{"type":"doc","content":[{"type":"paragraph"},{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"toc","parameters":{"macroParams":{},"macroMetadata":{"macroId":{"value":"7b1f2321-a90f-4a94-8d88-324be4868673"},"schemaVersion":{"value":"1"},"title":"목차"}},"localId":"a08f1365-5f53-4fd6-8afa-abbcdfe69644"}},{"type":"heading","attrs":{"level":1},"content":[{"text":"Required Hardware Spec.","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"Single Server Node","type":"text","marks":[{"type":"strong"}]},{"text":" 기준","type":"text"}]},{"type":"paragraph","content":[{"text":"아래는 InfluxDB의 official 권고 사양을 참고한 normal workload(agent 당 하나의 어플리케이션을 모니터링)에 대한 기준 입니다.","type":"text"},{"type":"hardBreak"},{"text":"또한, CH Portal + InfluxDB + Kapacitor + SaltStack Server가 한 대의 서버에 탑재되는 것으로 산정합니다.","type":"text"},{"type":"hardBreak"},{"text":"단, 각 서버 및 에이전트 컴포넌트들(","type":"text"},{"type":"inlineCard","attrs":{"url":"https://seversky.atlassian.net/wiki/spaces/CSHD/pages/219414598/Introduction#Components-Architecture"}},{"text":")의 workload량 따라 가변적 입니다.","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"100 ~ 250 agent nodes: 8core, 16GB Ram","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"~ 500 agent nodes: 16core, 32GB Ram","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"~ 1000 agent nodes: 24core+, 48GB+ Ram","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"또한, Kapacitor(data processing component)의 경우는 job할당 개수나 프로세싱 부하에 따라 전체 workload는 차이가 클 수 있습니다.","type":"text"}]},{"type":"paragraph","content":[{"text":"운영 중 실제 부하량에 따라 각 컴포넌트를 분리-확장(Scale-out)하는 방법으로 권고 합니다.","type":"text"}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"OS","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"CentOS 7 x86_64 기준","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"CloudHub에서 사용되는 Port","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"개념도","type":"text"}]},{"type":"paragraph","content":[{"type":"status","attrs":{"color":"purple","style":"bold","text":"참고","localId":"7324cedb-9257-4c42-88de-bff4750e353b"}},{"text":" 아래에서 화살표를 ","type":"text"},{"text":"받는 쪽","type":"text","marks":[{"type":"strong"}]},{"text":"이 ","type":"text"},{"text":"Port Listening 상태","type":"text","marks":[{"type":"strong"}]},{"text":"로 표기함.","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"width":868,"id":"518024f3-6417-4cb3-818c-0035e702e591","collection":"contentId-217022681","type":"file","height":524}}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"External Ports: Internet 구간","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"443","type":"text","marks":[{"type":"strong"}]},{"text":": CloudHub Portal에서 사용하는 웹 포트.","type":"text"}]}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Internal Ports (Backend Server 간): ","type":"text"},{"text":"Trusted Network 구간","type":"text","marks":[{"type":"textColor","attrs":{"color":"#ff5630"}},{"type":"strong"}]}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"8000 ","type":"text","marks":[{"type":"strong"}]},{"text":": ","type":"text"},{"text":"Salt-API Server","type":"text","marks":[{"type":"textColor","attrs":{"color":"#ff5630"}}]},{"text":" - ","type":"text"},{"text":"CH Server","type":"text","marks":[{"type":"textColor","attrs":{"color":"#ff5630"}}]},{"text":"와 데이터 송수신.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"9094 ","type":"text","marks":[{"type":"strong"}]},{"text":": ","type":"text"},{"text":"Kapacitor","type":"text","marks":[{"type":"textColor","attrs":{"color":"#ff5630"}}]},{"text":" - ","type":"text"},{"text":"InfluxDB","type":"text","marks":[{"type":"textColor","attrs":{"color":"#ff5630"}}]},{"text":"와 데이터 송수신.","type":"text"}]}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Intermediate Ports (Agent ↔︎ Backend Server 간): ","type":"text"},{"text":"Semi-Trusted Network 