OpenShift Origin
Broker configuration
In the previous post we finished configuring MongoDB datasource, installing the ActiveMQ messaging service and the MCollective client. Now it’s time to configure broker system by installing corresponding packages.
yum install -y openshift-origin-broker openshift-origin-broker-util \
rubygem-openshift-origin-auth-remote-user \
rubygem-openshift-origin-auth-mongo \
rubygem-openshift-origin-msg-broker-mcollective \
rubygem-openshift-origin-dns-avahi \
rubygem-openshift-origin-dns-nsupdate \
rubygem-openshift-origin-dns-route53 \
rubygem-passenger mod_passenger
Let’s open needed ports in firewall:
lokkit --service=ssh --service=http --service=https
To allow some services can communicate with the broker, but avoiding that communication be insecure, we must create a pair of access keys. Let’s use the openssl command as is showing:
openssl genrsa -out /etc/openshift/server_priv.pem 2048 openssl rsa -in /etc/openshift/server_priv.pem -pubout > /etc/openshift/server_pub.pem
Also the broker and the nodes must communicate and transfer content. To secure this transfer the broker uses SSH protocol, so we need to create an RSA key without passphrase:
ssh-keygen -t rsa -b 2048 -f /etc/openshift/rsync_id_rsa
SELinux will work in enforcing mode and therefore must be enabled some booleans needed for operation of the broker (with man -k servicename you can search the SELinux information for those services):
setsebool -P httpd_unified=on httpd_can_network_connect=on httpd_can_network_relay=on \
httpd_run_stickshift=on named_write_master_zones=on allow_ypbind=on \
httpd_verify_dns=on httpd_enable_homedirs=on httpd_execmem=on \
httpd_read_user_content=on
Finally we will generate the necessary contexts for directories and apply:
semanage fcontext -a -t httpd_var_run_t '/var/www/openshift/broker/httpd/run(/.*)?' semanage fcontext -a -t httpd_tmp_t '/var/www/openshift/broker/tmp(/.*)?' semanage fcontext -a -t httpd_log_t '/var/log/openshift/broker(/.*)?' fixfiles -R rubygem-passenger restore fixfiles -R mod_passenger restore restorecon -RFvv /var/run restorecon -RFvv /opt restorecon -RFvv /var/www/openshift/
The fixfiles command, with the -R option, reads all files that a package has installed and restores contexts.
OpenShift config file
The main config file of OpenShift is /etc/openshift/broker.conf, and for adjust our configuration we must modify some directives:
VALID_GEAR_SIZES="small,medium,large"
This provides gear sizes (that are spaces of computing of CPU, RAM and HDD)
CLOUD_DOMAIN="dmartin.es"
This directive defines the main domain for the OpenShift user namespaces
MONGO_HOST_PORT="broker.dmartin.es:27017" MONGO_USER="openshift" MONGO_PASSWORD="mooo" MONGO_DB="openshift_broker_dev"
The configuration to connect to MongoDB database. In bold are the values configured in the previous post.
echo "AUTH_SALT=\"$(openssl rand -base64 64|tr -d \"\\n\")\"">> /etc/openshift/broker.conf echo "SESSION_SECRET=\"$(openssl rand -base64 64|tr -d \"\\n\")\"">> /etc/openshift/broker.conf
This generat some random bits for authentication an session SALT.
In the next post we’ll configure the broker plugins.
It’s available from here.
See you soon.
One thought on “OpenShift Origin installation over Fedora 19 (Mega Tutorial) – Part 3”