Merge branch 'forkd-master'

This commit is contained in:
kevgliss 2015-12-01 13:03:23 -08:00
commit 05962e71e3
1 changed files with 80 additions and 46 deletions

View File

@ -21,60 +21,71 @@ Some basic prerequisites which you'll need in order to run Lemur:
be as generic as possible and are not intended to document every step of launching Lemur into a given environment. be as generic as possible and are not intended to document every step of launching Lemur into a given environment.
Installing Build Dependencies
-----------------------------
If installing Lemur on a bare Ubuntu OS you will need to grab the following packages so that Lemur can correctly build it's
dependencies:
.. code-block:: bash
$ sudo apt-get update
$ sudo apt-get install install nodejs-legacy python-pip python-dev libpq-dev build-essential libssl-dev libffi-dev nginx git supervisor npm postgresql
.. note:: PostgreSQL is only required if your database is going to be on the same host as the webserver. npm is needed if you're installing the Lemur source (e.g. from git).
Now, install Python ``virtualenv`` package:
.. code-block:: bash
$ sudo pip install -U virtualenv
Setting up an Environment Setting up an Environment
------------------------- -------------------------
The first thing you'll need is the Python ``virtualenv`` package. You probably already In this guide Lemur will be installed in ``/www``, so you need to create that structure first:
have this, but if not, you can install it with::
pip install -U virtualenv .. code-block:: bash
Once that's done, choose a location for the environment, and create it with the ``virtualenv`` $ sudo mkdir /www
command. For our guide, we're going to choose ``/www/lemur/``:: $ cd /www
virtualenv /www/lemur/ Clone Lemur inside the just created directory and give yourself write permission (we assume lemur is the user):
Finally, activate your virtualenv:: .. code-block:: bash
source /www/lemur/bin/activate $ sudo git clone https://github.com/Netflix/lemur
$ sudo chown -R lemur lemur/
Create the virtual environment, activate it and enter the Lemur's directory:
.. code-block:: bash
$ virtualenv lemur
$ source /www/lemur/bin/activate
$ cd lemur
.. note:: Activating the environment adjusts your PATH, so that things like pip now .. note:: Activating the environment adjusts your PATH, so that things like pip now
install into the virtualenv by default. install into the virtualenv by default.
Installing build dependencies
-----------------------------
If installing Lemur on truely bare Ubuntu OS you will need to grab the following packages so that Lemur can correctly build it's
dependencies::
$ sudo apt-get update
$ sudo apt-get install nodejs-legacy python-pip libpq-dev python-dev build-essential libssl-dev libffi-dev nginx git supervisor
And optionally if your database is going to be on the same host as the webserver::
$ sudo apt-get install postgresql
Installing from Source Installing from Source
~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~
If you're installing the Lemur source (e.g. from git), you'll also need to install **npm**.
Once your system is prepared, ensure that you are in the virtualenv: Once your system is prepared, ensure that you are in the virtualenv:
.. code-block:: bash .. code-block:: bash
$ which python $ which python
And then run: And then run:
.. code-block:: bash .. code-block:: bash
$ make develop $ make develop
.. Note:: This command will install npm dependencies as well as compile static assets. .. note:: This command will install npm dependencies as well as compile static assets.
Creating a configuration Creating a configuration
@ -90,21 +101,23 @@ Simply run:
$ lemur create_config $ lemur create_config
.. Note:: This command will create a default configuration under `~/.lemur/lemur.conf.py` you .. note:: This command will create a default configuration under `~/.lemur/lemur.conf.py` you
can specify this location by passing the `config_path` parameter to the `create_config` command. can specify this location by passing the `config_path` parameter to the `create_config` command.
You can specify `-c` or `--config` to any Lemur command to specify the current environment You can specify `-c` or `--config` to any Lemur command to specify the current environment
you are working in. Lemur will also look under the environmental variable `LEMUR_CONF` should you are working in. Lemur will also look under the environmental variable `LEMUR_CONF` should
that be easier to setup in your environment. that be easier to setup in your environment.
Update your configuration Update your configuration
------------------------- -------------------------
Once created you will need to update the configuration file with information about your environment, Once created you will need to update the configuration file with information about your environment,
such as which database to talk to, where keys are stored etc.. such as which database to talk to, where keys are stored etc..
.. Note:: If you are unfamiliar with with the SQLALCHEMY_DATABASE_URI string it can be broken up like so: .. note:: If you are unfamiliar with with the SQLALCHEMY_DATABASE_URI string it can be broken up like so:
postgresql://userame:password@databasefqdn:databaseport/databasename postgresql://userame:password@<database-fqdn>:<database-port>/<database-name>
Setup Postgres Setup Postgres
-------------- --------------
@ -112,14 +125,14 @@ Setup Postgres
For production a dedicated database is recommended, for this guide we will assume postgres has been installed and is on For production a dedicated database is recommended, for this guide we will assume postgres has been installed and is on
the same machine that Lemur is installed on. the same machine that Lemur is installed on.
First, set a password for the postgres user. For this guide, we will use **lemur** as an example but you should use the database password generated for by Lemur:: First, set a password for the postgres user. For this guide, we will use **lemur** as an example but you should use the database password generated by Lemur::
