Install Rudder Root server on RHEL-like systems

Add the Rudder packages repository

Each package that is published by Rudder Project is signed with our GPG signature. To ensure the packages you will install are official builds and have not been altered, import our key into rpm using the following command:

rpm --import https://www.rudder-project.org/rpm-repos/rudder_rpm_key.pub

Our key fingerprint is:

pub  1024R/6F07D355 2012-11-09 Rudder Project (RPM release key) <security@rudder-project.org>
      Key fingerprint = 1141 A947 CDA0 4E83 82C1  B9C4 ADAB 3BD3 6F07 D355

Then run the following command as root:

echo '[Rudder_3.2]
name=Rudder 3.2 EL repository
baseurl=http://www.rudder-project.org/rpm-3.2/RHEL_$releasever/
gpgcheck=1
gpgkey=http://www.rudder-project.org/rpm-3.2/RHEL_$releasever/repodata/repomd.xml.key' > /etc/yum.repos.d/rudder.repo

Install your Rudder Root Server

To begin the installation, you should simply install the rudder-server-root metapackage, which will install the required components:

yum install rudder-server-root

On Red Hat-like systems, a firewall setup is enabled by default, and would need to be adjusted for Rudder to operate properly. You have to allow all the flows described in the Network section.

[Tip]Tip

On EL6, the /etc/sysconfig/iptables file configures the firewall:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
# Allow SSH access (Maintenance)
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
# Allow HTTPS access (Rudder)
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

The important line to have access to the Web interface being:

# Allow HTTPS access (Rudder)
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
[Tip]Tip

On EL7, the default firewall is firewalld, and you can enable HTTP/S access by running

firewall-cmd --permanent --zone=public --add-port=443/tcp

Now jump to the next section to configure your server.