From 7191fda1837cb9fe7c19f54298875c48c7d9196b Mon Sep 17 00:00:00 2001 From: Tomaz Muraus Date: Mon, 9 Jan 2017 10:24:37 +0100 Subject: [PATCH 01/23] Update install scripts to configure MongoDB to listen on localhost only by default. That's already a default in some versions, but we still should do it bo be on the safe side. --- scripts/st2bootstrap-deb.sh | 5 +++++ scripts/st2bootstrap-el6.sh | 4 ++++ scripts/st2bootstrap-el7.sh | 4 ++++ 3 files changed, 13 insertions(+) diff --git a/scripts/st2bootstrap-deb.sh b/scripts/st2bootstrap-deb.sh index d6d9b36c..22571a11 100644 --- a/scripts/st2bootstrap-deb.sh +++ b/scripts/st2bootstrap-deb.sh @@ -189,9 +189,14 @@ install_mongodb() { sudo apt-get update sudo apt-get install -y mongodb-org + # Configure MongoDB to listen on localhost only + sudo sed -i -e "s#bindIp:.*#bindIp: 127.0.0.1#g" /etc/mongod.conf + if [[ "$SUBTYPE" == 'xenial' ]]; then sudo systemctl enable mongod sudo systemctl start mongod + else + sudo service mongod restart fi } get_full_pkg_versions() { diff --git a/scripts/st2bootstrap-el6.sh b/scripts/st2bootstrap-el6.sh index 641ff079..94270013 100644 --- a/scripts/st2bootstrap-el6.sh +++ b/scripts/st2bootstrap-el6.sh @@ -281,6 +281,10 @@ gpgkey=https://www.mongodb.org/static/pgp/server-3.2.asc EOT" sudo yum -y install mongodb-org + + # Configure MongoDB to listen on localhost only + sudo sed -i -e "s#bindIp:.*#bindIp: 127.0.0.1#g" /etc/mongod.conf + sudo service mongod start sudo chkconfig mongod on } diff --git a/scripts/st2bootstrap-el7.sh b/scripts/st2bootstrap-el7.sh index d2e1c117..02f0dfb7 100644 --- a/scripts/st2bootstrap-el7.sh +++ b/scripts/st2bootstrap-el7.sh @@ -264,6 +264,10 @@ gpgkey=https://www.mongodb.org/static/pgp/server-3.2.asc EOT" sudo yum -y install mongodb-org + + # Configure MongoDB to listen on localhost only + sudo sed -i -e "s#bindIp:.*#bindIp: 127.0.0.1#g" /etc/mongod.conf + sudo systemctl start mongod sudo systemctl enable mongod } From fd5d7440dffefa485e60b6b0a9c7344e4aab46ac Mon Sep 17 00:00:00 2001 From: Tomaz Muraus Date: Mon, 9 Jan 2017 11:28:26 +0100 Subject: [PATCH 02/23] Update debian bootstrap script to enable RBAC for MongoDB and create new admin and stackstorm user which is used for database access. --- scripts/st2bootstrap-deb.sh | 55 ++++++++++++++++++++++++++++++++++++- 1 file changed, 54 insertions(+), 1 deletion(-) diff --git a/scripts/st2bootstrap-deb.sh b/scripts/st2bootstrap-deb.sh index 22571a11..5fc76e76 100644 --- a/scripts/st2bootstrap-deb.sh +++ b/scripts/st2bootstrap-deb.sh @@ -15,6 +15,8 @@ ST2CHATOPS_PKG_VERSION='' DEV_BUILD='' USERNAME='' PASSWORD='' +ST2_MONGODB_PASSWORD='' +ST2_POSTGRESQL_PASSWORD='' SUBTYPE=`lsb_release -a 2>&1 | grep Codename | grep -v "LSB" | awk '{print $2}'` if [[ "$SUBTYPE" != 'trusty' && "$SUBTYPE" != 'xenial' ]]; then echo "Unsupported ubuntu flavor ${SUBTYPE}. Please use 14.04 (trusty) or 16.04 (xenial) as base system!" @@ -59,6 +61,14 @@ setup_args() { PASSWORD="${i#*=}" shift ;; + --st2-mongodb-password=*) + ST2_MONGODB_PASSWORD="${i#*=}" + shift + ;; + --st2-postgresql-password=*) + ST2_POSTGRESQL_PASSWORD="${i#*=}" + shift + ;; *) # unknown option ;; @@ -99,6 +109,16 @@ setup_args() { echo "###############################################################################" fi + if [[ -z "${ST2_MONGODB_PASSWORD}" ]]; then + >&2 echo "ERROR: The --st2-mongodb-password option is not provided. Please provide a password to set for MongoDB access." + exit 1 + fi + + if [[ -z "${ST2_POSTGRESQL_PASSWORD}" ]]; then + >&2 echo "ERROR: The --st2-postgresql-password option is not provided. Please provide a password to set for PostgreSQL access." + exit 1 + fi + if [[ "$USERNAME" = '' || "$PASSWORD" = '' ]]; then echo "Let's set StackStorm admin credentials." echo "You can also use \"--user\" and \"--password\" for unattended installation." @@ -181,6 +201,7 @@ install_st2_dependencies() { sudo apt-get install -y curl sudo apt-get install -y rabbitmq-server } + install_mongodb() { # Add key and repo for the latest stable MongoDB (3.2) sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927 @@ -192,6 +213,34 @@ install_mongodb() { # Configure MongoDB to listen on localhost only sudo sed -i -e "s#bindIp:.*#bindIp: 127.0.0.1#g" /etc/mongod.conf + # Create admin user and user used by StackStorm + mongo <> /etc/mongod.conf' + if [[ "$SUBTYPE" == 'xenial' ]]; then sudo systemctl enable mongod sudo systemctl start mongod @@ -260,7 +309,7 @@ install_st2() { sudo apt-get install -yf rm ${PACKAGE_FILENAME} fi - + sudo st2ctl start sleep 5 sudo st2ctl reload --register-all @@ -306,6 +355,10 @@ configure_st2_authentication() { sudo crudini --set /etc/st2/st2.conf auth backend 'flat_file' sudo crudini --set /etc/st2/st2.conf auth backend_kwargs '{"file_path": "/etc/st2/htpasswd"}' + # Configure [database] section in st2.conf (username password for MongoDB access) + sudo crudini --set /etc/st2/st2.conf database username "stackstorm" + sudo crudini --set /etc/st2/st2.conf database password "${ST2_MONGODB_PASSWORD}" + sudo st2ctl restart-component st2api sudo st2ctl restart-component st2stream } From f574eb9d2894f31b7b7ee219190ff68b41c5e07d Mon Sep 17 00:00:00 2001 From: Tomaz Muraus Date: Mon, 9 Jan 2017 11:38:45 +0100 Subject: [PATCH 03/23] Also set password for mistral postgresql user. --- scripts/st2bootstrap-deb.