/
openshift.sh
executable file
·3139 lines (2713 loc) · 111 KB
/
openshift.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
#!/bin/bash -x
# -*- mode: sh; sh-basic-offset: 2 -*-
# This script configures a single host with OpenShift components. It may
# be used either as a RHEL6 kickstart script, or the %post section may
# be extracted and run directly to install on top of an installed RHEL6
# image. When running the %post outside kickstart, a reboot is required
# afterward.
#
# If this script aborts due to an inability to install packages (the most
# common failure), it should be safe to re-run once you've resolved the
# problem (i.e. either manually fix configuration and run with
# INSTALL_METHOD=none, or unregister / remove all repos and start over).
# Once package installation completes and configuration begins, aborts
# are unlikely; but in the event that one occurs, re-running could
# introduce misconfigurations as configure steps do not all include
# enough intelligence to be repeatable.
#
# While this script serves as a good example script for installing a
# single host, it is not comprehensive nor robust enough to be considered
# a proper enterprise installer on its own. Production installations will
# typically require significant adaptations or an entirely different
# method of installation. Please adapt it to your needs.
# SPECIFYING PARAMETERS
#
# If you supply no parameters, all components are installed on one host
# with default configuration, which should give you a running demo,
# given properly configured repositories / subscriptions on the host.
#
# For a kickstart, you can supply further kernel parameters (in addition
# to the ks=location itself). e.g.
# virt-install ... -x "ks=http://.../openshift.ks domain=example.com"
#
# As a bash script, just add the parameters as bash variables at the top
# of the script (or export environment variables). Kickstart parameters
# are mapped to uppercase bash variables prepended with CONF_ so for
# example, "domain=example.com" as a kickstart parameter would be
# "CONF_DOMAIN=example.com" as a variable.
#
# Finally, if you are using the extracted openshift.sh version of this
# script, the parse_cmdline function enables specifying the parameters
# on the command line just like for the kickstart, e.g.:
# openshift.sh domain=example.com
#
# Available parameters are listed at length below the following notes.
# IMPORTANT NOTES - DEPENDENCIES
#
# Configuring sources for yum to install packages can be the hardest part
# of an installation. This script enables several methods to automatically
# configure the necessary repositories, which are described in parameters
# below. If you already configured repositories prior to running this
# script, you may leave the default method (which is to do nothing);
# otherwise you will need to modify the script or provide parameters to
# configure install sources.
#
# In order for the %post section to succeed, yum must have access to the
# latest RHEL 6 packages. The %post section does not share the method
# used in the base install (network, DVD, etc.). Either by modifying
# the base install, the %post script, or the script parameters, you must
# ensure that subscriptions or plain yum repos are available for RHEL.
#
# Similarly, the main OpenShift dependencies require OpenShift repos, and
# JBoss cartridges require packages from JBoss repos, so you must ensure
# these are configured for the %post script to run. Due to the complexity
# involved in this configuration, we recommend specifying parameters to
# use one of the script's install methods.
#
# DO NOT install with third-party (non-RHEL) repos enabled (e.g. EPEL).
# You may install different package versions than OpenShift expects and
# be in for a long troubleshooting session. Also avoid pre-installing
# third-party software like Puppet for the same reason.
