Install Inmanta

This page explains how to install the Inmanta orchestrator software and setup an orchestration server. Regardless what platform you installed it on, Inmanta requires at least Python and Git to be installed.

Install the software

Step 1: Install the software

For RHEL, Almalinux and Rockylinux 8 and 9 based systems use dnf:

sudo tee /etc/yum.repos.d/inmanta-oss-stable.repo <<EOF
[inmanta-oss-stable]
name=inmanta-oss-stable
baseurl=https://packages.inmanta.com/public/oss-stable/rpm/el/\$releasever/\$basearch
repo_gpgcheck=1
enabled=1
gpgkey=https://packages.inmanta.com/public/oss-stable/gpg.A34DD0A274F07713.key
gpgcheck=1
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
pkg_gpgcheck=1
autorefresh=1
type=rpm-md
EOF

sudo dnf install -y inmanta-oss inmanta-oss-server inmanta-oss-agent

The first package (inmanta-oss) contains all the code and the commands. The server and the agent packages install config files and systemd unit files. The web-console is installed with the server package.

First make sure Python >= 3.9 and git are installed. Inmanta requires many dependencies so it is recommended to create a virtual env. Next install inmanta with pip install in the newly created virtual env.

Please note, the path to the virtual env is arbitrary. Your desired path can override below example.

# Install GCC, python3 >= 3.9 and pip
sudo apt-get update
sudo apt-get install build-essential
sudo apt-get install python3-pip

# Install wheel and inmanta in a python venv
sudo apt-get install python3-venv
sudo python3 -m venv /opt/inmanta
sudo /opt/inmanta/bin/pip install -U pip wheel
sudo /opt/inmanta/bin/pip install inmanta
sudo /opt/inmanta/bin/inmanta --help

# Install PostgreSQL
sudo apt-get install postgresql postgresql-client

Download the configuration files named inmanta.cfg and extensions.cfg (these names are arbitrary) in your virtual env:

sudo mkdir /opt/inmanta/inmanta.d
sudo apt-get install wget
sudo wget -O /opt/inmanta/inmanta.cfg "https://raw.githubusercontent.com/inmanta/inmanta-core/master/misc/inmanta.cfg"
sudo wget -O /opt/inmanta/inmanta.d/extensions.cfg "https://raw.githubusercontent.com/inmanta/inmanta-core/master/misc/extensions.cfg"

If you want to use the web-console you need to install it as well:

Get the pre-built package from our web-console github page. Click on the the package name to go to the package’s main page, then on the right hand side under Assets, you will see the compressed package. Download and extract it to your desired directory (preferably, on the same virtual env which was created earlier, in this case, /opt/inmanta). Next, open the inmanta.cfg file and at the bottom of the file, under the [web-console] section, change the path value to the dist directory of where you extracted the pre-built package. For instance:

path=/opt/inmanta/web-console/package/dist

Then the Inmanta server can be started using below command (please note, below command has to be run after completing the Configure server) part:

sudo /opt/inmanta/bin/inmanta -vv -c /opt/inmanta/inmanta.cfg --config-dir /opt/inmanta/inmanta.d server

First make sure Python >= 3.9 and git are installed. Inmanta requires many dependencies so it is recommended to create a virtual env. Next install inmanta with pip install in the newly created virtual env.

Please note, the path to the virtual env is arbitrary. Your desired path can override below example.

# Install python3 >= 3.9 and git
# If git is not already installed, by running git in your terminal, the installation guide will be shown
sudo python3 -m venv /opt/inmanta
sudo /opt/inmanta/bin/pip install -U pip wheel
sudo /opt/inmanta/bin/pip install inmanta
sudo /opt/inmanta/bin/inmanta --help

Install PostgreSQL using this guide

Download the configuration files named inmanta.cfg and extensions.cfg (these names are arbitrary) in your virtual env:

sudo mkdir /opt/inmanta/inmanta.d
sudo wget -O /opt/inmanta/inmanta.cfg "https://raw.githubusercontent.com/inmanta/inmanta-core/master/misc/inmanta.cfg"
sudo wget -O /opt/inmanta/inmanta.d/extensions.cfg "https://raw.githubusercontent.com/inmanta/inmanta-core/master/misc/extensions.cfg"

If you want to use the web-console you need to install it as well:

Get the pre-built package from our web-console github page. Click on the the package name to go to the package’s main page, then on the right hand side under Assets, you will see the compressed package. Download and extract it to your desired directory (preferably, on the same virtual env which was created earlier, in this case, /opt/inmanta). Next, open the inmanta.cfg file and at the bottom of the file, under the [web-console] section, change the path value to the dist directory of where you extracted the pre-built package. For instance:

path=/opt/inmanta/web-console/package/dist

Then the Inmanta server can be started using below command (please note, below command has to be run after completing the Configure server) part:

sudo /opt/inmanta/bin/inmanta -vv -c /opt/inmanta/inmanta.cfg --config-dir /opt/inmanta/inmanta.d server

On Windows only the compile and export commands are supported. This is useful in the Push to server deployment mode of inmanta. First make sure you have Python >= 3.9 and git. Inmanta requires many dependencies so it is recommended to create a virtual env. Next install inmanta with pip install in the newly created virtual env.