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/scripts/st2bootstrap-deb.sh b/scripts/st2bootstrap-deb.sh index 5fc76e76..658138f0 100644 --- a/scripts/st2bootstrap-deb.sh +++ b/scripts/st2bootstrap-deb.sh @@ -430,7 +430,7 @@ install_st2mistral_depdendencies() { sudo apt-get install -y postgresql cat << EHD | sudo -u postgres psql -CREATE ROLE mistral WITH CREATEDB LOGIN ENCRYPTED PASSWORD 'StackStorm'; +CREATE ROLE mistral WITH CREATEDB LOGIN ENCRYPTED PASSWORD '${ST2_POSTGRESQL_PASSWORD}'; CREATE DATABASE mistral OWNER mistral; EHD } @@ -449,8 +449,12 @@ install_st2mistral() { rm ${PACKAGE_FILENAME} fi + # Configure database settings + sudo crudini --set /etc/st2/st2.conf database connection "postgresql://mistral:${ST2_POSTGRESQL_PASSWORD}@localhost/mistral" + # Setup Mistral DB tables, etc. /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head + # Register mistral actions /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf populate From f6d5a2893dac393ea94c53e54ffcb5d14db6159d Mon Sep 17 00:00:00 2001 From: Tomaz Muraus Date: Mon, 9 Jan 2017 11:40:52 +0100 Subject: [PATCH 04/23] Installer crudini early on. --- scripts/st2bootstrap-deb.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/scripts/st2bootstrap-deb.sh b/scripts/st2bootstrap-deb.sh index 658138f0..5fc1813f 100644 --- a/scripts/st2bootstrap-deb.sh +++ b/scripts/st2bootstrap-deb.sh @@ -200,6 +200,9 @@ install_st2_dependencies() { sudo apt-get install -y gnupg-curl sudo apt-get install -y curl sudo apt-get install -y rabbitmq-server + + # Various other dependencies needed by st2 and installer script + sudo apt-get install -y crudini } install_mongodb() { @@ -344,8 +347,8 @@ configure_st2_user () { } configure_st2_authentication() { - # Install htpasswd and tool for editing ini files - sudo apt-get install -y apache2-utils crudini + # Install htpasswd tool for editing ini files + sudo apt-get install -y apache2-utils # Create a user record in a password file. sudo echo "${PASSWORD}" | sudo htpasswd -i /etc/st2/htpasswd $USERNAME From 1eb2bd1d2810d2e7f317e9eb0a965a1695bd2c64 Mon Sep 17 00:00:00 2001 From: Tomaz Muraus Date: Mon, 9 Jan 2017 11:47:28 +0100 Subject: [PATCH 05/23] Generate random password inline, no need to pass it to the script. --- scripts/st2bootstrap-deb.sh | 30 ++++++++++-------------------- 1 file changed, 10 insertions(+), 20 deletions(-) diff --git a/scripts/st2bootstrap-deb.sh b/scripts/st2bootstrap-deb.sh index 5fc1813f..af2111fc 100644 --- a/scripts/st2bootstrap-deb.sh +++ b/scripts/st2bootstrap-deb.sh @@ -15,8 +15,6 @@ ST2CHATOPS_PKG_VERSION='' DEV_BUILD='' USERNAME='' PASSWORD='' -ST2_MONGODB_PASSWORD='' -ST2_POSTGRESQL_PASSWORD='' SUBTYPE=`lsb_release -a 2>&1 | grep Codename | grep -v "LSB" | awk '{print $2}'` if [[ "$SUBTYPE" != 'trusty' && "$SUBTYPE" != 'xenial' ]]; then echo "Unsupported ubuntu flavor ${SUBTYPE}. Please use 14.04 (trusty) or 16.04 (xenial) as base system!" @@ -61,14 +59,6 @@ setup_args() { PASSWORD="${i#*=}" shift ;; - --st2-mongodb-password=*) - ST2_MONGODB_PASSWORD="${i#*=}" - shift - ;; - --st2-postgresql-password=*) - ST2_POSTGRESQL_PASSWORD="${i#*=}" - shift - ;; *) # unknown option ;; @@ -109,16 +99,6 @@ setup_args() { echo "###############################################################################" fi - if [[ -z "${ST2_MONGODB_PASSWORD}" ]]; then - >&2 echo "ERROR: The --st2-mongodb-password option is not provided. Please provide a password to set for MongoDB access." - exit 1 - fi - - if [[ -z "${ST2_POSTGRESQL_PASSWORD}" ]]; then - >&2 echo "ERROR: The --st2-postgresql-password option is not provided. Please provide a password to set for PostgreSQL access." - exit 1 - fi - if [[ "$USERNAME" = '' || "$PASSWORD" = '' ]]; then echo "Let's set StackStorm admin credentials." echo "You can also use \"--user\" and \"--password\" for unattended installation." @@ -193,6 +173,12 @@ check_st2_host_dependencies() { fi } +generate_random_passwords() { + # Generate random password used for MongoDB and PostgreSQL user authentication + ST2_MONGODB_PASSWORD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24 ; echo '') + ST2_POSTGRESQL_PASSWORD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24 ; echo '') +} + install_st2_dependencies() { sudo apt-get update @@ -216,6 +202,9 @@ install_mongodb() { # Configure MongoDB to listen on localhost only sudo sed -i -e "s#bindIp:.*#bindIp: 127.0.0.1#g" /etc/mongod.conf + # Generate random password used for user authentication + ST2_MONGODB_PASSWORD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24 ; echo '') + # Create admin user and user used by StackStorm mongo < Date: Mon, 9 Jan 2017 12:00:33 +0100 Subject: [PATCH 06/23] Make the same changes in the EL6 and EL7 installer script. --- scripts/st2bootstrap-deb.sh | 3 --- scripts/st2bootstrap-el6.sh | 48 ++++++++++++++++++++++++++++++++--- scripts/st2bootstrap-el7.sh | 50 ++++++++++++++++++++++++++++++++++--- 3 files changed, 91 insertions(+), 10 deletions(-) diff --git a/scripts/st2bootstrap-deb.sh b/scripts/st2bootstrap-deb.sh index af2111fc..40dbef34 100644 --- a/scripts/st2bootstrap-deb.sh +++ b/scripts/st2bootstrap-deb.sh @@ -202,9 +202,6 @@ install_mongodb() { # Configure MongoDB to listen on localhost only sudo sed -i -e "s#bindIp:.