구간","type":"text","marks":[{"type":"textColor","attrs":{"color":"#ff5630"}},{"type":"strong"}]}]},{"type":"panel","attrs":{"panelType":"error"},"content":[{"type":"paragraph","content":[{"text":"아래 포트들은 모니터링 대상 호스트들(MO: Managed Objects)과의 통신에 사용됩니다.","type":"text"},{"type":"hardBreak"},{"text":"443 포트를 제외하고는 보안 위협이 될 수 있으므로,","type":"text","marks":[{"type":"textColor","attrs":{"color":"#ff5630"}}]},{"type":"hardBreak"},{"text":"Source IP 혹은 대역으로 ACL정책을 사용","type":"text","marks":[{"type":"textColor","attrs":{"color":"#ff5630"}},{"type":"strong"}]},{"text":"할 필요가 있습니다.","type":"text","marks":[{"type":"textColor","attrs":{"color":"#ff5630"}}]}]},{"type":"paragraph","content":[{"text":"아래 설정 예시와 같이 ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#6554c0"}}]},{"text":"firewalld filter","type":"text","marks":[{"type":"textColor","attrs":{"color":"#6554c0"}},{"type":"strong"}]},{"text":"를 사용하거나, 혹은 ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#6554c0"}}]},{"text":"tcp_wrappers ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#6554c0"}},{"type":"strong"}]},{"text":"등을 사용하여 ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#6554c0"}}]},{"text":"hosts.allow","type":"text","marks":[{"type":"textColor","attrs":{"color":"#6554c0"}},{"type":"strong"}]},{"text":", ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#6554c0"}}]},{"text":"hosts.deny","type":"text","marks":[{"type":"textColor","attrs":{"color":"#6554c0"}},{"type":"strong"}]},{"text":" 등에 ACL을 설정할 수 있습니다.","type":"text","marks":[{"type":"textColor","attrs":{"color":"#6554c0"}}]},{"type":"hardBreak"},{"text":"(","type":"text"},{"text":"tcp_wrappers","type":"text","marks":[{"type":"strong"}]},{"text":" 설정 방법은 여기서는 다루지 않습니다. 필요한 경우, 인터넷 검색을 통하여 쉽게 사용법을 얻을 수 있으니 참고 바랍니다.)","type":"text"}]}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"4505-4506","type":"text","marks":[{"type":"strong"}]},{"text":" :","type":"text"},{"text":" Salt-Master","type":"text","marks":[{"type":"textColor","attrs":{"color":"#ff5630"}}]},{"text":" - ","type":"text"},{"text":"Salt-Minion","type":"text","marks":[{"type":"textColor","attrs":{"color":"#ff5630"}}]},{"text":"과 데이터 송수신.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"8086 ","type":"text","marks":[{"type":"strong"}]},{"text":": ","type":"text"},{"text":"InfluxDB","type":"text","marks":[{"type":"textColor","attrs":{"color":"#ff5630"}}]},{"text":" -","type":"text"},{"text":" telegraf","type":"text","marks":[{"type":"textColor","attrs":{"color":"#ff5630"}}]},{"text":"로부터 데이터 수신.","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"아래는 ","type":"text"},{"text":"firewalld","type":"text","marks":[{"type":"code"}]},{"text":" 설정 파일 예시이며,","type":"text"},{"type":"hardBreak"},{"type":"status","attrs":{"color":"red","style":"bold","text":"주의","localId":"9664f21e-788a-4421-b120-3d69cbf7c6e3"}},{"text":" ","type":"text"},{"text":"물리적인 보안 장비","type":"text","marks":[{"type":"textColor","attrs":{"color":"#ff5630"}},{"type":"strong"}]},{"text":"를 따로 사용하여 설정할 경우는 위 설명한 용도와 내용에 맞게 ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#ff5630"}}]},{"text":"ACL","type":"text","marks":[{"type":"textColor","attrs":{"color":"#ff5630"}},{"type":"strong"}]},{"text":"을 설정하여 사용하여야 합니다.","type":"text","marks":[{"type":"textColor","attrs":{"color":"#ff5630"}}]}]},{"type":"codeBlock","attrs":{"language":"xml"},"content":[{"text":"\n\n\n Public\n For use in public areas.