diff --git a/docs/source/install/__mongodb_note.rst b/docs/source/install/__mongodb_note.rst index c382466f3..309555bf0 100644 --- a/docs/source/install/__mongodb_note.rst +++ b/docs/source/install/__mongodb_note.rst @@ -1,9 +1,6 @@ .. note:: - The currently supported versions of MongoDB are 3.4 and 4.0. This is the version installed by - the installer script. MongoDB 4.0 is installed by default on Ubuntu 18.04 and RHEL/CentOS8. + The currently supported version of MongoDB is 4.0. This is the version installed by + the installer script. - MongoDB 3.6 is also supported by StackStorm >= 3.0.0, but we have observed some - performance regressions with MongoDB 3.6 so the default version which is installed on Ubuntu - Xenial (16.04) and EL7 (CentOS 7 and RHEL 7) is still 3.4. - \ No newline at end of file + diff --git a/docs/source/install/ansible.rst b/docs/source/install/ansible.rst index f04169ef9..5cd8b2bb4 100644 --- a/docs/source/install/ansible.rst +++ b/docs/source/install/ansible.rst @@ -20,7 +20,6 @@ Our Ansible playbooks support the same platforms as manual installation, i.e.: * Ubuntu Xenial (16.04) * Ubuntu Bionic (18.04) -* RHEL 6/CentOS 6 * RHEL 7/CentOS 7 * RHEL 8/CentOS 8 diff --git a/docs/source/install/ewc.rst b/docs/source/install/ewc.rst index 1bed72267..fd0522c92 100644 --- a/docs/source/install/ewc.rst +++ b/docs/source/install/ewc.rst @@ -41,7 +41,7 @@ replacing ``${EWC_LICENSE_KEY}`` with the license key you received when register ./install.sh --user=st2admin --password='Ch@ngeMe' --license=${EWC_LICENSE_KEY} To understand the full details of the installation procedure, or to install |ewc| manually, follow -the installation guide for your Linux version: :doc:`/install/u16`, :doc:`/install/u18`, :doc:`/install/rhel6`, :doc:`/install/rhel7`, +the installation guide for your Linux version: :doc:`/install/u16`, :doc:`/install/u18`, :doc:`/install/rhel7`, :doc:`/install/rhel8`, or :doc:`/install/rhel8`. It will walk you through installing and configuring StackStorm and |ewc|. The last step of the instructions is "Upgrade to |ewc|". diff --git a/docs/source/install/index.rst b/docs/source/install/index.rst index 0590989ca..67e2f5525 100644 --- a/docs/source/install/index.rst +++ b/docs/source/install/index.rst @@ -14,7 +14,7 @@ Here's an overview of the options: ` section below for details. * **Manual Installation:** Have custom needs? Maybe no Internet access from your servers? Or just don't like using scripted installs? Read the manual installation instructions for your OS - (:doc:`Ubuntu 16 `, :doc:`Ubuntu 18 `, :doc:`RHEL/CentOS 6 `, + (:doc:`Ubuntu 16 `, :doc:`Ubuntu 18 `, :doc:`RHEL/CentOS 7 `, :doc:`RHEL/CentOS 8 `) and adapt them to your needs. Here's some `additional guidance `_ for setting up an @@ -87,7 +87,6 @@ For more details on reference deployments, or OS-specific installation instructi system_requirements Ubuntu 16.04 Ubuntu 18.04 - RHEL 6 / CentOS 6 RHEL 7 / CentOS 7 RHEL 8 / CentOS 8 Kubernetes / HA diff --git a/docs/source/install/puppet.rst b/docs/source/install/puppet.rst index e479d4e14..65f3eb6ae 100644 --- a/docs/source/install/puppet.rst +++ b/docs/source/install/puppet.rst @@ -29,8 +29,8 @@ The Puppet module supports the same platforms as manual installation, i.e.: * Ubuntu Trusty (14.04) * Ubuntu Xenial (16.04) -* RHEL 6/CentOS 6 * RHEL 7/CentOS 7 +* RHEL 8/CentOS 8 The same system size :doc:`requirements ` also apply. diff --git a/docs/source/install/rhel6.rst b/docs/source/install/rhel6.rst deleted file mode 100644 index 1741f856f..000000000 --- a/docs/source/install/rhel6.rst +++ /dev/null @@ -1,309 +0,0 @@ -RHEL 6/CentOS 6 -=============== - -.. include:: common/intro.rst - -.. contents:: Contents - :local: - -System Requirements -------------------- - -Please check the :doc:`supported versions and system requirements `. - -Minimal Installation --------------------- - -Install libffi-devel Package -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -RHEL 6 may not ship with ``libffi-devel`` package, which is a dependency for |st2|. If that is the -case, set up the ``server-optional`` repository, following the instructions at -https://access.redhat.com/solutions/265523. -Or, find a version of ``libffi-devel`` compatible with the ``libffi`` version installed. For -example: - -.. code :: bash - - [ec2-user@ip-172-30-0-79 ~]$ rpm -qa libffi - libffi-3.0.5-3.2.el6.x86_64 - - sudo yum localinstall -y ftp://rpmfind.net/linux/centos/6.9/os/x86_64/Packages/libffi-devel-3.0.5-3.2.el6.x86_64.rpm - -Use a service such as http://rpmfind.net to find the required RPM. - -Adjust SELinux Policies -~~~~~~~~~~~~~~~~~~~~~~~ - -If your system has SELinux in Enforcing mode, please follow these instructions to adjust SELinux -policies. This is needed for successful installation. If you are not happy with these policies, -you may want to tweak them according to your security practices. - -* First check if SELinux is in Enforcing mode: - - .. code-block:: bash - - getenforce - -* If the previous command returns 'Enforcing', then run the following commands: - - .. code-block:: bash - - # SELINUX management tools, not available for some minimal installations - sudo yum install -y policycoreutils-python - - # Allow network access for nginx - sudo setsebool -P httpd_can_network_connect 1 - -.. note:: - - If you see messages like "SELinux: Could not downgrade policy file", it means you are trying to - adjust policy configurations when SELinux is disabled. You can ignore this error. - -Install Dependencies -~~~~~~~~~~~~~~~~~~~~ - -.. include:: __mongodb_note.rst - -Install MongoDB, RabbitMQ, and PostgreSQL: - -.. code-block:: bash - - sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm - - # Add key and repo for the latest stable MongoDB (3.4) - sudo rpm --import https://www.mongodb.org/static/pgp/server-3.4.asc - sudo sh -c "cat < /etc/yum.repos.d/mongodb-org-3.4.repo - [mongodb-org-3.4] - name=MongoDB Repository - baseurl=https://repo.mongodb.org/yum/redhat/6/mongodb-org/3.4/x86_64/ - gpgcheck=1 - enabled=1 - gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc - EOT" - - sudo yum -y install crudini - sudo yum -y install mongodb-org - sudo yum -y install rabbitmq-server - sudo service mongod start - sudo service rabbitmq-server start - sudo chkconfig mongod on - sudo chkconfig rabbitmq-server on - - # Install and configure postgres 9.4. Based on the OS type, install the ``redhat`` one or ``centos`` one. - # RHEL: - if grep -q "Red Hat" /etc/redhat-release; then sudo yum -y localinstall http://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/pgdg-redhat94-9.4-3.noarch.rpm; fi - - # CentOS: - if grep -q "CentOS" /etc/redhat-release; then sudo yum -y localinstall http://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/pgdg-centos94-9.4-3.noarch.rpm; fi - - sudo yum -y install postgresql94-server postgresql94-contrib postgresql94-devel - - # Initialize PostgreSQL - sudo service postgresql-9.4 initdb - - # Make localhost connections to use an MD5-encrypted password for authentication - sudo sed -i "s/\(host.*all.*all.*127.0.0.1\/32.*\)ident/\1md5/" /var/lib/pgsql/9.4/data/pg_hba.conf - sudo sed -i "s/\(host.