From Fedora Project Wiki

(first version)
 
No edit summary
Line 3: Line 3:
so we can edit and adjust  
so we can edit and adjust  


1 - Install OpenShift Origin packages
<pre>
<pre>
Setup Steps 1 - Install Fedora 18
I leave that up to you. With the Alpha release, my biggest success has come from installing the LiveCD's to a machine.
2 - Install OpenShift Origin packages
yum install "*openshift*"
yum install "*openshift*"
yum install mcollective-qpid-plugin
yum install mcollective-qpid-plugin
yum install qpid-cpp-server
yum install qpid-cpp-server
</pre>


3 - Turn off selinux (for now, this step will go away)
2 - Turn off selinux (for now, this step will go away)
 
<pre>
setenforce 0
setenforce 0
sed -i -e 's|SELINUX=enforcing|SELINUX=permissive|' /etc/sysconfig/selinux
sed -i -e 's|SELINUX=enforcing|SELINUX=permissive|' /etc/sysconfig/selinux
 
</pre>
4 - Setup the Broker
<pre>
4a - Setup MongoDB(This part is the same as the original instructions) https://openshift.redhat.com/community/wiki/build-your-own#Configuring_MongoDB
3 - Setup the Broker
3a - Setup MongoDB(This part is the same as the original instructions) https://openshift.redhat.com/community/wiki/build-your-own#Configuring_MongoDB


     To configure MongoDB to require authentication:
     To configure MongoDB to require authentication:
Line 44: Line 43:
     mongo stickshift_broker_dev --eval 'db.auth_user.update({"_id":"admin"}, {"_id":"admin","user":"admin","password":"2a8462d93a13e51387a5e607cbd1139f"}, true)'
     mongo stickshift_broker_dev --eval 'db.auth_user.update({"_id":"admin"}, {"_id":"admin","user":"admin","password":"2a8462d93a13e51387a5e607cbd1139f"}, true)'


4b - Setup the firewall
3b - Setup the firewall
 
<pre>
firewall-cmd --add-service=ssh
firewall-cmd --add-service=ssh
firewall-cmd --add-service=https
firewall-cmd --add-service=https
Line 51: Line 50:
firewall-cmd --add-service=dns
firewall-cmd --add-service=dns
firewall-cmd --add-port=5672/tcp
firewall-cmd --add-port=5672/tcp
</pre>


4c - Setup services
3c - Setup services
 
<pre>
systemctl enable httpd.service
systemctl enable httpd
systemctl enable mcollective.service
systemctl enable mcollective
systemctl enable mongod.service
systemctl enable mongod
chkconfig network on
chkconfig network on
systemctl enable openshift-origin-broker.service
systemctl enable openshift-origin-broker
systemctl enable sshd.service
systemctl enable sshd
chkconfig qpidd on
systemctl enable qpidd
</pre>


4d - Setup mcollective
3d - Setup mcollective
<pre>
Save off /etc/mcollective/client.cfg and /etc/mcollective/server.cfg. Then edit them so that they look like the following.
Save off /etc/mcollective/client.cfg and /etc/mcollective/server.cfg. Then edit them so that they look like the following.
Note: Change broker.example.com to whatever your hostname is.
Note: Change broker.example.com to whatever your hostname is.

Revision as of 15:07, 19 October 2012

Wiki version of https://openshift.redhat.com/community/forums/openshift/fedora-18-openshift-origin-setup-steps-and-testing

so we can edit and adjust


1 - Install OpenShift Origin packages 

yum install "*openshift*"
yum install mcollective-qpid-plugin
yum install qpid-cpp-server

2 - Turn off selinux (for now, this step will go away) 

setenforce 0
sed -i -e 's|SELINUX=enforcing|SELINUX=permissive|' /etc/sysconfig/selinux

3 - Setup the Broker
3a - Setup MongoDB(This part is the same as the original instructions) https://openshift.redhat.com/community/wiki/build-your-own#Configuring_MongoDB

    To configure MongoDB to require authentication:
        Open the /etc/mongodb.conf file on the broker host.
        Locate the line beginning with "auth=" and ensure that it is set to "true", as follows:
        auth = true
        Save and close the file. 
    To configure the MongoDB default database size:
    Open the /etc/mongodb.conf file on the broker host.
    Locate the line beginning with "smallfiles=" and ensure that it is set to "true", as follows:
    smallfiles = true
    Save and close the file.
    Start mongodb and make sure it starts on reboot

    systemctl start  mongod.service
    systemctl enable mongod.service

    Make sure the mongo daemon is running by connecting to it
    mongo
    Sometimes it takes a little while for it to start up. Keep trying until it connects. Then exit out.
    Create initial mongodb accounts.

    mongo stickshift_broker_dev --eval 'db.addUser("stickshift", "mooo")'
    mongo stickshift_broker_dev --eval 'db.auth_user.update({"_id":"admin"}, {"_id":"admin","user":"admin","password":"2a8462d93a13e51387a5e607cbd1139f"}, true)'

3b - Setup the firewall
<pre>
firewall-cmd --add-service=ssh
firewall-cmd --add-service=https
firewall-cmd --add-service=http
firewall-cmd --add-service=dns
firewall-cmd --add-port=5672/tcp

3c - Setup services 

systemctl enable httpd
systemctl enable mcollective
systemctl enable mongod
chkconfig network on
systemctl enable openshift-origin-broker
systemctl enable sshd
systemctl enable qpidd

3d - Setup mcollective 

Save off /etc/mcollective/client.cfg and /etc/mcollective/server.cfg. Then edit them so that they look like the following.
Note: Change broker.example.com to whatever your hostname is.

