root@tower:~ # su - tower -c "cd /opt/tower/ && ./bin/tower-web"
root@tower:~ # su - tower -c "cd /usr/local/tower/ && ./bin/tower-web"
```
If you want to restrict address which tower listen to, add ```--listen=YOURIP:YOURPORT``` to ```./bin/tower-web``` command
If you want to restrict address that tower listen to, run `./bin/tower-web --listen=YOURIP:YOURPORT`
## Prepare nodes
On each FreeBSD node do the following:
If you had installed PostgreSQL and MongoDB previously, you have to deinstall them and clean their db paths (`/var/db/mongodb` and `/usr/local/pgsql`). On each FreeBSD node do the following:
* Enable SSH:
```shell
root@noc:~ # sysrc sshd_enable="YES"
root@noc:~ # service sshd start
```
* Add ```/var/run/syslog``` socket for ```consul``` if node will run it:
* Add `/var/run/syslog` socket for `consul` if node will run it:
* If node will run postgresql, you'll need to do the trick: add postgresql server as a package first, then build databases/py-psycopg2 from ports with python 2.7:
* Back to tower machine, copy ssh key from tower user to each node:
```shell
root@tower:~ # su - tower -c "ssh-copy-id -i /home/tower/.ssh/id_rsa.pub ansible@192.168.1.88"
root@tower:~ # su - tower -c "ssh-copy-id -i /home/tower/.ssh/id_rsa.pub ansible@10.1.1.201"
```
* Check if tower able to connect to node by ssh with keys:
```shell
root@tower:~ # su - tower -c "ssh ansible@10.1.1.201"
```
## Deploying
# Jails
Here's what you need to do to run NOC in jail.
* Jail must be configured using VNET network interface, so that you will have a lo0 interface with 127.0.0.1 address on it inside a jail. IP 127.0.0.1 is sometimes hardcoded all over NOC's components, so you will have hard time deploying NOC to jail without 127.0.0.1 address.
* Do all mentioned in [Prepare Nodes](#prepare-nodes).
* Make sure `/var/run` and `/tmp` are mode 777 (just in case).
* Make sure `/etc/jail.conf` have `"allow.sysvipc"` for PostgreSQL and `"allow.mlock"` for MongoDB.
* During deploy there will be SSE4.2 check, which is done by greping `/var/run/dmesg.boot`, and this file will be empty EVERY TIME YOU START JAIL. So you have to copy host's `/var/run/dmesg.boot` to jail's `/var/run` and do deploy without restarting jail (or do this every time you restart jail). You will need this for the time of deployment only. You may add to `/etc/jail.conf` (assuming jour jail root is in `/usr/j/noc/` and your thin jail is mounted to `/s` path):
* If you have thinjails then probably you have read-only root in it, so you have to change `/opt/noc` path to more BSD'ish `/usr/local/noc` path in tower deployment config. WARNING: `NOC` MUST be in `noc` dir, so last path part MUST be `noc`.
- In Tower/Environments/YOURENV in `Config load preference` change all `/opt/noc` to `/usr/local/noc` (or whatever path you decided).
- Find `noc` service in Tower/Services and change path to `/usr/local/noc`.
- GOSS `tower/playbooks/NOC/system_roles/goss/defaults/main.yml` (even if you will not install `goss` service, deploy will try to create goss dir and will fail while creating `/opt/goss` on read-only root)
```shell
goss_path: "/usr/local/goss_v{{ goss_version }}"
```
## Deployment
- Enter noc control tower.
Open http://<IP>:8888/ in your browser. Login as admin/admin
- Go to environments, press "+ Create new..", enter hostname, save, then select it and "Pull".
- Go to datacenters, press "+ Create new..", enter name, save, then select it.
- Go to nodes, create new, enter datacenter, enter type (FreeBSD), ip address, save.
- Go to services, enable all services on node, save.
- Go to services, enable all services on node, save.
- Go to environments again, press Deploy.
Do not forget to change tower's admin password
(Upper right menu > Change Password)
## PS: About jails
For now there's a [bug](https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=227716) that prevents running mongodb in jail (when using mongo shell it coredumps with error ```"Failed to mlock: Resource temporarily unavailable"```), so for this moment (upcoming 12.1-RELEASE) one couldn't use FreeBSD jail for NOC.
But to save knowledge about all other aspects about running NOC in jail besides this mongodb problem (which I think will be solved in future), here's what you need to do to run NOC in jail.
* Jail must be configured using VNET network interface, so that you will have a lo0 interface with 127.0.0.1 address on it inside a jail. IP 127.0.0.1 is sometimes hardcoded all over NOC's components, so you will have hard time deploying NOC to jail with shared network interfaces.
* Do all mentioned in [Prepare Nodes](#prepare-nodes)
* Make sure /etc/jail.conf have ```"allow.sysvipc=1"``` for PostgreSQL.
* During deploy there will be SSE4.2 check, which is done by greping /var/run/dmesg.boot, and this file will be empty EVERY TIME YOU START JAIL. So you have to copy host's /var/run/dmesg.boot to jail's /var/run and do deploy without restarting jail (or do this every time you restart jail). You will need this for the time of deployment only.
* If you have thinjails then probably you have read-only root in it, so you have to change ```/opt``` path to more BSD'ish ```/usr/local``` path all the way inside tower playbooks .yml files.
