Skip to content

Instantly share code, notes, and snippets.

@brennv

brennv/gist:fb6e167d14f3718c6dc0bafbcd43b3df

Forked from ehazlett/gist:9241844
Created August 3, 2016 07:03
Show Gist options
  • Save brennv/fb6e167d14f3718c6dc0bafbcd43b3df to your computer and use it in GitHub Desktop.
Save brennv/fb6e167d14f3718c6dc0bafbcd43b3df to your computer and use it in GitHub Desktop.
Download ZIP
OpenShift Origin AWS
Raw
gistfile1.md

OpenShift Origin in AWS

This describes deploying and running OpenShift Origin in Amazon Web Services.

This is based upon the code and installer on 2014-02-26 so YMMV.

We will be using a VPC for deployment in us-east-1 and Route53 for DNS. I will leave the VPC setup as an exercise for the reader.

Prerequisites

  • AWS Account
  • VPC
  • Route53 for DNS
  • Domain: example.com (replace example.com with your own domain below)
  • Apps Domain: apps.example.com
  • Management Domain: core.example.com

Broker

The broker is the central application that manages all application control, user authentication, and DNS updates within Origin.

AWS

  • Launch a new Fedora 19 x86_64 instance using ami-b22e5cdb (this assumes the us-east-1 region -- use cloud.fedoraproject.org for other regions)
    • Make sure to use a security group with the following open:
      • TCP: 22
      • TCP: 80
      • TCP: 443
      • UDP: 53
      • ALL Traffic: (this is the easiest setup -- for greater security you should explicity lookup and set the individual ports needed for the broker)
  • Allocate new Elastic IP for use in the VPC
  • Associate the Elastic IP to the broker instance
  • Create a new CNAME record in Route53: broker.core.example.com -> Elastic IP
  • Create a new NS record in Route53: apps.example.com -> broker.core.example.com

OpenShift

  • SSH to the broker instance

  • Update OS: sudo yum update -y

  • Install Prereqs: sudo yum install -y augeas puppet curl wget bind ruby unzip httpd-tools ntp ntpdate scl-utils

  • Remove firewalld: sudo yum erase firewalld (this may not be present)

  • Install lokkit: sudo yum install -y lokkit

  • Add /etc/hosts entry for broker i.e.: 10.0.0.x broker.core.example.com

  • Configure NTP:

    • sudo ntpdate clock.redhat.com
    • sudo systemctl enable ntpd.service
    • sudo systemctl start ntpd.service

  • Install Origin Broker:

    • Temporarily su to root: sudo su -
    • sh <(curl -s https://install.openshift.com/)
      • "Installation Scenario": Install OpenShift Origin 1
      • "Already have a running Broker": n
      • "What domain for applications": apps.example.com
      • "Register DNS entries for OpenShift": y
      • "Domain for OpenShift hosts": core.example.com
      • "Hostname other hosts will use": broker.core.example.com
      • "Hostname/IP for SSH access": localhost
      • "Detected IP address .....": y or custom IP
      • "Enter for IP address for BIND DNS":
      • "Do you already have a running node": n
      • "Assign Node role to broker": y
      • "Change Deployment info": n
      • "Change subscription info": n
      • "Set temporary subscription settings": n
      • Wait for install :)
      • Add OpenShift User:
        • htpasswd /etc/openshift/htpasswd <username> <password>
      • Reboot (yes, do it)

  • Fix Origin (this happened to me -- it may be fine for you)

    • Temporarily su to root: sudo su -
    • MongoDB doesn't start (systemctl status mongod)
    • Edit /etc/mongodb.conf
      • Change the elastic IP in bind_ip to the VPC internal IP (i.e. 10.0.0.x)
    • Start MongoDB: systemctl start mongod
    • Set the openshift user password for auth
      • Start the MongoDB shell: mongo
      • Change to the Broker db: use openshift_broker
      • Set the openshift user password: db.addUser('openshift', 'mongopass')
    • Enable MongoDB auth
      • Edit /etc/mongodb.conf
      • Change auth = false to auth = true
      • Restart MongoDB: systemctl restart mongod
    • Restart OpenShift Services
      • systemctl restart openshift-broker
      • systemctl restart openshift-console
      • systemctl restart httpd

You should now be able to login to https://broker.core.example.com

OpenShift Console

Note

If you leave recursion enabled in Bind, you will get a violation email from AWS as a recursive DNS server violates the AUP. Update /etc/named.conf (add before recursion yes; and then change to recusion no;) something like allow-recursion { VPC-NET; }; - replace VPC_NET with your VPC network(s).

Adding Cartridges

To install a custom cartridge:

  • Download / Clone the repo
  • oo-admin-cartridge -a install -s /path/to/cartridge/source
  • oo-admin-broker-cache -c --console
  • oo-admin-cartridge --list to see new cartridge
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment