Achieving NIS2 Compliance for GitHub Organizations with Mondoo
In the rapidly evolving world of software development, securing and managing the integrity of codebases is paramount, particularly for organizations subject to
In a joint effort Jannis Rake-Revelant, Jürgen Brüder, and myself Edmund Haselwanter had a look at several what we call "Openstack Lifecycle Management tools".
This time Jannis Rake-Revelant did most of the work, so thanks for sharing your findings :-)
[..] It's a freely-available, community-supported distribution of OpenStack that runs on Red Hat Enterprise Linux, CentOS, Fedora, and their derivatives. -- https://openstack.redhat.com/Frequently_Asked_Questions
The community effort RDO however is not officially supported by RedHat. If you want to buy support from Redhat for Openstack, you need to use RedHat Enterprise Linux Openstack. RedHat offers virtual appliances to test their platform.
For this tutorial, we will however be using RDO packstack as an installer and follow the related quick start guide.
Since a RHEL VM would need licensing we chose CentOS as a base OS. CentOS 6.5 was used during the first attempt. Due to various errors encountered in the process CentOS 7 is used as an alternative later on.
To simplify the setup process we use Vagrant and VMware Fusion as a Vagrant Provider, VirtualBox may also be used. To speed up the process even further boxes from the Vagrant Cloud will be used, specifically for CentOS 6.5 and CentOS 7.
This allows us to start the OS with just two commands:
vagrant init chef/centos-6.5
vagrant up
To access the instance via ssh we simply:
vagrant ssh
Since the disclaimer tells us to use at leaste 2 GB of RAM and hardware virtualization extension we need to edit our Vagrantfile to include:
config.vm.provider :vmware_fusion do |v|
v.vmx["memsize"] = "4096"
v.vmx["numvcpus"] = "2"
v.vmx["vhv.enable"] = "TRUE"
end
We then need to reload vagrant:
vagrant reload
The quickstart setup looks simple, we simply update our packages:
sudo yum update -y
Select the RDO repositories:
sudo yum install -y https://rdo.fedorapeople.org/rdo-release.rpm
Install the packstack installer:
sudo yum install -y openstack-packstack
and create an "all in one" setup:
packstack --allinone
However, eventually the following error is encountered:
192.168.3.153_amqp.pp: [ ERROR ]
Applying Puppet manifests [ ERROR ]
ERROR : Error appeared during Puppet run: 192.168.3.153_amqp.pp
Error: Execution of '/usr/bin/yum -d 0 -e 0 -y list erlang' returned 1: Error: No matching Packages to list
After some research it seems clear that we need to install EPEL 6:
wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
sudo rpm -ivh epel-release-6-8.noarch.rpm
Check if the erlang package is available:
yum -d 0 -e 0 -y list erlang
Available Packages
erlang.x86_6
If you do not see this, check if the epel repo is enabled, by setting enabled=1
via:
sudo vi /etc/yum.repos.d/epel.repo
However, after another packstack --allinone
we encounter the same error. An alternative is to install the erlang package manually:
sudo yum install erlang
After yet another packstack --allinone
we are presented with this error:
192.168.3.153_amqp.pp: [ ERROR ]
Applying Puppet manifests [ ERROR ]
ERROR : Error appeared during Puppet run: 192.168.3.153_amqp.pp
Error: Execution of '/usr/bin/yum -d 0 -e 0 -y list rabbitmq-server' returned 1: Error: No matching Packages to list
Sidenote: epel.repo
seems to be forgetting our enabling. Fix yet unknown, we have to reset it manually for now.
Learning from the Erlang problem let us try to pre-install RabbitMQ:
wget http://www.rabbitmq.com/releases/rabbitmq-server/v3.3.5/rabbitmq-server-3.3.5-1.noarch.rpm
sudo yum install rabbitmq-server-3.3.5-1.noarch.rpm
And, yet again we encounter another error:
192.168.3.153_keystone.pp: [ ERROR ]
Applying Puppet manifests [ ERROR ]
ERROR : Error appeared during Puppet run: 192.168.3.153_keystone.pp
Error: Execution of '/usr/bin/yum -d 0 -e 0 -y install openstack-keystone' returned 1: Error: Package: python-keystone-2014.1.2.1-1.el6.noarch (openstack-icehouse)
You will find full trace in log /var/tmp/packstack/20141015-204302-54nNUw/manifests/192.168.3.153_keystone.pp.log
After reading the full log
Error: Execution of '/usr/bin/yum -d 0 -e 0 -y install openstack-keystone' returned 1: Error: Package: python-keystone-2014.1.2.1-1.el6.noarch (openstack-icehouse)
Requires: python-iso8601
we seem to be missing a python module.
After even more research and install of the python-keystoneclient:
yum install python-keystoneclient
and yet another error:
192.168.3.153_mariadb.pp: [ ERROR ]
Applying Puppet manifests [ ERROR ]
ERROR : Error appeared during Puppet run: 192.168.3.153_mariadb.pp
Error: mysqladmin -u root password '667bccaf22db4ec5' returned 1 instead of one of [0]
Choosing the new release solved the last issues with no apparent reason and the installation finished with:
****** Installation completed successfully ******
However neither the necessary rc files where created nor were any services running.
You are interested in our courses or you simply have a question that needs answering? You can contact us at anytime! We will do our best to answer all your questions.
Contact us