Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

본 가이드는 OS 설치 및 기본 세팅 후, 매우 예외 없는 상황 및 환경에서 일반적인 시나리오로 CloudHub 기본 세팅 및 구동을 위해 빠르게 따라할 수 있도록 작성되었습니다.

따라서, 특별한 상황 즉, 이미 여러 종류의 App들이 설치 운용되고 있는 복합적 상황 등의 경우에는 정식 Installation guide를 참고 바랍니다.

사전 점검

OS

CentOS 7 x86_64 기준

방화벽 점검 및 세팅

https://seversky.atlassian.net/wiki/spaces/CSHD/pages/217022681/Installing+Server+Node#CloudHub%EC%97%90%EC%84%9C-%EC%82%AC%EC%9A%A9%EB%90%98%EB%8A%94-Port 를 참고 하여 Firewall을 세팅합니다.

기 설치된 Docker 버전 확인 및 이전 버전 삭제

  • 버전 : Docker version 18.09.4 이상

    $ docker --version
    Docker version 18.09.4, build d14af54266
  • 버전이 낮으면 이전 버전을 삭제 후 설치

    • 이전 버전 삭제

      $ yum remove docker \
                        docker-client \
                        docker-client-latest \
                        docker-common \
                        docker-latest \
                        docker-latest-logrotate \
                        docker-logrotate \
                        docker-engine

의존성 설치

Docker 설치

  • 저장소 설정 및 추가

    $ yum install -y yum-utils \
      device-mapper-persistent-data \
      lvm2
    
    $ yum-config-manager \
        --add-repo \
        https://download.docker.com/linux/centos/docker-ce.repo
  • Install Docker Engine - Community

    $ yum install docker-ce docker-ce-cli containerd.io

Docker Compose 설치

  • 버전 : Docker Compose version 1.24 이상

$ docker-compose --version
docker-compose version 1.24.0, build 0aa59064
  • 버전이 낮거나 미 설치 시 Docker Compose [재]설치

    • 파일 다운로드

      $ rm -f /usr/local/bin/docker-compose
      $ curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
    • 실행 권한 부여

      $ sudo chmod +x /usr/local/bin/docker-compose
    • 버전 확인

      $ docker-compose --version
      docker-compose version 1.29.2, build 5becea4c

Docker log rotation 설정

  • Log 설정 파일 : $ vim /etc/logrotate.d/docker-container

    /var/lib/docker/containers/*/*.log {
      daily
      rotate 7
      missingok
      dateext
      compress
      notifempty
    }

Docker 서비스 실행

$ systemctl enable docker
$ systemctl start docker
$ systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2020-03-09 05:30:36 EDT; 3s ago
     Docs: https://docs.docker.com
 Main PID: 2036 (dockerd)
    Tasks: 8
   Memory: 42.1M
   CGroup: /system.slice/docker.service
           └─2036 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

...
...
Hint: Some lines were ellipsized, use -l to show in full.

Git 설치

$ yum install -y git

CloudHub Components 설치

Snetsystems/Sandbox 구동

Clone Snetsystems/Sandbox

$ cd {Sandbox 다운로드 할 디렉토리 이동}
$ git clone https://github.com/snetsystems/sandbox.git

Sandbox 실행

$ cd sandbox
$ ./sandbox up

$ docker-compose ps
/usr/lib/python2.7/site-packages/requests/__init__.py:91: RequestsDependencyWarning: urllib3 (1.24.3) or chardet (2.2.1) doesn't match a supported version!
  RequestsDependencyWarning)
       Name                    Command            State                                                  Ports
--------------------------------------------------------------------------------------------------------------------------------------------------------------
sandbox_influxdb_1    /entrypoint.sh influxd      Up      0.0.0.0:8082->8082/tcp,:::8082->8082/tcp, 0.0.0.0:8086->8086/tcp,:::8086->8086/tcp,
                                                          0.0.0.0:8089->8089/udp,:::8089->8089/udp
sandbox_kapacitor_1   /entrypoint.sh kapacitord   Up      0.0.0.0:9094->9092/tcp,:::9094->9092/tcp