# OTHER IMPORTANT NOTES
#
# If used as a kickstart, you will almost certainly want to change the
# root password or authorized keys (or both) specified in the kickstart,
# and/or set up another user/group with sudo access so that you can
# access the system after installation.
#
# If you install a broker, the rhc client is installed as well, for
# convenient local testing. Also, a test OpenShift user "demo" with
# password "changeme" is created for use by the default local file
# authentication option.
#
# If you want to use the broker from a client outside the installation,
# then of course that client must be using a DNS server that knows
# about (or is) the DNS server for the installation. Otherwise you will
# have DNS failures when creating the app and be unable to reach it in a
# browser.
#
# MANUAL TASKS
#
# This script attempts to automate as many tasks as it reasonably can.
# Because it deploys only a single host at a time, it has some limitations.
# In a multi-host setup, you may need to attend to the following
# concerns separately from this script:
#
# 1. Set up DNS entries for hosts
# Generally, all hosts in your deployment should have DNS entries.
# Node hosts strictly require DNS entries in order to alias CNAMEs.
# If you install named with this script, you can opt to define DNS
# entries for your hosts. By default, any other components the script
# installs on the same host with named receive DNS entries. Or, you
# can use CONF_NAMED_ENTRIES to specify (or skip) host DNS creation.
# Host DNS entries not created this way must be created separately.
# oo-register-dns on the broker may be useful for this.
#
# 2. Copy public rsync key to enable moving gears
# The broker rsync public key needs to be authorized on nodes. The
# install script puts a copy of the public key on the broker web
# server so that nodes can get it at install time, so this script
# can get it after the broker install finishes. If that fails for
# any reason, install it manually as follows:
# # wget -O- --no-check-certificate https://broker/rsync_id_rsa.pub >> /root/.ssh/authorized_keys
# Without this, each gear move will require typing root passwords
# for each of the node hosts involved.
#
# 3. Copy ssh host keys and httpd key/cert between the node hosts
# All node hosts should identify as the same host, so that when gears
# are moved between hosts, ssh and git don't give developers spurious
# warnings about the host keys changing. So, copy /etc/ssh/ssh_* from
# one node host to all the rest (or, if using the same image for all
# hosts, just keep the keys from the image). Similarly, https access
# to moved gears will prompt errors if the certificate is not
# identical across nodes, so copy /etc/pki/tls/private/localhost.key
# and /etc/pki/tls/certs/localhost.crt (which are re-created by the
# installation) to be the same across all nodes.
#
# 4. When multiple broker hosts are deployed, copy the auth keys between
# them so that they are the same (/etc/openshift/server_*.pem as
# specified in broker.conf) and so is the broker.conf:AUTH_SALT (which
# can be specified in this script with the CONF_BROKER_AUTH_SALT
# parameter). Failure to synchronize these will result in failures in
# scenarios where gears make requests to a broker while using
# credentials created by a different broker - auto-scaling, Jenkins
# builds, and recording deployments.
# PARAMETER DESCRIPTIONS
# install_components / CONF_INSTALL_COMPONENTS
# Comma-separated selections from the following:
# broker - installs the broker webapp and tools
# named - installs a BIND DNS server
# activemq - installs the messaging bus
# datastore - installs the MongoDB datastore
# node - installs node functionality
# Default: all.
# Only the specified components are installed and configured.
# e.g. install_components=broker,datastore only installs the broker
# and DB, and assumes you have use other hosts for messaging and DNS.
#
# Example kickstart parameter:
# install_components="node,broker,named,activemq,datastore"
# Example script variable:
# CONF_INSTALL_COMPONENTS="node,broker,named,activemq,datastore"
#CONF_INSTALL_COMPONENTS="node"