*#bindIp: 127.0.0.1#g" /etc/mongod.conf - # Generate random password used for user authentication - ST2_MONGODB_PASSWORD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24 ; echo '') - # Create admin user and user used by StackStorm mongo <> /etc/mongod.conf' + sudo service mongod start sudo chkconfig mongod on } @@ -332,8 +369,8 @@ configure_st2_user() { } configure_st2_authentication() { - # Install htpasswd and tool for editing ini files - sudo yum -y install httpd-tools crudini + # Install htpasswd tool + sudo yum -y install httpd-tools # Create a user record in a password file. sudo htpasswd -bs /etc/st2/htpasswd $USERNAME $PASSWORD @@ -457,7 +494,7 @@ install_st2mistral_depdendencies() { sudo chkconfig postgresql-9.4 on cat << EHD | sudo -u postgres psql -CREATE ROLE mistral WITH CREATEDB LOGIN ENCRYPTED PASSWORD 'StackStorm'; +CREATE ROLE mistral WITH CREATEDB LOGIN ENCRYPTED PASSWORD '${ST2_POSTGRESQL_PASSWORD}'; CREATE DATABASE mistral OWNER mistral; EHD } @@ -472,8 +509,12 @@ install_st2mistral() { sudo yum -y install ${PACKAGE_URL} fi + # Configure database settings + sudo crudini --set /etc/st2/st2.conf database connection "postgresql://mistral:${ST2_POSTGRESQL_PASSWORD}@localhost/mistral" + # Setup Mistral DB tables, etc. /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head + # Register mistral actions /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf populate @@ -584,6 +625,7 @@ STEP="Check TCP ports and MongoDB storage requirements" && check_st2_host_depend STEP='Check libffi-devel availability' && check_libffi_devel STEP='Adjust SELinux policies' && adjust_selinux_policies STEP='Install repoquery tool' && install_yum_utils +STEP="Generate random password" && generate_random_passwords STEP="Install st2 dependencies" && install_st2_dependencies STEP="Install st2 dependencies (MongoDB)" && install_mongodb diff --git a/scripts/st2bootstrap-el7.sh b/scripts/st2bootstrap-el7.sh index 02f0dfb7..fe3ceeb5 100644 --- a/scripts/st2bootstrap-el7.sh +++ b/scripts/st2bootstrap-el7.sh @@ -241,6 +241,12 @@ check_st2_host_dependencies() { fi } +generate_random_passwords() { + # Generate random password used for MongoDB and PostgreSQL user authentication + ST2_MONGODB_PASSWORD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24 ; echo '') + ST2_POSTGRESQL_PASSWORD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24 ; echo '') +} + install_st2_dependencies() { is_epel_installed=$(rpm -qa | grep epel-release || true) if [[ -z "$is_epel_installed" ]]; then @@ -249,6 +255,9 @@ install_st2_dependencies() { sudo yum -y install curl rabbitmq-server sudo systemctl start rabbitmq-server sudo systemctl enable rabbitmq-server + + # Various other dependencies needed by st2 and installer script + sudo yum -y install -tools crudini } install_mongodb() { @@ -268,13 +277,41 @@ EOT" # Configure MongoDB to listen on localhost only sudo sed -i -e "s#bindIp:.*#bindIp: 127.0.0.1#g" /etc/mongod.conf + # Create admin user and user used by StackStorm + mongo <> /etc/mongod.conf' + sudo systemctl start mongod sudo systemctl enable mongod } install_st2() { curl -s https://packagecloud.io/install/repositories/StackStorm/${REPO_PREFIX}${RELEASE}/script.rpm.sh | sudo bash - + if [ "$DEV_BUILD" = '' ]; then STEP="Get package versions" && get_full_pkg_versions && STEP="Install st2" sudo yum -y install ${ST2_PKG} @@ -315,8 +352,8 @@ configure_st2_user() { } configure_st2_authentication() { - # Install htpasswd and tool for editing ini files - sudo yum -y install httpd-tools crudini + # Install htpasswd tool + sudo yum -y install httpd-tools # Create a user record in a password file. echo $PASSWORD | sudo htpasswd -i /etc/st2/htpasswd $USERNAME @@ -431,7 +468,7 @@ install_st2mistral_depdendencies() { sudo systemctl enable postgresql cat << EHD | sudo -u postgres psql -CREATE ROLE mistral WITH CREATEDB LOGIN ENCRYPTED PASSWORD 'StackStorm'; +CREATE ROLE mistral WITH CREATEDB LOGIN ENCRYPTED PASSWORD '${ST2_POSTGRESQL_PASSWORD}'; CREATE DATABASE mistral OWNER mistral; EHD } @@ -446,8 +483,12 @@ install_st2mistral() { sudo yum -y install ${PACKAGE_URL} fi + # Configure database settings + sudo crudini --set /etc/st2/st2.conf database connection "postgresql://mistral:${ST2_POSTGRESQL_PASSWORD}@localhost/mistral" + # Setup Mistral DB tables, etc. /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head + # Register mistral actions /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf populate @@ -558,6 +599,7 @@ STEP='Parse arguments' && setup_args $@ STEP="Check TCP ports and MongoDB storage requirements" && check_st2_host_dependencies STEP='Adjust SELinux policies' && adjust_selinux_policies STEP='Install repoquery tool' && install_yum_utils +STEP="Generate random password" && generate_random_passwords STEP="Install st2 dependencies" && install_st2_dependencies STEP="Install st2 dependencies (MongoDB)" && install_mongodb From 2765d6b96e64e466507d9974aa9f38e44029610a Mon Sep 17 00:00:00 2001 From: Tomaz Muraus Date: Mon, 9 Jan 2017 12:11:28 +0100 Subject: [PATCH 07/23] MongoDB needs to be running before we can add users. --- scripts/st2bootstrap-deb.sh | 17 +++++++++++++++-- scripts/st2bootstrap-el6.sh | 11 ++++++++--- scripts/st2bootstrap-el7.sh | 11 ++++++++--- 3 files changed, 31 insertions(+), 8 deletions(-) diff --git a/scripts/st2bootstrap-deb.sh b/scripts/st2bootstrap-deb.sh index 40dbef34..a8536ae0 100644 --- a/scripts/st2bootstrap-deb.sh +++ b/scripts/st2bootstrap-deb.sh @@ -202,7 +202,16 @@ install_mongodb() { # Configure MongoDB to listen on localhost only sudo sed -i -e "s#bindIp:.