*all.*all.*::1\/128.*\)ident/\1md5/" /var/lib/pgsql/9.4/data/pg_hba.conf - - # Start PostgreSQL service - sudo service postgresql-9.4 start - sudo chkconfig postgresql-9.4 on - - -Setup Repositories -~~~~~~~~~~~~~~~~~~ - -The following script will detect your platform and architecture and setup the appropriate |st2| -repository. It will also add the the GPG key used for package signing. - -.. code-block:: bash - - curl -s https://packagecloud.io/install/repositories/StackStorm/stable/script.rpm.sh | sudo bash - -Install |st2| Components -~~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: bash - - sudo yum install -y st2 st2mistral - -.. include:: common/configure_components.rst - -Setup Datastore Encryption -~~~~~~~~~~~~~~~~~~~~~~~~~~ - -.. include:: common/datastore_crypto_key.rst - -Setup Mistral Database -~~~~~~~~~~~~~~~~~~~~~~ - -.. include:: common/setup_mistral_database.rst - -Configure SSH and SUDO -~~~~~~~~~~~~~~~~~~~~~~ - -.. include:: common/configure_ssh_and_sudo.rst - -Start Services -~~~~~~~~~~~~~~ - -.. include:: common/start_services.rst - -Verify -~~~~~~ - -.. include:: common/verify.rst - -Configure Authentication ------------------------- - -The reference deployment uses a file-based authentication provider for simplicity. Refer to -:doc:`/authentication` to configure and use PAM or LDAP authentication backends. - -To set up authentication with file-based provider: - -* Create a user with a password: - - .. code-block:: bash - - # Install htpasswd utility if you don't have it - sudo yum -y install httpd-tools - # Create a user record in a password file. - sudo htpasswd -bs /etc/st2/htpasswd st2admin 'Ch@ngeMe' - -.. include:: common/configure_authentication.rst - -Install WebUI and Setup SSL Termination ---------------------------------------- - -`NGINX `_ is used to serve WebUI static files, redirect HTTP to HTTPS, provide -SSL termination, and reverse-proxy st2auth and st2api API endpoints. To set it up: install the -``st2web`` and ``nginx`` packages, generate certificates or place your existing certificates under -``/etc/ssl/st2``, and configure nginx with |st2|'s supplied :github_st2:`site config file st2.conf -`. - -|st2| depends on Nginx version >=1.7.5. RHEL has an older version in the package repositories, so -you will need to add the official Nginx repository: - -.. code-block:: bash - - # Add key and repo for the latest stable nginx - sudo rpm --import http://nginx.org/keys/nginx_signing.key - sudo sh -c "cat < /etc/yum.repos.d/nginx.repo - [nginx] - name=nginx repo - baseurl=http://nginx.org/packages/rhel/\\\$releasever/x86_64/ - gpgcheck=1 - enabled=1 - EOT" - - # Ensure that EPEL repo is not used for nginx - sudo sed -i 's/^\(enabled=1\)$/exclude=nginx\n\1/g' /etc/yum.repos.d/epel.repo - - # Install nginx - sudo yum install -y nginx - - # Install st2web - sudo yum install -y st2web - - # Generate a self-signed certificate or place your existing certificate under /etc/ssl/st2 - sudo mkdir -p /etc/ssl/st2 - - sudo openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/st2/st2.key -out /etc/ssl/st2/st2.crt \ - -days 365 -nodes -subj "/C=US/ST=California/L=Palo Alto/O=StackStorm/OU=Information \ - Technology/CN=$(hostname)" - - # Copy and enable the supplied nginx config file - sudo cp /usr/share/doc/st2/conf/nginx/st2.conf /etc/nginx/conf.d/ - - # Disable default_server configuration in existing /etc/nginx/nginx.conf - sudo sed -i 's/default_server//g' /etc/nginx/conf.d/default.conf - - sudo service nginx restart - sudo chkconfig nginx on - -If you modify ports, or