\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n","type":"text"}]},{"type":"heading","attrs":{"level":1},"content":[{"text":"Install Pre-required Packages","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Setting InfluxDB and Kapacitor containers via Docker Compose","type":"text"}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"[주의] CloudHub와의 호환성 유지","type":"text","marks":[{"type":"textColor","attrs":{"color":"#ff5630"}},{"type":"strong"}]}]},{"type":"paragraph","content":[{"text":"CloudHub는 위 InfluxDB와 Kapacitor의 임의의 버전에는 상하위 호환되지 않을 수 있습니다.","type":"text"}]},{"type":"paragraph","content":[{"text":"반드시 CloudHub Release(","type":"text"},{"text":"https://github.com/snetsystems/cloudhub/releases","type":"text","marks":[{"type":"link","attrs":{"href":"https://github.com/snetsystems/cloudhub/releases"}}]},{"text":")페이지에서 설치할 CloudHub 버전과 호환되는 InfluxDB와 Kapacitor 버전을 확인한 후, 해당 버전으로 설치해야 합니다.","type":"text"}]},{"type":"paragraph","content":[{"text":"예>","type":"text"},{"type":"hardBreak"},{"text":"InfluxDB가 1.8.0, Kapacitor가 1.5.4라면,","type":"text"},{"type":"hardBreak"},{"text":"아래 6번을 수행한 후, sandbox/.env 파일을 아래와 같이 수정합니다.","type":"text"},{"type":"hardBreak"},{"text":"INFLUXDB_TAG=1.8.0","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"KAPACITOR_TAG=1.5.4","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"이후, 아래 7번을 수행합니다.","type":"text"}]}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Docker 설치 확인","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"버전 : Docker version 18.09.4 이상","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"$ docker --version\nDocker version 18.09.4, build d14af54266","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"버전이 낮으면 이전 버전을 삭제 후 설치","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"이전 버전 삭제","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"$ yum remove docker \\\n docker-client \\\n docker-client-latest \\\n docker-common \\\n docker-latest \\\n docker-latest-logrotate \\\n docker-logrotate \\\n docker-engine","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"저장소 설정 및 추가","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"$ yum install -y yum-utils \\\n device-mapper-persistent-data \\\n lvm2\n\n$ yum-config-manager \\\n --add-repo \\\n https://download.docker.com/linux/centos/docker-ce.repo","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Install Docker Engine - Community","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"$ yum install docker-ce docker-ce-cli containerd.io","type":"text"}]}]}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Docker log rotation 설정 ","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"logrotate을 사용하여 Docker Log를 관리 합니다.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Log 파일 경로 : ","type":"text"},{"text":"/var/lib/docker/containers/*/*.log","type":"text","marks":[{"type":"code"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Log 설정 파일 : ","type":"text"},{"text":"$ vim /etc/logrotate.d/docker-container","type":"text","marks":[{"type":"code"}]}]},{"type":"codeBlock","attrs":{"language":"yaml"},"content":[{"text":"/var/lib/docker/containers/*/*.log {\n daily\n rotate 7\n missingok\n dateext\n compress\n notifempty\n}","type":"text"}]},{"type":"paragraph","content":[{"text":"daily : 매일 log를 rotate 합니다.","type":"text"},{"type":"hardBreak"},{"text":"rotate 7 : 최대 log.1, log.2 등 7개의 파일을 보관합니다.","type":"text"},{"type":"hardBreak"},{"text":"missingok : log가 없는 경우 에러 없이 다음 rotate로 넘어갑니다.","type":"text"},{"type":"hardBreak"},{"text":"dateext : log 파일에 YYYYMMDD 형식의 확장자를 추가합니다.","type":"text"},{"type":"hardBreak"},{"text":"compress : 이전 log를 압축합니다.","type":"text"},{"type":"hardBreak"},{"text":"notifempty : log 내용이 없으면 rotation 하지 않습니다.","type":"text"}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Docker 실행","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"$ systemctl enable docker\n$ systemctl start docker\n$ systemctl status docker\n● docker.service - Docker Application Container Engine\n Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)\n Active: active (running) since Mon 2020-03-09 05:30:36 EDT; 3s ago\n Docs: https://docs.docker.com\n Main PID: 2036 (dockerd)\n Tasks: 8\n Memory: 42.1M\n CGroup: /system.slice/docker.service\n └─2036 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock\n\n...\n...\nHint: Some lines were ellipsized, use -l to show in full.