*#bindIp: 127.0.0.1#g" /etc/mongod.conf - # Create admin user and user used by StackStorm + if [[ "$SUBTYPE" == 'xenial' ]]; then + sudo systemctl enable mongod + sudo systemctl start mongod + else + sudo service mongod start + fi + + sleep 5 + + # Create admin user and user used by StackStorm (MongoDB needs to be running) mongo <> /etc/mongod.conf' + # MongoDB needs to be restarted after enabling auth + if [[ "$SUBTYPE" == 'xenial' ]]; then sudo systemctl enable mongod - sudo systemctl start mongod + sudo systemctl restart mongod else sudo service mongod restart fi + } + get_full_pkg_versions() { if [ "$VERSION" != '' ]; then diff --git a/scripts/st2bootstrap-el6.sh b/scripts/st2bootstrap-el6.sh index 45fe8cb8..14dac819 100644 --- a/scripts/st2bootstrap-el6.sh +++ b/scripts/st2bootstrap-el6.sh @@ -294,7 +294,12 @@ EOT" # Configure MongoDB to listen on localhost only sudo sed -i -e "s#bindIp:.*#bindIp: 127.0.0.1#g" /etc/mongod.conf - # Create admin user and user used by StackStorm + sudo service mongod start + sudo chkconfig mongod on + + sleep 5 + + # Create admin user and user used by StackStorm (MongoDB needs to be running) mongo <> /etc/mongod.conf' - sudo service mongod start - sudo chkconfig mongod on + # MongoDB needs to be restarted after enabling auth + sudo service mongod restart } install_st2() { diff --git a/scripts/st2bootstrap-el7.sh b/scripts/st2bootstrap-el7.sh index fe3ceeb5..7bad4b90 100644 --- a/scripts/st2bootstrap-el7.sh +++ b/scripts/st2bootstrap-el7.sh @@ -277,7 +277,12 @@ EOT" # Configure MongoDB to listen on localhost only sudo sed -i -e "s#bindIp:.*#bindIp: 127.0.0.1#g" /etc/mongod.conf - # Create admin user and user used by StackStorm + sudo systemctl start mongod + sudo systemctl enable mongod + + sleep 5 + + # Create admin user and user used by StackStorm (MongoDB needs to be running) mongo <> /etc/mongod.conf' - sudo systemctl start mongod - sudo systemctl enable mongod + # MongoDB needs to be restarted after enabling auth + sudo systemctl restart mongod } install_st2() { From 98d7cd6915e6acbdd61485dd254e04f184bb8eed Mon Sep 17 00:00:00 2001 From: Tomaz Muraus Date: Mon, 9 Jan 2017 13:36:38 +0100 Subject: [PATCH 08/23] Configure PostgreSQL to listen on localhost only. --- scripts/st2bootstrap-deb.sh | 6 +++++- scripts/st2bootstrap-el6.sh | 3 +++ scripts/st2bootstrap-el7.sh | 3 +++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/scripts/st2bootstrap-deb.sh b/scripts/st2bootstrap-deb.sh index a8536ae0..9d23c9e4 100644 --- a/scripts/st2bootstrap-deb.sh +++ b/scripts/st2bootstrap-deb.sh @@ -240,7 +240,6 @@ EOF sudo sh -c 'echo "security:\n authorization: enabled" >> /etc/mongod.conf' # MongoDB needs to be restarted after enabling auth - if [[ "$SUBTYPE" == 'xenial' ]]; then sudo systemctl enable mongod sudo systemctl restart mongod @@ -431,6 +430,11 @@ generate_symmetric_crypto_key_for_datastore() { install_st2mistral_depdendencies() { sudo apt-get install -y postgresql + # Configure service only listens on localhost + sudo crudini --set /etc/postgresql/9.3/main/postgresql.conf '' listen_address "127.0.0.1" + + sudo service postgresql restart + cat << EHD | sudo -u postgres psql CREATE ROLE mistral WITH CREATEDB LOGIN ENCRYPTED PASSWORD '${ST2_POSTGRESQL_PASSWORD}'; CREATE DATABASE mistral OWNER mistral; diff --git a/scripts/st2bootstrap-el6.sh b/scripts/st2bootstrap-el6.sh index 14dac819..d8898dd0 100644 --- a/scripts/st2bootstrap-el6.sh +++ b/scripts/st2bootstrap-el6.sh @@ -490,6 +490,9 @@ install_st2mistral_depdendencies() { # Setup postgresql at a first time sudo service postgresql-9.4 initdb + # Configure service only listens on localhost + sudo crudini --set /etc/postgresql/9.4/main/postgresql.conf '' listen_address "127.0.0.1" + # Make localhost connections to use an MD5-encrypted password for authentication sudo sed -i "s/\(host.*all.*all.*127.0.0.1\/32.*\)ident/\1md5/" /var/lib/pgsql/9.4/data/pg_hba.conf sudo sed -i "s/\(host.*all.*all.*::1\/128.*\)ident/\1md5/" /var/lib/pgsql/9.4/data/pg_hba.conf diff --git a/scripts/st2bootstrap-el7.sh b/scripts/st2bootstrap-el7.sh index 7bad4b90..c68be1c3 100644 --- a/scripts/st2bootstrap-el7.sh +++ b/scripts/st2bootstrap-el7.sh @@ -468,6 +468,9 @@ install_st2mistral_depdendencies() { sudo sed -i "s/\(host.*all.*all.*127.0.0.1\/32.*\)ident/\1md5/" /var/lib/pgsql/data/pg_hba.conf sudo sed -i "s/\(host.*all.*all.*::1\/128.*\)ident/\1md5/" /var/lib/pgsql/data/pg_hba.conf + # Configure service only listens on localhost + sudo crudini --set /etc/postgresql/9.4/main/postgresql.conf '' listen_address "127.0.0.1" + # Start PostgreSQL service sudo systemctl start postgresql sudo systemctl enable postgresql From 0a4ecda4a86c265d44e2642a93ce5185822c0f9c Mon Sep 17 00:00:00 2001 From: Tomaz Muraus Date: Mon, 9 Jan 2017 13:42:56 +0100 Subject: [PATCH 09/23] Configure RabbitMQ to listen on localhost only. --- scripts/st2bootstrap-deb.sh | 9 +++++++++ scripts/st2bootstrap-el6.sh | 4 ++++ scripts/st2bootstrap-el7.sh | 4 ++++ 3 files changed, 17 insertions(+) diff --git a/scripts/st2bootstrap-deb.sh b/scripts/st2bootstrap-deb.sh index 9d23c9e4..2edf74d2 100644 --- a/scripts/st2bootstrap-deb.sh +++ b/scripts/st2bootstrap-deb.sh @@ -187,6 +187,15 @@ install_st2_dependencies() { sudo apt-get install -y curl sudo apt-get install -y rabbitmq-server + # Configure RabbitMQ to listen on localhost only + sudo sh -c 'echo "RABBITMQ_NODE_IP_ADDRESS=127.0.0.1" >> /etc/rabbitmq/rabbitmq-env.conf' + + if [[ "$SUBTYPE" == 'xenial' ]]; then + sudo systemctl restart rabbitmq-server + else + sudo service rabbitmq-server restart + fi + # Various other dependencies needed by st2 and installer script sudo apt-get install -y crudini } diff --git a/scripts/st2bootstrap-el6.sh b/scripts/st2bootstrap-el6.sh index d8898dd0..bdf12a76 100644 --- a/scripts/st2bootstrap-el6.sh +++ b/scripts/st2bootstrap-el6.sh @@ -270,6 +270,10 @@ install_st2_dependencies() { sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm fi sudo yum -y install curl