Install Inmanta

This page explains how to install the Inmanta Service Orchestrator software and setup an orchestration server. This guide assumes that you install the software on a RHEL 7 (or derivate like CentoOS). There are packages available for RHEL 8, please contact support for detailed instructions.

Install the software

Step 1: Add the yum repository to the system

Create a repositories file to point yum to the inmanta service orchestrator release repository. Create a file /etc/yum.repos.d/inmanta.repo with the following content:

[inmanta-service-orchestrator-4-stable]
name=inmanta-service-orchestrator-4-stable
baseurl=https://packages.inmanta.com/<token>/inmanta-service-orchestrator-4-stable/rpm/el/7/$basearch
repo_gpgcheck=1
enabled=1
gpgkey=https://packages.inmanta.com/<token>/inmanta-service-orchestrator-4-stable/cfg/gpg/gpg.6879295395749235.key
gpgcheck=1
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
pkg_gpgcheck=1
autorefresh=1
type=rpm-md

Replace <token> with the token provided with your license.

Step 2: Install the software

Use yum to install the software:

sudo yum install -y epel-release
sudo yum install -y inmanta-service-orchestrator-server

This command installs the software and all of its dependencies.

Install the license

For the orchestration server to start a license and entitlement file should be loaded into the server. This section describes how to configure the license. The license consists of two files:

  • The file with the .license extension is the license file

  • The file with the .jwe extension is the entitlement file

Copy the license file to the server and store them for example in /etc/inmanta/license. If this directory does not exist, create it. Then create a configuration file to point the orchestrator to the license file. Create a file /etc/inmanta/inmanta.d/license.cfg with the following content:

[license]
license-key=/etc/inmanta/license/<license name>.license
entitlement-file=/etc/inmanta/license/<license name>.jwe

Replace <license name> with the name of the license you received.

Configure server

This guide goes through the steps to set up an Inmanta service orchestrator server. This guide assumes a RHEL 7 or CentOS 7 server is used. The rpm packages install the server configuration file in /etc/inmanta/inmanta.cfg.

Optional step 1: Setup SSL and authentication

Follow the instructions in Setting up authentication to configure both SSL and authentication. While not mandatory, it is highly recommended you do so.

Step 2: Install PostgreSQL 10

Install the PostgresQL 10 package provided by the Red Hat Software Collections:

sudo yum install centos-release-scl
sudo yum install rh-postgresql10
sudo systemctl enable rh-postgresql10-postgresql

Step 3: Setup a PostgreSQL database for the Inmanta server

To initialize the PostgreSQL server, as the postgres user, enable the software collection and initialize postgres

sudo su - postgres -c "scl enable rh-postgresql10 -- postgresql-setup --initdb"

Start the PostgreSQL database.

sudo systemctl start rh-postgresql10-postgresql

Create a inmanta user and an inmanta database by executing the following command. This command will request you to choose a password for the inmanta database.

sudo -u postgres -i bash -c "scl enable rh-postgresql10 -- createuser --pwprompt inmanta"
sudo -u postgres -i bash -c "scl enable rh-postgresql10 -- createdb -O inmanta inmanta"

Change the authentication method for local connections to md5 by changing the following lines in the /var/opt/rh/rh-postgresql10/lib/pgsql/data/pg_hba.conf file

# IPv4 local connections:
host    all             all             127.0.0.1/32            ident
# IPv6 local connections:
host    all             all             ::1/128                 ident

to

# IPv4 local connections:
host    all             all             127.0.0.1/32            md5
# IPv6 local connections:
host    all             all             ::1/128                 md5

Restart the PostgreSQL server to apply the changes made in the pg_hba.conf file:

sudo systemctl restart rh-postgresql10-postgresql

For high availability, follow the procedure in HA setup to setup a HA PostgreSQL cluster.

Step 4: Set the database connection details

Add a /etc/inmanta/inmanta.d/database.cfg file as such that it contains the correct database connection details. That file should look as follows:

[database]
host=<ip-address-database-server>
name=inmanta
username=inmanta
password=<password>

Replace <password> in the above-mentioned snippet with the password of the inmanta database. By default Inmanta tries to connect to the local server and uses the database inmanta. See the database section in the configfile for other options.

Step 5: Set the server address

When virtual machines are started by this server that install the inmanta agent, the correct server.server-address needs to be configured. This address is used to create the correct boot script for the virtual machine.

Set this value to the hostname or IP address that other systems use to connect to the server in the configuration file stored at /etc/inmanta/inmanta.d/server.cfg.

[server]
server-address=<server-ip-address-or-hostname>

Note

If you deploy configuration models that modify resolver configuration it is recommended to use the IP address instead of the hostname.

Step 6: Configure ssh of the inmanta user

The inmanta user that runs the server needs a working ssh client. This client is required to checkout git repositories over ssh and if the remote agent is used.

  1. Provide the inmanta user with one or more private keys:

  1. Generate a new key with ssh-keygen as the inmanta user: sudo -u inmanta ssh-keygen -N ""

  2. Install an exiting key in /var/lib/inmanta/.ssh/id_rsa

  3. Make sure the permissions and ownership are set correctly.

ls -l /var/lib/inmanta/.ssh/id_rsa

-rw-------. 1 inmanta inmanta 1679 Mar 21 13:55 /var/lib/inmanta/.ssh/id_rsa
  1. Configure ssh to accept all host keys or white list the hosts that are allowed or use signed host keys (depends on your security requirements). This guide configures ssh client for the inmanta user to accept all host keys. Create /var/lib/inmanta/.ssh/config and create the following content:

Host *
    StrictHostKeyChecking no
    UserKnownHostsFile=/dev/null

Ensure the file belongs to the inmanta user:

sudo chown inmanta:inmanta /var/lib/inmanta/.ssh/config
  1. Add the public key to any git repositories and save if to include in configuration models that require remote agents.

  2. Test if you can login into a machine that has the public key and make sure ssh does not show you any prompts to store the host key.

Step 7: Configure the server bind address

By default the server only listens on localhost, port 8888. This can be changed by altering the server.bind-address and server.bind-port options in the /etc/inmanta/inmanta.d/server.cfg file.

[server]
bind-address=<server-bind-address>
bind-port=<server-bind-port>

Step 8: Start the Inmanta server

Start the Inmanta server and make sure it is started at boot.

sudo systemctl enable --now inmanta-server

The server dashboard is now available on the port and host configured in step 7.

Optional Step 9: Setup influxdb for collection of performance metrics

Follow the instructions in Performance Metering to send performance metrics to influxdb. This is only recommended for production deployments.

Optional Step 10: Configure logging

Logging can be configured by following the instructions in Logging.