/etc/mcollective/client.cfg

topicprefix = /topic/
main_collective = mcollective
collectives = mcollective
libdir = /usr/libexec/mcollective
loglevel = debug
logfile = /var/log/mcollective-client.log

# Plugins
securityprovider = psk
plugin.psk = unset
connector = qpid
plugin.qpid.host=broker.example.com
plugin.qpid.secure=false
plugin.qpid.timeout=5

# Facts
factsource = yaml
plugin.yaml = /etc/mcollective/facts.yaml

/etc/mcollective/server.cfg

topicprefix = /topic/
main_collective = mcollective
collectives = mcollective
libdir = /usr/libexec/mcollective
logfile = /var/log/mcollective.log
loglevel = debug
daemonize = 1
direct_addressing = n

# Plugins
securityprovider = psk
plugin.psk = unset
connector = qpid
plugin.qpid.host=broker.example.com
plugin.qpid.secure=false
plugin.qpid.timeout=5

# Facts
factsource = yaml
plugin.yaml = /etc/mcollective/facts.yaml

4e - Setup DNS
Note1: Do the DNS all in one sweep so the variables match Note2: Change example.com to whatever your machines domain name is. Note3: Yep, except for the first line, you can cut and paste this whole thing.

export domain=example.com
export keyfile=/var/named/${domain}.key

rm -vf /var/named/K${domain}*
cd /var/named
dnssec-keygen -a HMAC-MD5 -b 512 -n USER -r /dev/urandom ${domain}
KEY="$(grep Key: K${domain}*.private | cut -d ' ' -f 2)"

rndc-confgen -a -r /dev/urandom
restorecon -v /etc/rndc.* /etc/named.*
chown -v root:named /etc/rndc.key
chmod -v 640 /etc/rndc.key

echo "forwarders { 8.8.8.8; 8.8.4.4; } ;" > /var/named/forwarders.conf
restorecon -v /var/named/forwarders.conf
chmod -v 755 /var/named/forwarders.conf

export uplift="$(rpm -q rubygem-openshift-origin-dns-bind --qf '%{NAME}-%{VERSION}')"
sed "s/example.com/${domain}/g" < /usr/share/gems/gems/${uplift#rubygem-}/doc/examples/example.com.db > /var/named/dynamic/${domain}.db

cat < /var/named/${domain}.key
key ${domain} {
  algorithm HMAC-MD5;
  secret "${KEY}";
};
EOF
chown -Rv named:named /var/named
restorecon -rv /var/named

mv /etc/named.conf /etc/named.conf.backup
sed "s/example.com/${domain}/g" < /usr/share/doc/${uplift}/examples/named.conf > /etc/named.conf
chown -v root:named /etc/named.conf
/usr/bin/chcon system_u:object_r:named_conf_t:s0 -v /etc/named.conf

/bin/systemctl start  named.service

echo "nameserver 127.0.0.1

Then run "nsupdate -k ${keyfile}" and put in the following
Note1: Change broker.example.com to your hostname
Note2: Change 10.0.0.1 to your ip address Note3: Type CTR+D (The Control key with the "d" key) to exit out of the program.

server 127.0.0.1
update delete broker.example.com A
update add broker.example.com 180 A 10.0.0.1
send

Finally, add "nameserver 127.0.0.1" to the top of /etc/resolve.conf

4f - Setup Plugins
Edit /var/www/stickshift/broker/Gemfile and add the following in the plugin section

gem 'openshift-origin-msg-broker-mcollective'
gem 'openshift-origin-dns-bind'
gem 'openshift-origin-auth-mongo'

Then do the following

cd /var/www/stickshift/broker/
bundle --local

Then edit /var/www/stickshift/broker/config/environments/development.rb and add the following at the very last, after the very last 'end' statement

require File.expand_path('../plugin-config/openshift-origin-msg-broker-mcollective.rb', __FILE__)
require File.expand_path('../plugin-config/openshift-origin-dns-bind.rb', __FILE__)
require File.expand_path('../plugin-config/openshift-origin-auth-mongo.rb', __FILE__)

And then do the following.
It is best if you are still in the same session that you did the DNS setup, so that you have the variables still set.

mkdir -p /var/www/stickshift/broker/config/environments/plugin-config
cat < /var/www/stickshift/broker/config/environments/plugin-config/uplift-bind-plugin.rb 
Broker::Application.configure do
  config.dns = {
  :server => "127.0.0.1",
  :port => 53,
  :keyname => "${domain}",
  :keyvalue => "${KEY}",
  :zone => "${domain}"
}
end
EOF

chown -v apache:apache /var/www/stickshift/broker/config/environments/plugin-config/uplift-bind-plugin.rb
restorecon -v /var/www/stickshift/broker/config/environments/plugin-config/uplift-bind-plugin.rb

perl -p -i -e "s/.*:domain_suffix.*/    :domain_suffix =>  \"${domain}\",/" /var/www/stickshift/broker/config/environments/*.rb

5 - Reboot and Test
After your machine has been rebooted, log in, and try the following

curl -Ik https://localhost/broker/rest/api 
* If you get an error do
curl -k https://localhost/broker/rest/api
Retrieved from "https://fedoraproject.org/w/index.php?title=OpenShift_Origin_F18&oldid=307774"