rabbitmq-server + + # Configure RabbitMQ to listen on localhost only + sudo sh -c 'echo "RABBITMQ_NODE_IP_ADDRESS=127.0.0.1" >> /etc/rabbitmq/rabbitmq-env.conf' + sudo service rabbitmq-server start sudo chkconfig rabbitmq-server on diff --git a/scripts/st2bootstrap-el7.sh b/scripts/st2bootstrap-el7.sh index c68be1c3..15539b89 100644 --- a/scripts/st2bootstrap-el7.sh +++ b/scripts/st2bootstrap-el7.sh @@ -253,6 +253,10 @@ install_st2_dependencies() { sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm fi sudo yum -y install curl rabbitmq-server + + # Configure RabbitMQ to listen on localhost only + sudo sh -c 'echo "RABBITMQ_NODE_IP_ADDRESS=127.0.0.1" >> /etc/rabbitmq/rabbitmq-env.conf' + sudo systemctl start rabbitmq-server sudo systemctl enable rabbitmq-server From 6461a9f0b5ccc217abc4ffc2bd2a2c5950bfcef9 Mon Sep 17 00:00:00 2001 From: Tomaz Muraus Date: Mon, 9 Jan 2017 15:41:58 +0100 Subject: [PATCH 10/23] Make sure we set st2.conf values before starting st2 services. --- scripts/st2bootstrap-deb.sh | 8 ++++---- scripts/st2bootstrap-el6.sh | 4 ++++ scripts/st2bootstrap-el7.sh | 4 ++++ 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/scripts/st2bootstrap-deb.sh b/scripts/st2bootstrap-deb.sh index 2edf74d2..8347ec42 100644 --- a/scripts/st2bootstrap-deb.sh +++ b/scripts/st2bootstrap-deb.sh @@ -320,6 +320,10 @@ install_st2() { rm ${PACKAGE_FILENAME} fi + # Configure [database] section in st2.conf (username password for MongoDB access) + sudo crudini --set /etc/st2/st2.conf database username "stackstorm" + sudo crudini --set /etc/st2/st2.conf database password "${ST2_MONGODB_PASSWORD}" + sudo st2ctl start sleep 5 sudo st2ctl reload --register-all @@ -365,10 +369,6 @@ configure_st2_authentication() { sudo crudini --set /etc/st2/st2.conf auth backend 'flat_file' sudo crudini --set /etc/st2/st2.conf auth backend_kwargs '{"file_path": "/etc/st2/htpasswd"}' - # Configure [database] section in st2.conf (username password for MongoDB access) - sudo crudini --set /etc/st2/st2.conf database username "stackstorm" - sudo crudini --set /etc/st2/st2.conf database password "${ST2_MONGODB_PASSWORD}" - sudo st2ctl restart-component st2api sudo st2ctl restart-component st2stream } diff --git a/scripts/st2bootstrap-el6.sh b/scripts/st2bootstrap-el6.sh index bdf12a76..1e52f29c 100644 --- a/scripts/st2bootstrap-el6.sh +++ b/scripts/st2bootstrap-el6.sh @@ -347,6 +347,10 @@ install_st2() { sudo yum -y install ${PACKAGE_URL} fi + # Configure [database] section in st2.conf (username password for MongoDB access) + sudo crudini --set /etc/st2/st2.conf database username "stackstorm" + sudo crudini --set /etc/st2/st2.conf database password "${ST2_MONGODB_PASSWORD}" + sudo st2ctl start sleep 5 sudo st2ctl reload --register-all diff --git a/scripts/st2bootstrap-el7.sh b/scripts/st2bootstrap-el7.sh index 15539b89..02fc4a42 100644 --- a/scripts/st2bootstrap-el7.sh +++ b/scripts/st2bootstrap-el7.sh @@ -330,6 +330,10 @@ install_st2() { sudo yum -y install ${PACKAGE_URL} fi + # Configure [database] section in st2.conf (username password for MongoDB access) + sudo crudini --set /etc/st2/st2.conf database username "stackstorm" + sudo crudini --set /etc/st2/st2.conf database password "${ST2_MONGODB_PASSWORD}" + sudo st2ctl start sleep 5 sudo st2ctl reload --register-all From 3ce0dcf6131d8b318e0048a9a2026db40481b2c0 Mon Sep 17 00:00:00 2001 From: Tomaz Muraus Date: Mon, 9 Jan 2017 15:49:47 +0100 Subject: [PATCH 11/23] Abort if password is empty. --- scripts/st2bootstrap-deb.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/st2bootstrap-deb.sh b/scripts/st2bootstrap-deb.sh index 8347ec42..ae2de302 100644 --- a/scripts/st2bootstrap-deb.sh +++ b/scripts/st2bootstrap-deb.sh @@ -105,6 +105,11 @@ setup_args() { echo "Press \"ENTER\" to continue or \"CTRL+C\" to exit/abort" read -e -p "Admin username: " -i "st2admin" USERNAME read -e -s -p "Password: " PASSWORD + + if [ "${PASSWORD}" = '' ]; then + echo "Password cannot be empty." + exit 1 + fi fi } From ff83c05a6905703bd07581190e5a1f1f5c1bbcfe Mon Sep 17 00:00:00 2001 From: Tomaz Muraus Date: Mon, 9 Jan 2017 15:51:05 +0100 Subject: [PATCH 12/23] Make sure password is not empty. --- scripts/st2bootstrap-el6.sh | 5 +++++ scripts/st2bootstrap-el7.sh | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/scripts/st2bootstrap-el6.sh b/scripts/st2bootstrap-el6.sh index 1e52f29c..88c25688 100644 --- a/scripts/st2bootstrap-el6.sh +++ b/scripts/st2bootstrap-el6.sh @@ -95,6 +95,11 @@ setup_args() { echo "Press \"ENTER\" to continue or \"CTRL+C\" to exit/abort" read -e -p "Admin username: " -i "st2admin" USERNAME read -e -s -p "Password: " PASSWORD + + if [ "${PASSWORD}" = '' ]; then + echo "Password cannot be empty." + exit 1 + fi fi } diff --git a/scripts/st2bootstrap-el7.sh b/scripts/st2bootstrap-el7.sh index 02fc4a42..85e967a7 100644 --- a/scripts/st2bootstrap-el7.sh +++ b/scripts/st2bootstrap-el7.sh @@ -95,6 +95,11 @@ setup_args() { echo "Press \"ENTER\" to continue or \"CTRL+C\" to exit/abort" read -e -p "Admin username: " -i "st2admin" USERNAME read -e -s -p "Password: " PASSWORD + + if [ "${PASSWORD}" = '' ]; then + echo "Password cannot be empty." + exit 1 + fi fi } From 22384985fc155cc06b15f0aa54c18967ab5427ec Mon Sep 17 00:00:00 2001 From: Tomaz Muraus Date: Mon, 9 Jan 2017 15:58:49 +0100 Subject: [PATCH 13/23] Don't use static path since different distros use different version of PostgreSQL. --- scripts/st2bootstrap-deb.sh | 2 +- scripts/st2bootstrap-el6.sh | 2 +- scripts/st2bootstrap-el7.