Fedora 18 - OpenShift Origin - setup steps and testing

The OpenShift forums have been retired.
You can still read and search them, but for help, please post a question on Stack Overflow.

For those that don't know, we're getting OpenShift Origin into Fedora 18 as a feature.
https://fedoraproject.org/wiki/Features/OpenShift_Origin

We're very close, but haven't completely finished testing it. That's where we need help.

We've been using the steps from "Build Your Own PaaS"
https://www.openshift.com/wiki/build-your-own

There are a few things that are different that we have to change from their instructions.
1 - Everything is (or should be) in Fedora 18. You shouldn't have to add any extra repositories or outside packages.
2 - Most everything is renamed to openshift-origin instead of stickshift, gearshift, and crankcase. But not the paths. At the time we started that project, we needed the package and gem names to be changed, but changing the paths was going to break code.

I have gotten the steps converted for the Broker. If someone could do the steps for a Node, that would be great.

Note1: We are turning selinux off for right now. We believe it should be configured correctly, but until we are sure everything works on it's own, we're turning it off. Once we are sure everything works, we'll turn selinux back on and clear up any issues that might arrise from it.

Note2: Keep It Simple. We are trying to just create a DIY app on a single node. The broker, node and client can be on the same machine. If you want, you can split them up, but it isn't necessary.

Setup Steps

1 - Install Fedora 18
I leave that up to you. With the Alpha release, my biggest success has come from installing the LiveCD's to a machine.

2 - Install OpenShift Origin packages

yum install "*openshift*"
yum install mcollective-qpid-plugin
yum install qpid-cpp-server

3 - Turn off selinux (for now, this step will go away)

setenforce 0
sed -i -e 's|SELINUX=enforcing|SELINUX=permissive|' /etc/sysconfig/selinux

4 - Setup the Broker
4a - Setup MongoDB(This part is the same as the original instructions) https://www.openshift.com/wiki/build-your-own#Configuring_MongoDB

  • To configure MongoDB to require authentication:
    1. Open the /etc/mongodb.conf file on the broker host.
    2. Locate the line beginning with "auth=" and ensure that it is set to "true", as follows:
      auth = true
    3. Save and close the file.
  • To configure the MongoDB default database size:
  • Open the /etc/mongodb.conf file on the broker host.
  • Locate the line beginning with "smallfiles=" and ensure that it is set to "true", as follows:
    smallfiles = true
  • Save and close the file.
  • Start mongodb and make sure it starts on reboot
    systemctl start  mongod.service
    systemctl enable mongod.service
    
  • Make sure the mongo daemon is running by connecting to it
    mongo
    Sometimes it takes a little while for it to start up. Keep trying until it connects. Then exit out.
  • Create initial mongodb accounts.
    mongo stickshift_broker_dev --eval 'db.addUser("stickshift", "mooo")'
    mongo stickshift_broker_dev --eval 'db.auth_user.update({"_id":"admin"}, {"_id":"admin","user":"admin","password":"2a8462d93a13e51387a5e607cbd1139f"}, true)'
    

4b - Setup the firewall

firewall-cmd --add-service=ssh
firewall-cmd --add-service=https
firewall-cmd --add-service=http
firewall-cmd --add-service=dns
firewall-cmd --add-port=5672/tcp

4c - Setup services

systemctl enable httpd.service
systemctl enable mcollective.service
systemctl enable mongod.service
chkconfig network on
systemctl enable openshift-origin-broker.service
systemctl enable sshd.service
chkconfig qpidd on

4d - Setup mcollective
Save off /etc/mcollective/client.cfg and /etc/mcollective/server.cfg. Then edit them so that they look like the following.
Note: Change broker.example.com to whatever your hostname is.

/etc/mcollective/client.cfg

topicprefix = /topic/
main_collective = mcollective
collectives = mcollective
libdir = /usr/libexec/mcollective
loglevel = debug
logfile = /var/log/mcollective-client.log

# Plugins
securityprovider = psk
plugin.psk = unset
connector = qpid
plugin.qpid.host=broker.example.com
plugin.qpid.secure=false
plugin.qpid.timeout=5

# Facts
factsource = yaml
plugin.yaml = /etc/mcollective/facts.yaml

/etc/mcollective/server.cfg

topicprefix = /topic/
main_collective = mcollective
collectives = mcollective
libdir = /usr/libexec/mcollective
logfile = /var/log/mcollective.log
loglevel = debug
daemonize = 1
direct_addressing = n

# Plugins
securityprovider = psk
plugin.psk = unset
connector = qpid
plugin.qpid.host=broker.example.com
plugin.qpid.secure=false
plugin.qpid.timeout=5

# Facts
factsource = yaml
plugin.yaml = /etc/mcollective/facts.yaml

4e - Setup DNS
Note1: Do the DNS all in one sweep so the variables match Note2: Change example.com to whatever your machines domain name is. Note3: Yep, except for the first line, you can cut and paste this whole thing.

