You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Now we must ensure we have a key for the broker to communicate with
BIND. We will use rndc-confgen that will generate configuration files
for rndc, the tool that we will use for communication.
rndc-confgen -a -r /dev/urandom
We must ensure that the ownership, permissions, and SELinux context are
appropiate.
Create a new /etc/named.conf with BIND configuration.
cat <<EOF > /etc/named.conf
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
// set forwarding to the next nearest server (from DHCP response
forward only;
include "forwarders.conf";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
// use the default rndc key
include "/etc/rndc.key";
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
include "/etc/named.rfc1912.zones";
include "${domain}.key";
zone "${domain}" IN {
type master;
file "dynamic/${domain}.db";
allow-update { key ${domain} ; } ;
};
EOF
Configure MongoDB, add the next lines to /etc/mongodb.conf
auth = true
smallfiles = true
Enable mongod start on reboot, start it immediately
chkconfig mongod on
service mongod start
Verify that it's working correctly
mongo
Setting up ActiveMQ
Install ActiveMQ package with yum
yum install activemq
ActiveMQ can be configured in /etc/activemq/activemq.xml
cat <<EOF > /etc/activemq/activemq.xml
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans
xmlns="http://www.springframework.org/schema/beans"
xmlns:amq="http://activemq.apache.org/schema/core"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
<!-- Allows us to use system properties as variables in this configuration file -->
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="locations">
<value>file:\${activemq.conf}/credentials.properties</value>
</property>
</bean>
<!--
The <broker> element is used to configure the ActiveMQ broker.
-->
<broker xmlns="http://activemq.apache.org/schema/core" brokerName="broker.example.com" dataDirectory="\${activemq.data}">
<!--
For better performances use VM cursor and small memory limit.
For more information, see:
http://activemq.apache.org/message-cursors.html
Also, if your producer is "hanging", it's probably due to producer flow control.
For more information, see:
http://activemq.apache.org/producer-flow-control.html
-->
<destinationPolicy>
<policyMap>
<policyEntries>
<policyEntry topic=">" producerFlowControl="true" memoryLimit="1mb">
<pendingSubscriberPolicy>
<vmCursor />
</pendingSubscriberPolicy>
</policyEntry>
<policyEntry queue=">" producerFlowControl="true" memoryLimit="1mb">
<!-- Use VM cursor for better latency
For more information, see:
http://activemq.apache.org/message-cursors.html
<pendingQueuePolicy>
<vmQueueCursor/>
</pendingQueuePolicy>
-->
</policyEntry>
</policyEntries>
</policyMap>
</destinationPolicy>
<!--
The managementContext is used to configure how ActiveMQ is exposed in
JMX. By default, ActiveMQ uses the MBean server that is started by
the JVM. For more information, see:
http://activemq.apache.org/jmx.html
-->
<managementContext>
<managementContext createConnector="false"/>
</managementContext>
<!--
Configure message persistence for the broker. The default persistence
mechanism is the KahaDB store (identified by the kahaDB tag).