# no_jbossews / CONF_NO_JBOSSEWS
# no_jbosseap / CONF_NO_JBOSSEAP
# Deprecated; see CONF_CARTRIDGES. Setting to true has the same
# effect as negating the corresponding cartridge in the list.
# cartridges / CONF_CARTRIDGES
# Comma-separated selections from the following:
# all - all cartridges;
# standard - all cartridges except for JBossEWS or JBossEAP;
# cron - embedded cron support;
# diy - do-it-yourself cartridge;
# haproxy - haproxy support for scalable apps;
# jbossews - JBossEWS support;
# jobsseap - JBossEAP support;
# jboss - alias for jbossews and jbosseap;
# jenkins - Jenkins client and server for continuous integration;
# mysql - MySQL;
# nodejs - NodeJS;
# perl - mod_perl support;
# php - PHP support;
# postgresql - PostgreSQL support;
# postgres - alias for postgresql;
# python - Python support;
# ruby - Ruby Rack support running on Phusion Passenger.
#
# You may prepend a minus sign '-' to any one of the above to negate it.
# For example, all,-jbossews enables all cartridges except for jbossews.
#
# You may also specify a package name; any selection that is not in the above
# list will be assumed to be a package name and will be added to (or removed
# from) the list of packages to install, verbatim.
#
# Selections are read from left to right. For example, all,-jboss,jbossews
# enables all cartridges except for JBoss cartridges, except for JBossEWS (so
# JBossEWS _will_ be enabled but JBossEAP will _not_ be enabled). However,
# all,jbossews,-jboss would install all cartridges except for JBoss cartridges
# (so neither JBossEWS nor JBossEAP will be installed).
#
# If JBossEAP support is selected, this script will ensure that the required
# channels or repositories are enabled.
#
# Default: all
# install_method / CONF_INSTALL_METHOD
# Choose from the following ways to provide packages:
# none - install sources are already set up when the script executes (DEFAULT)
# yum - set up yum repos based on config
# rhel_repo / CONF_RHEL_REPO -- see below
# rhel_optional_repo / CONF_RHEL_OPTIONAL_REPO -- see below
# jboss_repo_base / CONF_JBOSS_REPO_BASE -- see below
# rhscl_repo_base / CONF_RHSCL_REPO_BASE -- see below
# ose_repo_base / CONF_OSE_REPO_BASE -- see below
# ose_extra_repo_base / CONF_OSE_EXTRA_REPO_BASE -- see below
# rhsm - use subscription-manager
# rhn_user / CONF_RHN_USER
# rhn_pass / CONF_RHN_PASS
# rhn_reg_opts / CONF_RHN_REG_OPTS - extra options to subscription-manager register,
# e.g. "--serverurl=https://sam.example.com"
# sm_reg_pool / CONF_SM_REG_POOL - pool ID for OpenShift subscription (required)
# Subscribe multiple with comma-separated list poolid1,poolid2,...
# rhn - use rhn-register
# rhn_user / CONF_RHN_USER
# rhn_pass / CONF_RHN_PASS
# rhn_reg_opts / CONF_RHN_REG_OPTS - extra options to rhnreg_ks,
# e.g. "--serverUrl=https://satellite.example.com"
# rhn_reg_actkey / CONF_RHN_REG_ACTKEY - optional activation key
# Default: none
#CONF_INSTALL_METHOD="yum"
