Getting Rock on RHEL


#43

Hmm… I may need to see if I can get my hands on a RHEL ISO and try the install. Seems like something under the hood is not working in the deploy script. Have you tried running the deploy one more time after being able to manually install those packages?


#44

I will try that again in a few minutes. Heres how to get a RHEL iso to test on:
https://developers.redhat.com/products/rhel/download/

You have to create a RHEL account
I’m running RHEL 7.6

If you want to know exactly what i’ve done before you started helping today let me know and i’ll message you my “cut-sheet”


#45

Thanks for the link, I have an account and it is on my todo list to build RockNSM against RHEL anyway so I will just bump this since I have noticed you have been trying to get this working for almost a week.


#46

Ok, So I got it working. Here are the steps I had to take to get this working on redhat.

  1. Subscribe to RHEL to enable repos.
  2. Install EPEL and dependancies.

sudo rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum install python2-markupsafe git ansible

  1. Clone the ROCK repo.

git clone https://github.com/rocknsm/rock.git

  1. Copy all the components to the correct locations

mkdir -p /usr/share/rock/
mkdir -p /etc/rocknsm
mkdir -p /srv/rocknsm/support
cp -R /home/admin/rock/playbooks/ /usr/share/rock/.
cp -R /home/admin/rock/roles/ /usr/share/rock/.
cp /home/admin/rock/roles/etc/hosts.ini /etc/rocknsm/.

  1. Remove the generate defaults from the site yml.
    vi /usr/share/rock/playbooks/site.yml
#!/usr/bin/env ansible-playbook
- import_playbook: deploy-rock.yml
  1. Generate RockNSM defaults

/home/admin/rock/bin/generate_defaults.sh

  1. Edit the config to use online and ignore local repos
    vi /etc/rocknsm/config.yml
... bunch of lines ...

rock_online_install: True <---- this one

... bunch of lines ...

rock_disable_offline_repo: True <----- this one

... bunch of lines ...
  1. Deploy rocknsm

/home/admin/rock/bin/deploy_rock.sh

  1. This will fail on the CentOS Repo’s, probably a smoother way in the future to get around this.
  2. Edit the Centos repos so that the $releasever is 7
    vi /etc/yum.repos.d/CentOS-Base.repo
[base]
enabled = 1
gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
mirrorlist = http://mirrorlist.centos.org/?release=7&arch=$basearch&repo=os&infra=$infra
name = CentOS-$releasever - Base

[updates]
enabled = 1
gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
mirrorlist = http://mirrorlist.centos.org/?release=7&arch=$basearch&repo=updates&infra=$infra
name = CentOS-$releasever - Updates

[extras]
enabled = 1
gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
mirrorlist = http://mirrorlist.centos.org/?release=7&arch=$basearch&repo=extras&infra=$infra
name = CentOS-$releasever - Extras
  1. I then cleaned up my YUM and cached it which allowed me to bypass having to muck with the playbook.

yum clean all
yum makecache fast

  1. Run deploy again which will successfully install this time.

/home/admin/rock/bin/deploy_rock.sh

  1. ???
  2. Profit

$ sudo rockctl status
ZOOKEEPER:
Active: active (running) since Tue 2019-03-12 03:05:52 UTC; 48min agoi
KAFKA:
Active: active (running) since Tue 2019-03-12 03:06:21 UTC; 47min agoi
BRO:
Active: active (running) since Tue 2019-03-12 03:07:54 UTC; 46min agoi
SURICATA:
Active: active (running) since Tue 2019-03-12 03:10:10 UTC; 43min agoi
FILEBEAT:
Active: active (running) since Tue 2019-03-12 03:11:18 UTC; 42min agoi
ELASTICSEARCH:
Active: active (running) since Tue 2019-03-12 03:24:52 UTC; 29min agoi
LOGSTASH:
Active: active (running) since Tue 2019-03-12 03:27:08 UTC; 26min agoi
KIBANA:
Active: active (running) since Tue 2019-03-12 03:29:28 UTC; 24min agoi
STENOGRAPHER:
Active: active (exited) since Tue 2019-03-12 03:06:42 UTC; 47min agoi
FSF:
Active: active (running) since Tue 2019-03-12 03:11:18 UTC; 42min agoi
DOCKET:
Active: active (running) since Tue 2019-03-12 03:23:25 UTC; 30min agoi
STENOGRAPHER@ENS34:
Active: active (running) since Tue 2019-03-12 03:06:42 UTC; 47min agoi


#48

I am testing this now on my box to see if I have any issues. From a hypothetical standpoint how would you replicate this on an air gapped network if you could stand up your own repos?


#49

@Nick it’s possible to override the URLs for the repos so that you can point them to your own mirror. We’re also working on a RHEL ISO version, but we can’t freely distribute it at the moment. We’d like to get approval to do that, but that’s in progress. What we can do is make it easier for others to build their own ISO.


#50

@spartan782 It appears that everything is working. The ELK stack itself failed to to start based on rockctl status but I’m ok with that as I am going to be sending a copy of data to Splunk. I can’t thank you enough for your help and the same goes to @koelslaw

@dcode I sent you a message.

I will test this a few more times on other systems just to make sure everything seems to be working. Should be done in the next day or so and will post any new errors/issues.