\n","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Docker Compose 설치 확인","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"버전 : Docker Compose version 1.24 이상","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"$ docker-compose --version\ndocker-compose version 1.24.0, build 0aa59064","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"버전이 낮거나 미 설치 시 Docker Compose 설치","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"파일 다운로드","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"$ curl -L \"https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)\" -o /usr/local/bin/docker-compose","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"다운로드 파일에 권한 적용","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"$ sudo chmod +x /usr/local/bin/docker-compose","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"버전 확인 ","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"$ docker-compose --version\ndocker-compose version 1.25.4, build 8d51620a","type":"text"}]}]}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Git 설치","type":"text"}]},{"type":"codeBlock","content":[{"text":"$ yum install -y git","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Snetsystems/Sandbox Download","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"$ cd {Sandbox 다운로드 할 디렉토리 이동}\n$ git clone https://github.com/snetsystems/sandbox.git","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Sandbox 실행","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"$ cd sandbox\n$ ./sandbox up\nUsing latest, stable releases\nSpinning up Docker Images...\nIf this is your first time starting sandbox this might take a minute...\nCreating network \"sandbox_default\" with the default driver\nBuilding influxdb\nStep 1/2 : ARG INFLUXDB_TAG\nStep 2/2 : FROM influxdb:$INFLUXDB_TAG\nlatest: Pulling from library/influxdb\nc0c53f743a40: Downloading [=================================> ] 30.81MB/45.38MB\nc0c53f743a40: Pull complete\n66997431d390: Pull complete\n...\n...\nSuccessfully built a59cd84d6569\nSuccessfully tagged kapacitor:latest\nCreating sandbox_influxdb_1 ... done\nCreating sandbox_kapacitor_1 ... done\nOpening tabs in browser...","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Setting SaltStack for master","type":"text"}]},{"type":"panel","attrs":{"panelType":"error"},"content":[{"type":"paragraph","content":[{"text":"[주의]","type":"text","marks":[{"type":"textColor","attrs":{"color":"#ff5630"}},{"type":"strong"}]},{"type":"hardBreak"},{"text":"폐쇄망(Off internet) 일 경우, yum 명령에 ","type":"text"},{"text":"--disablerepo=* --enablerepo=cloudhubrepo","type":"text","marks":[{"type":"code"}]},{"text":" 옵션을 추가해야 합니다.","type":"text"}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Yum install","type":"text","marks":[{"type":"strong"}]}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"Salt official installation guide(","type":"text"},{"text":"https://repo.saltproject.io/3001.html#rhel","type":"text","marks":[{"type":"link","attrs":{"href":"https://repo.saltproject.io/3001.html#rhel"}}]},{"text":")","type":"text"},{"type":"hardBreak"},{"text":"→ Enter into the linked page, and then choose “Redhat / CentOS 7 PY3” tab button.","type":"text"}]}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"SaltStack 저장소 등록","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"$ yum install -y epel-release\n$ rpm --import https://repo.saltproject.io/py3/redhat/7/x86_64/archive/3001.4/SALTSTACK-GPG-KEY.pub\n$ curl -fsSL https://repo.saltproject.io/py3/redhat/7/x86_64/archive/3001.4.repo | sudo tee /etc/yum.repos.d/salt.repo\n$ yum clean expire-cache","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Salt-Master, Salt-API, Salt-Minion 설치","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"$ yum install -y salt-master salt-api salt-minion","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Config 설정","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Salt-Master의 Config 와 Salt-API의 Config 파일을 설정해야 합니다.