User Tools
tech:linux:centos:optum
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
tech:linux:centos:optum [2018/06/07 16:01] admin |
tech:linux:centos:optum [2021/03/28 09:47] (current) rk4n3 |
||
|---|---|---|---|
| Line 15: | Line 15: | ||
| * Update system with ''yum update'' | * Update system with ''yum update'' | ||
| * Lay out storage per conventions | * Lay out storage per conventions | ||
| - | * Install/enable EPEL | + | * Install/enable EPEL: ''dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm'' |
| * Install ''newterm'' | * Install ''newterm'' | ||
| * Create users | * Create users | ||
| Line 77: | Line 77: | ||
| * Make sure ''/var/lib/mysql'' has ''mysqld_db_t'' type, in the directory: ''chcon -t mysqld_db_t .'' | * Make sure ''/var/lib/mysql'' has ''mysqld_db_t'' type, in the directory: ''chcon -t mysqld_db_t .'' | ||
| + | ------ | ||
| ==== Apache Installation ==== | ==== Apache Installation ==== | ||
| Previously-mentioned package install via ''yum'' installs the software | Previously-mentioned package install via ''yum'' installs the software | ||
| Line 87: | Line 88: | ||
| Perform the typical ''systemctl enable httpd'' and ''service httpd start'' for startup | Perform the typical ''systemctl enable httpd'' and ''service httpd start'' for startup | ||
| + | ------ | ||
| ==== InfluxDB Installation ==== | ==== InfluxDB Installation ==== | ||
| Resource [[https://influxdbcom.readthedocs.io/en/latest/content/docs/v0.9/guides/clustering|Clustering InfluxDB ...]] \\ | Resource [[https://influxdbcom.readthedocs.io/en/latest/content/docs/v0.9/guides/clustering|Clustering InfluxDB ...]] \\ | ||
| Line 122: | Line 124: | ||
| </code> | </code> | ||
| Remember to ''systemctl enable influxdb'' and ''service influxdb start'' \\ | Remember to ''systemctl enable influxdb'' and ''service influxdb start'' \\ | ||
| - | See: [[https://docs.influxdata.com/influxdb/v1.5/query_language/authentication_and_authorization|InfluxDB auth]] | + | === InfluxDB Auth === |
| + | See: [[https://docs.influxdata.com/influxdb/v1.5/query_language/authentication_and_authorization|InfluxDB auth]] \\ | ||
| + | <code>create user admin with password 'somepassword' with all privileges; | ||
| + | create user jmeter with password 'somepassword'; | ||
| + | create database jmeter; | ||
| + | grant [READ,WRITE,ALL] on "jmeter" TO "jmeter"; | ||
| + | revoke [READ,WRITE,ALL] on "jmeter" from "jmeter";</code> | ||
| + | ------ | ||
| ==== Grafana Installation ==== | ==== Grafana Installation ==== | ||
| Create the file ''/etc/yum.repos.d/grafana.repo'' with this content: | Create the file ''/etc/yum.repos.d/grafana.repo'' with this content: | ||
| Line 145: | Line 154: | ||
| Log in (default login is ''admin'' with password ''admin'') and change password, add user(s) \\ | Log in (default login is ''admin'' with password ''admin'') and change password, add user(s) \\ | ||
| Install the InfluxDB datasource plugin (find in plugins section, follow instructions) | Install the InfluxDB datasource plugin (find in plugins section, follow instructions) | ||
| - | + | ==== LDAP for Grafana ==== | |
| - | ==== Jenkins Installation ==== | + | Edit ''/etc/grafana/grafana.ini'':<code>[auth.ldap] |
| - | Pull the Jenkins repository file and import its GPG key: | + | enabled = true |
| - | <code> | + | config_file = /etc/grafana/ldap.toml |
| - | wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins.io/redhat-stable/jenkins.repo | + | allow_sign_up = true |
