OpenShift Origin in AWS

This describes deploying and running OpenShift Origin in Amazon Web Services.

This is based upon the code and installer on 2014-02-26 so YMMV.

We will be using a VPC for deployment in us-east-1 and Route53 for DNS. I will leave the VPC setup as an exercise for the reader.

Prerequisites

AWS Account
VPC
Route53 for DNS
Domain: example.com (replace example.com with your own domain below)
Apps Domain: apps.example.com
Management Domain: core.example.com

Broker

The broker is the central application that manages all application control, user authentication, and DNS updates within Origin.

AWS

Launch a new Fedora 19 x86_64 instance using ami-b22e5cdb (this assumes the us-east-1 region -- use cloud.fedoraproject.org for other regions)
- Make sure to use a security group with the following open:
  - TCP: 22
  - TCP: 80
  - TCP: 443
  - UDP: 53
  - ALL Traffic: (this is the easiest setup -- for greater security you should explicity lookup and set the individual ports needed for the broker)
Allocate new Elastic IP for use in the VPC
Associate the Elastic IP to the broker instance
Create a new CNAME record in Route53: broker.core.example.com -> Elastic IP
Create a new NS record in Route53: apps.example.com -> broker.core.example.com

OpenShift

SSH to the broker instance
Update OS: sudo yum update -y
Install Prereqs: sudo yum install -y augeas puppet curl wget bind ruby unzip httpd-tools ntp ntpdate scl-utils
Remove firewalld: sudo yum erase firewalld (this may not be present)
Install lokkit: sudo yum install -y lokkit
Add /etc/hosts entry for broker i.e.: 10.0.0.x broker.core.example.com
Configure NTP:
- sudo ntpdate clock.redhat.com
- sudo systemctl enable ntpd.service
- sudo systemctl start ntpd.service
Install Origin Broker:
- Temporarily su to root: sudo su -
- sh <(curl -s https://install.openshift.com/)
  - "Installation Scenario": Install OpenShift Origin 1
  - "Already have a running Broker": n
  - "What domain for applications": apps.example.com
  - "Register DNS entries for OpenShift": y
  - "Domain for OpenShift hosts": core.example.com
  - "Hostname other hosts will use": broker.core.example.com
  - "Hostname/IP for SSH access": localhost
  - "Detected IP address .....": y or custom IP
  - "Enter for IP address for BIND DNS":
  - "Do you already have a running node": n
  - "Assign Node role to broker": y
  - "Change Deployment info": n
  - "Change subscription info": n
  - "Set temporary subscription settings": n
  - Wait for install :)
  - Add OpenShift User:
    - htpasswd /etc/openshift/htpasswd <username> <password>
  - Reboot (yes, do it)
Fix Origin (this happened to me -- it may be fine for you)
- Temporarily su to root: sudo su -
- MongoDB doesn't start (systemctl status mongod)
- Edit /etc/mongodb.conf
  - Change the elastic IP in bind_ip to the VPC internal IP (i.e. 10.0.0.x)
- Start MongoDB: systemctl start mongod
- Set the openshift user password for auth
  - Start the MongoDB shell: mongo
  - Change to the Broker db: use openshift_broker
  - Set the openshift user password: db.addUser('openshift', 'mongopass')
- Enable MongoDB auth
  - Edit /etc/mongodb.conf
  - Change auth = false to auth = true
  - Restart MongoDB: systemctl restart mongod
- Restart OpenShift Services
  - systemctl restart openshift-broker
  - systemctl restart openshift-console
  - systemctl restart httpd

You should now be able to login to https://broker.core.example.com

Note

If you leave recursion enabled in Bind, you will get a violation email from AWS as a recursive DNS server violates the AUP. Update /etc/named.conf (add before recursion yes; and then change to recusion no;) something like allow-recursion { VPC-NET; }; - replace VPC_NET with your VPC network(s).

Adding Cartridges

To install a custom cartridge:

Download / Clone the repo
oo-admin-cartridge -a install -s /path/to/cartridge/source
oo-admin-broker-cache -c --console
oo-admin-cartridge --list to see new cartridge

ehazlett/gist:9241844