Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'forkd-master'

This commit is contained in:
kevgliss 2015-12-01 13:03:23 -08:00
parent cd17789529 bafc3d0082
commit 05962e71e3
1 changed files with 80 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

126
docs/quickstart/index.rst
View File

@ -21,60 +21,71 @@ Some basic prerequisites which you'll need in order to run Lemur:
be as generic as possible and are not intended to document every step of launching Lemur into a given environment.
Installing Build Dependencies
-----------------------------
If installing Lemur on a bare Ubuntu OS you will need to grab the following packages so that Lemur can correctly build it's
dependencies:
.. code-block:: bash
$ sudo apt-get update
$ sudo apt-get install install nodejs-legacy python-pip python-dev libpq-dev build-essential libssl-dev libffi-dev nginx git supervisor npm postgresql
.. note:: PostgreSQL is only required if your database is going to be on the same host as the webserver. npm is needed if you're installing the Lemur source (e.g. from git).
Now, install Python ``virtualenv`` package:
.. code-block:: bash
$ sudo pip install -U virtualenv
Setting up an Environment
-------------------------
The first thing you'll need is the Python ``virtualenv`` package. You probably already
have this, but if not, you can install it with::
In this guide Lemur will be installed in ``/www``, so you need to create that structure first:
pip install -U virtualenv
.. code-block:: bash
Once that's done, choose a location for the environment, and create it with the ``virtualenv``
command. For our guide, we're going to choose ``/www/lemur/``::
$ sudo mkdir /www
$ cd /www
virtualenv /www/lemur/
Clone Lemur inside the just created directory and give yourself write permission (we assume lemur is the user):
Finally, activate your virtualenv::
.. code-block:: bash
source /www/lemur/bin/activate
$ sudo git clone https://github.com/Netflix/lemur
$ sudo chown -R lemur lemur/
Create the virtual environment, activate it and enter the Lemur's directory:
.. code-block:: bash
$ virtualenv lemur
$ source /www/lemur/bin/activate
$ cd lemur
.. note:: Activating the environment adjusts your PATH, so that things like pip now
install into the virtualenv by default.
Installing build dependencies
-----------------------------
If installing Lemur on truely bare Ubuntu OS you will need to grab the following packages so that Lemur can correctly build it's
dependencies::
$ sudo apt-get update
$ sudo apt-get install nodejs-legacy python-pip libpq-dev python-dev build-essential libssl-dev libffi-dev nginx git supervisor
And optionally if your database is going to be on the same host as the webserver::
$ sudo apt-get install postgresql
Installing from Source
~~~~~~~~~~~~~~~~~~~~~~
If you're installing the Lemur source (e.g. from git), you'll also need to install **npm**.
Once your system is prepared, ensure that you are in the virtualenv:
.. code-block:: bash
$ which python
And then run:
.. code-block:: bash
$ make develop
.. Note:: This command will install npm dependencies as well as compile static assets.
.. note:: This command will install npm dependencies as well as compile static assets.
Creating a configuration
@ -90,21 +101,23 @@ Simply run:
$ lemur create_config
.. Note:: This command will create a default configuration under `~/.lemur/lemur.conf.py` you
.. note:: This command will create a default configuration under `~/.lemur/lemur.conf.py` you
can specify this location by passing the `config_path` parameter to the `create_config` command.
You can specify `-c` or `--config` to any Lemur command to specify the current environment
you are working in. Lemur will also look under the environmental variable `LEMUR_CONF` should
that be easier to setup in your environment.
Update your configuration
-------------------------
Once created you will need to update the configuration file with information about your environment,
such as which database to talk to, where keys are stored etc..
.. Note:: If you are unfamiliar with with the SQLALCHEMY_DATABASE_URI string it can be broken up like so:
postgresql://userame:password@databasefqdn:databaseport/databasename
.. note:: If you are unfamiliar with with the SQLALCHEMY_DATABASE_URI string it can be broken up like so:
postgresql://userame:password@<database-fqdn>:<database-port>/<database-name>
Setup Postgres
--------------
@ -112,21 +125,31 @@ Setup Postgres
For production a dedicated database is recommended, for this guide we will assume postgres has been installed and is on
the same machine that Lemur is installed on.
