Differences

This shows you the differences between two versions of the page.

--- tech:linux:centos:optum [2018/06/02 20:27]
admin
+++ tech:linux:centos:optum [2021/03/28 09:47] (current)
rk4n3
@@ Line 15: / Line 15: @@
   * Update system with ''yum update''
   * Lay out storage per conventions
-  * Install/enable EPEL
+  * Install/enable EPEL: ''dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm''
   * Install ''newterm''
   * Create users
@@ Line 77: / Line 77: @@
   * Make sure ''/var/lib/mysql'' has ''mysqld_db_t'' type, in the directory:  ''chcon -t mysqld_db_t .''
+------
 ==== Apache Installation ====
 Previously-mentioned package install via ''yum'' installs the software
@@ Line 87: / Line 88: @@
 Perform the typical ''systemctl enable httpd'' and ''service httpd start'' for startup
+------
 ==== InfluxDB Installation ====
+Resource [[https://influxdbcom.readthedocs.io/en/latest/content/docs/v0.9/guides/clustering|Clustering InfluxDB ...]] \\
 Create the file ''/etc/yum.repos.d/influxdb.repo'' with this content:
 <code>
@@ Line 120: / Line 124: @@
 </code>
 Remember to ''systemctl enable influxdb'' and ''service influxdb start'' \\
-See: [[https://docs.influxdata.com/influxdb/v1.5/query_language/authentication_and_authorization|InfluxDB auth]]
+=== InfluxDB Auth ===
+See: [[https://docs.influxdata.com/influxdb/v1.5/query_language/authentication_and_authorization|InfluxDB auth]] \\
+<code>create user admin with password 'somepassword' with all privileges;
+create user jmeter with password 'somepassword';
+create database jmeter;
+grant [READ,WRITE,ALL] on "jmeter" TO "jmeter";
+revoke [READ,WRITE,ALL] on "jmeter" from "jmeter";</code>
+------
 ==== Grafana Installation ====
 Create the file ''/etc/yum.repos.d/grafana.repo'' with this content:
@@ Line 143: / Line 154: @@
 Log in (default login is ''admin'' with password ''admin'') and change password, add user(s) \\
 Install the InfluxDB datasource plugin (find in plugins section, follow instructions)
+==== LDAP for Grafana ====
-==== Jenkins Installation ====
+Edit ''/etc/grafana/grafana.ini'':<code>[auth.ldap]
-Pull the Jenkins repository file and import its GPG key:
+enabled = true
-<code>
+config_file = /etc/grafana/ldap.toml
-wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins.io/redhat-stable/jenkins.repo
+allow_sign_up = true
-rpm --import http://pkg.jenkins.io/redhat-stable/jenkins.io.key
 </code>
-... then, do a ''yum update'' and ''yum install jenkins'' \\
+Edit ''/etc/grafana/ldap.toml'':
-If the ''jenkins'' login isn't locked down off-server:
+  * Under ''servers.attributes'' section, make sure username is set to ''sAMAccountName'' for Active Directory
-  * Enable login for Jenkins with ''usermod -s /bin/bash jenkins''
+  * Under ''servers.group_mappings'' section, group_dn should be ''cn=bluejay_adm,cn=Users,dc=ms,dc=ds,dc=uhc,dc=com''
-  * Log in as ''jenkins'' and create SSH key with:  ''ssh-keygen -t rsa''
+  * Editor role: ''cn=github_users,cn=Users,dc=ms,dc=ds,dc=uhc,dc=com''
-Otherwise:
+  * Host: ''"ADC21101.ms.ds.uhc.com"''
-  * Create SSH key for ''jenkins'' from root: ''ssh-keygen -f id_rsa -C "jenkins@bluejay"''
+  * ssl_skip_verify = true