$ sudo -u postgres psql postgres $ sudo -u postgres psql postgres
# \password postgres # \password postgres
Enter new password: lemur Enter new password: lemur
Enter it again: lemur Enter it again: lemur
Type CTRL-D to exit psql once you have changed the password. Once successful enter CTRL-D to exit the postgres shell.
Next, we will create our new database:: Next, we will create our new database::
@ -127,6 +140,16 @@ Next, we will create our new database::
.. _InitializingLemur: .. _InitializingLemur:
Set a password for lemur user inside Postgres::
$ sudo -u postgres psql postgres
\password lemur
Enter new password: lemur
Enter it again: lemur
Again, enter CTRL-D to exit the postgres shell.
Initializing Lemur Initializing Lemur
------------------ ------------------
@ -157,17 +180,19 @@ See :ref:`Creating Notifications <CreatingNotifications>` and :ref:`Command Line
for them or be enrolled automatically through SSO. This can be done through the CLI or UI. for them or be enrolled automatically through SSO. This can be done through the CLI or UI.
See :ref:`Creating Users <CreatingUsers>` and :ref:`Command Line Interface <CommandLineInterface>` for details See :ref:`Creating Users <CreatingUsers>` and :ref:`Command Line Interface <CommandLineInterface>` for details
Setup a Reverse Proxy Setup a Reverse Proxy
--------------------- ---------------------
By default, Lemur runs on port 5000. Even if you change this, under normal conditions you won't be able to bind to By default, Lemur runs on port 8000. Even if you change this, under normal conditions you won't be able to bind to
port 80. To get around this (and to avoid running Lemur as a privileged user, which you shouldn't), we need setup a port 80. To get around this (and to avoid running Lemur as a privileged user, which you shouldn't), we need setup a
simple web proxy. There are many different web servers you can use for this, we like and recommend Nginx. simple web proxy. There are many different web servers you can use for this, we like and recommend Nginx.
Proxying with Nginx Proxying with Nginx
~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~
You'll use the builtin HttpProxyModule within Nginx to handle proxying You'll use the builtin HttpProxyModule within Nginx to handle proxying. Edit the ``/etc/nginx/sites-available/default`` file according to the lines below
:: ::
@ -187,15 +212,19 @@ You'll use the builtin HttpProxyModule within Nginx to handle proxying
index index.html; index index.html;
} }
See :doc:`../production/index` for more details on using Nginx. .. note:: See :doc:`../production/index` for more details on using Nginx.
After making these changes, restart Nginx service to apply them::
$ sudo service nginx restart
Starting the Web Service Starting the Web Service
------------------------ ------------------------
Lemur provides a built-in webserver (powered by gunicorn and eventlet) to get you off the ground quickly. Lemur provides a built-in web server (powered by gunicorn and eventlet) to get you off the ground quickly.
To start the webserver, you simply use ``lemur start``. If you opted to use an alternative configuration path To start the web server, you simply use ``lemur start``. If you opted to use an alternative configuration path
you can pass that via the --config option. you can pass that via the --config option.
.. note:: .. note::
@ -204,18 +233,20 @@ you can pass that via the --config option.
:: ::
# Lemur's server runs on port 5000 by default. Make sure your client reflects # Lemur's server runs on port 8000 by default. Make sure your client reflects
# the correct host and port! # the correct host and port!
lemur --config=/etc/lemur.conf.py start -b 127.0.0.1:5000 lemur --config=/etc/lemur.conf.py start -b 127.0.0.1:8000
You should now be able to test the web service by visiting `http://localhost:5000/`. You should now be able to test the web service by visiting `http://localhost:5000/`.
Running Lemur as a Service Running Lemur as a Service
--------------------------- --------------------------
We recommend using whatever software you are most familiar with for managing Lemur processes. One option is We recommend using whatever software you are most familiar with for managing Lemur processes. One option is
`Supervisor <http://supervisord.org/>`_. `Supervisor <http://supervisord.org/>`_.
Configure ``supervisord`` Configure ``supervisord``
~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~
@ -235,6 +266,7 @@ folder and you're good to go.
See :ref:`Using Supervisor <UsingSupervisor>` for more details on using Supervisor. See :ref:`Using Supervisor <UsingSupervisor>` for more details on using Supervisor.
Syncing Syncing
------- -------
@ -247,6 +279,7 @@ of Lemur, but we do our best to reconcile those changes.
* 3 * * * lemur sync --all * 3 * * * lemur sync --all
* 3 * * * lemur check_revoked * 3 * * * lemur check_revoked
Additional Utilities Additional Utilities
-------------------- --------------------
@ -256,11 +289,13 @@ power and flexibility that goes with it.
Some of the features which you'll likely find useful are: Some of the features which you'll likely find useful are:
lock lock
~~~~ ~~~~
Encrypts sensitive key material - This is most useful for storing encrypted secrets in source code. Encrypts sensitive key material - This is most useful for storing encrypted secrets in source code.
unlock unlock
~~~~~~ ~~~~~~
@ -275,4 +310,3 @@ see :doc:`../production/index` for more details on how to configure Lemur for pr
The above just gets you going, but for production there are several different security considerations to take into account. The above just gets you going, but for production there are several different security considerations to take into account.
Remember, Lemur is handling sensitive data and security is imperative. Remember, Lemur is handling sensitive data and security is imperative.