Multiserver Rudder

From version 3.0 Rudder can be divided into 4 different components:

  • rudder-web: an instance with the webapp and the central policy server
  • rudder-ldap: the inventory endpoint and its ldap backend
  • rudder-db: the postgresql storage
  • rudder-relay-top: the contact point for nodes

Preliminary steps

You need the setup scripts provided at https://github.com/normation/rudder-tools/tree/master/scripts/rudder-multiserver-setup. You can download them with this command:

mkdir rudder-multiserver-setup
cd rudder-multiserver-setup
for i in add_repo detect_os.sh rudder-db.sh rudder-ldap.sh rudder-relay-top.sh rudder-web.sh
do
  wget --no-check-certificate https://raw.githubusercontent.com/Normation/rudder-tools/master/scripts/rudder-multiserver-setup/$i
done
chmod 755 *
cd ..

You need 4 instances of supported OS, one for each component. Only the rudder-web instance need at least 2GB of RAM.

Register the 4 names in the DNS or add them in /etc/hosts on each instance.

Add firewall rules:

  • from rudder-web to rudder-db port pgsql TCP
  • from rudder-* to rudder-web port rsyslog 514 TCP
  • from rudder-relay-top to rudder-ldap port 8080 TCP
  • from rudder-web to rudder-ldap port 8080 TCP
  • from rudder-web to rudder-ldap port 389 TCP
  • from rudder-web to rudder-relay-top port 5309

Install rudder-relay-top

Copy the rudder-multiserver-setup directory to you instance.

Run rudder-relay-top.sh as root, replace <rudder-web> with the hostname of the rudder-web instance:

cd rudder-multiserver-setup
./rudder-relay-top.sh <rudder-web>

Take note of the UUID. If you need it later read, it is in the file /opt/rudder/etc/uuid.hive

Install rudder-db

Copy the rudder-multiserver-setup directory to you instance.

Run rudder-db.sh as root, replace <rudder-web> with the hostname of the rudder-web instance, replace <allowed-network> with the network containing the rudder-web instances:

cd rudder-multiserver-setup
./rudder-db.sh <rudder-web> <allowed-network>

Install rudder-ldap

Copy the rudder-multiserver-setup directory to you instance.

Run rudder-ldap.sh as root, replace <rudder-web> with the hostname of the rudder-web instance:

cd rudder-multiserver-setup
./rudder-ldap.sh <rudder-web>

Install rudder-web

Copy the rudder-multiserver-setup directory to you instance.

Run rudder-relay-top.sh as root, replace <rudder-*> with the hostname of the corresponding instance:

cd rudder-multiserver-setup
./rudder-web.sh <rudder-web> <rudder-ldap> <rudder-db> <rudder-relay-top>

Connect rudder web interface and accept all nodes. Then run the following command where <relay-uuid> is the uuid from rudder-relay-top setup.

/opt/rudder/bin/rudder-node-to-relay <relay-uuid>