主页
产品
OpenShift Container Platform
2
Deployment Guide
7.8.4. Configuring the Required Services

此内容没有您所选择的语言版本。

7.8.4. Configuring the Required Services

A number of services must be started for the broker Rails application when Host 1 is booted up. Start these services using:

chkconfig httpd on
chkconfig network on
chkconfig ntpd on
chkconfig sshd on

# chkconfig httpd on
# chkconfig network on
# chkconfig ntpd on
# chkconfig sshd on

Copy to Clipboard

Toggle word wrap

Configure the firewall to allow access to these services:

lokkit --nostart --service=ssh
lokkit --nostart --service=https
lokkit --nostart --service=http

# lokkit --nostart --service=ssh
# lokkit --nostart --service=https
# lokkit --nostart --service=http

Copy to Clipboard

Toggle word wrap

Set the appropriate ServerName in the Apache configuration on the broker:

sed -i -e "s/ServerName .*\$/ServerName `hostname`/" \
 /etc/httpd/conf.d/000002_openshift_origin_broker_servername.conf

# sed -i -e "s/ServerName .*\$/ServerName `hostname`/" \
 /etc/httpd/conf.d/000002_openshift_origin_broker_servername.conf

Copy to Clipboard

Toggle word wrap

Note

If you use the kickstart or bash script, the enable_services_on_broker function performs these steps.

Configuring Inter-Host Access Keys

Generate a broker access key, which is used by Jenkins and other optional services. The access key is configured with the /etc/openshift/broker.conf file. This includes the expected key file locations, which are configured in the lines shown in the sample screen output. The following AUTH_PRIV_KEY_FILE and AUTH_PUB_KEY_FILE settings show the default values, which can be changed as required. The AUTH_PRIV_KEY_PASS setting can also be configured, but it is not required.

AUTH_PRIV_KEY_FILE="/etc/openshift/server_priv.pem"
AUTH_PRIV_KEY_PASS=""
AUTH_PUB_KEY_FILE="/etc/openshift/server_pub.pem"

AUTH_PRIV_KEY_FILE="/etc/openshift/server_priv.pem"
AUTH_PRIV_KEY_PASS=""
AUTH_PUB_KEY_FILE="/etc/openshift/server_pub.pem"

Copy to Clipboard

Toggle word wrap

Note

The AUTH_PRIV_KEY_FILE, AUTH_PRIV_KEY_PASS and AUTH_PUB_KEY_FILE settings must specify the same private key on all associated brokers for the Jenkins authentication to work.

The following commands generate the broker access key and assume the default key file locations are used. If you changed the AUTH_PRIV_KEY_FILE or AUTH_PRIV_KEY_PASS settings, replace /etc/openshift/server_priv.pem or /etc/openshift/server_pub.pem in the following commands as necessary.

openssl genrsa -out /etc/openshift/server_priv.pem 2048
openssl rsa -in /etc/openshift/server_priv.pem -pubout > /etc/openshift/server_pub.pem
chown apache:apache /etc/openshift/server_pub.pem
chmod 640 /etc/openshift/server_pub.pem

# openssl genrsa -out /etc/openshift/server_priv.pem 2048# openssl genrsa -out /etc/openshift/server_priv.pem 2048# openssl genrsa -out /etc/openshift/server_priv.pem 2048
# openssl rsa -in /etc/openshift/server_priv.pem -pubout > /etc/openshift/server_pub.pem# openssl rsa -in /etc/openshift/server_priv.pem -pubout > /etc/openshift/server_pub.pem# openssl rsa -in /etc/openshift/server_priv.pem -pubout > /etc/openshift/server_pub.pem# openssl rsa -in /etc/openshift/server_priv.pem -pubout > /etc/openshift/server_pub.pem
# chown apache:apache /etc/openshift/server_pub.pem# chown apache:apache /etc/openshift/server_pub.pem
# chmod 640 /etc/openshift/server_pub.pem# chmod 640 /etc/openshift/server_pub.pem

Copy to Clipboard

Toggle word wrap

The AUTH_SALT setting in the /etc/openshift/broker.conf file must also be set. It must be secret and set to the same value across all brokers in a cluster, or scaling and Jenkins integration will not work. Create the random string using:

openssl rand -base64 64

# openssl rand -base64 64

Copy to Clipboard

Toggle word wrap

Important

If AUTH_SALT is changed after the broker is running, the broker service must be restarted:

service openshift-broker restart

# service openshift-broker restart

Copy to Clipboard

Toggle word wrap

Further, if any gears are present when the value is changed again, run the oo-admin-broker-auth tool to recreate the broker authentication keys. Run the following command to rekey authentication tokens for all applicable gears:

oo-admin-broker-auth --rekey-all

# oo-admin-broker-auth --rekey-all

Copy to Clipboard

Toggle word wrap

See the command's --help output and man page for additional options and more detailed use cases.

Configure the SESSION_SECRET setting in the /etc/openshift/broker.conf file to sign the Rails sessions. Ensure it is the same across all brokers in a cluster. Create the random string using:

openssl rand -hex 64

# openssl rand -hex 64

Copy to Clipboard

Toggle word wrap

Similar to AUTH_SALT, if the SESSION_SECRET setting is changed after the broker is running, the broker service must be restarted. Note that all sessions are dropped when the broker service is restarted.

Configure a suitable SSH key to share between the broker host and all node hosts to facilitate moving gears between nodes. Create the key and copy it to the appropriate directory with:

ssh-keygen -t rsa -b 2048 -f ~/.ssh/rsync_id_rsa
cp ~/.ssh/rsync_id_rsa* /etc/openshift/

# ssh-keygen -t rsa -b 2048 -f ~/.ssh/rsync_id_rsa
# cp ~/.ssh/rsync_id_rsa* /etc/openshift/

Copy to Clipboard

Toggle word wrap

As part of the node host configuration, copy this key to the appropriate directory on each node host. See Section 9.9, “Configuring SSH Keys on the Node Host” for more information.

Note

If you use the kickstart or bash script, the configure_access_keys_on_broker function performs these steps.

返回顶部

此内容没有您所选择的语言版本。

7.8.4. Configuring the Required Services

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links