Red Hat SummitChapter 2. Installing and deploying AMQ Broker on OpenShift Container Platform
2.1. Installing AMQ Broker on OpenShift Container Platform image streams and application templates
The AMQ Broker on OpenShift Container Platform images are not available in the service catalog. You must manually install them by using the procedures in this section.
Procedure
Log in to OpenShift as a cluster administrator (or as a user that has project administrator access to the global
openshiftproject), for example:oc login -u system:admin
$ oc login -u system:adminCopy to Clipboard Copied! At the command line, run the following commands to update the AMQ Broker on OpenShift Container Platform image stream in the
openshiftproject:oc replace --force -f \ https://raw.githubusercontent.com/jboss-container-images/jboss-amq-7-broker-openshift-image/72-1.2.GA/amq-broker-7-image-streams.yaml oc replace --force -f \ https://raw.githubusercontent.com/jboss-container-images/jboss-amq-7-broker-openshift-image/72-1.2.GA/amq-broker-7-scaledown-controller-image-streams.yaml oc import-image amq-broker-72-openshift:1.2 oc import-image amq-broker-72-scaledown-controller-openshift:1.0
$ oc replace --force -f \ https://raw.githubusercontent.com/jboss-container-images/jboss-amq-7-broker-openshift-image/72-1.2.GA/amq-broker-7-image-streams.yaml $ oc replace --force -f \ https://raw.githubusercontent.com/jboss-container-images/jboss-amq-7-broker-openshift-image/72-1.2.GA/amq-broker-7-scaledown-controller-image-streams.yaml $ oc import-image amq-broker-72-openshift:1.2 $ oc import-image amq-broker-72-scaledown-controller-openshift:1.0Copy to Clipboard Copied! NoteAMQ Broker on OpenShift Container Platform leverages StatefulSets and Deployments resources for use with the
*-persistencetemplates. These are Kubernetes-native resources that can consume image streams only from a local namespace, not the sharedopenshiftnamespace. This is because the image streams must be created in the same namespace where the template will be instantiated. Also,-n openshiftis an optional parameter to use if you need to create a template in the shared namespace.Run the following command to update the AMQ Broker templates. Using the
--forceoption with theoc replacecommand creates or updates the resourcesfor template in amq-broker-72-basic.yaml \ amq-broker-72-ssl.yaml \ amq-broker-72-custom.yaml \ amq-broker-72-persistence.yaml \ amq-broker-72-persistence-ssl.yaml \ amq-broker-72-persistence-clustered.yaml \ amq-broker-72-persistence-clustered-ssl.yaml;
$ for template in amq-broker-72-basic.yaml \ amq-broker-72-ssl.yaml \ amq-broker-72-custom.yaml \ amq-broker-72-persistence.yaml \ amq-broker-72-persistence-ssl.yaml \ amq-broker-72-persistence-clustered.yaml \ amq-broker-72-persistence-clustered-ssl.yaml; do oc replace --force -f \ https://raw.githubusercontent.com/jboss-container-images/jboss-amq-7-broker-openshift-image/72-1.2.GA/templates/${template} doneCopy to Clipboard Copied!
2.2. Deploying AMQ Broker on OpenShift Container Platform image
The AMQ Broker on OpenShift Container Platform image requires a service account for deployments. Service accounts are API objects that exist within each project. Three service accounts are created automatically in every project:
-
builder: This service account is used by build pods. It contains thesystem:image-builderrole from which you can push images to any image stream in the project using the internal Docker registry. -
deployer: This service account is used by deployment pods. It contains thesystem:deployerrole from which you can view and modify replication controllers and pods in the project. -
default: This service account is used to run all other pods unless you specify a different service account.
Service accounts can be created or deleted like any other API object. For multiple-node deployments, the service account must have the view role enabled so the various pods in the cluster can be discovered and managed.
In addition, you must configure SSL to enable connections to AMQ Broker from outside of the OpenShift Container Platform instance. The type of discovery protocol that is used for discovering AMQ Broker mesh endpoints is JGroups with OpenShift.dns ping protocol.
Procedure
-
Add the
viewrole to the service account:
oc policy add-role-to-user view -z default
$ oc policy add-role-to-user view -z defaultAdditional resources
- For more information on how to configure SSL, see Configuring SSL.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}