Install Inmanta¶
This page explains how to install the Inmanta orchestrator software and setup an orchestration server. Regardless what platform you installed it on, Inmanta requires at least Python and Git to be installed.
Install the software¶
Step 1: Install the software¶
For RHEL, Almalinux and Rockylinux 8 and 9 based systems use dnf:
sudo tee /etc/yum.repos.d/inmanta-oss-stable.repo <<EOF
[inmanta-oss-stable]
name=inmanta-oss-stable
baseurl=https://packages.inmanta.com/public/oss-stable/rpm/el/\$releasever/\$basearch
repo_gpgcheck=1
enabled=1
gpgkey=https://packages.inmanta.com/public/oss-stable/gpg.A34DD0A274F07713.key
gpgcheck=1
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
pkg_gpgcheck=1
autorefresh=1
type=rpm-md
EOF
sudo dnf install -y inmanta-oss inmanta-oss-server inmanta-oss-agent
The first package (inmanta-oss) contains all the code and the commands. The server and the agent packages install config files and systemd unit files. The web-console is installed with the server package.
First make sure Python >= 3.9 and git are installed. Inmanta requires many dependencies so it is recommended to create a virtual env. Next install inmanta with pip install in the newly created virtual env.
Please note, the path to the virtual env is arbitrary. Your desired path can override below example.
# Install GCC, python3 >= 3.9 and pip
sudo apt-get update
sudo apt-get install build-essential
sudo apt-get install python3-pip
# Install wheel and inmanta in a python venv
sudo apt-get install python3-venv
sudo python3 -m venv /opt/inmanta
sudo /opt/inmanta/bin/pip install -U pip wheel
sudo /opt/inmanta/bin/pip install inmanta
sudo /opt/inmanta/bin/inmanta --help
# Install PostgreSQL
sudo apt-get install postgresql postgresql-client
Download the configuration files named inmanta.cfg
and extensions.cfg
(these names are arbitrary) in your virtual env:
sudo mkdir /opt/inmanta/inmanta.d
sudo apt-get install wget
sudo wget -O /opt/inmanta/inmanta.cfg "https://raw.githubusercontent.com/inmanta/inmanta-core/master/misc/inmanta.cfg"
sudo wget -O /opt/inmanta/inmanta.d/extensions.cfg "https://raw.githubusercontent.com/inmanta/inmanta-core/master/misc/extensions.cfg"
If you want to use the web-console you need to install it as well:
Get the pre-built package from our web-console github page. Click on the the package name to go to the package’s main page, then on the right hand side under Assets
, you will see the compressed package. Download and extract it to your desired directory (preferably, on the same virtual env which was created earlier, in this case, /opt/inmanta). Next, open the inmanta.cfg
file and at the bottom of the file, under the [web-console]
section, change the path
value to the dist
directory of where you extracted the pre-built package. For instance:
path=/opt/inmanta/web-console/package/dist
Then the Inmanta server can be started using below command (please note, below command has to be run after completing the Configure server) part:
sudo /opt/inmanta/bin/inmanta -vv -c /opt/inmanta/inmanta.cfg --config-dir /opt/inmanta/inmanta.d server
First make sure Python >= 3.9 and git are installed. Inmanta requires many dependencies so it is recommended to create a virtual env.
Next install inmanta with pip install
in the newly created virtual env.
Please note, the path to the virtual env is arbitrary. Your desired path can override below example.
# Install python3 >= 3.9 and git
# If git is not already installed, by running git in your terminal, the installation guide will be shown
sudo python3 -m venv /opt/inmanta
sudo /opt/inmanta/bin/pip install -U pip wheel
sudo /opt/inmanta/bin/pip install inmanta
sudo /opt/inmanta/bin/inmanta --help
Install PostgreSQL using this guide
Download the configuration files named inmanta.cfg
and extensions.cfg
(these names are arbitrary) in your virtual env:
sudo mkdir /opt/inmanta/inmanta.d
sudo wget -O /opt/inmanta/inmanta.cfg "https://raw.githubusercontent.com/inmanta/inmanta-core/master/misc/inmanta.cfg"
sudo wget -O /opt/inmanta/inmanta.d/extensions.cfg "https://raw.githubusercontent.com/inmanta/inmanta-core/master/misc/extensions.cfg"
If you want to use the web-console you need to install it as well:
Get the pre-built package from our web-console github page. Click on the the package name to go to the package’s main page, then on the right hand side under Assets
, you will see the compressed package. Download and extract it to your desired directory (preferably, on the same virtual env which was created earlier, in this case, /opt/inmanta). Next, open the inmanta.cfg
file and at the bottom of the file, under the [web-console]
section, change the path
value to the dist
directory of where you extracted the pre-built package. For instance:
path=/opt/inmanta/web-console/package/dist
Then the Inmanta server can be started using below command (please note, below command has to be run after completing the Configure server) part:
sudo /opt/inmanta/bin/inmanta -vv -c /opt/inmanta/inmanta.cfg --config-dir /opt/inmanta/inmanta.d server
On Windows only the compile and export commands are supported. This is useful in the Push to server deployment mode of inmanta. First make sure you have Python >= 3.9 and git. Inmanta requires many dependencies so it is recommended to create a virtual env. Next install inmanta with pip install in the newly created virtual env.