export domain=example.com
export keyfile=/var/named/${domain}.key

rm -vf /var/named/K${domain}*
cd /var/named
dnssec-keygen -a HMAC-MD5 -b 512 -n USER -r /dev/urandom ${domain}
KEY="$(grep Key: K${domain}*.private | cut -d ' ' -f 2)"

rndc-confgen -a -r /dev/urandom
restorecon -v /etc/rndc.* /etc/named.*
chown -v root:named /etc/rndc.key
chmod -v 640 /etc/rndc.key

echo "forwarders { 8.8.8.8; 8.8.4.4; } ;" > /var/named/forwarders.conf
restorecon -v /var/named/forwarders.conf
chmod -v 755 /var/named/forwarders.conf

export uplift="$(rpm -q rubygem-openshift-origin-dns-bind --qf '%{NAME}-%{VERSION}')"
sed "s/example.com/${domain}/g" < /usr/share/gems/gems/${uplift#rubygem-}/doc/examples/example.com.db > /var/named/dynamic/${domain}.db

cat < /var/named/${domain}.key
key ${domain} {
  algorithm HMAC-MD5;
  secret "${KEY}";
};
EOF
chown -Rv named:named /var/named
restorecon -rv /var/named

mv /etc/named.conf /etc/named.conf.backup
sed "s/example.com/${domain}/g" < /usr/share/doc/${uplift}/examples/named.conf > /etc/named.conf
chown -v root:named /etc/named.conf
/usr/bin/chcon system_u:object_r:named_conf_t:s0 -v /etc/named.conf

/bin/systemctl start  named.service

echo "nameserver 127.0.0.1

Then run "nsupdate -k ${keyfile}" and put in the following
Note1: Change broker.example.com to your hostname
Note2: Change 10.0.0.1 to your ip address Note3: Type CTR+D (The Control key with the "d" key) to exit out of the program.

server 127.0.0.1
update delete broker.example.com A
update add broker.example.com 180 A 10.0.0.1
send

Finally, add "nameserver 127.0.0.1" to the top of /etc/resolve.conf

4f - Setup Plugins
Edit /var/www/stickshift/broker/Gemfile and add the following in the plugin section

gem 'openshift-origin-msg-broker-mcollective'
gem 'openshift-origin-dns-bind'
gem 'openshift-origin-auth-mongo'

Then do the following

cd /var/www/stickshift/broker/
bundle --local

Then edit /var/www/stickshift/broker/config/environments/development.rb and add the following at the very last, after the very last 'end' statement

require File.expand_path('../plugin-config/openshift-origin-msg-broker-mcollective.rb', __FILE__)
require File.expand_path('../plugin-config/openshift-origin-dns-bind.rb', __FILE__)
require File.expand_path('../plugin-config/openshift-origin-auth-mongo.rb', __FILE__)

And then do the following.
It is best if you are still in the same session that you did the DNS setup, so that you have the variables still set.

mkdir -p /var/www/stickshift/broker/config/environments/plugin-config
cat < /var/www/stickshift/broker/config/environments/plugin-config/uplift-bind-plugin.rb 
Broker::Application.configure do
  config.dns = {
  :server => "127.0.0.1",
  :port => 53,
  :keyname => "${domain}",
  :keyvalue => "${KEY}",
  :zone => "${domain}"
}
end
EOF

chown -v apache:apache /var/www/stickshift/broker/config/environments/plugin-config/uplift-bind-plugin.rb
restorecon -v /var/www/stickshift/broker/config/environments/plugin-config/uplift-bind-plugin.rb

perl -p -i -e "s/.*:domain_suffix.*/    :domain_suffix =>  \"${domain}\",/" /var/www/stickshift/broker/config/environments/*.rb

5 - Reboot and Test
After your machine has been rebooted, log in, and try the following

curl -Ik https://localhost/broker/rest/api 
* If you get an error do
curl -k https://localhost/broker/rest/api 

So I slowly started to follow this guide, and so far, testing permitted to find 2 bugs : https://bugzilla.redhat.com/show_bug.cgi?id=865677 ( mongo + selinux )

https://bugzilla.redhat.com/show_bug.cgi?id=866892 ( wrong requires on qpid )

Both are fixed and soon on mirrors.

So I encourage people to test as well, and permit us to have a rock solid release for F18, so anybody can play and us openshift at home.

I have placed the documentation on the wiki : https://fedoraproject.org/wiki/OpenShift_Origin_F18 , so this can be updated. However, it would be nice to have the dnsmasq plugin, as it would be easier to deploy.

Hi can somebody, update these instructions or provide a working vm ? Because several things are changed: - "stickshift" now is "openshift" - "bundle --local" doesn't find the mongo gem - ..

Thanks

I spent some time following this guide, but I had no joy. It certainly seems to be a little outdated. I'll give the dev tools a try.

Thank you for your feedback! If you need some immediate help, join us on IRC on Freenode's #openshift-dev: http://webchat.freenode.net/?randomnick=1&channels=openshift-dev&uio=d4