stackstorm安装
cd /opt/stackstorm/
[root@vm2 stackstorm]# ll
drwxr-xr-x 2 st2 root 6 May 6 02:41 configs
drwxr-xr-x 2 st2 root 6 May 6 02:41 exports
drwxr-xr-x 7 root root 80 Aug 13 18:45 mistral
drwxr-xr-x 2 st2 root 6 May 6 02:41 overrides
drwxr-xr-x 8 root root 85 Aug 13 21:56 packs
drwxr-xr-x 7 root root 100 Aug 13 18:17 st2
drwxr-xr-x 3 root root 19 Aug 13 22:09 static
drwxrwxr-x 3 root st2packs 17 Aug 13 21:56 virtualenvs
1、 用命令 getenforce 检查SELinux是否在Enforcing 模式
2、如果返回时Enforing,执行命令:
sudo yum install-y policycoreutils-python # SELinux管理工具
sudo setsebool -P httpd_can_network_connect 1 #运行nginx访问网络
sudo semanage port --list| grep -q 25672 || sudo semanage port -a -t amqp_port_t -p tcp 25672 #运行rabbitmq使用端口25672
3、安装mongodb, rabbitmq和postgresql
说明: 当前st2支持mongodb版本是 3.4,mongodb 3.4版本支持st2.2.0以上。在1.6.0版本之前的仅仅支持mongodb 2.x。
sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
获取最新的mongodb版本(3.4):
rpm --import https://www.mongodb.org/static/pgp/server-3.4.asc
vi /etc/yum.repos.d/mongodb-org-3.4.repo
[mongodb-org-3.4]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.4/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc
yum -y install crudini
yum -y install mongodb-org
yum -y install rabbitmq-server
systemctl start mongod rabbitmq-server
systemctl enable mongod rabbitmq-server
mongodb Dependency Installed:
mongodb-org-mongos.x86_64 0:3.4.24-1.el7
mongodb-org-server.x86_64 0:3.4.24-1.el7
mongodb-org-shell.x86_64 0:3.4.24-1.el7
mongodb-org-tools.x86_64 0:3.4.24-1.el7
rabbitmq Installed:
rabbitmq-server.noarch 0:3.3.5-34.el7
rabbitmq-server Dependency Installed:
erlang-asn1.x86_64 0:R16B-03.18.el7 erlang-compiler.x86_64 0:R16B-03.18.el7
erlang-crypto.x86_64 0:R16B-03.18.el7 erlang-erts.x86_64 0:R16B-03.18.el7
erlang-hipe.x86_64 0:R16B-03.18.el7 erlang-inets.x86_64 0:R16B-03.18.el7
erlang-kernel.x86_64 0:R16B-03.18.el7 erlang-mnesia.x86_64 0:R16B-03.18.el7
erlang-os_mon.x86_64 0:R16B-03.18.el7 erlang-otp_mibs.x86_64 0:R16B-03.18.el7
erlang-public_key.x86_64 0:R16B-03.18.el7 erlang-runtime_tools.x86_64 0:R16B-03.18.el7
erlang-sasl.x86_64 0:R16B-03.18.el7 erlang-sd_notify.x86_64 0:0.1-1.el7
erlang-snmp.x86_64 0:R16B-03.18.el7 erlang-ssl.x86_64 0:R16B-03.18.el7
erlang-stdlib.x86_64 0:R16B-03.18.el7 erlang-syntax_tools.x86_64 0:R16B-03.18.el7
erlang-tools.x86_64 0:R16B-03.18.el7 erlang-xmerl.x86_64 0:R16B-03.18.el7
lksctp-tools.x86_64 0:1.0.17-2.el7
安装redis:
yum install -y redis
Installed:
redis.x86_64 0:3.2.12-2.el7
Dependency Installed:
jemalloc.x86_64 0:3.6.0-1.el
systemctl start redis
systemctl enable redis
安装postgresql:
yum -y install postgresql-server postgresql-contrib postgresql-devel
Installed:
postgresql-contrib.x86_64 0:9.2.24-8.el7_9
