stackstorm安装 cd /opt/stackstorm/ [root@vm2 stackstorm]# ll drwxr-xr-x 2 st2 root 6 May 6 02:41 configs drwxr-xr-x 2 st2 root 6 May 6 02:41 exports drwxr-xr-x 7 root root 80 Aug 13 18:45 mistral drwxr-xr-x 2 st2 root 6 May 6 02:41 overrides drwxr-xr-x 8 root root 85 Aug 13 21:56 packs drwxr-xr-x 7 root root 100 Aug 13 18:17 st2 drwxr-xr-x 3 root root 19 Aug 13 22:09 static drwxrwxr-x 3 root st2packs 17 Aug 13 21:56 virtualenvs 1、 用命令 getenforce 检查SELinux是否在Enforcing 模式 2、如果返回时Enforing,执行命令: sudo yum install-y policycoreutils-python # SELinux管理工具 sudo setsebool -P httpd_can_network_connect 1 #运行nginx访问网络 sudo semanage port --list| grep -q 25672 || sudo semanage port -a -t amqp_port_t -p tcp 25672 #运行rabbitmq使用端口25672 3、安装mongodb, rabbitmq和postgresql 说明: 当前st2支持mongodb版本是 3.4,mongodb 3.4版本支持st2.2.0以上。在1.6.0版本之前的仅仅支持mongodb 2.x。 sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm 获取最新的mongodb版本(3.4): rpm --import https://www.mongodb.org/static/pgp/server-3.4.asc vi /etc/yum.repos.d/mongodb-org-3.4.repo [mongodb-org-3.4] name=MongoDB Repository baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.4/x86_64/ gpgcheck=1 enabled=1 gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc yum -y install crudini yum -y install mongodb-org yum -y install rabbitmq-server systemctl start mongod rabbitmq-server systemctl enable mongod rabbitmq-server mongodb Dependency Installed: mongodb-org-mongos.x86_64 0:3.4.24-1.el7 mongodb-org-server.x86_64 0:3.4.24-1.el7 mongodb-org-shell.x86_64 0:3.4.24-1.el7 mongodb-org-tools.x86_64 0:3.4.24-1.el7 rabbitmq Installed: rabbitmq-server.noarch 0:3.3.5-34.el7 rabbitmq-server Dependency Installed: erlang-asn1.x86_64 0:R16B-03.18.el7 erlang-compiler.x86_64 0:R16B-03.18.el7 erlang-crypto.x86_64 0:R16B-03.18.el7 erlang-erts.x86_64 0:R16B-03.18.el7 erlang-hipe.x86_64 0:R16B-03.18.el7 erlang-inets.x86_64 0:R16B-03.18.el7 erlang-kernel.x86_64 0:R16B-03.18.el7 erlang-mnesia.x86_64 0:R16B-03.18.el7 erlang-os_mon.x86_64 0:R16B-03.18.el7 erlang-otp_mibs.x86_64 0:R16B-03.18.el7 erlang-public_key.x86_64 0:R16B-03.18.el7 erlang-runtime_tools.x86_64 0:R16B-03.18.el7 erlang-sasl.x86_64 0:R16B-03.18.el7 erlang-sd_notify.x86_64 0:0.1-1.el7 erlang-snmp.x86_64 0:R16B-03.18.el7 erlang-ssl.x86_64 0:R16B-03.18.el7 erlang-stdlib.x86_64 0:R16B-03.18.el7 erlang-syntax_tools.x86_64 0:R16B-03.18.el7 erlang-tools.x86_64 0:R16B-03.18.el7 erlang-xmerl.x86_64 0:R16B-03.18.el7 lksctp-tools.x86_64 0:1.0.17-2.el7 安装redis: yum install -y redis Installed: redis.x86_64 0:3.2.12-2.el7 Dependency Installed: jemalloc.x86_64 0:3.6.0-1.el systemctl start redis systemctl enable redis 安装postgresql: yum -y install postgresql-server postgresql-contrib postgresql-devel Installed: postgresql-contrib.x86_64 0:9.2.24-8.el7_9 postgresql-devel.x86_64 0:9.2.24-8.el7_9 postgresql-server.x86_64 0:9.2.24-8.el7_9 Dependency Installed: postgresql.x86_64 0:9.2.24-8.el7_9 postgresql-libs.x86_64 0:9.2.24-8.el7_9 uuid.x86_64 0:1.6.2-26.el7 初始化PostgreSQL: sudo postgresql-setup initdb 确保本地有权限访问pgsql,配置pgsql通过md5加密方式进行通讯: sudo sed -i "s/(host.