Deploy StackStorm on Azure VM

 

 

 

If you are venturing in the seas of automation and DevOps practices, Stackstorm is a tool you definitely should try, it is Open Source and provides integrations for many known tools like Terraform, Ansible, Chef, and many others, speaking in terms of Infra as Code and configuration management. 

 

Stackstorm lets you automate the process by listening to events (Sensors) or even commands from some Chat Bot on its core its basically like IFTTT (IF This Then That). 


https://stackstorm.com/
https://stackstorm.com/
https://stackstorm.com



I said basically but the things you can do with this kind of tool are in the scope of your imagination. 


So what you can do with StackStorm?.... 


Pretty much everything, using the right plugin you can deploy Ansible playbooks, get logs from Splunk, read Twits, trigger pipelines, send alerts, and if that is not enough you can build your custom actions using python. 


But before you can do all of that you need to run it somewhere, in this tutorial ill teach you how to deploy Stackstorm on an Azure Virtual Machine. 



1. Sign in or Create an account on Azure Cloud Portal  


To get started you need to Sign in to your Microsoft Azure Account or create a new one. Azure will give you $200 credits if you haven't created an account before, so you can start using it for whatever you want eg, this tutorial. 


2. Create a Virtual Machine 


In the Azure Portal go to Virtual Machines and click on Add > New Virtual Machine.


 
 
 

If you look at the System Requirements for Stackstorm you will see this table.

 

 

 

For the purpose of this tutorial and also saving some cost, we are going to create a VM with the resources specified for Testing. 

 

On the Basics tabs we are going to fill the following fields 

 

Subscription -> Your Subscription 

Resource Group -> Create a new one “rg-eus2-demos" 

Virtual Machine Name -> “vm-eus2-stackstorm" 

Region -> East US 2 (you can choose the region closer to you) 

Image -> Ubuntu Server 18.04 LTS 

Size -> Standard_B2s (2 vcpus, 4Gib Ram) its hourly cost if $0.04/hour.

 

 


 

For authentication, you can choose SSH or Password but I recommend you to work with SSH public key for security reasons. 

Authentication type -> SSH public key
Username -> stackstormuser
Key pair name -> ssh-key-eus2-stackstorm 
 

We need to allow communication on ports 22(SSH), 443(HTTPS) and 80 (HTTP)


Go to Disks and select the standard HDD. 

On Network, you can leave parameters by default, but, because I like to use some standard conventions on the resources I have changed some of the names. 

It is useful to set some tags to your resources, that way you can identify them easily on your billing report or on Azure monitor.


Click “Review + Create", If all the data supplied is correct you should see “Validation passed” 


Click “Create”.
If you chose SSH as your authentication method you will see a prompt window for download the ssh key, click on “Download private key and create resource".

After a minute or two, you should end up with something like this on your resource group. 



Now let's connect to the VM.

 

 Linux:

Copy your private key to ~/.ssh folder, then assign read-only permission to it, and then connect to the VM using the ssh command, the public IP of your VM, and username. 


 
mv ssh-key-eus2-stackstorm.pem ~/.ssh/ssh-key-eus2-stackstorm.pem
cd ~/.ssh
chmod 400 ssh-key-eus2-stackstorm.pem
ssh -i ~/.ssh/ssh-key-eus2-stackstorm.pem stackstormuser@you-vm-ip
 




 

Windows: 

Download putty https://www.putty.org/  

Select SSH and on Host name type stackstormuser@your-vm-ip, leave the default port.

user_30505_5915f325dfb0b.png

Next go to SSH>Auth and browse for your primary key 

user_30505_5915f3468460b.png

Clic Open and Then yes to add the fingerprint to the registry. 

user_30505_5915f369d3e07.png


As you can see on the console you are now connected to the VM instance 


 3. Install StackStorm

Instaling Stackstorm is pretty straightforward, on the console, you just open using SSH run the following commands.

sudo apt-get update
sudo apt-get install -y curl

  import mongodb public key 

wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -

 Create the /etc/apt/sources.list.d/mongodb-org-4.4.list file for Ubuntu 18.04 (Bionic): 

echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list  

update the package list and install the stackstorm dependencies.

sudo apt-get update
sudo apt-get install -y crudini
sudo apt-get install -y mongodb-org
sudo apt-get install -y rabbitmq-server

next you must enable mongod service and start it. 

sudo systemctl enable mongod

sudo systemctl start mongod

If you run sudo systemctl status mongod you should see something like this, look at the active (runnning). 


