Ansible playbooks to deploy StackStorm.
StackStorm is event-driven automation platform written in Python. With over 50+ integrations like GitHub, Docker, Nagios, NewRelic, AWS, Ansible it allows you to wire together your existing infrastructure into complex Workflows with auto-remediation and many more. Aka IFTTT orchestration for Ops.
- Ubuntu Xenial (16.04)
- Ubuntu Bionic (18.04)
- RHEL7 / CentOS7
- RHEL8 / CentOS8
If you're using the provided Vagrantfile, note that it uses Bionic by default.
In order to access StackStorm Web UI, please don't forget to ensure that http/https ports are opened in your firewall system.
At least 2GB of memory and 3.5GB of disk space is required, since StackStorm is shipped with RabbitMQ, Mongo and nginx.
# stackstorm
ansible-playbook stackstorm.ymlBelow is the list of variables you can redefine in your playbook to customize st2 deployment:
| Variable | Default | Description |
|---|---|---|
| st2repo | ||
st2repo_name |
stable |
StackStorm PackageCloud repository to install. stable, unstable, staging-stable, staging-unstable |
| st2 | ||
st2_version |
latest |
StackStorm version to install. present to install available package, latest to get automatic updates, or pin it to numeric version like 2.2.0. |
st2_revision |
1 |
StackStorm revision to install. Used only with pinned st2_version. |
st2_config |
{} |
Hash with StackStorm configuration settings to set in st2.conf ini file. |
st2_system_user |
stanley |
System user from which st2 will execute local/remote shell actions. |
st2_system_user_in_sudoers |
yes |
Add st2_system_user to the sudoers (recommended for most st2 features to work). |
st2_ssh_key_file |
/home/{{st2_system_user}}/.ssh/{{st2_system_user}}_rsa |
Path to st2_system_user SSH private key. It will be autogenerated by default. |
st2_auth_enable |
yes |
Enable StackStorm standalone authentication. |
st2_auth_username |
testu |
Username used by StackStorm standalone authentication. |
st2_auth_password |
testp |
Password used by StackStorm standalone authentication. |
st2_save_credentials |
yes |
Save credentials for local CLI in /root/.st2/config file. |
st2_packs |
[ st2 ] |
List of packs to install. This flag does not work with a --python3 only pack. |
st2_python_packages |
[ ] |
List of python packages to install into the /opt/stackstorm/st2 virtualenv. This is needed when deploying alternative auth or coordination backends which depend on Python modules to make them work. |
st2_u16_add_insecure_py3_ppa |
false |
Whether permission is granted to install the deadsnakes Python3.6 PPA for Ubuntu 16. |
| st2web | ||
st2web_ssl_certificate |
null |
String with custom SSL certificate (.crt). If not provided, self-signed certificate will be generated. |
st2web_ssl_certificate_key |
null |
String with custom SSL certificate secret key (.key). If not provided, self-signed certificate will be generated. |
st2web_nginx_config |
null |
String with a custom nginx configuration file (st2.conf). If not provided, the default st2.conf will be used. |
| ewc | ||
ewc_license |
null |
EWC license key is required for installing EWC enteprise bits via this ansible role. |
ewc_repo |
enterprise |
EWC PackageCloud repository to install. enterprise, enterprise-unstable, staging-enterprise, staging-enterprise-unstable |
ewc_version |
latest |
EWC enterprise version to install. present to install available package, latest to get automatic updates, or pin it to numeric version like 2.2.0. The version used here should match st2_version. |
ewc_revision |
1 |
EWC enterprise revision to install. Used only with pinned ewc_version. |
ewc_rbac |
See ewc_rbac variable in role defaults |
EWC RBAC roles and assignments. This is a dictionary with two keys roles and assignments. roles and assignments are in turn both arrays. Each element in the array follows the exact YAML schema for roles and assignments defined in EWC documentation. |
ewc_ldap |
See ewc_ldap variable in role defaults |
Settings for EWC LDAP authentication backend. ewc_ldap is a dictionary and has one item backend_kwargs. backend_kwargs should be provided as exactly listed in EWC documentation for LDAP configuration. |
| st2chatops | ||
st2chatops_version |
latest |
st2chatops version to install. present to install available package, latest to get automatic updates, or pin it to numeric version like 2.2.0. |
st2chatops_st2_api_key |
st2 API key to be updated in st2chatops.env using "st2 apikey create -k" in a task | |
st2chatops_hubot_adapter |
Hubot Adapter to be used for st2chatops. Default is shell, but should be changed to one of the supported adapters.[Required] |
|
st2chatops_config |
{ } |
Based on adapter in st2chatops_hubot_adapter, provide hash for the adapter settings, to update st2chatops.env. For example, for Slack hubot adapter: st2chatops_config: HUBOT_SLACK_TOKEN: xoxb-CHANGE-ME-PLEASE |
st2chatops_version |
latest |
st2chatops version to install. Use latest to get automatic updates or pin it to numeric version like 2.2.0. |
Install latest stable StackStorm with all its components on local machine:
ansible-playbook stackstorm.yml -i 'localhost,' --connection=localNote that keeping
latestversion is useful to update StackStorm by re-running playbook, since it will reinstall st2 if there is new version available. This is default behavior. If you don't want updates - consider pinning version-revision numbers.
Install specific numeric version of st2 with pinned revision number as well:
ansible-playbook stackstorm.yml --extra-vars='st2_version=2.2.0 st2_revision=8'If you are installing from behind a proxy, you can use environment variables http_proxy, https_proxy, and no_proxy in the playbook. For the
st2smoketests, you will need to disable proxy for localhost.
environment:
http_proxy: http://proxy.example.net:3128
https_proxy: http://proxy.example.net:3128
no_proxy: 127.0.0.1,localhostThere are a few requirements when developing on ansible-st2.
These are the platforms we must support (must pass end-to-end testing):
- Ubuntu Xenial
- Ubuntu Bionic
- CentOS7
- CentOS8
- RHEL7 (via AWS)
- RHEL8 (via AWS)
Must also support Ansible Idempotence (Eg. Ansible-playbook re-run should end with the following results: changed=0.*failed=0)
For development purposes there is Vagrantfile available. The following command will setup ubuntu18 box (ubuntu/bionic64) by default:
vagrant upOther distros:
vagrant up ubuntu16
vagrant up centos7
vagrant up centos8You might be interested in other methods to deploy StackStorm engine:
-
Configuration Management
-
Manual Instructions
If you're in stuck, our community always ready to help, feel free to:
- Ask questions in our public Slack channel
- Report bug, provide feature request or just give us a ✮ star
Your contribution is more than welcome!