| - | rpm --import http://pkg.jenkins.io/redhat-stable/jenkins.io.key | + | |
| </code> | </code> | ||
| - | ... then, do a ''yum update'' and ''yum install jenkins'' \\ | + | Edit ''/etc/grafana/ldap.toml'': |
| - | If the ''jenkins'' login isn't locked down off-server: | + | * Under ''servers.attributes'' section, make sure username is set to ''sAMAccountName'' for Active Directory |
| - | * Enable login for Jenkins with ''usermod -s /bin/bash jenkins'' | + | * Under ''servers.group_mappings'' section, group_dn should be ''cn=bluejay_adm,cn=Users,dc=ms,dc=ds,dc=uhc,dc=com'' |
| - | * Log in as ''jenkins'' and create SSH key with: ''ssh-keygen -t rsa'' | + | * Editor role: ''cn=github_users,cn=Users,dc=ms,dc=ds,dc=uhc,dc=com'' |
| - | Otherwise: | + | * Host: ''"ADC21101.ms.ds.uhc.com"'' |
| - | * Create SSH key for ''jenkins'' from root: ''ssh-keygen -f id_rsa -C "jenkins@bluejay"'' | + | * ssl_skip_verify = true |
| - | Open firewall for Jenkins:<code> | + | * bind_dn: ''"oaptbot@ms.ds.uhc.com"'' |
| - | firewall-cmd --permanent --zone=public --add-port=8080/tcp | + | * bind_password: '''BlueJay1!''' |
| - | firewall-cmd --reload | + | * search_filter: ''"(sAMAccountName=%s)"'' |
| - | </code> | + | * search_base_dns: ''["cn=Users,dc=ms,dc=ds,dc=uhc,dc=com"]'' |
| - | Remember to ''systemctl enable jenkins'' and ''service jenkins start'' \\ | + | * |
| - | Log in (default login is ''admin'' with password ''admin'') and change password, add user(s) \\ | + | |
| - | ==== Maven Installation ==== | + | ------ |
| - | Get latest maven archive, example:<code>wget http://www-eu.apache.org/dist/maven/maven-3/3.5.3/binaries/apache-maven-3.5.3-bin.tar.gz</code> | + | ==== Jenkins & Maven Installation ==== |
| - | Extract to suitable location and sym-link to it (''/usr/maven'' or ''/opt/maven'') \\ | + | See [[tech:devops:jenkins:start|Jenkins Topics]] \\ |
| - | Set environment variables in ''/etc/profile.d/maven.sh'':<code> | + | |
| - | export M3_HOME=/usr/maven | + | |
| - | export M2_HOME=${M3_HOME} | + | |
| - | export PATH=${M3_HOME}/bin:${PATH} | + | |
| - | </code> | + | |
| - | ... perform a ''source /etc/profile.d/maven.sh'' to get these in current shell. | + | |
| + | ------ | ||
| ===== Bluejay LG Node ===== | ===== Bluejay LG Node ===== | ||
| * Ensure central repository at ''/var/www/html/pub/eptrepo/jmeter'' is populated, and create SSL cert | * Ensure central repository at ''/var/www/html/pub/eptrepo/jmeter'' is populated, and create SSL cert | ||
| Line 241: | Line 243: | ||
| * apache: uid=48, gid=1739 | * apache: uid=48, gid=1739 | ||
| * mantis: uid=''17236'', gid=''?'' | * mantis: uid=''17236'', gid=''?'' | ||
| - | * wildfly: uid=''282'', gid=''28202'' | + | * wildfly: uid=''185'', gid=''185'' <del>wildfly: uid=''282'', gid=''28202''</del> |
| + | * thorium: gid=''34625'' | ||
| * perfmgmt: gid=''4035'' | * perfmgmt: gid=''4035'' | ||
| Line 265: | Line 268: | ||
| Perform the whole thing in reverse when ''/opt'' is resized \\ | Perform the whole thing in reverse when ''/opt'' is resized \\ | ||
| + | |||
| + | ===== Some Problems/Resolutions ===== | ||
| + | ==== FIPS-compliant Venafi-generated SSL certs ==== | ||
| + | This problem: [[http://openssl.6102.n7.nabble.com/DEK-info-FIPS-openssl-td23289.html]] \\ | ||
| + | ... is resolved by downloading cert from Venafi in ''PKCS#8'' format \\ | ||
tech/linux/centos/optum.1528405319.txt.gz · Last modified: 2018/06/07 16:01 by admin
Page Tools