Use the following script provided by Stackstorm to identify the package that suits you. 

curl -s https://packagecloud.io/install/repositories/StackStorm/stable/script.deb.sh | sudo bash

 

Finally run the following commando to install stackstorm  

sudo apt-get install -y st2

 4. Configure SSH and SUDO for StackStorm

Stanley is the default and special system user that stackstorm uses to run commands, we need to give him some special permissions so he can run commands local and remote on behalf of StackStorm.
 
create a folder to store his authentication key. 

sudo mkdir -p /home/stanley/.ssh 
sudo chmod 0700 /home/stanley/.ssh  

Generate a SSH Key
 
sudo ssh-keygen -f /home/stanley/.ssh/stanley_rsa -P ""

Authorize the key-based access.

sudo sh -c 'cat /home/stanley/.ssh/stanley_rsa.pub >> /home/stanley/.ssh/authorized_keys' sudo chown -R stanley:stanley /home/stanley/.ssh

passwordless sudo for stanley.

sudo sh -c 'echo "stanley ALL=(ALL) NOPASSWD: SETENV: ALL" >> /etc/sudoers.d/st2' sudo chmod 0440 /etc/sudoers.d/st2

Make sure `Defaults requiretty` is disabled in `/etc/sudoers`  

sudo sed -i -r "s/^Defaults\s+\+?requiretty/# Defaults +requiretty/g" /etc/sudoers

Configure ssh access 

cat /etc/st2/st2.conf

Verify that system user stanley is added

[system_user]
user = stanley
ssh_key_file = /home/stanley/.ssh/stanley_rsa

start the service and verify

sudo st2ctl start
sudo st2ctl reload
st2 --version

 

5. Configure Authentication 

To set up a password for st2admin we need will follow the file based authentication provided by Stackstorm by default. 

sudo apt-get install -y apache2-utils
echo 'Ch@ngeMe' | sudo htpasswd -i /etc/st2/htpasswd st2admin

 Enable the authentication by setting auth > enables=True on /etc/st2/st2.conf 

sudo nano /etc/st2/st2.conf 

[auth] 

# ...

enable = True

# … 

Restart the st2api service and then check if the authentication works using the password you have set. 

sudo st2ctl restart-component st2api  

st2 login st2admin  

st2 action list

 

 

 6. Install the WebUI 

The Web Ui si served using NGINX but it is not enabled by default so in order to use it follow this steps. 

sudo apt-get install -y st2web nginx

 remove the default nginx site

sudo rm /etc/nginx/sites-available/default
sudo rm /stc/nginx/sites-enabled/default

Generate a ssl certificate for https connection, if you already have  one you must store it under  /etc/ssl/st2 and configure the site on st2.conf file, for this tutorial we are going to generate a self signed cert.

sudo mkdir -p /etc/ssl/st2
sudo openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/st2/st2.key -out /etc/ssl/st2/st2.crt -days 365 -nodes -subj "/C=US/ST=California/L=Palo Alto/O=StackStorm/OU=Information Technology/CN=exampledomain.net"
sudo service nginx restart

Access to https://${YOUR_VM_IP} and login with st2admin and the password you have created on step 3.

Optional 

you can create a free domain name using No-Ip service (note that the IP we have created for the virtual machine is public but a dynamic one). 

To make it simple and free go to No-Ip and create an account. 

Next, create a hostname and put the IP of your virtual machine.

 

install DCU client

sudo apt-get install build-essentials
cd /usr/local/src/
Sudo wget http://www.noip.com/client/linux/noip-duc-linux.tar.gz
sudo tar xf noip-duc-linux.tar.gz cd noip-2.1.9-1/
sudo make install

 you must provide your email and password of your account in No-Ip 

Next create you certificate  

sudo openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/st2/st2.key -out /etc/ssl/st2/st2.crt -days 365 -nodes -subj "/C=US/ST=California/L=Palo Alto/O=StackStorm/OU=Information Technology/CN=stackstorm-test.ddns.net"  

ProTip: 

Configure Auto-shutdown so you can save some money!

 

OK you are all set, now you are ready to follow the next steps, create actions, workflows and interact with a ChatBot.

SHARE

Daniel Sanin

    Blogger Comment
    Facebook Comment

0 comments :

Post a Comment