-Open firewall for Jenkins:<code>
+  * bind_dn: ''"oaptbot@ms.ds.uhc.com"''
-firewall-cmd --permanent --zone=public --add-port=8080/tcp
+  * bind_password: '''BlueJay1!'''
-firewall-cmd --reload
+  * search_filter: ''"(sAMAccountName=%s)"''
-</code>
+  * search_base_dns: ''["cn=Users,dc=ms,dc=ds,dc=uhc,dc=com"]''
-Remember to ''systemctl enable jenkins'' and ''service jenkins start'' \\
+  *
-Log in (default login is ''admin'' with password ''admin'') and change password, add user(s) \\
-==== Maven Installation ====
+------
-Get latest maven archive, example:<code>wget http://www-eu.apache.org/dist/maven/maven-3/3.5.3/binaries/apache-maven-3.5.3-bin.tar.gz</code>
+==== Jenkins & Maven Installation ====
-Extract to suitable location and sym-link to it (''/usr/maven'' or ''/opt/maven'') \\
+See [[tech:devops:jenkins:start|Jenkins Topics]] \\
-Set environment variables in ''/etc/profile.d/maven.sh'':<code>
-export M3_HOME=/usr/maven
-export M2_HOME=${M3_HOME}
-export PATH=${M3_HOME}/bin:${PATH}
-</code>
-... perform a ''source /etc/profile.d/maven.sh'' to get these in current shell.
+------
 ===== Bluejay LG Node =====
-  * Perform basic installation, and add the ''jenkins''/''bluejay'' logins, OpenJDK, and Maven \\ Initial steps:<code>lvcreate -l 100%FREE -n bluejay rootvg
+  * Ensure central repository at ''/var/www/html/pub/eptrepo/jmeter'' is populated, and create SSL cert
-mkfs -t ext4 /dev/rootvg/bluejay
+    * Edit the ''create-rmi-keystore.sh'' script, changing the validity to ''99999'' and run to gen cert
+    * Ensure cert file ''rmi_keystore.jks'' has same ownership/permissions/seattr as other files
+  * On Jenkins slave, perform basic installation, update, and pkgs for: wget, htop, vim, git, and OpenJDK
+  * Populate /etc/hosts
+  * Create ''bluejay'' login<code>groupadd -g 39092 bluejay
 useradd -u 441849 -g 39092 -d /home/bluejay -s /bin/bash -c "Bluejay" -m bluejay
 passwd bluejay
 chage -I -1 -m 0 -M 99999 -E -1 bluejay
-blkid /dev/rootvg/bluejay >> /etc/fstab
-vi /etc/fstab
-ls -lZd /home/bluejay/.
-mkdir -p tmp
-mv /home/bluejay/.??* ./tmp/
-chmod 775 /home/bluejay
-mount /home/bluejay
-chown bluejay:bluejay /home/bluejay/.
-chmod 775 /home/bluejay/.
-chcon -u unconfined_u -t user_home_dir_t /home/bluejay/.
-mv ./tmp/.??* /home/bluejay/
 </code>
-  * Create ''jenkins'' login SSH keys and populate on ''bluejay'' web server
+  * Extended storage setup:<code>lvcreate -l 100%FREE -n bluejay rootvg
-  * Populate Jenkins controller's ''jenkins'' login SSH key into ''bluejay'' login's ''authorized_keys''
-  * Populate the central repository at ''/var/www/html/pub/eptrepo/jmeter'' and create SSL cert
-    * Edit the ''create-rmi-keystore.sh'' script, changing the validity to ''99999'' and run to gen cert
-    * Ensure cert file ''rmi_keystore.jks'' has same ownership/permissions/seattr as other files
-  * Command sequences:<code>lvcreate -l 100%FREE -n bluejay rootvg
 mkfs -t ext4 /dev/rootvg/bluejay
-groupadd -g 39092 bluejay
-useradd -u 441849 -g 39092 -d /home/bluejay -s /bin/bash -c "Bluejay" -m bluejay
-passwd bluejay
-chage -I -1 -m 0 -M 99999 -E -1 bluejay
 blkid /dev/rootvg/bluejay >> /etc/fstab
 vi /etc/fstab
 ls -lZd /home/bluejay/.
-mkdir -p tmp