# Hint: when running as a cmdline script, to enter your password invisibly:
# read -s CONF_RHN_PASS
# export CONF_RHN_PASS
# optional_repo / CONF_OPTIONAL_REPO
# Enable unsupported RHEL "optional" repo.
# Not usually needed, but may help with temporary dependency mismatches
# Default: no
#CONF_OPTIONAL_REPO=1
# actions / CONF_ACTIONS
# Default: do_all_actions
# Comma-separated list of bash functions to run. This
# setting is intended to allow configuration steps defined within this
# file to be run or re-run selectively. For a typical installation,
# this setting can be left at its default value.
#
# Some helpful actions:
# init_message,validate_preflight,parse_cartridges,configure_repos,
# install_rpms,configure_host,configure_openshift,
# configure_datastore_add_replicants,reboot_after
#
# For example, these are the actions to run on a primary MongoDB replicant:
#CONF_ACTIONS=do_all_actions,configure_datastore_add_replicants
# # # # # # # # # # # # yum-based install method # # # # # # # # # # # #
#
# Define plain old yum repositories for use internally to set up
# test systems; can also be used for offline installs. The assumed
# layout of the repositories is that of the CDN used with released
# products, which is:
#
# <base> = http(s)://server/.../x86_64 # top of x86_64 architecture tree
# <base>/jbeap/6/os - JBoss repos
# <base>/jbews/2/os
# <base>/optional/os - "optional" channel, not normally needed
# <base>/os - RHEL 6 itself
# <base>/ose-infra/2.0/os - Released OpenShift Enterprise repos
# <base>/ose-jbosseap/2.0/os
# <base>/ose-node/2.0/os
# <base>/ose-rhc/2.0/os
# <base>/rhscl/1/os/ - RH software collections
#
# To use this layout, simply set the CDN base URL below. Alternatively,
# set repository URLs individually if they are in different locations.
# RHEL, Optional, and JBoss yum repositories will be created if defined;
# otherwise they should already be configured for installation to succeed.
#
# The nightly OSE build repositories use a different layout from CDN.
# If the location of these is different from the CDN base and CONF_CDN_LAYOUT
# is not set, then this layout is defined:
# <ose_repo_base>/RHOSE-CLIENT-2.1/x86_64/os
# <ose_repo_base>/RHOSE-INFRA-2.1/x86_64/os
# <ose_repo_base>/RHOSE-JBOSSEAP-2.1/x86_64/os
# <ose_repo_base>/RHOSE-NODE-2.1/x86_64/os
# cdn_repo_base / CONF_CDN_REPO_BASE
# Default base URL for all repositories used for the "yum" install method (see above).
#CONF_CDN_REPO_BASE=https://.../6Server/x86_64
# ose_repo_base / CONF_OSE_REPO_BASE
# If defined, will define yum repos under the yum,rhsm,rhn install methods.
# The base URL for the OpenShift yum repositories - the part before RHOSE-*
# Note that if this is the same as CONF_CDN_REPO_BASE, then the
# CDN format will be used instead, e.g. x86_64/ose-node/1.2/os
#CONF_OSE_REPO_BASE="https://.../6Server/x86_64"
# rhel_repo / CONF_RHEL_REPO
# The URL for a RHEL 6 yum repository used with the "yum" install method.
# Should end in /6Server/x86_64/os/
# rhel_optional_repo / CONF_RHEL_OPTIONAL_REPO
# The URL for a RHEL 6 Optional yum repository used with the "yum" install method.
# (only used if CONF_OPTIONAL_REPO is true)
# Should end in /6Server/x86_64/optional/os/
# jboss_repo_base / CONF_JBOSS_REPO_BASE
# The base URL for the JBoss repositories used with the "yum"
# install method - the part before jbeap/jbews - ends in /6Server/x86_64
# rhscl_repo_base / CONF_RHSCL_REPO_BASE
# The base URL for the SCL repositories used with the "yum"
# install method - the part before rhscl - ends in /6Server/x86_64
# ose_extra_repo_base / CONF_OSE_EXTRA_REPO_BASE -- see below
# If defined, will define yum repos under the yum,rhsm,rhn install methods.
# These parallel the regular OSE channels/repos at the same priority and use
# the same (non-CDN) layout as ose_repo_base. These are intended to supply RPMs
# that augment or update the contents of the normal channels/repos.
# # # # # # # # # # # domains, DNS, hostnames, and IPs # # # # # # # # # # # # # # # # #
#
# domain / CONF_DOMAIN
# Default: example.com
# The network domain under which app DNS entries will be placed.
#CONF_DOMAIN="example.com"
# hosts_domain / CONF_HOSTS_DOMAIN
# Default: hosts.example.com
# If specified and host DNS is to be created, this domain will be created
# and used for creating host DNS records (app records will still go in the
# main domain).
#CONF_HOSTS_DOMAIN="hosts.example.com"