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Salt-Master : ","type":"text"},{"text":"$ vim /etc/salt/master.d/master.conf","type":"text","marks":[{"type":"code"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"type":"status","attrs":{"color":"red","style":"bold","text":"주의","localId":"6962e5c4-03b3-4d57-a8a4-cb86f9e3252b"}},{"text":" ","type":"text"},{"text":"Host에 여러 Interface가 있을 경우 Salt-Minion과 ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#ff5630"}}]},{"text":"연결 가능한 네트워크 Interface IP","type":"text","marks":[{"type":"textColor","attrs":{"color":"#ff5630"}},{"type":"strong"}]},{"text":"로 설정해야 합니다.","type":"text","marks":[{"type":"textColor","attrs":{"color":"#ff5630"}}]},{"type":"hardBreak"},{"text":"ex) ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#ff5630"}}]},{"text":"interface: 61.254.65.58","type":"text","marks":[{"type":"textColor","attrs":{"color":"#ff5630"}},{"type":"strong"}]},{"type":"hardBreak"},{"text":"아래 예와 같이 any(0.0.0.0)로 설정해도 master ↔︎ minion 간 통신은 문제가 없으나,","type":"text","marks":[{"type":"textColor","attrs":{"color":"#ff5630"}}]},{"type":"hardBreak"},{"text":"CloudHub UI에서 원하지 않는 IP로 표시될 수 있습니다.","type":"text","marks":[{"type":"textColor","attrs":{"color":"#ff5630"}}]}]},{"type":"codeBlock","attrs":{"language":"yaml"},"content":[{"text":"## log_level ##\n# One of 'garbage', 'trace', 'debug', info', 'warning'(default), 'error', 'critical'.\nlog_level: info\n\n##### Primary configuration settings #####\n##########################################\n# The address of the interface to bind to:\ninterface: 0.0.0.0\n \n# The tcp port used by the publisher:\npublish_port: 4505\n \n# Allow minions to push files to the master. This is disabled by default, for\n# security purposes.\n# file_recv: True\n \n##### State System settings #####\n##########################################\n# The state system uses a \"top\" file to tell the minions what environment to\n# use and what modules to use. The state_top file is defined relative to the\n# root of the base environment as defined in \"File Server settings\" below.\nstate_top: top.sls\n \n##### File Server settings #####\n##########################################\n# Salt runs a lightweight file server written in zeromq to deliver files to\n# minions. This file server is built into the master daemon and does not\n# require a dedicated port.\n \n# The file server works on environments passed to the master, each environment\n# can have multiple root directories, the subdirectories in the multiple file\n# roots cannot match, otherwise the downloaded files will not be able to be\n# reliably ensured. A base environment is required to house the top file.\nfile_roots:\n base:\n - /srv/salt/prod\n qa:\n - /srv/salt/qa\n - /srv/salt/prod\n dev:\n - /srv/salt/dev\n - /srv/salt/qa\n - /srv/salt/prod\n \n# File Server Backend\n#\n# Salt supports a modular fileserver backend system, this system allows\n# the salt master to link directly to third party systems to gather and\n# manage the files available to minions. Multiple backends can be\n# configured and will be searched for the requested file in the order in which\n# they are defined here. The default setting only enables the standard backend\n# \"roots\" which uses the \"file_roots\" option.\nfileserver_backend:\n - roots\n \n##### Security settings #####\n##########################################\n# The external auth system uses the Salt auth modules to authenticate and\n# validate users to access areas of the Salt system.\nexternal_auth:\n pam:\n saltdev:\n - .*\n - '@runner'\n - '@wheel'\n - '@jobs'\n \n# Allow eauth users to specify the expiry time of the tokens they generate.\n# A boolean applies to all users or a dictionary of whitelisted eauth backends\n# and usernames may be given.