Install Inmanta¶
This page explains how to install the Inmanta orchestrator software and setup an orchestration server. Regardless what platform you installed it on, Inmanta requires at least Python and Git to be installed.
Install the software¶
Step 1: Install the software¶
Create a repositories file to point yum to the inmanta service orchestrator release repository. Create a file
/etc/yum.repos.d/inmanta.repo
with the following content:
[inmanta-service-orchestrator-8-stable]
name=inmanta-service-orchestrator-8-stable
baseurl=https://packages.inmanta.com/<token>/inmanta-service-orchestrator-8-stable/rpm/el/8/$basearch
repo_gpgcheck=1
enabled=1
gpgkey=https://packages.inmanta.com/<token>/inmanta-service-orchestrator-8-stable/cfg/gpg/gpg.F4B97D6483D7D2BE.key
gpgcheck=1
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
pkg_gpgcheck=1
autorefresh=1
type=rpm-md
Replace <token>
with the token provided with your license.
Use dnf to install the software:
sudo dnf install -y inmanta-service-orchestrator-server
This command installs the software and all of its dependencies.
Install the license¶
For the orchestration server to start a license and entitlement file should be loaded into the server. This section describes how to configure the license. The license consists of two files:
The file with the .license extension is the license file
The file with the .jwe extension is the entitlement file
Copy both files to the server and store them for example in /etc/inmanta/license
. If this directory does not exist, create it. Then create a
configuration file to point the orchestrator to the license files. Create a file /etc/inmanta/inmanta.d/license.cfg
with the following content:
[license]
license-key=/etc/inmanta/license/<license name>.license
entitlement-file=/etc/inmanta/license/<license name>.jwe
Replace <license name>
with the name of the license you received.
Optional step 2: Setup SSL and authentication¶
Follow the instructions in Setting up SSL and authentication to configure both SSL and authentication. While not mandatory, it is highly recommended you do so.
Step 3: Install PostgreSQL 16¶
Install the PostgreSQL 16 package included in RHEL. More info in the ‘Included in Distribution’ section of the postgresql documentation.
sudo dnf module install postgresql:16/server
sudo systemctl enable postgresql
sudo dnf module install postgresql:16/server
sudo systemctl enable postgresql
Warning
Before moving on to the next step, make sure that the locale used by the system is actually installed.
By default, RHEL9 uses the en_US.UTF-8
locale which can be installed via:
sudo dnf install langpacks-en -y
Note
If your system uses a different locale, please install the corresponding langpack.
Step 4: Setup a PostgreSQL database for the Inmanta server¶
Initialize the PostgreSQL server:
sudo su - postgres -c "postgresql-setup --initdb"
Start the PostgreSQL database and make sure it is started at boot.
sudo systemctl enable --now postgresql
Create a inmanta user and an inmanta database by executing the following command. This command will request you to choose a password for the inmanta database.
sudo -u postgres -i bash -c "createuser --pwprompt inmanta"
sudo -u postgres -i bash -c "createdb -O inmanta inmanta"
Change the authentication method for local connections to md5 by changing the following lines in the
/var/lib/pgsql/data/pg_hba.conf
file
# IPv4 local connections:
host all all 127.0.0.1/32 ident
# IPv6 local connections:
host all all ::1/128 ident
to
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
Make sure JIT is disabled for the PostgreSQL database as it might result in poor query performance. To disable JIT, set
# disable JIT
jit = off
in /var/lib/pgsql/data/postgresql.conf
.
Restart the PostgreSQL server to apply the changes made in the pg_hba.conf
and postgresql.conf
files:
sudo systemctl restart postgresql
Step 5: Set the database connection details¶
Add a /etc/inmanta/inmanta.d/database.cfg
file as such that it contains the correct database connection details.
That file should look as follows:
[database]
host=<ip-address-database-server>
name=inmanta
username=inmanta
password=<password>
Replace <password> in the above-mentioned snippet with the password of the inmanta database. By default Inmanta tries to
connect to the local server and uses the database inmanta. See the database
section in the
config file for other options.
Step 6: Set the server address¶
Set this value to the hostname or IP address that other components (e.g. the resource scheduler)
use to connect to the server, in the configuration file stored at /etc/inmanta/inmanta.d/server.cfg
.
[server]
server-address=<server-ip-address-or-hostname>
Note
If you deploy configuration models that modify resolver configuration it is recommended to use the IP address instead of the hostname.
Step 7: Configure ssh of the inmanta user¶
The inmanta user that runs the server needs a working ssh client. This client is required to checkout git repositories over ssh.
Provide the inmanta user with one or more private keys:
Generate a new key with ssh-keygen as the inmanta user:
sudo -u inmanta ssh-keygen -N ""
Install an exiting key in
/var/lib/inmanta/.ssh/id_rsa
Make sure the permissions and ownership are set correctly.
ls -l /var/lib/inmanta/.ssh/id_rsa -rw-------. 1 inmanta inmanta 1679 Mar 21 13:55 /var/lib/inmanta/.ssh/id_rsa
Configure ssh to accept all host keys or white list the hosts that are allowed or use signed host keys (depends on your security requirements). This guide configures ssh client for the inmanta user to accept all host keys. Create
/var/lib/inmanta/.ssh/config
and create the following content:
Host * StrictHostKeyChecking no UserKnownHostsFile=/dev/nullEnsure the file belongs to the inmanta user:
sudo chown inmanta:inmanta /var/lib/inmanta/.ssh/config
Add the public key to all relevant git repositories and save it.
Test if you can clone a git repo that has the public key set and make sure ssh does not show you any prompts to store the host key.
Step 8: Configure the server bind address¶
By default the server only listens on localhost, port 8888.
This can be changed by altering the
server.bind-address
and server.bind-port
options in the /etc/inmanta/inmanta.d/server.cfg
file.
[server]
bind-address=<server-bind-address>
bind-port=<server-bind-port>
Step 9: Enable the required Inmanta extensions¶
Make sure that the required Inmanta extensions are enabled. This is done by adding a configuration file with the following content to /etc/inmanta/inmanta.d/extensions.cfg
.
[server]
enabled_extensions=lsm,ui,support,license
This file is also installed by the RPM.
Step 10: Start the Inmanta server¶
Start the Inmanta server and make sure it is started at boot.
sudo systemctl enable --now inmanta-server
The web-console is now available on the port and host configured in step 8.
Optional Step 11: Setup influxdb for collection of performance metrics¶
Follow the instructions in Performance Metering to send performance metrics to influxdb. This is only recommended for production deployments.
Optional Step 12: Configure logging¶
Logging can be configured by following the instructions in Logging.