+mkdir -p ~/tmp
-mv /home/bluejay/.??* ./tmp/
+mv /home/bluejay/.??* ~/tmp/
 chmod 755 /home/bluejay
 mount /home/bluejay
@@ Line 212: / Line 200: @@
 chmod 775 /home/bluejay/.
 chcon -u unconfined_u -t user_home_dir_t /home/bluejay/.
-mv ./tmp/.??* /home/bluejay/
+mv ~/tmp/.??* /home/bluejay/</code>
+  * Populate ''bluejay'' login's ''~/.ssh'' directory:<code>cd ~bluejay ; mkdir .ssh ; cd .ssh
-groupadd -g 822 jenkins
+ssh-keygen -t rsa -f id_rsa -C bluejay@hostname
+cp -a id_rsa.pub authorized_keys
+chown -R bluejay:bluejay .
+chcon -R -u unconfined_u -t ssh_home_t .
+chmod 700 . ; chmod 600 *</code>
+  * Copy public key to central staging location:<code>scp ./id_rsa.pub someone@somewhere:/home/someone/dot-ssh/bluejay_host.pub</code>
+  * Create ''jenkins'' login<code>groupadd -g 822 jenkins
 useradd -u 990 -g 822 -d /var/lib/jenkins -s /bin/bash -c "Jenkins" jenkins
 usermod -a -G bluejay jenkins
 usermod -a -G jenkins bluejay
 chcon -u system_u -t var_lib_t /var/lib/jenkins/.
-chmod 750 /var/lib/jenkins/.
+chmod 750 /var/lib/jenkins/.</code>
+  * Populate ''jenkins'' login's ''~/.ssh'' directory:<code>cd ~jenkins ; mkdir .ssh ; cd .ssh
-cd ~jenkins ; mkdir .ssh ; cd .ssh
 ssh-keygen -t rsa -f id_rsa -C jenkins@hostname
 cp -a id_rsa.pub authorized_keys
 chown -R jenkins:jenkins .
 chcon -R -u unconfined_u -t ssh_home_t .
-chmod 700 . ; chmod 600 *
+chmod 700 . ; chmod 600 *</code>
-scp ./id_rsa.pub someone@somewhere:/home/someone/dot-ssh/jenkins_host.pub
+  * Copy public key to central staging location, and make sure it gets populated into Bluejay web server's ''bluejay'' login ''~/.ssh/authorized_keys'' file:<code>scp ./id_rsa.pub someone@somewhere:/home/someone/dot-ssh/jenkins_host.pub</code>
+  * Create Jenkins agent workspace:<code>cd ~bluejay ; mkdir -p jenkins
-cd ~bluejay ; mkdir .ssh ; cd .ssh
-ssh-keygen -t rsa -f id_rsa -C bluejay@hostname
-cp -a id_rsa.pub authorized_keys
-chown -R bluejay:bluejay .
-chcon -R -u unconfined_u -t ssh_home_t .
-chmod 700 . ; chmod 600 *
-scp ./id_rsa.pub someone@somewhere:/home/someone/dot-ssh/bluejay_host.pub
-populate /etc/hosts
-cd ~bluejay ; mkdir -p jenkins
 chown bluejay:jenkins ./jenkins/.
 chmod 770 ./jenkins/.
@@ Line 245: / Line 227: @@
 chcon -u system_u -t var_lib_t ./jenkins/.
 </code>
+  * Populate Jenkins controller's ''jenkins'' login SSH key into ''bluejay'' login's ''authorized_keys''
-populate jenkins known hosts file on Jenkins host
+  * Populate jenkins ''known_hosts'' file on Jenkins host
  \\
@@ Line 261: / Line 243: @@
   * apache: uid=48, gid=1739
   * mantis: uid=''17236'', gid=''?''
-  * wildfly: uid=''282'', gid=''28202''
+  * wildfly: uid=''185'', gid=''185'' <del>wildfly: uid=''282'', gid=''28202''</del>
+  * thorium: gid=''34625''
   * perfmgmt: gid=''4035''
@@ Line 285: / Line 268: @@
 Perform the whole thing in reverse when ''/opt'' is resized \\
+===== Some Problems/Resolutions =====
+==== FIPS-compliant Venafi-generated SSL certs ====
+This problem: [[http://openssl.6102.n7.nabble.com/DEK-info-FIPS-openssl-td23289.html]] \\
+... is resolved by downloading cert from Venafi in ''PKCS#8'' format \\

Albert Lea Data Wiki

User Tools

Site Tools

Differences

Page Tools