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/st2bootstrap-deb.sh b/scripts/st2bootstrap-deb.sh index ae2de302..4ec8b757 100644 --- a/scripts/st2bootstrap-deb.sh +++ b/scripts/st2bootstrap-deb.sh @@ -445,7 +445,7 @@ install_st2mistral_depdendencies() { sudo apt-get install -y postgresql # Configure service only listens on localhost - sudo crudini --set /etc/postgresql/9.3/main/postgresql.conf '' listen_address "127.0.0.1" + sudo crudini --set /etc/postgresql/*/main/postgresql.conf '' listen_address "127.0.0.1" sudo service postgresql restart diff --git a/scripts/st2bootstrap-el6.sh b/scripts/st2bootstrap-el6.sh index 88c25688..e4ee17f5 100644 --- a/scripts/st2bootstrap-el6.sh +++ b/scripts/st2bootstrap-el6.sh @@ -504,7 +504,7 @@ install_st2mistral_depdendencies() { sudo service postgresql-9.4 initdb # Configure service only listens on localhost - sudo crudini --set /etc/postgresql/9.4/main/postgresql.conf '' listen_address "127.0.0.1" + sudo crudini --set /etc/postgresql/*/main/postgresql.conf '' listen_address "127.0.0.1" # Make localhost connections to use an MD5-encrypted password for authentication sudo sed -i "s/\(host.*all.*all.*127.0.0.1\/32.*\)ident/\1md5/" /var/lib/pgsql/9.4/data/pg_hba.conf diff --git a/scripts/st2bootstrap-el7.sh b/scripts/st2bootstrap-el7.sh index 85e967a7..8b80fa62 100644 --- a/scripts/st2bootstrap-el7.sh +++ b/scripts/st2bootstrap-el7.sh @@ -482,7 +482,7 @@ install_st2mistral_depdendencies() { sudo sed -i "s/\(host.*all.*all.*::1\/128.*\)ident/\1md5/" /var/lib/pgsql/data/pg_hba.conf # Configure service only listens on localhost - sudo crudini --set /etc/postgresql/9.4/main/postgresql.conf '' listen_address "127.0.0.1" + sudo crudini --set /etc/postgresql/*/main/postgresql.conf '' listen_address "127.0.0.1" # Start PostgreSQL service sudo systemctl start postgresql From 59439c08ded558c19b10938dae328987a70e2ab0 Mon Sep 17 00:00:00 2001 From: Tomaz Muraus Date: Mon, 9 Jan 2017 16:12:14 +0100 Subject: [PATCH 14/23] Fix typo, make sure values are quoted. --- scripts/st2bootstrap-deb.sh | 2 +- scripts/st2bootstrap-el6.sh | 2 +- scripts/st2bootstrap-el7.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/st2bootstrap-deb.sh b/scripts/st2bootstrap-deb.sh index 4ec8b757..df6c6473 100644 --- a/scripts/st2bootstrap-deb.sh +++ b/scripts/st2bootstrap-deb.sh @@ -445,7 +445,7 @@ install_st2mistral_depdendencies() { sudo apt-get install -y postgresql # Configure service only listens on localhost - sudo crudini --set /etc/postgresql/*/main/postgresql.conf '' listen_address "127.0.0.1" + sudo crudini --set /etc/postgresql/*/main/postgresql.conf '' listen_addresses "'127.0.0.1'" sudo service postgresql restart diff --git a/scripts/st2bootstrap-el6.sh b/scripts/st2bootstrap-el6.sh index e4ee17f5..36c36aa8 100644 --- a/scripts/st2bootstrap-el6.sh +++ b/scripts/st2bootstrap-el6.sh @@ -504,7 +504,7 @@ install_st2mistral_depdendencies() { sudo service postgresql-9.4 initdb # Configure service only listens on localhost - sudo crudini --set /etc/postgresql/*/main/postgresql.conf '' listen_address "127.0.0.1" + sudo crudini --set /etc/postgresql/*/main/postgresql.conf '' listen_addresses "'127.0.0.1'" # Make localhost connections to use an MD5-encrypted password for authentication sudo sed -i "s/\(host.*all.*all.*127.0.0.1\/32.*\)ident/\1md5/" /var/lib/pgsql/9.4/data/pg_hba.conf diff --git a/scripts/st2bootstrap-el7.sh b/scripts/st2bootstrap-el7.sh index 8b80fa62..bfa92a7a 100644 --- a/scripts/st2bootstrap-el7.sh +++ b/scripts/st2bootstrap-el7.sh @@ -482,7 +482,7 @@ install_st2mistral_depdendencies() { sudo sed -i "s/\(host.*all.*all.*::1\/128.*\)ident/\1md5/" /var/lib/pgsql/data/pg_hba.conf # Configure service only listens on localhost - sudo crudini --set /etc/postgresql/*/main/postgresql.conf '' listen_address "127.0.0.1" + sudo crudini --set /etc/postgresql/*/main/postgresql.conf '' listen_addresses "'127.0.0.1'" # Start PostgreSQL service sudo systemctl start postgresql From 6b6bcdc48adfdd64f5bac7875cba2f04b2596974 Mon Sep 17 00:00:00 2001 From: Tomaz Muraus Date: Mon, 9 Jan 2017 16:26:52 +0100 Subject: [PATCH 15/23] Use correct config path. --- scripts/st2bootstrap-deb.sh | 2 +- scripts/st2bootstrap-el6.sh | 2 +- scripts/st2bootstrap-el7.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/st2bootstrap-deb.sh b/scripts/st2bootstrap-deb.sh index df6c6473..7cd78d0a 100644 --- a/scripts/st2bootstrap-deb.sh +++ b/scripts/st2bootstrap-deb.sh @@ -470,7 +470,7 @@ install_st2mistral() { fi # Configure database settings - sudo crudini --set /etc/st2/st2.conf database connection "postgresql://mistral:${ST2_POSTGRESQL_PASSWORD}@localhost/mistral" + sudo crudini --set /etc/mistral/mistral.conf database connection "postgresql://mistral:${ST2_POSTGRESQL_PASSWORD}@localhost/mistral" # Setup Mistral DB tables, etc. /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head diff --git a/scripts/st2bootstrap-el6.sh b/scripts/st2bootstrap-el6.sh index 36c36aa8..a8021975 100644 --- a/scripts/st2bootstrap-el6.sh +++ b/scripts/st2bootstrap-el6.sh @@ -531,7 +531,7 @@ install_st2mistral() { fi # Configure database settings - sudo crudini --set /etc/st2/st2.conf database connection "postgresql://mistral:${ST2_POSTGRESQL_PASSWORD}@localhost/mistral" + sudo crudini --set /etc/mistral/mistral.conf database connection "postgresql://mistral:${ST2_POSTGRESQL_PASSWORD}@localhost/mistral" # Setup Mistral DB tables, etc. /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head diff --git a/scripts/st2bootstrap-el7.sh b/scripts/st2bootstrap-el7.sh index bfa92a7a..d06d2567 100644 --- a/scripts/st2bootstrap-el7.sh +++ b/scripts/st2bootstrap-el7.sh @@ -505,7 +505,7 @@ install_st2mistral() { fi # Configure database settings - sudo crudini --set /etc/st2/st2.conf database connection "postgresql://mistral:${ST2_POSTGRESQL_PASSWORD}@localhost/mistral" + sudo crudini --set /etc/mistral/mistral.conf database connection "postgresql://mistral:${ST2_POSTGRESQL_PASSWORD}@localhost/mistral" # Setup Mistral DB tables, etc. /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head From f80bb705f4b348f3db431ab8ef54270de15015cd Mon Sep 17 00:00:00 2001 From: Tomaz Muraus Date: Mon, 9 Jan 2017 16:58:03 +0100 Subject: [PATCH 16/23] Fix typo. --- scripts/st2bootstrap-el6.sh | 2 +- scripts/st2bootstrap-el7.