Repository for tips and learning Stackstorm automation tool
When running Stackstorm with Docker on Windows with AMD CPU using the old Docker Toolbox with VirtualBox (instead of the new Docker Desktop), you may run into error when launching the Docker Quickstart Terminal tool the first time after installation:
Error with pre-create check: "This computer doesn't have VT-X/AMD-v enabled. Enabling it in the BIOS is mandatory"
This error occurs even though virtualization support is enabled in BIOS. To resolve the problem, open Administrator Powershell prompt and run:
docker-machine.exe create default --virtualbox-no-vtx-check
This generates the default Docker VirtualBox VM, which is used as the "base" for all of the Docker instances. You should now be able to run the Docker Quickstart Terminal or simply run Docker from other command prompt.
To start using Stackstorm with Docker.
- Install Docker according to the standard Docker installation process. You will need the Docker Compose utility, as well. In Linux, ensure that your user account is a member of the
dockergroup. - Clone the Stackstorm Docker repository and change to that directory.
Note: On Windows hosts, Docker has problems with line endings in the scripts in the
git clone https://github.com/stackstorm/st2-docker cd st2-dockerst2-docker\scriptsdirectory. You will need to change them to Unix format (LF only). You can do this in Notepad++ via the Edit --> EOL Conversion --> Unix LF menu option. (Alternately, the medit text editor also supports line-ending editing, as well.) - Create a
launch_st2.shshell script with the following contents and make it executable.#!/usr/bin/env sh export ST2_VERSION=3.4.1 export ST2_EXPOSE_HTTP=127.0.0.1:8080 docker-compose up -d docker-compose exec st2client bash
- In the
st2-dockerdirectory, launch the Stackstorm application.launch_st2.sh
- Open a web browser to
http://localhost:8080and log in with user IDst2adminand passwordCh@ngeMe. Likewise, you can run Stackstormst2commands at the Docker command prompt. - To shut down the Docker instance, enter
exitat the Docker command prompt and then run:docker-compose down
To install a pack in Stackstorm (running in Docker), do the following.
- Copy (or clone from repository) the pack into the
packs.devdirectory inst2-dockerdirectory. Note: If you prefer to use pack code from another location, such as your "project" directory, you can set theST2_PACKS_DEVenvironment variable to the desired directory path to use. - Launch Stackstorm as usual via the
launch_st2.shshell script (see above). - At the Stackstorm Docker shell prompt, navigate to the new pack directory and run these commands:
Each command will produce some output, the most important of which is
st2 run packs.setup_virtualenv packs='packname' python3=true st2 run packs.load packs='packname' register=all
status: succeeded. The first command creates a new Python virtual environment specific to Python 3. The second command registers your pack with Stackstorm. - To confirm that the new pack is now available, run:
Stackstorm will display a tabular view of the actions with their descriptions in your new pack.
st2 action list --pack='packname' - You can now run your new pack at the Docker command prompt or via the web GUI. For example, to execute the Action named
hello_world_actionin thehello_worldpack which takes two string parametersnameandmessage, we might run the following with the corresponding output:st2 run hello_world.hello_world_action name="Tim" message="This is a test." id: 5fa45949e1b2790677f9b699 action.ref: hello_world.hello_world_action context.user: st2admin parameters: message: This is a test. name: Tim status: succeeded start_timestamp: Thu, 05 Nov 2020 19:58:01 UTC end_timestamp: Thu, 05 Nov 2020 19:58:02 UTC result: exit_code: 0 result: This is a test. stderr: '' stdout: 'Hello, Tim! This is a test. '
To add new user account to your Stackstorm install, use the standard Linux htpasswd utility referencing the Stackstorm htpasswd file, which is typically located in /etc/st2 directory. For example:
sudo htpasswd -b /etc/st2/htpasswd username passwordThe Stackstorm installation instructions for CentOS 8 are very thorough and complete. However, if you are using the api_url configuration parameter in the [auth] section of /etc/st2/st2.conf, some additional configuration options may be required beyond those specified under the Install WebUI and Setup SSL Termination section.
For limiting access to your internal network only, the following firewall commands should work. They use the drop and internal zones of firewalld firewall package. [1]
The drop zone essentially blocks ("drops") all traffic and you should enable all network interfaces (NICs) for your server on this zone, except the loopback interface (lo). To get a list of all interfaces, run [2]:
$ basename -a /sys/class/net/*
ens192
ens224
lo
In the example below, the interface names used are ens192 and ens224.
$ sudo firewall-cmd --permanent --set-default-zone=drop
$ sudo firewall-cmd --permanent --zone=drop --add-interface=ens224
$ sudo firewall-cmd --permanent --zone=drop --add-interface=ens192
For the internal zone, we allow HTTP and HTTPS and other common services (which are already enabled by default) on the entire 10.X.X.X subnet. If you are using a different internal subnet (see RFC1918 for other standard internal network configurations) [3], adjust the corresponding command accordingly.
$ sudo firewall-cmd --permanent --zone=internal --add-source=10.0.0.0/8
$ sudo firewall-cmd --permanent --zone=internal --add-service=http
$ sudo firewall-cmd --permanent --zone=internal --add-service=https
Note that if you have you configured Stackstorm to use only HTTPS/SSL, then you can (and should) skip the second command above which enables HTTP.
Finally, we reload the firewall configuration since we have used the permanent flag for the above commands so that the changes persist when the firewall is restarted, such on server reboot.
$ sudo firewall-cmd --reload