url paths in the nginx configuration, make the corresponding changes in -the st2web configuration at ``/opt/stackstorm/static/webui/config.js``. - -Use your browser to connect to ``https://${ST2_HOSTNAME}`` and login to the WebUI. - -.. include:: common/api_access.rst - -Setup ChatOps -------------- - -If you already run a Hubot instance, you can install the `hubot-stackstorm plugin -`_ and configure |st2| environment variables, as -described below. Otherwise, the easiest way to enable :doc:`StackStorm ChatOps ` -is to use the `st2chatops `_ package. - -* Validate that the ``chatops`` pack is installed, and a notification rule is enabled: - - .. code-block:: bash - - # Ensure chatops pack is in place - ls /opt/stackstorm/packs/chatops - # Create notification rule if not yet enabled - st2 rule get chatops.notify || st2 rule create /opt/stackstorm/packs/chatops/rules/notify_hubot.yaml - -* Add `NodeJS v10 repository `_: - - .. code-block:: bash - - curl -sL https://rpm.nodesource.com/setup_10.x | sudo -E bash - - -* Install the ``st2chatops`` package: - - .. code-block:: bash - - sudo yum install -y st2chatops - -.. include:: common/configure_chatops.rst - -* Start the service: - - .. code-block:: bash - - sudo service st2chatops start - - # Ensure it will start on boot - sudo chkconfig st2chatops on - -* Reload st2 packs to make sure the ``chatops.notify`` rule is registered: - - .. code-block:: bash - - sudo st2ctl reload --register-all - -* That's it! Go to your Chat room and begin ChatOps-ing. Read more in the :doc:`/chatops/index` - section. - -A Note on Security ------------------- - -.. include:: common/security_notes.rst - -Upgrade to |ewc| ----------------- - -.. include:: common/ewc_intro.rst - -.. code-block:: bash - - # Set up Extreme Workflow Composer repository access, install Enterprise packages and configure RBAC - curl -sSL -O https://stackstorm.com/ewc/install.sh && chmod +x install.sh - ./install.sh --user=st2admin --password='Ch@ngeMe' --license=${EWC_LICENSE_KEY} - -.. rubric:: What's Next? - -* Check out the :doc:`/start` Guide to build a simple automation. -* Get more actions, triggers, rules: - - - * Install integration packs from `StackStorm Exchange `__ - follow the :doc:`/packs` guide. - * :ref:`Convert your scripts into StackStorm actions. ` - * Learn how to :ref:`write custom actions `. - -* Use workflows to stitch actions into higher level automations - :doc:`/workflows`. -* Check out `tutorials on stackstorm.com `__ diff --git a/docs/source/install/system_requirements.rst b/docs/source/install/system_requirements.rst index ecaaeb88d..72f180b0b 100644 --- a/docs/source/install/system_requirements.rst +++ b/docs/source/install/system_requirements.rst @@ -22,15 +22,12 @@ be automatically added when you install |st2|. +-------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | `Ubuntu 18.04 `_ | `bento/ubuntu-18.04 `_ | `Ubuntu Server 18.04 LTS Bionic `_ | +-------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| `RHEL 8 `_ / | `bento/centos-8.1 `_ | `Red Hat Enterprise Linux (RHEL) 8 (HVM) `_ | -| `CentOS 8.1 `_ | | | +| `RHEL 8 `_ / | `bento/centos-8.2 `_ | `Red Hat Enterprise Linux (RHEL) 8 (HVM) `_ | +| `CentOS 8.2 `_ | | | +-------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | `RHEL 7 `_ / | `bento/centos-7.4 `_ | `Red Hat Enterprise Linux (RHEL) 7.2 (HVM) `_ | | `CentOS 7 `_ | | | +-------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| `RHEL 6 `_ / | `bento/centos-6.7 `_ | `Red Hat Enterprise Linux (RHEL) 6 (HVM) `_ | -| `CentOS 6 `_ | | | -+-------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+ This is the recommended minimum sizing for testing and deploying |st2|: @@ -78,9 +75,7 @@ on the two most recent major supported releases for those distributions. Specifi Support for Ubuntu ``14.04`` has been removed, as it is now End of Life. |st2| 3.0 is the last release that supports Ubuntu ``14.04``. -* **RHEL/CentOS**: We currently support RHEL/CentOS ``6.x`` and ``7.x``. In general, we recommend using +* **RHEL/CentOS**: We currently support RHEL/CentOS ``7.x`` and ``8.x``. In general, we recommend using the most recent version in that series, but any version may be used. - We are now beginning testing with RHEL ``8.0``. We anticipate adding support with |st2| 3.2. When - we add that support, we will remove support for RHEL ``6.x``. We expect that |st2| 3.1 will be - the last version that supports RHEL ``6.x``. + Support for RHEL/CentOS ``6.x`` has been removed. |st2| 3.2 is the last release that supported RHEL/CentOS ``6.x``. diff --git a/docs/source/install/uninstall.rst b/docs/source/install/uninstall.rst index 87540b51f..e10f7dbd6 100644 --- a/docs/source/install/uninstall.rst +++ b/docs/source/install/uninstall.rst @@ -40,7 +40,7 @@ below. Only execute the instructions for your distribution. 1. Stop Services ---------------- -* Ubuntu systems: +* Ubuntu 16.04: .. sourcecode:: bash @@ -50,15 +50,14 @@ below. Only execute the instructions for your distribution. sudo service mongod stop sudo service rabbitmq-server stop -* RHEL/CentOS 6.x: +* Ubuntu 18.04: .. sourcecode:: bash sudo st2ctl stop sudo service nginx stop - sudo service postgresql-9.4 stop sudo service mongod stop - + sudo service rabbitmq-server stop * RHEL/CentOS 7.x: @@ -83,7 +82,7 @@ below. Only execute the instructions for your distribution. 2. Remove Packages ------------------ -* Ubuntu: +* Ubuntu 16: If you are using StackStorm only: @@ -98,19 +97,49 @@ below. Only execute the instructions for your distribution. sudo apt-get purge st2 st2mistral st2chatops st2web bwc-ui st2flow -* RHEL/CentOS: +* Ubuntu 18.04: + + If you are using StackStorm only: + + .. sourcecode:: bash + + sudo apt-get purge st2 st2chatops st2web + + If you have |ewc| installed, instead use: + + .. sourcecode:: bash + + sudo apt-get purge st2 st2chatops st2web bwc-ui st2flow + + +* RHEL/CentOS 7.x: + + If you are using StackStorm only: + + .. sourcecode:: bash + + sudo yum erase st2 st2mistral st2chatops st2web + + If you have |ewc| installed, instead use: + + .. sourcecode:: bash + + sudo yum erase st2 st2mistral st2chatops st2web bwc-ui st2flow + + +* RHEL/CentOS 8.x: If you are using StackStorm only: .. sourcecode:: bash - sudo yum erase st2 st2mistral st2chatops st2web st2python + sudo yum erase st2 st2chatops st2web If you have |ewc| installed, instead use: .. sourcecode:: bash - sudo yum erase st2 st2mistral st2chatops st2web st2python bwc-ui st2flow + sudo yum erase st2 st2chatops st2web bwc-ui st2flow 3. Remove |st2| System User diff --git a/docs/source/install/upgrades.rst b/docs/source/install/upgrades.rst index cffd0582f..a17152645 100644 --- a/docs/source/install/upgrades.rst +++ b/docs/source/install/upgrades.rst @@ -136,8 +136,14 @@ This is the standard upgrade procedure: sudo yum update st2 st2web st2chatops st2mistral + .. note:: + + Omit st2mistral from list of packages if Mistral is not installed in your installation + 3. Upgrade Mistral database: + This step can be skipped if Mistral is not installed in your installation + .. sourcecode:: bash /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head