SaltStack 설치

  1. SaltStack 저장소 등록

    $ yum install -y epel-release
    $ rpm --import https://repo.saltproject.io/py3/redhat/7/x86_64/archive/3001.4/SALTSTACK-GPG-KEY.pub
    $ curl -fsSL https://repo.saltproject.io/py3/redhat/7/x86_64/archive/3001.4.repo | sudo tee /etc/yum.repos.d/salt.repo
    $ yum clean expire-cache
  2. Salt-Master, Salt-API, Salt-Minion 설치

    $ yum install -y salt-master salt-api salt-minion
  3. snetsystems/salt 모듈로 overwrite
    Copy $(git cloned path)/salt/modules/* to standard installed Salt module path(usually, /usr/lib/python3.6/site-packages/salt/modules)

    $ git clone https://github.com/snetsystems/salt.git
    $ cp -rf salt/salt/modules/* /usr/lib/python3.6/site-packages/salt/modules/
  4. Config 설정

    1. Salt-Master의 Config 와 Salt-API의 Config 파일을 설정해야 합니다.

    2. Salt-Master : $ vim /etc/salt/master.d/master.conf

    3. 주의 Host에 여러 Interface가 있을 경우 Salt-Minion과 연결 가능한 네트워크 Interface IP로 설정해야 합니다.
      ex) interface: 61.254.65.58
      아래 예와 같이 any(0.0.0.0)로 설정해도 master ↔︎ minion 간 통신은 문제가 없으나,
      CloudHub UI에서 원하지 않는 IP로 표시될 수 있습니다.

      ## log_level ##
      # One of 'garbage', 'trace', 'debug', info', 'warning'(default), 'error', 'critical'.
      log_level: info
      
      ##### Primary configuration settings #####
      ##########################################
      # The address of the interface to bind to:
      interface: 0.0.0.0
       
      # The tcp port used by the publisher:
      publish_port: 4505
       
      # Allow minions to push files to the master. This is disabled by default, for
      # security purposes.
      file_recv: True
       
      #####      State System settings     #####
      ##########################################
      # The state system uses a "top" file to tell the minions what environment to
      # use and what modules to use. The state_top file is defined relative to the
      # root of the base environment as defined in "File Server settings" below.
      state_top: top.sls
       
      #####      File Server settings      #####
      ##########################################
      # Salt runs a lightweight file server written in zeromq to deliver files to
      # minions. This file server is built into the master daemon and does not
      # require a dedicated port.
       
      # The file server works on environments passed to the master, each environment
      # can have multiple root directories, the subdirectories in the multiple file
      # roots cannot match, otherwise the downloaded files will not be able to be
      # reliably ensured. A base environment is required to house the top file.
      file_roots:
        base:
          - /srv/salt/prod
        qa:
          - /srv/salt/qa
          - /srv/salt/prod
        dev:
          - /srv/salt/dev
          - /srv/salt/qa
          - /srv/salt/prod
       
      # File Server Backend
      #
      # Salt supports a modular fileserver backend system, this system allows
      # the salt master to link directly to third party systems to gather and
      # manage the files available to minions. Multiple backends can be
      # configured and will be searched for the requested file in the order in which
      # they are defined here. The default setting only enables the standard backend
      # "roots" which uses the "file_roots" option.
      fileserver_backend:
        - roots
       
      #####        Security settings       #####
      ##########################################
      # The external auth system uses the Salt auth modules to authenticate and
      # validate users to access areas of the Salt system.
      external_auth:
        pam:
          saltdev:
            - .*
            - '@runner'
            - '@wheel'
            - '@jobs'
       
      # Allow eauth users to specify the expiry time of the tokens they generate.
      # A boolean applies to all users or a dictionary of whitelisted eauth backends
      # and usernames may be given.
      token_expire_user_override:
        pam:
          - saltdev
      
      #####        API Server settings     #####
      ##########################################
      rest_cherrypy:
        port: 8000
        disable_ssl: True
    4. Salt-Minion : $ vim /etc/salt/minion.d/minion.conf

      ## log_level ##
      # One of 'garbage', 'trace', 'debug', info', 'warning'(default), 'error', 'critical'.
      log_level: info
      master: <master ip address>
      id: <유일한 minion id 설정해야 하며, 생략 시, hostname = minion id>
  5. 계정 생성 및 패스워드 설정
    아래 추가된 password는 추후 salt-api authentication을 위한 pam_token를 발급 받는데 쓰이므로, 잘 기억해두어야 합니다.