\ntoken_expire_user_override:\n pam:\n - saltdev\n\n##### API Server settings #####\n##########################################\nrest_cherrypy:\n port: 8000\n disable_ssl: True","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Salt-Minion : ","type":"text"},{"text":"$ vim /etc/salt/minion.d/minion.conf","type":"text","marks":[{"type":"code"}]}]},{"type":"codeBlock","attrs":{"language":"yaml"},"content":[{"text":"## log_level ##\n# One of 'garbage', 'trace', 'debug', info', 'warning'(default), 'error', 'critical'.\nlog_level: info\nmaster: \nid: <유일한 minion id 설정해야 하며, 생략 시, hostname = minion id>","type":"text"}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"계정 생성 및 패스워드 설정","type":"text"},{"type":"hardBreak"},{"text":"아래 추가된 ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#ff5630"}}]},{"text":"password","type":"text","marks":[{"type":"textColor","attrs":{"color":"#ff5630"}},{"type":"strong"}]},{"text":"는 추후 salt-api authentication을 위한 ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#ff5630"}}]},{"text":"pam_token","type":"text","marks":[{"type":"code"}]},{"text":"를 발급 받는데 쓰이므로, 잘 기억해두어야 합니다.","type":"text","marks":[{"type":"textColor","attrs":{"color":"#ff5630"}}]}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"$ useradd saltdev\n$ passwd \nChanging password for user saltdev.\nNew password:","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":" 서비스 시작","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"$ systemctl enable salt-master\n$ systemctl start salt-master\n$ systemctl enable salt-api\n$ systemctl start salt-api\n$ systemctl enable salt-minion\n$ systemctl start salt-minion","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"For off internet","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"상단 설치 과정은 인터넷이 허용되는 환경에서의 Pre-required Packages 설치 방법입니다.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"인터넷이 안되는 폐쇄망 환경에서 ","type":"text"},{"type":"inlineCard","attrs":{"url":"https://seversky.atlassian.net/wiki/spaces/CSHD/pages/1380155405"}},{"text":"설치 방법 입니다.","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Download telegraf into salt ","type":"text"},{"text":"file_roots","type":"text","marks":[{"type":"code"}]},{"text":" path on salt-master","type":"text"}]},{"type":"paragraph","content":[{"text":"아래 링크에서 설치하고자 하는 버전을 다운로드 할 수 있습니다.","type":"text"}]},{"type":"blockquote","content":[{"type":"paragraph","content":[{"text":"Download URL: ","type":"text"},{"text":"https://github.com/snetsystems/telegraf/releases","type":"text","marks":[{"type":"link","attrs":{"href":"https://github.com/snetsystems/telegraf/releases"}}]},{"text":" ","type":"text"}]}]},{"type":"panel","attrs":{"panelType":"note"},"content":[{"type":"paragraph","content":[{"text":"특별한 언급이 없다면, ","type":"text"},{"text":"telegraf","type":"text","marks":[{"type":"code"}]},{"text":" 최신 버전을 설치합니다.","type":"text"}]},{"type":"paragraph","content":[{"text":"폐쇄망인 경우 USB 또는 CD에서 ","type":"text"},{"text":"telegraf","type":"text","marks":[{"type":"code"}]},{"text":" rpm 파일을 아래 경로에 복사합니다.","type":"text"}]}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"$ mkdir -p /srv/salt/prod/telegraf # Telegraf package path\n$ cd /srv/salt/prod/telegraf\n$ wget https://github.com/snetsystems/telegraf/releases/download/v1.19.0-snet/telegraf-1.19.0-snet-1.x86_64.rpm","type":"text"}]},{"type":"heading","attrs":{"level":1},"content":[{"text":"Install CloudHub Portal","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Download","type":"text"}]},{"type":"paragraph","content":[{"text":"아래 링크에서 설치하고자 하는 버전을 다운로드 할 수 있습니다.","type":"text"}]},{"type":"blockquote","content":[{"type":"paragraph","content":[{"text":"Download URL: ","type":"text"},{"text":"https://github.com/snetsystems/cloudhub/releases","type":"text","marks":[{"type":"link","attrs":{"href":"https://github.com/snetsystems/cloudhub/releases"}}]}]}]},{"type":"panel","attrs":{"panelType":"note"},"content":[{"type":"paragraph","content":[{"text":"가이드에서 사용되는 CloudHub의 버전과 현재 최신 릴리즈 버전은 