For more information, see:
http://activemq.apache.org/persistence.html
-->
<persistenceAdapter>
<kahaDB directory="\${activemq.data}/kahadb"/>
</persistenceAdapter>
<!-- add users for mcollective -->
<plugins>
<statisticsBrokerPlugin/>
<simpleAuthenticationPlugin>
<users>
<authenticationUser username="mcollective" password="marionette" groups="mcollective,everyone"/>
<authenticationUser username="admin" password="secret" groups="mcollective,admin,everyone"/>
</users>
</simpleAuthenticationPlugin>
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" write="admins" read="admins" admin="admins" />
<authorizationEntry topic=">" write="admins" read="admins" admin="admins" />
<authorizationEntry topic="mcollective.>" write="mcollective" read="mcollective" admin="mcollective" />
<authorizationEntry queue="mcollective.>" write="mcollective" read="mcollective" admin="mcollective" />
<authorizationEntry topic="ActiveMQ.Advisory.>" read="everyone" write="everyone" admin="everyone"/>
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
<!--
The systemUsage controls the maximum amount of space the broker will
use before slowing down producers. For more information, see:
http://activemq.apache.org/producer-flow-control.html
If using ActiveMQ embedded - the following limits could safely be used:
<systemUsage>
<systemUsage>
<memoryUsage>
<memoryUsage limit="20 mb"/>
</memoryUsage>
<storeUsage>
<storeUsage limit="1 gb"/>
</storeUsage>
<tempUsage>
<tempUsage limit="100 mb"/>
</tempUsage>
</systemUsage>
</systemUsage>
-->
<systemUsage>
<systemUsage>
<memoryUsage>
<memoryUsage limit="64 mb"/>
</memoryUsage>
<storeUsage>
<storeUsage limit="100 gb"/>
</storeUsage>
<tempUsage>
<tempUsage limit="50 gb"/>
</tempUsage>
</systemUsage>
</systemUsage>
<!--
The transport connectors expose ActiveMQ over a given protocol to
clients and other brokers. For more information, see:
http://activemq.apache.org/configuring-transports.html
-->
<transportConnectors>
<transportConnector name="openwire" uri="tcp://0.0.0.0:61616"/>
<transportConnector name="stomp" uri="stomp://0.0.0.0:61613"/>
</transportConnectors>
</broker>
<!--
Enable web consoles, REST and Ajax APIs and demos
Take a look at \${ACTIVEMQ_HOME}/conf/jetty.xml for more details
-->
<import resource="jetty.xml"/>
</beans>
<!-- END SNIPPET: example -->
EOF
Open Firewall rules and enable activemq on restart.
lokkit --port=61613:tcp
chkconfig activemq on
And now you can start ActiveMQ service
service activemq start
Configure ActiveMQ console web service to allow only local requests in /etc/activemq/jetty.xml
sed -i -e '/name="authenticate"/s/false/true/' /etc/activemq/jetty.xml
sed -i -e '/name="port"/a<property name="host" value="127.0.0.1" />' /etc/activemq/jetty.xml
Edit /etc/activemq/jetty-realm.properties to setup the password for admin user
sed -i -e '/admin:/s/admin,/badpassword,/' /etc/activemq/jetty-realm.properties
Edit the /etc/resolv.conf to set OpenShift DNS as DNS server
nameserver 10.0.0.1
Enabling Broker Access to node
Add broker ssh public key (saved in broker host in /root/.ssh/rsync_id_rsa.pub) to .ssh/authorized_keys in node, this is to allow to the broker access to node (in order to be able to move gears between nodes)
Setting up DHCP
Modify /etc/dhcp/dhclient-eth0.conf to setup DNS and hostname info
Install some cartridges, you can get a list of cartridges on Github repository. You can install all cartridges for Node also
yum install openshift-origin-cartridge-*
openshift-origin-cartridge-cron-1.4 cartridge installation is mandatory since it includes script required for updating the configuration for communication between nodes and brokers.
Setting up Required Services
Set proper firewall rules and enable services on reboot
lokkit --service=https
lokkit --service=http
chkconfig httpd on
chkconfig network on
Configuring cgroups
Configure cgroups by running the following commands:
cp -f /usr/share/doc/*/cgconfig.conf /etc/cgconfig.conf
restorecon -v /etc/cgconfig.conf
mkdir /cgroup
restorecon -v /cgroup
chkconfig cgconfig on
chkconfig cgred on
chkconfig openshift-cgroups on
service cgconfig restart
service cgred restart
service openshift-cgroups start
Configuring Disk Quotas
Disk quotas can be set in /etc/openshift/resource_limits.conf and should be enforced at fs level
Enforcement is done adding usrquota option to the partition containing /var/lib/openshift in /etc/fstab.
After of modify /etc/fstab remount the mount point edited. For example
mount -o remount /
Generate user quota info for the mount point
quotacheck -cmug /
Configuring SELinux
Configure SELinux policy for the node and fix SELinux contexts setting some booleans
Facter generates metadata files for MCollective and is normally run by cron. Run facter now to make the initial database and ensure that it runs properly