*all.*all.127.0.0.1/32.)ident/\1md5/" /var/lib/pgsql/data/pg_hba.conf sudo sed -i "s/(host.all.all.::1/128.)ident/\1md5/" /var/lib/pgsql/data/pg_hba.conf # IPv4 local connections: host all all 127.0.0.1/32 md5 # IPv6 local connections: host all all ::1/128 md5 启动PostgreSQL服务: systemctl start postgresql systemctl enable postgresql 4、下载stackstorm程序库 以下脚本将检测您的平台和体系结构并设置适当的StackStorm存储库。 它还将添加用于软件包签名的GPG**。 curl -s https://packagecloud.io/install/repositories/StackStorm/stable/script.rpm.sh | sudo bash -->其实就是配置sackstorm yum源 /etc/yum.repos.d/StackStorm_stable.repo cat /etc/yum.repos.d/StackStorm_stable.repo [StackStorm_stable] name=StackStorm_stable baseurl=https://packagecloud.io/StackStorm/stable/el/7/$basearch repo_gpgcheck=1 gpgcheck=0 enabled=1 gpgkey=https://packagecloud.io/StackStorm/stable/gpgkey sslverify=1 sslcacert=/etc/pki/tls/certs/ca-bundle.crt metadata_expire=300 [StackStorm_stable-source] name=StackStorm_stable-source baseurl=https://packagecloud.io/StackStorm/stable/el/7/SRPMS repo_gpgcheck=1 gpgcheck=0 enabled=1 gpgkey=https://packagecloud.io/StackStorm/stable/gpgkey sslverify=1 sslcacert=/etc/pki/tls/certs/ca-bundle.crt metadata_expire=300 5、安装stackstorm组件库 sudo yum install -y st2 #RabbitMQ、MongoDB、PostgreSQL如果服务应用在不同服务器上,只需要修改以下配置路径即可 RabbitMQ 在 /etc/st2/st2.conf 和/etc/mistral/mistral.conf MongoDB 在 /etc/st2/st2.conf PostgreSQL 在 /etc/mistral/mistral.conf 安装的所有包: Installed: st2.x86_64 0:3.7.0-2 Dependency Installed: keyutils-libs-devel.x86_64 0:1.5.8-3.el7 krb5-devel.x86_64 0:1.15.1-54.el7_9 libcom_err-devel.x86_64 0:1.42.9-19.el7 libffi-devel.x86_64 0:3.0.13-19.el7 libkadm5.x86_64 0:1.15.1-54.el7_9 libselinux-devel.x86_64 0:2.5-15.el7 libsepol-devel.x86_64 0:2.5-10.el7 libtirpc.x86_64 0:0.2.4-0.16.el7 libverto-devel.x86_64 0:0.2.5-4.el7 openssl-devel.x86_64 1:1.0.2k-25.el7_9 pcre-devel.x86_64 0:8.32-17.el7 python-rpm-macros.noarch 0:3-34.el7 python3.x86_64 0:3.6.8-18.el7 python3-devel.x86_64 0:3.6.8-18.el7 python3-libs.x86_64 0:3.6.8-18.el7 python3-pip.noarch 0:9.0.3-8.el7 python3-rpm-generators.noarch 0:6-2.el7 python3-rpm-macros.noarch 0:3-34.el7 python3-setuptools.noarch 0:39.2.0-10.el7 zlib-devel.x86_64 0:1.2.7-20.el7_9 Dependency Updated: krb5-libs.x86_64 0:1.15.1-54.el7_9 openssl.x86_64 1:1.0.2k-25.el7_9 openssl-libs.x86_64 1:1.0.2k-25.el7_9 zlib.x86_64 0:1.2.7-20.el7_9 安装st2mistral: yum install -y st2mistral Installed: st2mistral.x86_64 0:3.2.0-1 Dependency Installed: libyaml.x86_64 0:0.1.4-11.el7_0 6、设置数据存储加密 Key-Value存储方案允许用户存储加密后的Value值。 