    $ useradd saltdev
    $ passwd <password>
    Changing password for user saltdev.
    New password:
  6. 서비스 시작

    $ systemctl enable salt-master
    $ systemctl start salt-master
    
    $ systemctl enable salt-api
    $ systemctl start salt-api
    
    $ systemctl enable salt-minion
    $ systemctl start salt-minion
  7. Download telegraf into salt file_roots path on salt-master

    1. 아래 링크에서 설치하고자 하는 버전을 다운로드 할 수 있습니다.
      Download URL: https://github.com/snetsystems/telegraf/releases

    2. 아래 지정된 경로에 원하는 버전의 rpm 파일을 다운로드 합니다.

      $ mkdir -p /srv/salt/prod/telegraf          # Telegraf package path
      $ cd /srv/salt/prod/telegraf
      $ wget https://github.com/snetsystems/telegraf/releases/download/v1.19.3-snet/telegraf-1.19.3-snet-1_x86_64.rpm

Install CloudHub Portal

Download

아래 링크에서 설치하고자 하는 버전을 다운로드 할 수 있습니다.

Download URL: https://github.com/snetsystems/cloudhub/releases

Install

$ yum localinstall cloudhub-0.9.1~17fe47a.x86_64.rpm

Configure

아래 Config의 자세한 내용은 CloudHub Document > Introduction > Getting started > Basic Configure CloudHub를 참고하세요.

  1. $ vim /etc/systemd/system/multi-user.target.wants/cloudhub.service

    [Unit]
    After=network-online.target
    
    [Service]
    User=root
    Group=root
    Environment="HOST=0.0.0.0"
    Environment="PORT=443" # default: 8888
    Environment="TLS_CERTIFICATE=/usr/lib/cloudhub/key/cloudhub_self_signed.pem"
    #Environment="TLS_PRIVATE_KEY=my.key"
    Environment="BOLT_PATH=/var/lib/cloudhub/cloudhub-v1.db"
    #Environment="ETCD_ENDPOINTS={ETCD_CLIENT_IP}:2379"
    Environment="CANNED_PATH=/usr/share/cloudhub/cloudhub-canned"
    Environment="PROTOBOARDS_PATH=/usr/share/cloudhub/cloudhub-protoboards"
    EnvironmentFile=-/etc/default/cloudhub
    ExecStart=/usr/bin/cloudhub $CLOUDHUB_OPTS
    KillMode=control-group
    Restart=on-failure
    
    [Install]
    WantedBy=multi-user.target
  2. localhost 인증서(cloudhub_self_signed.pem) 발급

    $ cd /usr/lib/cloudhub/key/
    $ openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout cloudhub_self_signed.pem -out cloudhub_self_signed.pem -subj "/CN=localhost" -days 365
  3. <salt_token> 발급
    /wiki/spaces/CM/pages/254050538
    노트 위 페이지 접근 권한이 없는 경우에는 Snetsystems CloudHub 팀에 문의/발급 받은 후,
    아래 4번 -k=salt:<salt_token>에 기입하세요.

  4. $ vim /etc/default/cloudhub

    CLOUDHUB_OPTS="-l=debug \
    --auth-duration=0 \
    -t=74c1e9e2450886060b5bf736b935cd0bf960837f \
    -i=any \
    -s=any \
    -u=salt:http://{salt-master-ip}:8000/run \
    -k=salt:<salt_token> \
    -u=vsphere:on \
    -u=aws:on \
    -u=k8s:on \
    --login-auth-type=basic \
    --password-policy='(?=.*[0-9]{1,50})(?=.*[~`!@#$%\\^&*()-+=]{1,50})(?=.*[a-zA-Z]{2,50}).{8,50}$' \
    --password-policy-message='Enter at least 8 digits using at least 1 number and at least 1 special sentence, and at least 2 English characters.' \
    --mail-subject='[Notifiy] $user_id Password is reset' \
    --mail-body-message='Reset OTP for  $user_id is '$user_pw'.<br>Do not forget this!<br>This OTP will use just once when login into cloudhub.<br>Then you must set up the new password' \
    --kapacitor-url=http://{Kapacitor_IP}:9094 \
    --influxdb-url=http://{InfluxDB_IP}:8086 \
    --retry-policy=count:3 \
    --retry-policy=delaytime:5 \
    --retry-policy=type:delay"

Run

$ sudo systemctl {start|stop|restart} cloudhub

  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.