# broker_hostname / CONF_BROKER_HOSTNAME
# node_hostname / CONF_NODE_HOSTNAME
# named_hostname / CONF_NAMED_HOSTNAME
# activemq_hostname / CONF_ACTIVEMQ_HOSTNAME
# datastore_hostname / CONF_DATASTORE_HOSTNAME
# Default: the root plus the domain, e.g. broker.example.com - except
# named=ns1.example.com
# These supply the FQDN of the hosts containing these components. Used
# for configuring the host's name at install, and also for configuring
# the broker application to reach the services needed.
#
# IMPORTANT NOTE: if installing a nameserver, the script will create
# DNS entries for the hostnames of the other components being
# installed on this host as well. If you are using a nameserver set
# up separately, you are responsible for all necessary DNS entries.
#CONF_BROKER_HOSTNAME="broker.example.com"
#CONF_NODE_HOSTNAME="node.example.com"
#CONF_NAMED_HOSTNAME="ns1.example.com"
#CONF_ACTIVEMQ_HOSTNAME="activemq.example.com"
#CONF_DATASTORE_HOSTNAME="datastore.example.com"
# named_entries / CONF_NAMED_ENTRIES
# Default: create entries above only for components installed on BIND host.
# Comma separated, colon delimited hostname:ipaddress pairs
# Specify host DNS entries to be created instead of the defaults.
# You may also set to "none" to create no DNS entries for hosts.
#CONF_NAMED_ENTRIES="broker:192.168.0.1,node:192.168.0.2"
# named_ip_addr / CONF_NAMED_IP_ADDR
# Default: current IP if installing named, otherwise broker_ip_addr
# This is used by every host to configure its primary nameserver.
#CONF_NAMED_IP_ADDR=10.10.10.10
# bind_key / CONF_BIND_KEY
# Specify a key for updating BIND rather than generating one.
# Any base64-encoded value can be used, but ideally an HMAC-SHA256 key
# generated by dnssec-keygen should be used.
#CONF_BIND_KEY=""
# bind_keyalgorithm / CONF_BIND_KEYALGORITHM
# Specify a key algorithm to use when generating a bind key. Or if specifying
# a bind_key, this should be set to the algorithm which was used when the
# bind_key was generated.
#CONF_BIND_KEYALGORITHM="HMAC-SHA265"
# bind_keysize / CONF_BIND_KEYSIZE
# Specify a key size to use for generating a bind key. Or if specifying
# a bind_key, this should be set to the key size used when the bind_key was
# generated.
#CONF_BIND_KEYSIZE="256"
# bind_krb_keytab / CONF_BIND_KRB_KEYTAB
# When the nameserver is remote, Kerberos keytab together with principal
# can be used instead of the HMAC-MD5 key for updates.
#CONF_BIND_KRB_KEYTAB=""
# bind_krb_principal / CONF_BIND_KRB_PRINCIPAL
# When the nameserver is remote, this Kerberos principal together with
# Kerberos keytab can be used instead of the HMAC-MD5 key for updates.
#CONF_BIND_KRB_PRINCIPAL=""
