Configserver Setup
The Audrey Configserver is a piece of the Aeolus infrastructure that—in conjunction with the Audrey Agent—provides post-boot configuration. The Configserver coalesces configuration information for instances launched as part of a deployable. In order to provide this functionality, the Configserver needs to reside in the same cloud provider where the instances are launched. At this time, all instances launched as part of a deployable must be launched together in the same cloud provider.
Since Configserver is part of the Aeolus infrastructure, it is recommended that you read the Aeolus documentation for setting up and using Aeolus. Specifically, you will need to know how to setup and run Conductor and how to build and push an image using the Aeolus toolchain.
Setting up a Configserver requires four main steps:
- Build a Configserver image
- Launch the Configserver image as an instance in a cloud provider
- Run the Configserver setup script
- Update Conductor with the Configserver details
You can find a Configserver template XML file here. This file can be used with the Aeolus tools chain to build and push the Configserver image to a cloud provider.
The following examples will use Amazon EC2 as the cloud provider.
Currently, the Configserver cannot be launched directly from Aeolus Conductor. Instead, the Configserver instance must be launched from the cloud provider’s console.
After successfully pushing your Configserver image to EC2 as an Amazon Machine Image (AMI), you can launch the AMI from the Amazon EC2 console.
- Log into EC2
- Locate your newly uploaded AMI (Under the “EC2” tab, click the “AMIs” link in the left nav bar).
- Right-click the AMI and select “Launch Instance”
The Amazon EC2 Console will walk you through the steps to launch the AMI. It is typically sufficient to accept all the default selections while launching the instance.
Once the Configserver instance is running, you will need to setup the Configserver service on the instance.
From the Amazon EC2 console, locate the newly launched instance (from the Launching the Configserver in EC2 section above). You will need a few pieces of information before proceeding:
- The public DNS name for the instance
- The key pair used when launching the instance
Next, log into the instance using the public DNS name and the private key:
$> ssh -i ${private_key} root@${ec2_public_dns_name}Once you are logged in, you can execute the Configserver setup script:
$> aeolus-configserver-setupSee below for an example of running the script on an actual EC2 instance.
[root@localhost ~]# aeolus-configserver-setup
This script will help you configure Apache as a proxy for a Config Server.
Typically this is only useful if you are not familiar with Apache
configurations and modules, specifically with mod_proxy, mod_auth_basic, and
mod_ssl.
Also, this configuration tool assumes that you are not currently running Apache
for any purposes on this server. This configuration tool will create a Named
Virtual Host for *:443. If this server is currently using Apache to serve
secure pages on port 443, then this tool should not be used.
Do you wish to continue [y/N]: y
Please provide the web application URL where the Config Server is currently
running on this server. If the Config Server was installed from an RPM, then
this will typically be:
http://localhost:4567/
The provided URL should be a fully qualified URL, providing the scheme,
hostname, and port: http://HOSTNAME:PORT/
Enter the application URL [http://localhost:4567/]:
Root context: /
App URL: http://localhost:4567/
Conductor Auth Key: 206251912458234717300511
Conductor Auth Secret: NUkrZIZIVGWmzfE1oPDdtDdohiPfYGyGGba06WaaMM8vQNry
\n\n*** You need to add this config server information to a ***
*** provider account in conductor. ***
running: echo | /usr/bin/puppet --modulepath /usr/share/aeolus-configserver/configure/puppet/modules --external_nodes /tmp/tmp.RFE8RDtzj8 --node_terminus exec
notice: /Stage[main]/Configserver/Service[configserver]/ensure: ensure changed 'stopped' to 'running'
notice: /Stage[main]/Apache::Ssl/Exec[config-iptables-for-443]/returns: executed successfully
notice: /Stage[main]/Apache::Ssl/File[vhost-443-addl]/ensure: created
notice: /Stage[main]/Apache::Ssl/Exec[pk-gen]/returns: executed successfully
notice: /Stage[main]/Apache::Ssl/Exec[sign-request]/returns: executed successfully
notice: /Stage[main]/Apache::Ssl/Exec[cert]/returns: executed successfully
notice: /Stage[main]/Apache::Ssl/File[vhost-443]/ensure: created
notice: /Stage[main]/Apache::Base/Exec[graceful-apache]: Triggered 'refresh' from 3 events
notice: /Stage[main]/Configserver/File[/var/lib/aeolus-configserver/configs/]/ensure: created
notice: /Stage[main]/Configserver/File[/var/lib/aeolus-configserver/configs/oauth/]/ensure: created
notice: /Stage[main]/Configserver/File[/var/lib/aeolus-configserver/configs/oauth/206251912458234717300511]/ensure: defined content as '{md5}8d4bc196bc7d7285ff13497b070068f0'
notice: Finished catalog run in 2.46 seconds
There are a few of points to make about the Configserver setup script. The script prompts you for two pieces of information: Do you wish to continue [y/N] and Enter the application URL [http://localhost:4567/].
The first prompt, Do you wish to continue [y/N], is confirming whether you understand that the setup script will attempt to configure a Virtual Host in Apache for :443 and use Apache as a proxy for the Configserver. This configuration makes Apache listen on port 443 on ALL network interfaces. In the case outlined in these instructions, it is always OK to answer “y” to this question. In an advanced configuration, you may want to run the Configserver alongside other services that use Apache as a proxy. In these cases, you should not use this setup script, and should instead configure Apache manually.
The second prompt, Enter the application URL [http://localhost:4567/], is asking where the Configserver service is running. In the case outlined in these instructions, it is always acceptable to simply hit the key. This will accept the default value of http://localhost:4567. NB: this indicates how Apache will contact the Configserver, not how users and external services (such as Aeolus Conductor) will contact the Configserver.
Once the Configserver is setup, you will need to input data into Conductor. You’ll need three pieces of data for Conductor:
- The public DNS name of the Configserver instance
- The Conductor Auth Key (see line 27 of the sample script output above)
- The Conductor Auth Secret (see line 28 of the sample script output above)
To test that the Configserver is actually running you should be able to point a web browser to:
https://${ec2_public_dns_name}/versionAnd, you should see output similar to:
<config-server>
<application-version>0.4.2</application-version>
<api-version>1</api-version>
</config-server>
After setting up the Configserver and collecting the data needed for Conductor, you can tell Conductor about the newly established Configserver.
- Log into Conductor
- Navigate to Cloud Providers (Administer → Cloud Providers)
- Select the Cloud Provider where the Configserver instance is running
- Select “Accounts”
- Select the Cloud Provider account where the Configserver instance is running
- Click the “[ Add ]” link to add a Configserver to the Provider Account
- Enter the following information into the “Add Configserver” page:
- Server Endpoint (URL): https://${ec2_public_dns_name}
- Consumer Key: the Conductor Auth Key collected from the Configserver setup
- Consumer Secret: the Conductor Auth Secret collected from the Configserver setup
- Click “Save”
Provider Account Page (before adding Configserver)
Add Configserver Page
Provider Account Page (after adding Configserver)
