Document toolboxDocument toolbox

cookiecutinvt.py - Inventory Creation Wizard

Owned by Juan Tomás Alonso Nieto (Deactivated)
Jul 06, 2022
5 min read
[ 1 Overview ] [ 2 How to use it ] [ 3 Topology questions ]

Overview

From version 1.2.1 onwards, the Endpoint Agent solution provides a tool to create a deployment topology from scratch by asking the user questions.

The tool is based on a template that is shipped with the deployment package and, based on the answer that the user gives, it will create an inventory to be used with the deployment playbook. It is not mandatory to use this tool, but it is provided as a way to help users with limited knowledge of YAML.

How to use it

Example syntax (from devo-ea-deployer folder):

python3 tools/cookiecutinvt.py -o inventories/<< output_inventory_name >>.yaml

You can use python3 or python depending on the python version installed on your system.

Topology questions

The tool will ask the user questions and it will then create an inventory. Below is an example of the questions that will be asked. Note that questions might differ depending on the type of topology that the user wants to create.

Do you want deploy in full HA? (Y/N) [N] → Answer “Y” if you want to deploy a full HA topology. It implies that the topology will make use of existing DB services and more than one EA Manager.

How many managers will be deployed? (1..) [1] → Number of managers to be included in the inventory. If you have selected a “Full HA” deployment, the minimum will be two.

Manager: Host name in inventory [devo-ea-manager] → Hostname of the EA Manager server(s).

Manager: SSH connection host/IP → Internal IP of the EA Manager server(s) for SSH connection. It will be used in the agents etc/hosts file when there is no direct access to EA Manager FQDN.

Manager: SSH connection user → User for SSH Connection

Manager: SSH authentication with passwd? (Y/N) [Y] → Answer “Y” if the SSH connection will use password, answer “N” if the SSH connection will be done with public key.

Manager: SSH connection password → Password for SSH Connection.

Manager: Python interpreter [/usr/bin/python3] → Python interpreter depending on the python engine installed on the host.

Do you want to deploy No-HA internal services? ("No" implies MySQL and Redis are provided as external services) (Y/N) [Y] → Answer “Y” if you want EA Manager to deploy dockers with internal services (MySQL and Redis).

Do you want to deploy internal services in same host as manager (yes) or in a separate host (no)? (Y/N) [Y] y → Answer “Y” if you want to deploy the dockers in the same server than EA Manager (if there are more than one EA Manager they will be deployed in the first EA Manager. Answer “N” to deploy the dockers in a different server.

Internal services: Host name in inventory [devo-int-services] → When deploying in a different server, specify a hostname for the server.

Internal services: SSH connection host/IP  → Internal IP of the host for SSH connection

Internal services: SSH connection user → User for SSH Connection

Internal services: SSH authentication with passwd? (Y/N) [Y] → Answer “Y” if the SSH connection will use password, answer “N” if the SSH connection will be done with public key.

Internal services: SSH connection password → Password for SSH Connection

MySQL address in host:port format. I.E: mysql.server:3306 [192.168.104.20:3306] → The connection string to the MySQL server. A suggestion will be made as default valued based on previous answers.

MySQL database [devoea] → MySQL database name.

MySQL user [devoea] → MySQL user name.

MySQL passwd [insecure] → MySQL password.

Redis address in host:port format. I.E: redis.server:6379 [192.168.104.20:6379] → The connection string to the REDIS server. A suggestion will be made as default valued based on previous answers.

Redis database number (0..) [0] → REDIS Database number.

Do you want use password to authenticate with Redis (Y/N) [N] → Answer “Y” if you want to use a password when connecting to REDIS server.

Redis passwd → REDIS password.

Public endpoint FQDN, do not use IP. If you need connect agents through IP, answer "Y" to the following question [devo-ea-manager] → FQDN for the EA Manager. The endpoint agents will be configured to use this FQDN to connect to the EA Manager.

Do you need that agents connect using different FQDN or IP (Y/N) [N] → Answer “Y” if you need that agents use a different FQDN or an IP to connect to the EA Manager (the FQDN is not reachable, and need to connect via direct Public IP, for example).

Public endpoint FQDN/IP, without port, used by agents → FQDN/IP to be configured in the agents to reach EA Manager.

Public endpoint port, used by agents (1..65536) [8080] → Port to be configured in the agents to reach EA Manager.

Do you want to add devo-ea-manager fqdn associated to manager IP/Host (192.168.104.10) in etc/hosts file of the agents (Y/N) [Y] → Answer “Y” if you want to modify /etc/hosts file in the endpoint agents to connect to the EA Manager. Answer “N” if you are using a public FQDN name and agents can reach it directly via DNS.

Do you want send data to Devo through relay "in-house"? (Y/N) [N] → Answer “Y” if you want to send data to Devo using Devo In-house Relay. Answer “N” if you want to send data directly from the EA Manager to Devo.

Devo relay in-house address, host:port format [relay:13000] → If using a devo in-house relay, address of the Devo In-house Relay.

Devo relay address [us.elb.relay.logtrust.net:443] eu.elb.relay.logtrust.net:443 → If connecting directly to Devo, address of the Devo entrypoint.

User name for the Endpoint manager admistrator [admin] → User for EA Manager Web UI.

Password for the Endpoint manager admistrator [Th3Adm1n!] → Password for EA Manager Web UI.

Agent repository username [dea-agent] → User for Endpoint Agent repository.

Agent repository password [Th3Ag3nt!] → Password for Endpoint Agent repository.

Generate self-signed certificates (Y/N) [Y] → Answer “Y” if you want EA deployer to generate self-signed certificates that will be used to secure communication between the Endpoint Agent and the Endpoint Agent Manager. Answer “N” if you want to use your own certificates.

Do you want to add other Subject alternative names to generated certs? (Y/N) [N] → Answer “Y” if you need your certificate to trust more than one subject name. (when your agent connects the manager using the IP instead of the FQDN, for example).

New subject alternative name to add to certs, type "<N>" to stop adding more [<N>] → IP or FQDN to be included in the certificate generation. Type <N> to stop adding SANs.

Do you want to enable one or more Devo packs? (Y/N) [Y] → Answer “Y” if you want to enable one or more query packs in the EA Manager by default. The wizard will ask you one by one for every pack included with the package. Answer “N” if you do not want to enable any default pack.