OpenShift Origin
After the broker configuration in the previous post (installing packages and configuring gears), now it’s time to configure OpenShift core services through various plugins.
These plugins are responsible to manage authentication, updating DNS or messaging between nodes. Have their own config files, and also we have some sample files we can use as templates.
Let’s go.
Configurar plugins
First let’s move on to plugins directory, found in /etc/openshift/plugins.d, where we find these sample files: openshift-origin-auth-remote-user.conf.example, openshift-origin-dns-nsupdate.conf.example and openshift-origin-msg-broker-mcollective.conf.example.
Next we let’s leave template files and we’ll work over a copy:
cd /etc/openshift/plugins.d cp openshift-origin-auth-remote-user.conf{.example,} cp openshift-origin-dns-nsupdate.conf{.example,} cp openshift-origin-msg-broker-mcollective.conf{.example,}
In the openshift-origin-msg-broker-mcollective.conf file we must change th directive
MCOLLECTIVE_CONFIG="%{scl_root}//etc/mcollective/client.cfg"
And set to:
MCOLLECTIVE_CONFIG=/"etc/mcollective/client.cfg"
Now let’s configure the DNS plugin, and to configure correctly the plugin we’ll use the variables used previously:
domain=dmartin.es keyfile=/var/named/${domain}.key KEY="$(grep Key: /var/named/K${domain}*.private | cut -d ' ' -f 2)"
Let’s fill the needded plugin directives
cat << EOF > openshift-origin-dns-nsupdate.conf BIND_SERVER="127.0.0.1" BIND_PORT=53 BIND_KEYNAME="${domain}" BIND_KEYVALUE="${KEY}" BIND_ZONE="${domain}" EOF
Authentication config
OpenShift supports different authentication mechanisms as MongoDB, Kerberos, LDAP, etc. On a business environment is preferred to use LDAP or Kerberos, but in this tutorial we’ll use Basic mechanism which use Apache for authentication, so let’s use the OpenShift template:
cp /var/www/openshift/broker/httpd/conf.d/openshift-origin-auth-remote-user-basic.conf{.sample,}
The AuthUserFile /etc/openshift/htpasswd directive pint to a file in which username and password will be stored. So let’s run this Apache command
htpasswd -c /etc/openshift/htpasswd <openshift-user>
When we use -c option, htpasswd creates the file if it doesn’t exists, but if file exists deletes all content, so if you want to create more users it’s better to omit the option.
OpenShift Admin Console
We can manage the broker from an admin console. If we want to use it, we need to install the package
yum install -y rubygem-openshift-origin-admin-console
Ruby Bundle
As OpenShift is developed over Ruby on Rails, to satisfy broker dependencies, we need to run next command
cd /var/www/openshift/broker bundle --local
Starting services
Now is turn tu start and enable needed services
systemctl start openshift-broker.service systemctl start httpd.service systemctl enable openshift-broker.service systemctl enable httpd.service
Verify proper operation
We can check broker operation thanks to curl tool and if we want to see in pretty format we can use python and a json module
curl -u <username>:<password> -k https://broker.dmartin.es/broker/rest/api.json|python -m json.tool
Through an SSH connection, we can do a port forwarding to gain access to the admin-console
ssh -Nf -L 8080:localhost:8080 root@broker.dmartin.es
Now, from our local machine, we can connect to http://localhost:8080/admin-console
Up here this post. In the next post we’ll finish to configure Web console where we can create applications, but when the Node will be configured 😉
Available here.
See you.
2 thoughts on “OpenShift Origin installation over Fedora 19 (Mega Tutorial) – Part 4”