# Install python3 >= 3.9 and git
python3 -m venv C:\inmanta\env
C:\inmanta\env\Script\pip install inmanta
C:\inmanta\env\Script\inmanta --help
Get the source either from our release page on github or clone/download a branch directly.
git clone https://github.com/inmanta/inmanta-core.git
cd inmanta
pip install -c requirements.txt .
Warning
When you use Inmanta modules that depend on python libraries with native code, python headers and a working compiler are required as well.
Configure server¶
This guide goes through the steps to set up an Inmanta service orchestrator server. This guide assumes a RHEL 8 based server is used. The rpm packages install the server configuration file in /etc/inmanta/inmanta.cfg.
Optional step 2: Setup SSL and authentication¶
Follow the instructions in Setting up SSL and authentication to configure both SSL and authentication. While not mandatory, it is highly recommended you do so.
Step 3: Install PostgreSQL 13¶
For most platforms you can install PostgreSQL 13 following the installation guide for your platform.
For RHEL based systems you can also use the PostgreSQL that comes with the distribution.
sudo dnf module install postgresql:13/server
Step 4: Setup a PostgreSQL database for the Inmanta server¶
Initialize the PostgreSQL server:
sudo su - postgres -c "postgresql-13-setup --initdb"
Start the PostgreSQL database and make sure it is started at boot.
sudo systemctl enable --now postgresql-13
Create a inmanta user and an inmanta database by executing the following command. This command will request you to choose a password for the inmanta database.
sudo -u postgres -i bash -c "createuser --pwprompt inmanta"
sudo -u postgres -i bash -c "createdb -O inmanta inmanta"
Change the authentication method for local connections to md5 by changing the following lines in the
/var/lib/pgsql/data/pg_hba.conf
file
# IPv4 local connections:
host all all 127.0.0.1/32 ident
# IPv6 local connections:
host all all ::1/128 ident
to
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
Make sure JIT is disabled for the PostgreSQL database as it might result in poor query performance. To disable JIT, set
# disable JIT
jit = off
in /var/lib/pgsql/13/data/postgresql.conf
.
Restart the PostgreSQL server to apply the changes made in the pg_hba.conf
and postgresql.conf
files:
sudo systemctl restart postgresql-13
Step 5: Set the database connection details¶
Add a /etc/inmanta/inmanta.d/database.cfg
file as such that it contains the correct database connection details.
That file should look as follows:
[database]
host=<ip-address-database-server>
name=inmanta
username=inmanta
password=<password>
Replace <password> in the above-mentioned snippet with the password of the inmanta database. By default Inmanta tries to
connect to the local server and uses the database inmanta. See the database
section in the
configfile for other options.
Step 6: Set the server address¶
When virtual machines are started by this server that install the inmanta agent, the correct
server.server-address
needs to be
configured. This address is used to create the correct boot script for the virtual machine.
Set this value to the hostname or IP address that other systems use to connect to the server
in the configuration file stored at /etc/inmanta/inmanta.d/server.cfg
.
[server]
server-address=<server-ip-address-or-hostname>
Note
If you deploy configuration models that modify resolver configuration it is recommended to use the IP address instead of the hostname.
Step 7: Configure ssh of the inmanta user¶
The inmanta user that runs the server needs a working ssh client. This client is required to checkout git repositories over ssh and if the remote agent is used.
Provide the inmanta user with one or more private keys:
Generate a new key with ssh-keygen as the inmanta user:
sudo -u inmanta ssh-keygen -N ""
Install an exiting key in
/var/lib/inmanta/.ssh/id_rsa
Make sure the permissions and ownership are set correctly.
ls -l /var/lib/inmanta/.ssh/id_rsa -rw-------. 1 inmanta inmanta 1679 Mar 21 13:55 /var/lib/inmanta/.ssh/id_rsa
Configure ssh to accept all host keys or white list the hosts that are allowed or use signed host keys (depends on your security requirements). This guide configures ssh client for the inmanta user to accept all host keys. Create
/var/lib/inmanta/.ssh/config
and create the following content:
Host * StrictHostKeyChecking no UserKnownHostsFile=/dev/nullEnsure the file belongs to the inmanta user:
sudo chown inmanta:inmanta /var/lib/inmanta/.ssh/config
Add the public key to any git repositories and save it to include in configuration models that require remote agents.
Test if you can login into a machine that has the public key and make sure ssh does not show you any prompts to store the host key.
Step 8: Configure the server bind address¶
By default the server only listens on localhost, port 8888.
This can be changed by altering the
server.bind-address
and server.bind-port
options in the /etc/inmanta/inmanta.d/server.cfg
file.
[server]
bind-address=<server-bind-address>
bind-port=<server-bind-port>
Step 9: Enable the required Inmanta extensions¶
Make sure that the required Inmanta extensions are enabled. This is done by adding a configuration file with the following content to /etc/inmanta/inmanta.d/extensions.cfg
.
[server]
enabled_extensions=ui
This file is also installed by the RPM.
Step 10: Start the Inmanta server¶
Start the Inmanta server and make sure it is started at boot.
sudo systemctl enable --now inmanta-server
The web-console is now available on the port and host configured in step 8.
Optional Step 11: Setup influxdb for collection of performance metrics¶
Follow the instructions in Performance Metering to send performance metrics to influxdb. This is only recommended for production deployments.
Optional Step 12: Configure logging¶
Logging can be configured by following the instructions in Logging.