From e01942bb8af31a2aca6e4b706962295ab3ca8f87 Mon Sep 17 00:00:00 2001 From: JP Bourget Date: Fri, 17 Jan 2020 00:24:11 -0500 Subject: [PATCH 1/9] first EL8 docs --- docs/source/install/index.rst | 1 + docs/source/install/rhel8.rst | 287 ++++++++++++++++++++++++++++++++++ 2 files changed, 288 insertions(+) create mode 100644 docs/source/install/rhel8.rst diff --git a/docs/source/install/index.rst b/docs/source/install/index.rst index f4c681760..5f51285e5 100644 --- a/docs/source/install/index.rst +++ b/docs/source/install/index.rst @@ -86,6 +86,7 @@ For more details on reference deployments, or OS-specific installation instructi system_requirements Ubuntu 16.04 Ubuntu 18.04 + RHEL 8 / CentOS 8 RHEL 7 / CentOS 7 RHEL 6 / CentOS 6 Kubernetes / HA diff --git a/docs/source/install/rhel8.rst b/docs/source/install/rhel8.rst new file mode 100644 index 000000000..e9ac5349f --- /dev/null +++ b/docs/source/install/rhel8.rst @@ -0,0 +1,287 @@ +RHEL 8/CentOS 8 +=============== + +.. include:: common/intro.rst + +.. contents:: Contents + :local: + +System Requirements +------------------- + +Please check the :doc:`supported versions and system requirements `. + +.. note:: + + |st2| on RHEL 8/CentOS 8 runs all services, actions and sensors using Python 3**only**. It + does not support Python2 actions. `More info about python in RHEL 8 and CentOS 8. + `_ + + Mistral is not supported on RHEL 8/CentOS 8. All workflows must be written in + :doc:`Orquesta `. + +Minimal Installation +-------------------- + +Adjust SELinux Policies +~~~~~~~~~~~~~~~~~~~~~~~ + +If your system has SELinux in Enforcing mode, please follow these instructions to adjust SELinux +policies. This is needed for successful installation. If you are not happy with these policies, +you may want to tweak them according to your security practices. + +* First check if SELinux is in Enforcing mode: + + .. code-block:: bash + + getenforce + +* If the previous command returns 'Enforcing', then run the following commands: + + .. code-block:: bash + + # SELINUX management tools, not available for some minimal installations + sudo yum install -y policycoreutils-python + + # Allow network access for nginx + sudo setsebool -P httpd_can_network_connect 1 + + # Allow RabbitMQ to use port '25672', otherwise it will fail to start + sudo semanage port --list | grep -q 25672 || sudo semanage port -a -t amqp_port_t -p tcp 25672 + +.. note:: + + If you see messages like "SELinux: Could not downgrade policy file", it means you are trying to + adjust policy configurations when SELinux is disabled. You can ignore this error. + +Install Dependencies +~~~~~~~~~~~~~~~~~~~~ + +.. include:: __mongodb_note.rst + +Install MongoDB, RabbitMQ: + +.. code-block:: bash + + sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm + + # Add key and repo for the latest stable MongoDB (3.4) + sudo rpm --import https://www.mongodb.org/static/pgp/server-3.4.asc + sudo sh -c "cat < /etc/yum.repos.d/mongodb-org-3.4.repo + [mongodb-org-3.4] + name=MongoDB Repository + baseurl=https://repo.mongodb.org/yum/redhat/7/mongodb-org/3.4/x86_64/ + gpgcheck=1 + enabled=1 + gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc + EOT" + + sudo yum -y install crudini + sudo yum -y install mongodb-org + sudo yum -y install rabbitmq-server + sudo systemctl start mongod rabbitmq-server + sudo systemctl enable mongod rabbitmq-server + + +Setup Repositories +~~~~~~~~~~~~~~~~~~ + +The following script will detect your platform and architecture and setup the appropriate |st2| +repository. It will also add the the GPG key used for package signing. + +.. code-block:: bash + + curl -s https://packagecloud.io/install/repositories/StackStorm/stable/script.rpm.sh | sudo bash + +Install |st2| Components +~~~~~~~~~~~~~~~~~~~~~~~~ + +.. code-block:: bash + + sudo yum install -y st2 + +.. include:: common/configure_components.rst + +Setup Datastore Encryption +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. include:: common/datastore_crypto_key.rst + +Configure SSH and SUDO +~~~~~~~~~~~~~~~~~~~~~~ + +.. include:: common/configure_ssh_and_sudo.rst + +Start Services +~~~~~~~~~~~~~~ + +.. include:: common/start_services.rst + +Verify +~~~~~~ + +.. include:: common/verify.rst + +Configure Authentication +------------------------ + +The reference deployment uses a file-based authentication provider for simplicity. Refer to +:doc:`/authentication` to configure and use PAM or LDAP authentication backends. + +To set up authentication with file-based provider: + +* Create a user with a password: + + .. code-block:: bash + + # Install htpasswd utility if you don't have it + sudo yum -y install httpd-tools + # Create a user record in a password file. + echo 'Ch@ngeMe' | sudo htpasswd -i /etc/st2/htpasswd st2admin + +.. include:: common/configure_authentication.rst + +Install WebUI and Setup SSL Termination +--------------------------------------- + +`NGINX `_ is used to serve WebUI static files, redirect HTTP to HTTPS, provide +SSL termination, and reverse-proxy st2auth and st2api API endpoints. To set it up: install the +``st2web`` and ``nginx`` packages, generate certificates or place your existing certificates under +``/etc/ssl/st2``, and configure nginx with |st2|'s supplied :github_st2:`site config file st2.conf +`. + +|st2| depends on Nginx version >=1.7.5. RHEL has an older version in the package repositories, so +you will need to add the official Nginx repository: + +.. code-block:: bash + + # Add key and repo for the latest stable nginx + sudo rpm --import http://nginx.org/keys/nginx_signing.key + sudo sh -c "cat < /etc/yum.repos.d/nginx.repo + [nginx] + name=nginx repo + baseurl=http://nginx.org/packages/rhel/\\\$releasever/x86_64/ + gpgcheck=1 + enabled=1 + EOT" + + # Ensure that EPEL repo is not used for nginx + sudo sed -i 's/^\(enabled=1\)$/exclude=nginx\n\1/g' /etc/yum.repos.d/epel.repo + + # Install nginx + sudo yum install -y nginx + + # Install st2web + sudo yum install -y st2web + + # Generate a self-signed certificate or place your existing certificate under /etc/ssl/st2 + sudo mkdir -p /etc/ssl/st2 + sudo openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/st2/st2.key -out /etc/ssl/st2/st2.crt \ + -days 365 -nodes -subj "/C=US/ST=California/L=Palo Alto/O=StackStorm/OU=Information \ + Technology/CN=$(hostname)" + + # Copy and enable the supplied nginx config file + sudo cp /usr/share/doc/st2/conf/nginx/st2.conf /etc/nginx/conf.d/ + + # Disable default_server configuration in existing /etc/nginx/nginx.conf + sudo sed -i 's/default_server//g' /etc/nginx/nginx.conf + + sudo systemctl restart nginx + sudo systemctl enable nginx + +If you modify ports, or url paths in the nginx configuration, make the corresponding changes in +the st2web configuration at ``/opt/stackstorm/static/webui/config.js``. + +Use your browser to connect to ``https://${ST2_HOSTNAME}`` and login to the WebUI. + +.. _ref-rhel7-firewall: + +If you are unable to connect to the web browser, you may need to change the default firewall +settings. You can do this with these commands: + +.. code-block:: bash + + firewall-cmd --zone=public --add-service=http --add-service=https + firewall-cmd --zone=public --permanent --add-service=http --add-service=https + +This will allow inbound HTTP (port 80) and HTTPS (port 443) traffic, and make those changes +survive reboot. + +.. include:: common/api_access.rst + +Setup ChatOps +------------- + +If you already run a Hubot instance, you can install the `hubot-stackstorm plugin +`_ and configure |st2| environment variables, as +described below. Otherwise, the easiest way to enable :doc:`StackStorm ChatOps ` +is to use the `st2chatops `_ package. + +* Validate that the ``chatops`` pack is installed, and a notification rule is enabled: + + .. code-block:: bash + + # Ensure chatops pack is in place + ls /opt/stackstorm/packs/chatops + # Create notification rule if not yet enabled + st2 rule get chatops.notify || st2 rule create /opt/stackstorm/packs/chatops/rules/notify_hubot.yaml + +* Add `NodeJS v10 repository `_: + + .. code-block:: bash + + curl -sL https://rpm.nodesource.com/setup_10.x | sudo -E bash - + +* Install the ``st2chatops`` package: + + .. code-block:: bash + + sudo yum install -y st2chatops + +.. include:: common/configure_chatops.rst + +* Start the service: + + .. code-block:: bash + + sudo systemctl start st2chatops + + # Start st2chatops on boot + sudo systemctl enable st2chatops + +* Reload st2 packs to make sure the ``chatops.notify`` rule is registered: + + .. code-block:: bash + + sudo st2ctl reload --register-all + +* That's it! Go to your Chat room and begin ChatOps-ing. Read more in the :doc:`/chatops/index` section. + +A Note on Security +------------------ + +.. include:: common/security_notes.rst + +Upgrade to |ewc| +---------------- + +.. include:: common/ewc_intro.rst + +.. code-block:: bash + + # Set up Extreme Workflow Composer repository access, install Enterprise packages and configure RBAC + curl -sSL -O https://stackstorm.com/ewc/install.sh && chmod +x install.sh + ./install.sh --user=st2admin --password='Ch@ngeMe' --license=${EWC_LICENSE_KEY} + +.. rubric:: What's Next? + +* Check out the :doc:`/start` Guide to build a simple automation. +* Get more actions, triggers, rules: + + + * Install integration packs from `StackStorm Exchange `__ - follow the :doc:`/packs` guide. + * :ref:`Convert your scripts into StackStorm actions. ` + * Learn how to :ref:`write custom actions `. + +* Use workflows to stitch actions into higher level automations - :doc:`/workflows`. +* Check out `tutorials on stackstorm.com `__ From 1a0c0215b8e5d86a68776ebef4175b79d9a2ce6b Mon Sep 17 00:00:00 2001 From: JP Bourget Date: Tue, 4 Feb 2020 10:27:34 -0500 Subject: [PATCH 2/9] el8 mongo url updates --- docs/source/install/rhel8.rst | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/source/install/rhel8.rst b/docs/source/install/rhel8.rst index e9ac5349f..83df4e7fc 100644 --- a/docs/source/install/rhel8.rst +++ b/docs/source/install/rhel8.rst @@ -63,17 +63,17 @@ Install MongoDB, RabbitMQ: .. code-block:: bash - sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm + sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm - # Add key and repo for the latest stable MongoDB (3.4) - sudo rpm --import https://www.mongodb.org/static/pgp/server-3.4.asc - sudo sh -c "cat < /etc/yum.repos.d/mongodb-org-3.4.repo - [mongodb-org-3.4] + # Add key and repo for the latest stable MongoDB (4.0) + sudo rpm --import https://www.mongodb.org/static/pgp/server-4.0.asc + sudo sh -c "cat < /etc/yum.repos.d/mongodb-org-4.repo + [mongodb-org-4] name=MongoDB Repository - baseurl=https://repo.mongodb.org/yum/redhat/7/mongodb-org/3.4/x86_64/ + baseurl=https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.0/x86_64/ gpgcheck=1 enabled=1 - gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc + gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc EOT" sudo yum -y install crudini From fa1d3fafeb22a7ee164aed87ca46c6119fb24ec2 Mon Sep 17 00:00:00 2001 From: JP Bourget Date: Wed, 5 Feb 2020 11:32:56 -0500 Subject: [PATCH 3/9] more EL8 updates --- docs/source/install/ewc.rst | 2 +- docs/source/install/index.rst | 3 ++- docs/source/install/uninstall.rst | 9 +++++++++ 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/docs/source/install/ewc.rst b/docs/source/install/ewc.rst index edfd3d041..44759acb8 100644 --- a/docs/source/install/ewc.rst +++ b/docs/source/install/ewc.rst @@ -41,7 +41,7 @@ replacing ``${EWC_LICENSE_KEY}`` with the license key you received when register ./install.sh --user=st2admin --password='Ch@ngeMe' --license=${EWC_LICENSE_KEY} To understand the full details of the installation procedure, or to install |ewc| manually, follow -the installation guide for your Linux version: :doc:`/install/u16`, :doc:`/install/u18`, :doc:`/install/rhel7`, +the installation guide for your Linux version: :doc:`/install/u16`, :doc:`/install/u18`,:doc:`/install/rhel8`, :doc:`/install/rhel7`, or :doc:`/install/rhel6`. It will walk you through installing and configuring StackStorm and |ewc|. The last step of the instructions is "Upgrade to |ewc|". diff --git a/docs/source/install/index.rst b/docs/source/install/index.rst index 5f51285e5..a8411e865 100644 --- a/docs/source/install/index.rst +++ b/docs/source/install/index.rst @@ -15,7 +15,8 @@ Here's an overview of the options: * **Manual Installation:** Have