postgresql-devel.x86_64 0:9.2.24-8.el7_9
postgresql-server.x86_64 0:9.2.24-8.el7_9
Dependency Installed:
postgresql.x86_64 0:9.2.24-8.el7_9
postgresql-libs.x86_64 0:9.2.24-8.el7_9
uuid.x86_64 0:1.6.2-26.el7
初始化PostgreSQL:
sudo postgresql-setup initdb
确保本地有权限访问pgsql,配置pgsql通过md5加密方式进行通讯:
sudo sed -i "s/(host.*all.*all.127.0.0.1/32.)ident/\1md5/" /var/lib/pgsql/data/pg_hba.conf
sudo sed -i "s/(host.all.all.::1/128.)ident/\1md5/" /var/lib/pgsql/data/pg_hba.conf
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
启动PostgreSQL服务:
systemctl start postgresql
systemctl enable postgresql
4、下载stackstorm程序库
以下脚本将检测您的平台和体系结构并设置适当的StackStorm存储库。 它还将添加用于软件包签名的GPG**。
curl -s https://packagecloud.io/install/repositories/StackStorm/stable/script.rpm.sh | sudo bash
-->其实就是配置sackstorm yum源 /etc/yum.repos.d/StackStorm_stable.repo
cat /etc/yum.repos.d/StackStorm_stable.repo
[StackStorm_stable]
name=StackStorm_stable
baseurl=https://packagecloud.io/StackStorm/stable/el/7/$basearch
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://packagecloud.io/StackStorm/stable/gpgkey
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
[StackStorm_stable-source]
name=StackStorm_stable-source
baseurl=https://packagecloud.io/StackStorm/stable/el/7/SRPMS
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://packagecloud.io/StackStorm/stable/gpgkey
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
5、安装stackstorm组件库
sudo yum install -y st2
#RabbitMQ、MongoDB、PostgreSQL如果服务应用在不同服务器上,只需要修改以下配置路径即可
RabbitMQ 在 /etc/st2/st2.conf 和/etc/mistral/mistral.conf
MongoDB 在 /etc/st2/st2.conf
PostgreSQL 在 /etc/mistral/mistral.conf
安装的所有包:
Installed:
st2.x86_64 0:3.7.0-2
Dependency Installed:
keyutils-libs-devel.x86_64 0:1.5.8-3.el7 krb5-devel.x86_64 0:1.15.1-54.el7_9
libcom_err-devel.x86_64 0:1.42.9-19.el7 libffi-devel.x86_64 0:3.0.13-19.el7
libkadm5.x86_64 0:1.15.1-54.el7_9 libselinux-devel.x86_64 0:2.5-15.el7
libsepol-devel.x86_64 0:2.5-10.el7 libtirpc.x86_64 0:0.2.4-0.16.el7
libverto-devel.x86_64 0:0.2.5-4.el7 openssl-devel.x86_64 1:1.0.2k-25.el7_9
pcre-devel.x86_64 0:8.32-17.el7 python-rpm-macros.noarch 0:3-34.el7
python3.x86_64 0:3.6.8-18.el7 python3-devel.x86_64 0:3.6.8-18.el7
python3-libs.x86_64 0:3.6.8-18.el7 python3-pip.noarch 0:9.0.3-8.el7
python3-rpm-generators.noarch 0:6-2.el7 python3-rpm-macros.noarch 0:3-34.el7
python3-setuptools.noarch 0:39.2.0-10.el7 zlib-devel.x86_64 0:1.2.7-20.el7_9
Dependency Updated:
krb5-libs.x86_64 0:1.15.1-54.el7_9 openssl.x86_64 1:1.0.2k-25.el7_9 openssl-libs.x86_64 1:1.0.2k-25.el7_9
zlib.x86_64 0:1.2.7-20.el7_9
安装st2mistral:
yum install -y st2mistral
Installed:
st2mistral.x86_64 0:3.2.0-1
Dependency Installed:
