NOTE: For the XeAP workshop at APAN41, please follow instructions in Lab.md
The installation instructions here are ment for deployment at your institution - the ones in Lab.md are targeted for the lab VMs.
The ancilliary tools package consists of three separate sets of tools:
- admintool
- metrics
- monitoring
Each of the tools is (at the moment) designed to run in an isolated environment. They can be run on a single docker host by mapping each to a different port. The configuration files provided here are designed this way:
- Admintool runs on ports 80 and 443 (HTTP and HTTPS)
- Monitoring tools run on ports 8080 and 8443 (HTTP and HTTPS)
- Metrics runs on port 5601 (plain HTTP only)
Install and configure Docker. Please follow our Docker setup instructions.
Please become familer with Docker by following our Docker introduction.
Some of the tools (admintool and monitoring) will need to send outgoing email. Please make sure you have the details of an SMTP ready - either one provided by your systems administrator, or one running on the local system.
NOTE: For the XeAP workshop at APAN41, please follow instructions in Lab.md
The installation instructions here are ment for deployment at your institution - the ones in Lab.md are targeted for the lab VMs.
On each of the VMs, start by cloning the git repository:
git clone https://github.com/REANNZ/etcbd-public
Modify the admintool.env file with deployment parameters - override at least the following values:
- SITE_PUBLIC_HOSTNAME: the hostname this site will be visible as
- LOGSTASH_HOST: the hostname the metrics tools will be visible as
- ADMIN_EMAIL: where to send notifications
- EMAIL_* settings to match the local environment (server name, port, TLS and authentication settings)
- SERVER_EMAIL: outgoing email address to use in notifications
- ALL PASSWORDS (administrator, db connection and postgres master password)
- GOOGLE_KEY/GOOGLE_SECRET - provide Key + corresponding secret for an API credential (see below on configuring this one)
- Configure other prameters to match the deployment (REALM_, TIME_ZONE, MAP_CENTER_)
- This includes the optional import of existing data (default imports REANNZ data)
This file is used by both the containers to populate runtime configuration and by a one-off script to populate the database.
Use Docker-compose to start the containers:
cd etcbd-public/admintool
docker-compose up -d
Run the setup script:
./admintool-setup.sh admintool.env
At this point, please become familiar with Docker-compose by following our Introduction to Docker-compose:
Optional: Install proper SSL certificates into /var/lib/docker/host-volumes/admintool-apache-certs/server.{crt,key}
Modify the icinga.env file with deployment parameters - override at least the following values:
- SITE_PUBLIC_HOSTNAME: the hostname this site will be visible as
- ICINGA_ADMIN_EMAIL: where to send notifications
- EMAIL_* settings to match the local environment (server name, port, TLS and authentication settings)
- ALL PASSWORDS (administrator, db connection and postgres master password)
This file is used by both the containers to populate runtime configuration and by a one-off script to populate the database.
Use Docker-compose to start the containers:
cd etcbd-public/icinga
docker-compose up -d
Run the setup script:
./icinga-setup.sh icinga.env
Optional: Install proper SSL certificates into /var/lib/docker/host-volumes/icinga-apache-certs/server.{crt,key}
Use Docker-compose to start the containers:
cd etcbd-public/elk
docker-compose up -d
To get the Google credential (key+secret) to use in the admintool, do the following in the Google Developer Console:
-
Create a new project
-
From the main menu, select the API Manager
-
Select Credentials
-
Configure the OAuth consent screen with how the application should be described to the user (at least, set Product name)
-
Create a new Credential as an OAuth Client ID for a web application
-
Add the Authorized redirect URI for your application - the form is (substitute your real hostname here):
https://admin.example.org/accounts/complete/google-oauth2/ -
After saving, this gives you the Client ID and secret (use these as the GOOGLE_KEY and GOOGLE_SECRET)