First, set a password for the postgres user. For this guide, we will use **lemur** as an example but you should use the database password generated for by Lemur::
First, set a password for the postgres user. For this guide, we will use **lemur** as an example but you should use the database password generated by Lemur::
$ sudo -u postgres psql postgres
# \password postgres
Enter new password: lemur
Enter it again: lemur
$ sudo -u postgres psql postgres
# \password postgres
Enter new password: lemur
Enter it again: lemur
Type CTRL-D to exit psql once you have changed the password.
Once successful enter CTRL-D to exit the postgres shell.
Next, we will create our new database::
$ sudo -u postgres createdb lemur
$ sudo -u postgres createdb lemur
.. _InitializingLemur:
Set a password for lemur user inside Postgres::
$ sudo -u postgres psql postgres
\password lemur
Enter new password: lemur
Enter it again: lemur
Again, enter CTRL-D to exit the postgres shell.
Initializing Lemur
------------------
@ -157,17 +180,19 @@ See :ref:`Creating Notifications <CreatingNotifications>` and :ref:`Command Line
for them or be enrolled automatically through SSO. This can be done through the CLI or UI.
See :ref:`Creating Users <CreatingUsers>` and :ref:`Command Line Interface <CommandLineInterface>` for details
Setup a Reverse Proxy
---------------------
By default, Lemur runs on port 5000. Even if you change this, under normal conditions you won't be able to bind to
By default, Lemur runs on port 8000. Even if you change this, under normal conditions you won't be able to bind to
port 80. To get around this (and to avoid running Lemur as a privileged user, which you shouldn't), we need setup a
simple web proxy. There are many different web servers you can use for this, we like and recommend Nginx.
Proxying with Nginx
~~~~~~~~~~~~~~~~~~~
You'll use the builtin HttpProxyModule within Nginx to handle proxying
You'll use the builtin HttpProxyModule within Nginx to handle proxying. Edit the ``/etc/nginx/sites-available/default`` file according to the lines below
::
@ -180,22 +205,26 @@ You'll use the builtin HttpProxyModule within Nginx to handle proxying
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
root /www/lemur/lemur/static/dist;
include mime.types;
index index.html;
}
See :doc:`../production/index` for more details on using Nginx.
.. note:: See :doc:`../production/index` for more details on using Nginx.
After making these changes, restart Nginx service to apply them::
$ sudo service nginx restart
Starting the Web Service
------------------------
Lemur provides a built-in webserver (powered by gunicorn and eventlet) to get you off the ground quickly.
Lemur provides a built-in web server (powered by gunicorn and eventlet) to get you off the ground quickly.
To start the webserver, you simply use ``lemur start``. If you opted to use an alternative configuration path
To start the web server, you simply use ``lemur start``. If you opted to use an alternative configuration path
you can pass that via the --config option.
.. note::
@ -204,18 +233,20 @@ you can pass that via the --config option.
::
# Lemur's server runs on port 5000 by default. Make sure your client reflects
# Lemur's server runs on port 8000 by default. Make sure your client reflects
# the correct host and port!
lemur --config=/etc/lemur.conf.py start -b 127.0.0.1:5000
lemur --config=/etc/lemur.conf.py start -b 127.0.0.1:8000
You should now be able to test the web service by visiting `http://localhost:5000/`.
Running Lemur as a Service
---------------------------
--------------------------
We recommend using whatever software you are most familiar with for managing Lemur processes. One option is
`Supervisor <http://supervisord.org/>`_.
Configure ``supervisord``
~~~~~~~~~~~~~~~~~~~~~~~~~
@ -235,6 +266,7 @@ folder and you're good to go.
See :ref:`Using Supervisor <UsingSupervisor>` for more details on using Supervisor.
Syncing
-------
@ -247,6 +279,7 @@ of Lemur, but we do our best to reconcile those changes.
* 3 * * * lemur sync --all
* 3 * * * lemur check_revoked
Additional Utilities
--------------------
@ -256,11 +289,13 @@ power and flexibility that goes with it.
Some of the features which you'll likely find useful are:
lock
~~~~
Encrypts sensitive key material - This is most useful for storing encrypted secrets in source code.
unlock
~~~~~~
@ -275,4 +310,3 @@ see :doc:`../production/index` for more details on how to configure Lemur for pr
The above just gets you going, but for production there are several different security considerations to take into account.
Remember, Lemur is handling sensitive data and security is imperative.