# Install python3 >= 3.9 and git
python3 -m venv C:\inmanta\env
C:\inmanta\env\Script\pip install inmanta
C:\inmanta\env\Script\inmanta --help

Get the source either from our release page on github or clone/download a branch directly.

git clone https://github.com/inmanta/inmanta-core.git
cd inmanta
pip install -c requirements.txt .

Warning

When you use Inmanta modules that depend on python libraries with native code, python headers and a working compiler are required as well.

Configure server

This guide goes through the steps to set up an Inmanta service orchestrator server. This guide assumes a RHEL 8 based server is used. The rpm packages install the server configuration file in /etc/inmanta/inmanta.cfg.

Optional step 2: Setup SSL and authentication

Follow the instructions in Setting up SSL and authentication to configure both SSL and authentication. While not mandatory, it is highly recommended you do so.

Step 3: Install PostgreSQL 13

For most platforms you can install PostgreSQL 13 following the installation guide for your platform.

For RHEL based systems you can also use the PostgreSQL that comes with the distribution.

sudo dnf module install postgresql:13/server

Step 4: Setup a PostgreSQL database for the Inmanta server

Initialize the PostgreSQL server:

sudo su - postgres -c "postgresql-13-setup --initdb"

Start the PostgreSQL database and make sure it is started at boot.

sudo systemctl enable --now postgresql-13

Create a inmanta user and an inmanta database by executing the following command. This command will request you to choose a password for the inmanta database.

sudo -u postgres -i bash -c "createuser --pwprompt inmanta"
sudo -u postgres -i bash -c "createdb -O inmanta inmanta"

Change the authentication method for local connections to md5 by changing the following lines in the /var/lib/pgsql/data/pg_hba.conf file

# IPv4 local connections:
host    all             all             127.0.0.1/32            ident
# IPv6 local connections:
host    all             all             ::1/128                 ident

to

# IPv4 local connections:
host    all             all             127.0.0.1/32            md5
# IPv6 local connections:
host    all             all             ::1/128                 md5

Make sure JIT is disabled for the PostgreSQL database as it might result in poor query performance. To disable JIT, set

# disable JIT
jit = off

in /var/lib/pgsql/13/data/postgresql.conf.

Restart the PostgreSQL server to apply the changes made in the pg_hba.conf and postgresql.conf files:

sudo systemctl restart postgresql-13

Step 5: Set the database connection details

Add a /etc/inmanta/inmanta.d/database.cfg file as such that it contains the correct database connection details. That file should look as follows:

[database]
host=<ip-address-database-server>
name=inmanta
username=inmanta
password=<password>

Replace <password> in the above-mentioned snippet with the password of the inmanta database. By default Inmanta tries to connect to the local server and uses the database inmanta. See the database section in the configfile for other options.

Step 6: Set the server address

When virtual machines are started by this server that install the inmanta agent, the correct server.server-address needs to be configured. This address is used to create the correct boot script for the virtual machine.

Set this value to the hostname or IP address that other systems use to connect to the server in the configuration file stored at /etc/inmanta/inmanta.d/server.cfg.

[server]
server-address=<server-ip-address-or-hostname>

Note

If you deploy configuration models that modify resolver configuration it is recommended to use the IP address instead of the hostname.

Step 7: Configure ssh of the inmanta user

The inmanta user that runs the server needs a working ssh client. This client is required to checkout git repositories over ssh and if the remote agent is used.

  1. Provide the inmanta user with one or more private keys:

  1. Generate a new key with ssh-keygen as the inmanta user: sudo -u inmanta ssh-keygen -N ""

  2. Install an exiting key in /var/lib/inmanta/.ssh/id_rsa

  3. Make sure the permissions and ownership are set correctly.

ls -l /var/lib/inmanta/.ssh/id_rsa

-rw-------. 1 inmanta inmanta 1679 Mar 21 13:55 /var/lib/inmanta/.ssh/id_rsa
  1. Configure ssh to accept all host keys or white list the hosts that are allowed or use signed host keys (depends on your security requirements). This guide configures ssh client for the inmanta user to accept all host keys. Create /var/lib/inmanta/.ssh/config and create the following content:

Host *
    StrictHostKeyChecking no
    UserKnownHostsFile=/dev/null

Ensure the file belongs to the inmanta user:

sudo chown inmanta:inmanta /var/lib/inmanta/.ssh/config
  1. Add the public key to any git repositories and save it to include in configuration models that require remote agents.

  2. Test if you can login into a machine that has the public key and make sure ssh does not show you any prompts to store the host key.

Step 8: Configure the server bind address

By default the server only listens on localhost, port 8888. This can be changed by altering the server.bind-address and server.bind-port options in the /etc/inmanta/inmanta.d/server.cfg file.

[server]
bind-address=<server-bind-address>
bind-port=<server-bind-port>

Step 9: Enable the required Inmanta extensions

Make sure that the required Inmanta extensions are enabled. This is done by adding a configuration file with the following content to /etc/inmanta/inmanta.d/extensions.cfg.

[server]
enabled_extensions=ui

This file is also installed by the RPM.

Step 10: Start the Inmanta server

Start the Inmanta server and make sure it is started at boot.

sudo systemctl enable --now inmanta-server

The web-console is now available on the port and host configured in step 8.

Optional Step 11: Setup influxdb for collection of performance metrics

Follow the instructions in Performance Metering to send performance metrics to influxdb. This is only recommended for production deployments.

Optional Step 12: Configure logging

Logging can be configured by following the instructions in Logging.