libyaml.x86_64 0:0.1.4-11.el7_0
6、设置数据存储加密
Key-Value存储方案允许用户存储加密后的Value值。 这些值使用对称加密(AES256)进行存储:
DATASTORE_ENCRYPTION_KEYS_DIRECTORY="/etc/st2/keys"
DATASTORE_ENCRYPTION_KEY_PATH="${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}/datastore_key.json"
mkdir -p ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}
st2-generate-symmetric-crypto-key --key-path ${DATASTORE_ENCRYPTION_KEY_PATH}
仅仅允许st2用户读取数据
chgrp st2 ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}
chmod o-r ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}
chgrp st2 ${DATASTORE_ENCRYPTION_KEY_PATH}
chmod o-r ${DATASTORE_ENCRYPTION_KEY_PATH}
设置密钥配置,生成一个加密密钥文件,并存放至指定位置。在配置文件中设置key的路径,:
crudini --set /etc/st2/st2.conf keyvalue encryption_key_path ${DATASTORE_ENCRYPTION_KEY_PATH}
st2ctl restart-component st2api
7、设置Mistral数据库
通过如下命令来设置Mistral PostgreSQL数据库:
# 在PostgreSQL中创建 Mistral数据库
cat << EHD | sudo -u postgres psql
CREATE ROLE mistral WITH CREATEDB LOGIN ENCRYPTED PASSWORD 'StackStorm';
CREATE DATABASE mistral OWNER mistral;
EHD
# 设置Ministral数据库表
/opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head
# 注册mistral动作
/opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf populate | grep -v -e openstack -e keystone
8、配置SSH和SUDO
要运行本地和远程shell操作,StackStorm使用特殊的系统用户(默认为stanley)。对于远程Linux操作,使用SSH。建议在所有远程主机上配置基于公共**的SSH访问。我们还建议配置SSH访问localhost以运行示例和测试。
创建StackStorm系统用户,启用无密码sudo,并设置对“localhost”的ssh访问权限,以便可以在本地测试基于SSH的操作。
创建SSH系统用户 (默认stanley 用户已经存在)
useradd stanley
mkdir -p /home/stanley/.ssh
chmod 0700 /home/stanley/.ssh
生成SSH:
ssh-keygen -f /home/stanley/.ssh/stanley_rsa -P ""
授权key访问权限:
sh -c 'cat /home/stanley/.ssh/stanley_rsa.pub >> /home/stanley/.ssh/authorized_keys'
chown -R stanley:stanley /home/stanley/.ssh
开启无密码sudo(配置stanley执行sudo免密):
sh -c 'echo "stanley ALL=(ALL) NOPASSWD: SETENV: ALL" >> /etc/sudoers.d/st2'
chmod 0440 /etc/sudoers.d/st2
Make sure Defaults requiretty is disabled in /etc/sudoers
sed -i -r "s/^Defaults\s++?requiretty/# Defaults +requiretty/g" /etc/sudoers
在StackStorm将通过SSH运行远程操作的远程主机上配置SSH访问并启用无密码sudo。 使用上一步中生成的公钥,按照配置SSH中的说明操作。 要控制Windows框,请为Windows runner配置访问权限。
如果使用的是其他用户或SSH密钥的路径,则需要在/etc/st2/st2.conf中修改此部分:
[system_user]
user = stanley
ssh_key_file = /home/stanley/.ssh/stanley_rsa
启动服务:
启动stackstorm服务:
st2ctl start
注册sensors,rules, actions:
st2ctl reload
9、验证服务
验证stackstorm是否安装成功:
# st2 --version
st2 3.7.0, on Python 3.6.8
遍历核心包的所有动作:
st2 action list --pack=core
# 本地执行一个shell命令:
st2 run core.local -- date -R
# 查看命令执行结果:
st2 execution list
# 通过ssh远程执行命令(无密码sudo)
st2 run core.remote hosts='localhost' -- uname -a
# 安装包:
st2 pack install st2
#st2ctl相关的控制命令
#st2ctl start|stop|status|restart|restart-component|reload|clean