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/st2bootstrap-el6.sh b/scripts/st2bootstrap-el6.sh index a8021975..cc46cffb 100644 --- a/scripts/st2bootstrap-el6.sh +++ b/scripts/st2bootstrap-el6.sh @@ -283,7 +283,7 @@ install_st2_dependencies() { sudo chkconfig rabbitmq-server on # Various other dependencies needed by st2 and installer script - sudo yum -y install -tools crudini + sudo yum -y install crudini } install_mongodb() { diff --git a/scripts/st2bootstrap-el7.sh b/scripts/st2bootstrap-el7.sh index d06d2567..f658a0f7 100644 --- a/scripts/st2bootstrap-el7.sh +++ b/scripts/st2bootstrap-el7.sh @@ -266,7 +266,7 @@ install_st2_dependencies() { sudo systemctl enable rabbitmq-server # Various other dependencies needed by st2 and installer script - sudo yum -y install -tools crudini + sudo yum -y install crudini } install_mongodb() { From d21214bbf0eac86eb86bee413f72077f7cac1c80 Mon Sep 17 00:00:00 2001 From: Tomaz Muraus Date: Mon, 9 Jan 2017 17:08:49 +0100 Subject: [PATCH 17/23] Need to use echo -e on RHEL. --- scripts/st2bootstrap-el6.sh | 2 +- scripts/st2bootstrap-el7.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/st2bootstrap-el6.sh b/scripts/st2bootstrap-el6.sh index cc46cffb..adffb672 100644 --- a/scripts/st2bootstrap-el6.sh +++ b/scripts/st2bootstrap-el6.sh @@ -334,7 +334,7 @@ quit(); EOF # Require authentication to be able to acccess the database - sudo sh -c 'echo "security:\n authorization: enabled" >> /etc/mongod.conf' + sudo sh -c 'echo -e "security:\n authorization: enabled" >> /etc/mongod.conf' # MongoDB needs to be restarted after enabling auth sudo service mongod restart diff --git a/scripts/st2bootstrap-el7.sh b/scripts/st2bootstrap-el7.sh index f658a0f7..9412d015 100644 --- a/scripts/st2bootstrap-el7.sh +++ b/scripts/st2bootstrap-el7.sh @@ -317,7 +317,7 @@ quit(); EOF # Require authentication to be able to acccess the database - sudo sh -c 'echo "security:\n authorization: enabled" >> /etc/mongod.conf' + sudo sh -c 'echo -e "security:\n authorization: enabled" >> /etc/mongod.conf' # MongoDB needs to be restarted after enabling auth sudo systemctl restart mongod From 097de903e3806aabbfbd8a1842a531be306f26f9 Mon Sep 17 00:00:00 2001 From: Tomaz Muraus Date: Mon, 9 Jan 2017 17:20:02 +0100 Subject: [PATCH 18/23] Use correct postgresql.conf path on RHEL. --- scripts/st2bootstrap-el6.sh | 2 +- scripts/st2bootstrap-el7.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/st2bootstrap-el6.sh b/scripts/st2bootstrap-el6.sh index adffb672..138c0d3e 100644 --- a/scripts/st2bootstrap-el6.sh +++ b/scripts/st2bootstrap-el6.sh @@ -504,7 +504,7 @@ install_st2mistral_depdendencies() { sudo service postgresql-9.4 initdb # Configure service only listens on localhost - sudo crudini --set /etc/postgresql/*/main/postgresql.conf '' listen_addresses "'127.0.0.1'" + sudo crudini --set /var/lib/pgsql/data/postgresql.conf '' listen_addresses "'127.0.0.1'" # Make localhost connections to use an MD5-encrypted password for authentication sudo sed -i "s/\(host.*all.*all.*127.0.0.1\/32.*\)ident/\1md5/" /var/lib/pgsql/9.4/data/pg_hba.conf diff --git a/scripts/st2bootstrap-el7.sh b/scripts/st2bootstrap-el7.sh index 9412d015..7d095d77 100644 --- a/scripts/st2bootstrap-el7.sh +++ b/scripts/st2bootstrap-el7.sh @@ -482,7 +482,7 @@ install_st2mistral_depdendencies() { sudo sed -i "s/\(host.*all.*all.*::1\/128.*\)ident/\1md5/" /var/lib/pgsql/data/pg_hba.conf # Configure service only listens on localhost - sudo crudini --set /etc/postgresql/*/main/postgresql.conf '' listen_addresses "'127.0.0.1'" + sudo crudini --set /var/lib/pgsql/data/postgresql.conf '' listen_addresses "'127.0.0.1'" # Start PostgreSQL service sudo systemctl start postgresql From e5918916c6140bda62bdd309625fba9380e393c6 Mon Sep 17 00:00:00 2001 From: Tomaz Muraus Date: Mon, 9 Jan 2017 17:38:35 +0100 Subject: [PATCH 19/23] Can't use crudini on RHEL. --- scripts/st2bootstrap-el6.sh | 2 +- scripts/st2bootstrap-el7.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/st2bootstrap-el6.sh b/scripts/st2bootstrap-el6.sh index 138c0d3e..2c04c867 100644 --- a/scripts/st2bootstrap-el6.sh +++ b/scripts/st2bootstrap-el6.sh @@ -504,7 +504,7 @@ install_st2mistral_depdendencies() { sudo service postgresql-9.4 initdb # Configure service only listens on localhost - sudo crudini --set /var/lib/pgsql/data/postgresql.conf '' listen_addresses "'127.0.0.1'" + sudo sh -c "echo \"listen_addresses = '127.0.0.1'\" >> /var/lib/pgsql/data/postgresql.conf" # Make localhost connections to use an MD5-encrypted password for authentication sudo sed -i "s/\(host.*all.*all.*127.0.0.1\/32.*\)ident/\1md5/" /var/lib/pgsql/9.4/data/pg_hba.conf diff --git a/scripts/st2bootstrap-el7.sh b/scripts/st2bootstrap-el7.sh index 7d095d77..3846d149 100644 --- a/scripts/st2bootstrap-el7.sh +++ b/scripts/st2bootstrap-el7.sh @@ -482,7 +482,7 @@ install_st2mistral_depdendencies() { sudo sed -i "s/\(host.