这些值使用对称加密(AES256)进行存储: DATASTORE_ENCRYPTION_KEYS_DIRECTORY="/etc/st2/keys" DATASTORE_ENCRYPTION_KEY_PATH="${DATASTORE_ENCRYPTION_KEYS_DIRECTORY}/datastore_key.json" mkdir -p ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY} st2-generate-symmetric-crypto-key --key-path ${DATASTORE_ENCRYPTION_KEY_PATH} 仅仅允许st2用户读取数据 chgrp st2 ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY} chmod o-r ${DATASTORE_ENCRYPTION_KEYS_DIRECTORY} chgrp st2 ${DATASTORE_ENCRYPTION_KEY_PATH} chmod o-r ${DATASTORE_ENCRYPTION_KEY_PATH} 设置密钥配置,生成一个加密密钥文件,并存放至指定位置。在配置文件中设置key的路径,: crudini --set /etc/st2/st2.conf keyvalue encryption_key_path ${DATASTORE_ENCRYPTION_KEY_PATH} st2ctl restart-component st2api 7、设置Mistral数据库 通过如下命令来设置Mistral PostgreSQL数据库: # 在PostgreSQL中创建 Mistral数据库 cat << EHD | sudo -u postgres psql CREATE ROLE mistral WITH CREATEDB LOGIN ENCRYPTED PASSWORD 'StackStorm'; CREATE DATABASE mistral OWNER mistral; EHD # 设置Ministral数据库表 /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head # 注册mistral动作 /opt/stackstorm/mistral/bin/mistral-db-manage --config-file /etc/mistral/mistral.conf populate | grep -v -e openstack -e keystone 8、配置SSH和SUDO 要运行本地和远程shell操作,StackStorm使用特殊的系统用户(默认为stanley)。对于远程Linux操作,使用SSH。建议在所有远程主机上配置基于公共**的SSH访问。我们还建议配置SSH访问localhost以运行示例和测试。 创建StackStorm系统用户,启用无密码sudo,并设置对“localhost”的ssh访问权限,以便可以在本地测试基于SSH的操作。 创建SSH系统用户 (默认stanley 用户已经存在) useradd stanley mkdir -p /home/stanley/.ssh chmod 0700 /home/stanley/.ssh 生成SSH: ssh-keygen -f /home/stanley/.ssh/stanley_rsa -P "" 授权key访问权限: sh -c 'cat /home/stanley/.ssh/stanley_rsa.pub >> /home/stanley/.ssh/authorized_keys' chown -R stanley:stanley /home/stanley/.ssh 开启无密码sudo(配置stanley执行sudo免密): sh -c 'echo "stanley ALL=(ALL) NOPASSWD: SETENV: ALL" >> /etc/sudoers.d/st2' chmod 0440 /etc/sudoers.d/st2 Make sure Defaults requiretty is disabled in /etc/sudoers sed -i -r "s/^Defaults\s++?requiretty/# Defaults +requiretty/g" /etc/sudoers 在StackStorm将通过SSH运行远程操作的远程主机上配置SSH访问并启用无密码sudo。 使用上一步中生成的公钥,按照配置SSH中的说明操作。 要控制Windows框,请为Windows runner配置访问权限。 如果使用的是其他用户或SSH密钥的路径,则需要在/etc/st2/st2.conf中修改此部分: [system_user] user = stanley ssh_key_file = /home/stanley/.ssh/stanley_rsa 启动服务: 启动stackstorm服务: st2ctl start 注册sensors,rules, actions: st2ctl reload 9、验证服务 验证stackstorm是否安装成功: # st2 --version st2 3.7.0, on Python 3.6.8 遍历核心包的所有动作: st2 action list --pack=core # 本地执行一个shell命令: st2 run core.local -- date -R # 查看命令执行结果: st2 execution list # 通过ssh远程执行命令(无密码sudo) st2 run core.remote hosts='localhost' -- uname -a # 安装包: st2 pack install st2 #st2ctl相关的控制命令 #st2ctl start|stop|status|restart|restart-component|reload|clean