custom needs? Maybe no Internet access from your servers? Or just don't like using scripted installs? Read the manual installation instructions for your OS (:doc:`Ubuntu 16 `, :doc:`Ubuntu 18 `, :doc:`RHEL/CentOS 6 `, - :doc:`RHEL/CentOS 7 `), and adapt them to your needs. Here's some `additional guidance + :doc:`RHEL/CentOS 7 `), :doc:`RHEL/CentOS 7 `and adapt them to + your needs. Here's some `additional guidance `_ for setting up an internal mirror for the |st2| repos. * **Ansible Playbooks:** If you are an Ansible user, check these :doc:`/install/ansible` for diff --git a/docs/source/install/uninstall.rst b/docs/source/install/uninstall.rst index 162c97fb9..87540b51f 100644 --- a/docs/source/install/uninstall.rst +++ b/docs/source/install/uninstall.rst @@ -70,6 +70,15 @@ below. Only execute the instructions for your distribution. sudo systemctl stop mongod sudo systemctl stop rabbitmq-server +* RHEL/CentOS 8.x: + + .. sourcecode:: bash + + sudo st2ctl stop + sudo systemctl stop nginx + sudo systemctl stop mongod + sudo systemctl stop rabbitmq-server + 2. Remove Packages ------------------ From f06ce2715fb6a2f52a92e883edfae81308f352ba Mon Sep 17 00:00:00 2001 From: JP Bourget Date: Wed, 5 Feb 2020 14:24:59 -0500 Subject: [PATCH 4/9] Update index.rst --- docs/source/install/index.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/install/index.rst b/docs/source/install/index.rst index a8411e865..c28db9491 100644 --- a/docs/source/install/index.rst +++ b/docs/source/install/index.rst @@ -15,7 +15,7 @@ Here's an overview of the options: * **Manual Installation:** Have custom needs? Maybe no Internet access from your servers? Or just don't like using scripted installs? Read the manual installation instructions for your OS (:doc:`Ubuntu 16 `, :doc:`Ubuntu 18 `, :doc:`RHEL/CentOS 6 `, - :doc:`RHEL/CentOS 7 `), :doc:`RHEL/CentOS 7 `and adapt them to + :doc:`RHEL/CentOS 7 `), :doc:`RHEL/CentOS 8 `and adapt them to your needs. Here's some `additional guidance `_ for setting up an internal mirror for the |st2| repos. From b2499f04ea471c8e2d8187362bb5b7fe0753f9b8 Mon Sep 17 00:00:00 2001 From: JP Bourget Date: Wed, 5 Feb 2020 14:35:54 -0500 Subject: [PATCH 5/9] build fixes --- docs/source/install/index.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/source/install/index.rst b/docs/source/install/index.rst index c28db9491..d57cefcd6 100644 --- a/docs/source/install/index.rst +++ b/docs/source/install/index.rst @@ -15,7 +15,11 @@ Here's an overview of the options: * **Manual Installation:** Have custom needs? Maybe no Internet access from your servers? Or just don't like using scripted installs? Read the manual installation instructions for your OS (:doc:`Ubuntu 16 `, :doc:`Ubuntu 18 `, :doc:`RHEL/CentOS 6 `, +<<<<<<< Updated upstream :doc:`RHEL/CentOS 7 `), :doc:`RHEL/CentOS 8 `and adapt them to +======= + :doc:`RHEL/CentOS 7 `, :doc:`RHEL/CentOS 8 `) and adapt them to +>>>>>>> Stashed changes your needs. Here's some `additional guidance `_ for setting up an internal mirror for the |st2| repos. From b955264278987511ccec5c13c141f4256ec2f160 Mon Sep 17 00:00:00 2001 From: JP Bourget Date: Wed, 5 Feb 2020 16:05:53 -0500 Subject: [PATCH 6/9] build fixes --- docs/source/install/index.rst | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/docs/source/install/index.rst b/docs/source/install/index.rst index d57cefcd6..f238f48ef 100644 --- a/docs/source/install/index.rst +++ b/docs/source/install/index.rst @@ -15,11 +15,8 @@ Here's an overview of the options: * **Manual Installation:** Have custom needs? Maybe no Internet access from your servers? Or just don't like using scripted installs? Read the manual installation instructions for your OS (:doc:`Ubuntu 16 `, :doc:`Ubuntu 18 `, :doc:`RHEL/CentOS 6 `, -<<<<<<< Updated upstream - :doc:`RHEL/CentOS 7 `), :doc:`RHEL/CentOS 8 `and adapt them to -======= :doc:`RHEL/CentOS 7 `, :doc:`RHEL/CentOS 8 `) and adapt them to ->>>>>>> Stashed changes + your needs. Here's some `additional guidance `_ for setting up an internal mirror for the |st2| repos. From ec7631acc44d96a08ecfb0b33245e85bf322a19f Mon Sep 17 00:00:00 2001 From: JP Bourget Date: Thu, 6 Feb 2020 11:12:53 -0500 Subject: [PATCH 7/9] update sys reqs --- docs/source/install/system_requirements.