OpenShift Origin installation over Fedora 19 (Mega Tutorial) – Part 4

openshift-origin-logo

OpenShift Origin

After the broker configuration in the previous post (installing packages and configuring gears), now it’s time to configure OpenShift core services through various plugins.

These plugins are responsible to manage authentication, updating DNS or messaging between nodes. Have their own config files, and also we have some sample files we can use as templates.

Let’s go.

Configurar plugins

First let’s move on to plugins directory, found in /etc/openshift/plugins.d, where we find these sample files: openshift-origin-auth-remote-user.conf.example, openshift-origin-dns-nsupdate.conf.example and openshift-origin-msg-broker-mcollective.conf.example.

Next we let’s leave template files and we’ll work over a copy:

cd /etc/openshift/plugins.d
cp openshift-origin-auth-remote-user.conf{.example,}
cp openshift-origin-dns-nsupdate.conf{.example,}
cp openshift-origin-msg-broker-mcollective.conf{.example,}

In the openshift-origin-msg-broker-mcollective.conf file we must change th directive

MCOLLECTIVE_CONFIG="%{scl_root}//etc/mcollective/client.cfg"

And set to:

MCOLLECTIVE_CONFIG=/"etc/mcollective/client.cfg"

Now let’s configure the DNS plugin, and to configure correctly the plugin we’ll use the variables used previously:

domain=dmartin.es
keyfile=/var/named/${domain}.key
KEY="$(grep Key: /var/named/K${domain}*.private | cut -d ' ' -f 2)"

Let’s fill the needded plugin directives

cat << EOF > openshift-origin-dns-nsupdate.conf
BIND_SERVER="127.0.0.1"
BIND_PORT=53
BIND_KEYNAME="${domain}"
BIND_KEYVALUE="${KEY}"
BIND_ZONE="${domain}"
EOF

Authentication config

OpenShift supports different authentication mechanisms as MongoDB, Kerberos, LDAP, etc. On a business environment is preferred to use LDAP or Kerberos, but in this tutorial we’ll use Basic mechanism which use Apache for authentication, so let’s use the OpenShift template:

cp /var/www/openshift/broker/httpd/conf.d/openshift-origin-auth-remote-user-basic.conf{.sample,}

The AuthUserFile /etc/openshift/htpasswd directive pint to a file in which username and password will be stored. So let’s run this Apache command

htpasswd -c /etc/openshift/htpasswd <openshift-user>

When we use -c option, htpasswd creates the file if it doesn’t exists, but if file exists deletes all content, so if you want to create more users it’s better to omit the option.

OpenShift Admin Console

We can manage the broker from an admin console. If we want to use it, we need to install the package

yum install -y rubygem-openshift-origin-admin-console

Ruby Bundle

As OpenShift is developed over Ruby on Rails, to satisfy broker dependencies, we need to run next command

cd /var/www/openshift/broker
bundle --local

Starting services

Now is turn tu start and enable needed services

systemctl start openshift-broker.service
systemctl start httpd.service
systemctl enable openshift-broker.service
systemctl enable httpd.service

Verify proper operation

We can check broker operation thanks to curl tool and if we want to see in pretty format we can use python and a json module

curl -u <username>:<password> -k https://broker.dmartin.es/broker/rest/api.json|python -m json.tool

Through an SSH connection, we can do a port forwarding to gain access to the admin-console

ssh -Nf -L 8080:localhost:8080 root@broker.dmartin.es

Now, from our local machine, we can connect to http://localhost:8080/admin-console
Up here this post. In the next post we’ll finish to configure Web console where we can create applications, but when the Node will be configured 😉
Available here.

See you.

2 thoughts on “OpenShift Origin installation over Fedora 19 (Mega Tutorial) – Part 4

Leave a Reply

Your email address will not be published. Required fields are marked *