VMware Aria Automation 8.16

8.18 8.17 8.16 8.14 8.13 all
Português (Brasil) 简体中文 Deutsch Español Français Italiano 日本語 한국어 Nederlands Русский 繁體中文 English

RaaS installation and configuration

As part of the manual installation process (which is not recommended), install and configure RaaS.
To install and configure the RaaS node:
  1. FOR SLES 15 INSTALLATIONS ONLY:
     Install the
    xmlsec1
     package. Without this dependency, a SLES 15 installation may fail. To download the package and read installation documentation, see xmlsec1.
  2. FOR SLES INSTALLATIONS ONLY:
     Import the RPM signing key using the following command:
    rpm --import http://repo.saltstack.com/py3/redhat/7.7/x86_64/latest/SALTSTACK-GPG-KEY.pub
  3. Download and install the RPM for your operating system:
    RHEL
    Download and install the Red Hat/CentOS
    Automation Config
     RPM, replacing the exact filename:
    sudo yum install raas-<version>-0.el7.x86_64.rpm
  4. In the RaaS service configuration file
    /etc/raas/raas
    , update the
    sql
     configuration to provide the host and port created in the previous section. If you plan to use SSL, set
    ssl
     to
    True
     and see the next step for additional details.
    sql:dialect:postgresqlhost:localhostport:5432driver:psycopg2ssl:false
  5. If you set
    ssl
     to
    True
     in the previous step, you’ve enabled an SSL connection, but additional information is required to verify the server’s SSL certificate. To configure certificate verification, in
    /etc/raas/raas
    , add a new
    ssl_opts
     key and provide values as follows:
    Option
    Description
    sslmode
    Choose the mode for your SSL connection from one of the following:
    • disable
       - Use only cleartext connections. This value is used when
      ssl
       is set to False.
    • prefer
       - Use SSL but fallback to cleartext if SSL is not available.
    • require
       - Use an SSL connection but do not attempt to verify the server’s certificate.
    • verify-ca
       - Use the contents of
      sslrootcert
      , if present, to validate the server’s SSL certificate. Or if
      sslrootcert
       is not present, use the system certificate store to validate the server’s SSL certificate.
    • verify-full
       - Use the contents of
      sslrootcert
      , if present, to validate the server’s SSL certificate. Or if
      sslrootcert
       is not present, use the system certificate store to validate the server’s SSL certificate.
      verify-full
       requires that the hostname in the certificate match the hostname
      Automation Config
       uses when connecting.
    For more on these settings, see the PostgreSQL documentation.
    sslrootcert
    Location on the RaaS filesystem of the CA certificate to use if a self-signed certificate is in place on the PostgreSQL server
    sslcert
    Location of the client certificate on the RaaS server to use instead of username and password to connect to PostgreSQL
    sslkey
    Location of the key file that goes along with the client certificate referenced in
    sslcert
    For more in-depth information about these options, see the PostgreSQL documentation: Client Verification of Server Certificates, as well as the following example configurations.
    Example 1
    The first example shows a configuration set to full verification. This means that the certificate PostgreSQL presents to
    Automation Config
     is validated against the Certificate Authority certificate specified in the file
    path/to/CA_Certificate
    . Furthermore, the Common Name in the
    Automation Config
     certificate must match the hostname
    Automation Config
     is using for PostgreSQL.
    sql:
   ssl:True
   ssl_opts:
      sslmode:verify-full
      sslrootcert:path/to/CA_certificate
    Example 2
    The second example enables SSL communication without certificate validation, and authenticates the user that the RaaS uses to connect to PostgreSQL via client SSL certificate.
    sql:
   ssl:True
   ssl_opts:
      sslmode:require
      sslcert:path/to/Client_Certificate
      sslkey:path/to/Key_for_Client_Certificate
  6. In the RaaS service configuration file
    /etc/raas/raas
    , define options for background workers:
    background_workers:
   combined_process:True
   max_tasks:100000
   max_memory:1048576
    Automation Config
     includes a range of different background worker settings to improve performance for various deployment scenarios. For more information, see Improve system performance.
  7. In the RaaS service configuration file
    /etc/raas/raas
    , configure the location of your Redis server:
    redis:
   url:redis://<Redis_IP>:6379
  8. To store database credentials for both PostgreSQL and Redis in an encrypted file, run the following command:
    su - raas -c 'raas save_creds'
  9. Follow the prompts to set up your username and password for Redis and PostgreSQL. If you would prefer to leave those values blank, press the Enter key when prompted. The credentials are stored in
    /etc/raas/raas.secconf
    .
    If credentials appear in both
    /etc/raas/raas
     and
    /etc/raas/raas.secconf
    , the settings in the plaintext
    /etc/raas/raas
     take precedence. For more on securing credentials, see Securing credentials in your configuration.
  10. Enable the RaaS service at system startup and launch the service using the following commands:
    sudo systemctl enable raas
sudo systemctl start raas
The manual installation process is now complete.

What to do next

After installing and configuring RaaS, the next step is to install the RaaS license key. See Install the RaaS license key for more information.

Content feedback and comments