차이가 있을 수 있습니다만,","type":"text"},{"type":"hardBreak"},{"text":"설치 방법은 동일합니다.","type":"text"}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Install CloudHub admin portal package","type":"text"}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"아래에서 설정된 실행 옵션들은 설치 과정에 관계된 예시이며, Production 환경에서 CloudHub를 실행할 때는 ","type":"text"},{"type":"inlineCard","attrs":{"url":"https://seversky.atlassian.net/wiki/spaces/CSHD/pages/235601941"}},{"text":" 를 참고하여 설정해야 합니다.","type":"text"}]}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"설치명령어","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"$ sudo yum localinstall cloudhub-0.9.1~17fe47a.x86_64.rpm","type":"text","marks":[{"type":"code"}]}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Log 파일","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"service로 데몬 실행 시 log file : ","type":"text"},{"text":"/var/log/cloudhub","type":"text","marks":[{"type":"code"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"systemd로 데몬 실행 시 log file: ","type":"text"},{"text":"/var/log/messages","type":"text","marks":[{"type":"code"}]}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Environment or Argument file path","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"실행(help) 옵션","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"$ cloudhub -h","type":"text","marks":[{"type":"code"}]}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"파일 : ","type":"text"},{"text":"/etc/default/cloudhub","type":"text","marks":[{"type":"code"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Argument 설정: 예> 61.250.122.xx","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"$ cat /etc/default/cloudhub\nCLOUDHUB_OPTS=\"-l=debug \\\n--auth-duration=0 \\\n-t=74c1e9e2450886060b5bf736b935cd0bf960837f \\\n-i= \\\n-s= \\\n-u=salt:http://61.250.122.xx:8000/run \\\n-k=salt:\"","type":"text"}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"서비스 시작/정지/재시작","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"$ sudo systemctl {start|stop|restart} cloudhub","type":"text","marks":[{"type":"code"}]}]}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"서비스 확인","type":"text"}]},{"type":"codeBlock","attrs":{"language":"shell"},"content":[{"text":"$ systemctl status cloudhub.service\n● cloudhub.service\n Loaded: loaded (/usr/lib/systemd/system/cloudhub.service; enabled; vendor preset: disabled)\n Active: active (running) since Thu 2020-02-20 03:55:04 EST; 1s ago\n Main PID: 23498 (cloudhub)\n Tasks: 5\n Memory: 26.9M\n CGroup: /system.slice/cloudhub.service\n └─23498 /usr/bin/cloudhub\n\nFeb 20 03:55:04 localhost.localdomain systemd[1]: Started cloudhub.service.\nFeb 20 03:55:04 localhost.localdomain cloudhub[23498]: time=\"2020-02-20T03:55:04-05:00\" level=info msg=\"Serving CloudHub at http://[::]:8888\" component=server\n","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Enabling HTTPS on CloudHub Portal","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"http가 기본으로 설정되어 있으며 https로 변경 하려면 cloudhub.service 중단 후 설정파일을 수정하고 'systemctl daemon-reload'를 하여 서비스를 재시작 합니다.","type":"text"}]},{"type":"codeBlock","attrs":{"language":"yaml"},"content":[{"text":"$ cat /etc/systemd/system/multi-user.target.wants/cloudhub.service\n\n[Unit]\nAfter=network-online.target\n\n[Service]\nUser=root\nGroup=root\nEnvironment=\"HOST=0.0.0.0\"\n#Environment=\"PORT=8888\"\nEnvironment=\"PORT=443\"\nEnvironment=\"TLS_CERTIFICATE=/usr/lib/cloudhub/key/cloudhub_self_signed.pem\"\nEnvironment=\"BOLT_PATH=/var/lib/cloudhub/cloudhub-v1.db\"\nEnvironment=\"CANNED_PATH=/usr/share/cloudhub/cloudhub-canned\"\nEnvironment=\"PROTOBOARDS_PATH=/usr/share/cloudhub/cloudhub-protoboards\"\nEnvironmentFile=-/etc/default/cloudhub\nExecStart=/usr/bin/cloudhub $CLOUDHUB_OPTS\nKillMode=control-group\nRestart=on-failure\n\n[Install]\nWantedBy=multi-user.target","type":"text"}]}]}]},{"type":"paragraph"}],"version":1}

Browser not supported