OpenShift Origin installation over Fedora 19 (Mega Tutorial) – Part 3


OpenShift Origin

Broker configuration

In the previous post we finished configuring MongoDB datasource, installing the ActiveMQ messaging service and the MCollective client. Now it’s time to configure broker system by installing corresponding packages.

 yum install -y openshift-origin-broker openshift-origin-broker-util \
             rubygem-openshift-origin-auth-remote-user \
              rubygem-openshift-origin-auth-mongo \
              rubygem-openshift-origin-msg-broker-mcollective \
              rubygem-openshift-origin-dns-avahi \
              rubygem-openshift-origin-dns-nsupdate \
              rubygem-openshift-origin-dns-route53 \
              rubygem-passenger mod_passenger

Let’s open needed ports in firewall:

lokkit --service=ssh --service=http --service=https

To allow some services can communicate with the broker, but avoiding that communication be insecure, we must create a pair of access keys. Let’s use the openssl command as is showing:

openssl genrsa -out /etc/openshift/server_priv.pem 2048
openssl rsa -in /etc/openshift/server_priv.pem -pubout > /etc/openshift/server_pub.pem

Also the broker and the nodes must communicate and transfer content. To secure this transfer the broker uses SSH protocol, so we need to create an RSA key without passphrase:

ssh-keygen -t rsa -b 2048 -f /etc/openshift/rsync_id_rsa

SELinux will work in enforcing mode and therefore must be enabled some booleans needed for operation of the broker (with man -k servicename you can search the SELinux information for those services):

setsebool -P  httpd_unified=on httpd_can_network_connect=on httpd_can_network_relay=on \
              httpd_run_stickshift=on named_write_master_zones=on allow_ypbind=on \
              httpd_verify_dns=on httpd_enable_homedirs=on httpd_execmem=on \

Finally we will generate the necessary contexts for directories and apply:

semanage fcontext -a -t httpd_var_run_t '/var/www/openshift/broker/httpd/run(/.*)?'
semanage fcontext -a -t httpd_tmp_t '/var/www/openshift/broker/tmp(/.*)?'
semanage fcontext -a -t httpd_log_t '/var/log/openshift/broker(/.*)?'
fixfiles -R rubygem-passenger restore
fixfiles -R mod_passenger restore
restorecon -RFvv /var/run
restorecon -RFvv /opt
restorecon -RFvv /var/www/openshift/

The fixfiles command, with the -R option, reads all files that a package has installed and restores contexts.

OpenShift config file

The main config file of OpenShift is /etc/openshift/broker.conf, and for adjust our configuration we must modify some directives:


This provides gear sizes (that are spaces of computing of CPU, RAM and HDD)


This directive defines the main domain for the OpenShift user namespaces



The configuration to connect to MongoDB database. In bold are the values configured in the previous post.

echo "AUTH_SALT=\"$(openssl rand -base64 64|tr -d \"\\n\")\"">> /etc/openshift/broker.conf
echo "SESSION_SECRET=\"$(openssl rand -base64 64|tr -d \"\\n\")\"">> /etc/openshift/broker.conf

This generat some random bits for authentication an session SALT.

In the next post we’ll configure the broker plugins.
It’s available from here.

See you soon.

One thought on “OpenShift Origin installation over Fedora 19 (Mega Tutorial) – Part 3

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.