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/source/install/system_requirements.rst b/docs/source/install/system_requirements.rst index 04d6798aa..ecaaeb88d 100644 --- a/docs/source/install/system_requirements.rst +++ b/docs/source/install/system_requirements.rst @@ -22,6 +22,9 @@ be automatically added when you install |st2|. +-------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | `Ubuntu 18.04 `_ | `bento/ubuntu-18.04 `_ | `Ubuntu Server 18.04 LTS Bionic `_ | +-------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| `RHEL 8 `_ / | `bento/centos-8.1 `_ | `Red Hat Enterprise Linux (RHEL) 8 (HVM) `_ | +| `CentOS 8.1 `_ | | | ++-------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | `RHEL 7 `_ / | `bento/centos-7.4 `_ | `Red Hat Enterprise Linux (RHEL) 7.2 (HVM) `_ | | `CentOS 7 `_ | | | +-------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ From a634847e2f2a113de740e020780527226f4009a1 Mon Sep 17 00:00:00 2001 From: JP Bourget Date: Fri, 7 Feb 2020 11:02:20 -0500 Subject: [PATCH 8/9] reorder some stuff --- docs/source/install/ewc.rst | 4 ++-- docs/source/install/index.rst | 4 ++-- docs/source/install/rhel8.rst | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/source/install/ewc.rst b/docs/source/install/ewc.rst index 44759acb8..1bed72267 100644 --- a/docs/source/install/ewc.rst +++ b/docs/source/install/ewc.rst @@ -41,8 +41,8 @@ replacing ``${EWC_LICENSE_KEY}`` with the license key you received when register ./install.sh --user=st2admin --password='Ch@ngeMe' --license=${EWC_LICENSE_KEY} To understand the full details of the installation procedure, or to install |ewc| manually, follow -the installation guide for your Linux version: :doc:`/install/u16`, :doc:`/install/u18`,:doc:`/install/rhel8`, :doc:`/install/rhel7`, -or :doc:`/install/rhel6`. It will walk you through installing and configuring StackStorm and |ewc|. +the installation guide for your Linux version: :doc:`/install/u16`, :doc:`/install/u18`, :doc:`/install/rhel6`, :doc:`/install/rhel7`, +or :doc:`/install/rhel8`. It will walk you through installing and configuring StackStorm and |ewc|. The last step of the instructions is "Upgrade to |ewc|". High Availability deployment diff --git a/docs/source/install/index.rst b/docs/source/install/index.rst index f238f48ef..7545bd7ce 100644 --- a/docs/source/install/index.rst +++ b/docs/source/install/index.rst @@ -88,9 +88,9 @@ For more details on reference deployments, or OS-specific installation instructi system_requirements Ubuntu 16.04 Ubuntu 18.04 - RHEL 8 / CentOS 8 - RHEL 7 / CentOS 7 RHEL 6 / CentOS 6 + RHEL 7 / CentOS 7 + RHEL 8 / CentOS 8 Kubernetes / HA Ansible Playbooks diff --git a/docs/source/install/rhel8.rst b/docs/source/install/rhel8.rst index 83df4e7fc..9fad77df3 100644 --- a/docs/source/install/rhel8.rst +++ b/docs/source/install/rhel8.rst @@ -194,7 +194,7 @@ the st2web configuration at ``/opt/stackstorm/static/webui/config.js``. Use your browser to connect to ``https://${ST2_HOSTNAME}`` and login to the WebUI. -.. _ref-rhel7-firewall: +.. _ref-rhel8-firewall: If you are unable to connect to the web browser, you may need to change the default firewall settings. You can do this with these commands: From 58e51a287a16c711cd648dace5e1fe7b6837103a Mon Sep 17 00:00:00 2001 From: JP Bourget Date: Wed, 12 Feb 2020 14:09:04 -0500 Subject: [PATCH 9/9] remove blank line --- docs/source/install/index.rst | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/source/install/index.rst b/docs/source/install/index.rst index 7545bd7ce..0590989ca 100644 --- a/docs/source/install/index.rst +++ b/docs/source/install/index.rst @@ -16,7 +16,6 @@ Here's an overview of the options: don't like using scripted installs? Read the manual installation instructions for your OS (:doc:`Ubuntu 16 `, :doc:`Ubuntu 18 `, :doc:`RHEL/CentOS 6 `, :doc:`RHEL/CentOS 7 `, :doc:`RHEL/CentOS 8 `) and adapt them to - your needs. Here's some `additional guidance `_ for setting up an internal mirror for the |st2| repos.