As part of the manual installation process (which is not recommended), install and configure RaaS.

To install and configure the RaaS node:

  1. FOR SLES 15 INSTALLATIONS ONLY: Install the xmlsec1 package. Without this dependency, a SLES 15 installation may fail. To download the package and read installation documentation, see xmlsec1.
  2. FOR SLES INSTALLATIONS ONLY: Import the RPM signing key using the following command:
    rpm --import http://repo.saltstack.com/py3/redhat/7.7/x86_64/latest/SALTSTACK-GPG-KEY.pub
  3. Download and install the RPM for your operating system:

    RHEL

    Download and install the Red Hat/CentOS SaltStack Config RPM, replacing the exact filename:

    sudo yum install raas-<version>-0.el7.x86_64.rpm
  4. In the RaaS service configuration file /etc/raas/raas, update the sql configuration to provide the host and port created in the previous section. If you plan to use SSL, set ssl to True and see the next step for additional details.
    sql:dialect:postgresqlhost:localhostport:5432driver:psycopg2ssl:false
  5. If you set ssl to True in the previous step, you’ve enabled an SSL connection, but additional information is required to verify the server’s SSL certificate. To configure certificate verification, in /etc/raas/raas, add a new ssl_opts key and provide values as follows:

    Option

    Description

    sslmode

    Choose the mode for your SSL connection from one of the following:

    • disable - Use only cleartext connections. This value is used when ssl is set to False.

    • prefer - Use SSL but fallback to cleartext if SSL is not available.

    • require - Use an SSL connection but do not attempt to verify the server’s certificate.

    • verify-ca - Use the contents of sslrootcert, if present, to validate the server’s SSL certificate. Or if sslrootcert is not present, use the system certificate store to validate the server’s SSL certificate.

    • verify-full - Use the contents of sslrootcert, if present, to validate the server’s SSL certificate. Or if sslrootcert is not present, use the system certificate store to validate the server’s SSL certificate. verify-full requires that the hostname in the certificate match the hostname SaltStack Config uses when connecting.

    For more on these settings, see the PostgreSQL documentation.

    sslrootcert

    Location on the RaaS filesystem of the CA certificate to use if a self-signed certificate is in place on the PostgreSQL server

    sslcert

    Location of the client certificate on the RaaS server to use instead of username and password to connect to PostgreSQL

    sslkey

    Location of the key file that goes along with the client certificate referenced in sslcert

    For more in-depth information about these options, see the PostgreSQL documentation: Client Verification of Server Certificates, as well as the following example configurations.

    Example 1

    The first example shows a configuration set to full verification. This means that the certificate PostgreSQL presents to SaltStack Config is validated against the Certificate Authority certificate specified in the file path/to/CA_Certificate. Furthermore, the Common Name in the SaltStack Config certificate must match the hostname SaltStack Config is using for PostgreSQL.

    sql:
       ssl:True
       ssl_opts:
          sslmode:verify-full
          sslrootcert:path/to/CA_certificate

    Example 2

    The second example enables SSL communication without certificate validation, and authenticates the user that the RaaS uses to connect to PostgreSQL via client SSL certificate.

    sql:
       ssl:True
       ssl_opts:
          sslmode:require
          sslcert:path/to/Client_Certificate
          sslkey:path/to/Key_for_Client_Certificate
  6. In the RaaS service configuration file /etc/raas/raas, define options for background workers:
    background_workers:
       combined_process:True
       max_tasks:100000
       max_memory:1048576
    Note:

    SaltStack Config includes a range of different background worker settings to improve performance for various deployment scenarios. For more information, see Improve system performance.

  7. In the RaaS service configuration file /etc/raas/raas, configure the location of your Redis server:
    redis:
       url:redis://<Redis_IP>:6379
  8. To store database credentials for both PostgreSQL and Redis in an encrypted file, run the following command:
    su - raas -c 'raas save_creds'
  9. Follow the prompts to set up your username and password for Redis and PostgreSQL. If you would prefer to leave those values blank, press the Enter key when prompted. The credentials are stored in /etc/raas/raas.secconf.
    Note:

    If credentials appear in both /etc/raas/raas and /etc/raas/raas.secconf, the settings in the plaintext /etc/raas/raas take precedence. For more on securing credentials, see Securing credentials in your configuration.

  10. Enable the RaaS service at system startup and launch the service using the following commands:
    sudo systemctl enable raas
    sudo systemctl start raas

The manual installation process is now complete.

What to do next

After installing and configuring RaaS, the next step is to install the RaaS license key. See Install the RaaS license key for more information.