # A boolean applies to all users or a dictionary of whitelisted eauth backends # and usernames may be given. token_expire_user_override: pam: - saltdev ##### API Server settings ##### ########################################## rest_cherrypy: port: 8000 disable_ssl: TrueSalt-Minion :
$ vim /etc/salt/minion.d/minion.conf## log_level ## # One of 'garbage', 'trace', 'debug', info', 'warning'(default), 'error', 'critical'. log_level: info master: <master ip address> id: <유일한 minion id 설정해야 하며, 생략 시, hostname = minion id>
계정 생성 및 패스워드 설정
아래 추가된 password는 추후 salt-api authentication을 위한pam_token를 발급 받는데 쓰이므로, 잘 기억해두어야 합니다.$ useradd saltdev $ passwd <password> Changing password for user saltdev. New password:
서비스 시작
$ systemctl enable salt-master $ systemctl start salt-master $ systemctl enable salt-api $ systemctl start salt-api $ systemctl enable salt-minion $ systemctl start salt-minion
Download telegraf into salt
file_rootspath on salt-master아래 링크에서 설치하고자 하는 버전을 다운로드 할 수 있습니다.
Download URL: https://github.com/snetsystems/telegraf/releases아래 지정된 경로에 원하는 버전의 rpm 파일을 다운로드 합니다.
$ mkdir -p /srv/salt/prod/telegraf # Telegraf package path $ cd /srv/salt/prod/telegraf $ wget https://github.com/snetsystems/telegraf/releases/download/v1.19.3-snet/telegraf-1.19.3-snet-1_x86_64.rpm
Install CloudHub Portal
Download
아래 링크에서 설치하고자 하는 버전을 다운로드 할 수 있습니다.
Download URL: https://github.com/snetsystems/cloudhub/releases
Install
$ yum localinstall cloudhub-0.9.1~17fe47a.x86_64.rpm
Configure
아래 Config의 자세한 내용은 CloudHub Document > Introduction > Getting started > Basic Configure CloudHub를 참고하세요.
$ vim /etc/systemd/system/multi-user.target.wants/cloudhub.service[Unit] After=network-online.target [Service] User=root Group=root Environment="HOST=0.0.0.0" Environment="PORT=443" # default: 8888 Environment="TLS_CERTIFICATE=/usr/lib/cloudhub/key/cloudhub_self_signed.pem" #Environment="TLS_PRIVATE_KEY=my.key" Environment="BOLT_PATH=/var/lib/cloudhub/cloudhub-v1.db" #Environment="ETCD_ENDPOINTS={ETCD_CLIENT_IP}:2379" Environment="CANNED_PATH=/usr/share/cloudhub/cloudhub-canned" Environment="PROTOBOARDS_PATH=/usr/share/cloudhub/cloudhub-protoboards" EnvironmentFile=-/etc/default/cloudhub ExecStart=/usr/bin/cloudhub $CLOUDHUB_OPTS KillMode=control-group Restart=on-failure [Install] WantedBy=multi-user.targetlocalhost 인증서(cloudhub_self_signed.pem) 발급
$ cd /usr/lib/cloudhub/key/ $ openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout cloudhub_self_signed.pem -out cloudhub_self_signed.pem -subj "/CN=localhost" -days 365
<salt_token> 발급
/wiki/spaces/CM/pages/254050538
노트 위 페이지 접근 권한이 없는 경우에는 Snetsystems CloudHub 팀에 문의/발급 받은 후,
아래 4번-k=salt:<salt_token>에 기입하세요.$ vim /etc/default/cloudhubCLOUDHUB_OPTS="-l=debug \ --auth-duration=0 \ -t=74c1e9e2450886060b5bf736b935cd0bf960837f \ -i=any \ -s=any \ -u=salt:http://{salt-master-ip}:8000/run \ -k=salt:<salt_token> \ -u=vsphere:on \ -u=aws:on \ -u=k8s:on \ --login-auth-type=basic \ --password-policy='(?=.*[0-9]{1,50})(?=.*[~`!@#$%\\^&*()-+=]{1,50})(?=.*[a-zA-Z]{2,50}).{8,50}$' \ --password-policy-message='Enter at least 8 digits using at least 1 number and at least 1 special sentence, and at least 2 English characters.' \ --mail-subject='[Notifiy] $user_id Password is reset' \ --mail-body-message='Reset OTP for $user_id is '$user_pw'.<br>Do not forget this!<br>This OTP will use just once when login into cloudhub.<br>Then you must set up the new password' \ --kapacitor-url=http://{Kapacitor_IP}:9094 \ --influxdb-url=http://{InfluxDB_IP}:8086 \ --retry-policy=count:3 \ --retry-policy=delaytime:5 \ --retry-policy=type:delay"
Run
$ sudo systemctl {start|stop|restart} cloudhub
CloudHub Portal UI 초기 설정
로그인 창에서 Sign up(가입) 합니다.
아래 메뉴 화면에서 Group을 추가합니다.
로그인 후, “Agent Configuration > Minions” 메뉴 화면에서 등록된 minion을 Operation 버튼을 통해 “Accept”합니다.
설치하고자 하는 minion host를 선택하고 콤보박스에서 telegraf를 선택 후, INSTALL 합니다.
Group을 지정한 후,
[[outputs.influxdb]]을 설정한 후, Test -> Apply 합니다.
그 외 필요한 설정은 https://github.com/snetsystems/telegraf#input-plugins 를 참고하여 추가하도록 합니다.
0 Comments