1
0

halite.rst 5.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237
  1. .. _tutorial-halite:
  2. =================================
  3. Installing and Configuring Halite
  4. =================================
  5. .. warning:: Halite is deprecated
  6. The Halite project is retired. The code will remain available on GitHub.
  7. In this tutorial, we'll walk through installing and setting up Halite. The
  8. current version of Halite is considered pre-alpha and is supported only in Salt
  9. ``v2014.1.0`` or greater. Additional information is available on GitHub:
  10. https://github.com/saltstack/halite
  11. Before beginning this tutorial, ensure that the salt-master is installed. To
  12. install the salt-master, please review the installation documentation:
  13. http://docs.saltstack.com/topics/installation/index.html
  14. .. note::
  15. Halite only works with Salt versions greater than 2014.1.0.
  16. Installing Halite Via Package
  17. =============================
  18. On CentOS, RHEL, or Fedora:
  19. .. code-block:: bash
  20. $ yum install python-halite
  21. .. note::
  22. By default python-halite only installs CherryPy. If you would like to use
  23. a different webserver please review the instructions below to install
  24. pip and your server of choice. The package does not modify the master
  25. configuration with ``/etc/salt/master``.
  26. Installing Halite Using pip
  27. ===========================
  28. To begin the installation of Halite from PyPI, you'll need to install pip. The
  29. Salt package, as well as the bootstrap, do not install pip by default.
  30. On CentOS, RHEL, or Fedora:
  31. .. code-block:: bash
  32. $ yum install python-pip
  33. On Debian:
  34. .. code-block:: bash
  35. $ apt-get install python-pip
  36. Once you have pip installed, use it to install halite:
  37. .. code-block:: bash
  38. $ pip install -U halite
  39. Depending on the webserver you want to run halite through, you'll need to
  40. install that piece as well. On RHEL based distros, use one of the following:
  41. .. code-block:: bash
  42. $ pip install cherrypy
  43. .. code-block:: bash
  44. $ pip install paste
  45. .. code-block:: bash
  46. $ yum install python-devel
  47. $ yum install gcc
  48. $ pip install gevent
  49. $ pip install pyopenssl
  50. On Debian based distributions:
  51. .. code-block:: bash
  52. $ pip install CherryPy
  53. .. code-block:: bash
  54. $ pip install paste
  55. .. code-block:: bash
  56. $ apt-get install gcc
  57. $ apt-get install python-dev
  58. $ apt-get install libevent-dev
  59. $ pip install gevent
  60. $ pip install pyopenssl
  61. Configuring Halite Permissions
  62. ==============================
  63. Configuring Halite access permissions is easy. By default, you only need to
  64. ensure that the @runner group is configured. In the ``/etc/salt/master`` file,
  65. uncomment and modify the following lines:
  66. .. code-block:: yaml
  67. external_auth:
  68. pam:
  69. testuser:
  70. - .*
  71. - '@runner'
  72. .. note::
  73. You cannot use the root user for pam login; it will fail to authenticate.
  74. Halite uses the runner manage.present to get the status of minions, so runner
  75. permissions are required. For example:
  76. .. code-block:: yaml
  77. external_auth:
  78. pam:
  79. mytestuser:
  80. - .*
  81. - '@runner'
  82. - '@wheel'
  83. Currently Halite allows, but does not require, any wheel modules.
  84. Configuring Halite Settings
  85. ===========================
  86. Once you've configured the permissions for Halite, you'll need to set up the
  87. Halite settings in the /etc/salt/master file. Halite supports CherryPy, Paste, and Gevent out of the box.
  88. To configure cherrypy, add the following to the bottom of your /etc/salt/master file:
  89. .. code-block:: yaml
  90. halite:
  91. level: 'debug'
  92. server: 'cherrypy'
  93. host: '0.0.0.0'
  94. port: '8080'
  95. cors: False
  96. tls: True
  97. certpath: '/etc/pki/tls/certs/localhost.crt'
  98. keypath: '/etc/pki/tls/certs/localhost.key'
  99. pempath: '/etc/pki/tls/certs/localhost.pem'
  100. If you wish to use paste:
  101. .. code-block:: yaml
  102. halite:
  103. level: 'debug'
  104. server: 'paste'
  105. host: '0.0.0.0'
  106. port: '8080'
  107. cors: False
  108. tls: True
  109. certpath: '/etc/pki/tls/certs/localhost.crt'
  110. keypath: '/etc/pki/tls/certs/localhost.key'
  111. pempath: '/etc/pki/tls/certs/localhost.pem'
  112. To use gevent:
  113. .. code-block:: yaml
  114. halite:
  115. level: 'debug'
  116. server: 'gevent'
  117. host: '0.0.0.0'
  118. port: '8080'
  119. cors: False
  120. tls: True
  121. certpath: '/etc/pki/tls/certs/localhost.crt'
  122. keypath: '/etc/pki/tls/certs/localhost.key'
  123. pempath: '/etc/pki/tls/certs/localhost.pem'
  124. The "cherrypy" and "gevent" servers require the certpath and keypath files
  125. to run tls/ssl. The .crt file holds the public cert and the .key file holds
  126. the private key. Whereas the "paste" server requires a single .pem file that
  127. contains both the cert and key. This can be created simply by concatenating
  128. the .crt and .key files.
  129. If you want to use a self-signed cert, you can create one using the Salt.tls
  130. module:
  131. .. note::
  132. The following command needs to be run on your salt master.
  133. .. code-block:: bash
  134. salt-call tls.create_self_signed_cert tls
  135. Note that certs generated by the above command can be found under the ``/etc/pki/tls/certs/`` directory.
  136. When using self-signed certs, browsers will need approval before accepting the
  137. cert. If the web application page has been cached with a non-HTTPS version of
  138. the app, then the browser cache will have to be cleared before it will
  139. recognize and prompt to accept the self-signed certificate.
  140. Starting Halite
  141. ===============
  142. Once you've configured the halite section of your /etc/salt/master, you can
  143. restart the salt-master service, and your halite instance will be available.
  144. Depending on your configuration, the instance will be available either at
  145. https://localhost:8080/app, https://domain:8080/app, or
  146. https://123.456.789.012:8080/app .
  147. .. note::
  148. halite requires an HTML 5 compliant browser.
  149. All logs relating to halite are logged to the default /var/log/salt/master file.