*all.*all.*::1\/128.*\)ident/\1md5/" /var/lib/pgsql/data/pg_hba.conf # Configure service only listens on localhost - sudo crudini --set /var/lib/pgsql/data/postgresql.conf '' listen_addresses "'127.0.0.1'" + sudo sh -c "echo \"listen_addresses = '127.0.0.1'\" >> /var/lib/pgsql/data/postgresql.conf" # Start PostgreSQL service sudo systemctl start postgresql From dfc9ec8ab99cc836877cf31f53b79ded10a5c7d9 Mon Sep 17 00:00:00 2001 From: Tomaz Muraus Date: Mon, 9 Jan 2017 18:01:49 +0100 Subject: [PATCH 20/23] Use correct postgres config path on RHEL 6. --- scripts/st2bootstrap-el6.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/st2bootstrap-el6.sh b/scripts/st2bootstrap-el6.sh index 2c04c867..ccc5f05b 100644 --- a/scripts/st2bootstrap-el6.sh +++ b/scripts/st2bootstrap-el6.sh @@ -504,7 +504,7 @@ install_st2mistral_depdendencies() { sudo service postgresql-9.4 initdb # Configure service only listens on localhost - sudo sh -c "echo \"listen_addresses = '127.0.0.1'\" >> /var/lib/pgsql/data/postgresql.conf" + sudo sh -c "echo \"listen_addresses = '127.0.0.1'\" >> /var/lib/pgsql/9.4/data/postgresql.conf" # Make localhost connections to use an MD5-encrypted password for authentication sudo sed -i "s/\(host.*all.*all.*127.0.0.1\/32.*\)ident/\1md5/" /var/lib/pgsql/9.4/data/pg_hba.conf From 26b7a4c463388d04a2bd5e52ad7970a4552880ab Mon Sep 17 00:00:00 2001 From: Tomaz Muraus Date: Wed, 11 Jan 2017 18:25:02 +0100 Subject: [PATCH 21/23] Use 127.0.0.1 instead of localhost. This way we can avoid potential IPv6 issues and similar. --- scripts/st2bootstrap-deb.sh | 2 +- scripts/st2bootstrap-el6.sh | 2 +- scripts/st2bootstrap-el7.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/st2bootstrap-deb.sh b/scripts/st2bootstrap-deb.sh index 7cd78d0a..3e1cc90e 100644 --- a/scripts/st2bootstrap-deb.sh +++ b/scripts/st2bootstrap-deb.sh @@ -470,7 +470,7 @@ install_st2mistral() { fi # Configure database settings - sudo crudini --set /etc/mistral/mistral.conf database connection "postgresql://mistral:${ST2_POSTGRESQL_PASSWORD}@localhost/mistral" + sudo crudini --set /etc/mistral/mistral.conf database connection "postgresql://mistral:${ST2_POSTGRESQL_PASSWORD}@127.0.0.1/mistral" # Setup Mistral DB tables, etc. /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head diff --git a/scripts/st2bootstrap-el6.sh b/scripts/st2bootstrap-el6.sh index ccc5f05b..5f661ec2 100644 --- a/scripts/st2bootstrap-el6.sh +++ b/scripts/st2bootstrap-el6.sh @@ -531,7 +531,7 @@ install_st2mistral() { fi # Configure database settings - sudo crudini --set /etc/mistral/mistral.conf database connection "postgresql://mistral:${ST2_POSTGRESQL_PASSWORD}@localhost/mistral" + sudo crudini --set /etc/mistral/mistral.conf database connection "postgresql://mistral:${ST2_POSTGRESQL_PASSWORD}@127.0.0.1/mistral" # Setup Mistral DB tables, etc. /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head diff --git a/scripts/st2bootstrap-el7.sh b/scripts/st2bootstrap-el7.sh index 3846d149..6e24167c 100644 --- a/scripts/st2bootstrap-el7.sh +++ b/scripts/st2bootstrap-el7.sh @@ -505,7 +505,7 @@ install_st2mistral() { fi # Configure database settings - sudo crudini --set /etc/mistral/mistral.conf database connection "postgresql://mistral:${ST2_POSTGRESQL_PASSWORD}@localhost/mistral" + sudo crudini --set /etc/mistral/mistral.conf database connection "postgresql://mistral:${ST2_POSTGRESQL_PASSWORD}@127.0.0.1/mistral" # Setup Mistral DB tables, etc. /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head From 03e81c8aae0b979624391aa446b5ca54f890481a Mon Sep 17 00:00:00 2001 From: Tomaz Muraus Date: Thu, 12 Jan 2017 10:43:46 +0100 Subject: [PATCH 22/23] Use consistent order. --- scripts/st2bootstrap-el7.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/st2bootstrap-el7.sh b/scripts/st2bootstrap-el7.sh index 6e24167c..90bdc73f 100644 --- a/scripts/st2bootstrap-el7.sh +++ b/scripts/st2bootstrap-el7.sh @@ -477,13 +477,13 @@ install_st2mistral_depdendencies() { # Setup postgresql at a first time sudo postgresql-setup initdb + # Configure service only listens on localhost + sudo sh -c "echo \"listen_addresses = '127.0.0.1'\" >> /var/lib/pgsql/data/postgresql.conf" + # Make localhost connections to use an MD5-encrypted password for authentication sudo sed -i "s/\(host.*all.*all.*127.0.0.1\/32.*\)ident/\1md5/" /var/lib/pgsql/data/pg_hba.conf sudo sed -i "s/\(host.*all.*all.*::1\/128.*\)ident/\1md5/" /var/lib/pgsql/data/pg_hba.conf - # Configure service only listens on localhost - sudo sh -c "echo \"listen_addresses = '127.0.0.1'\" >> /var/lib/pgsql/data/postgresql.conf" - # Start PostgreSQL service sudo systemctl start postgresql sudo systemctl enable postgresql From bbc9b9ee4be80dfb3d8d430d44d3f9e30e8785d1 Mon Sep 17 00:00:00 2001 From: Tomaz Muraus Date: Thu, 12 Jan 2017 11:33:46 +0100 Subject: [PATCH 23/23] Use restart on ubuntu 14.04. --- scripts/st2bootstrap-deb.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/st2bootstrap-deb.sh b/scripts/st2bootstrap-deb.sh index 3e1cc90e..5b7796c9 100644 --- a/scripts/st2bootstrap-deb.sh +++ b/scripts/st2bootstrap-deb.sh @@ -220,7 +220,7 @@ install_mongodb() { sudo systemctl enable mongod sudo systemctl start mongod else - sudo service mongod start + sudo service mongod restart fi sleep 5 @@ -255,7 +255,6 @@ EOF # MongoDB needs to be restarted after enabling auth if [[ "$SUBTYPE" == 'xenial' ]]; then - sudo systemctl enable mongod sudo systemctl restart mongod else sudo service mongod restart