# broker_ip_addr / CONF_BROKER_IP_ADDR
# Default: the current IP (at install)
# This is used for the node to record its broker. Also is the default
# for the nameserver IP if none is given.
#CONF_BROKER_IP_ADDR=10.10.10.10
# node_ip_addr / CONF_NODE_IP_ADDR
# Default: the current IP (at install)
# This is used for the node to give a public IP, if different from the
# one on its NIC.
#CONF_NODE_IP_ADDR=10.10.10.10
# keep_hostname / CONF_KEEP_HOSTNAME
# Default: false (not set)
# Enabling this option prevents the installation script from setting
# the hostname on the host, leaving it as found. Use this option if
# the hostname is already set as you like. The default behavior is
# to set the hostname, which makes it a little easier to recognize
# which host you are looking at when logging in as an administrator.
#CONF_KEEP_HOSTNAME=true
# keep_nameservers / CONF_KEEP_NAMESERVERS
# Default: false (not set)
# Enabling this option prevents the installation script from placing
# the OpenShift nameserver at the top of /etc/resolv.conf, which is
# the default (because rogue DNS is assumed). Set this to true if
# OpenShift app DNS is properly delegated/authoritative.
#CONF_KEEP_NAMESERVERS=true
# forward_dns / CONF_FORWARD_DNS
# Default: false (not set)
# This option determines whether the BIND server being installed will
# forward requests for which it is not authoritative to upstream DNS
# servers. This should not be necessary in most cases; with this
# disabled, BIND will refuse requests (status REFUSED) that it
# cannot answer directly, which should cause most clients to ask the
# next nameserver in their configuration.
#CONF_FORWARD_DNS=true
# # # # # # # # # # # miscellaneous other settings # # # # # # # # # # #
# Valid options are vhost and mod_rewrite. vhost is less performant but more
# extensible.
#CONF_NODE_APACHE_FRONTEND=mod_rewrite
# no_ntp / CONF_NO_NTP
# Default: false
# Enabling this option prevents the installation script from
# configuring NTP. It is important that the time be synchronized
# across hosts because MCollective messages have a TTL of 60 seconds
# and may be dropped if the clocks are too far out of synch. However,
# NTP is not necessary if the clock will be kept in synch by some
# other means.
#CONF_NO_NTP=true
# activemq_replicants / CONF_ACTIVEMQ_REPLICANTS
# Default: the value of activemq_hostname
# A comma-separated list of ActiveMQ broker replicants. If you are
# not installing in a configuration with ActiveMQ replication, you can
# leave this setting at its default value.
#CONF_ACTIVEMQ_REPLICANTS="activemq01.example.com,activemq02.example.com"
# Passwords used to secure various services. You are advised to specify
# only alphanumeric values in this script as others may cause syntax
# errors depending on context. If non-alphanumeric values are required,
# update them separately after installation.
#
# activemq_admin_password / CONF_ACTIVEMQ_ADMIN_PASSWORD
# Default: randomized
# This is the admin password for the ActiveMQ admin console, which is
# not needed by OpenShift but might be useful in troubleshooting.
#CONF_ACTIVEMQ_ADMIN_PASSWORD="ChangeMe"
# activemq_amq_user_password / CONF_ACTIVEMQ_AMQ_USER_PASSWORD
# Default: password
# This is the password for the ActiveMQ amq user, which is
# used by ActiveMQ broker replicants to communicate with one another.
# The amq user is enabled only if replicants are specified using
# the activemq_replicants setting.
#CONF_ACTIVEMQ_AMQ_USER_PASSWORD="ChangeMe"
# mcollective_user / CONF_MCOLLECTIVE_USER
# mcollective_password / CONF_MCOLLECTIVE_PASSWORD
# Default: mcollective/marionette
# This is the user and password shared between broker and node for
# communicating over the mcollective topic channels in ActiveMQ. Must
# be the same on all broker and node hosts.
#CONF_MCOLLECTIVE_USER="mcollective"
#CONF_MCOLLECTIVE_PASSWORD="mcollective"
# mongodb_name / CONF_MONGODB_NAME
# Default: openshift_broker
# This is the name of the database in MongoDB in which the broker will
# store data.
#CONF_MONGODB_NAME="openshift_broker"
# mongodb_broker_user / CONF_MONGODB_BROKER_USER
# mongodb_broker_password / CONF_MONGODB_BROKER_PASSWORD
# Default: openshift:mongopass
# These are the username and password of the normal user that will be
# created for the broker to connect to the MongoDB datastore. The
# broker application's MongoDB plugin is also configured with these
# values.
#CONF_MONGODB_BROKER_USER="openshift"
#CONF_MONGODB_BROKER_PASSWORD="mongopass"
# mongodb_admin_user / CONF_MONGODB_ADMIN_USER
# mongodb_admin_password / CONF_MONGODB_ADMIN_PASSWORD
# Default: admin:mongopass
# These are the username and password of the administrative user that
# will be created in the MongoDB datastore. These credentials are not
# used by in this script or by OpenShift, but an administrative user
# must be added to MongoDB in order for it to enforce authentication.
# Note: The administrative user will not be created if
# CONF_NO_DATASTORE_AUTH_FOR_LOCALHOST is enabled.
#CONF_MONGODB_ADMIN_USER="admin"
#CONF_MONGODB_ADMIN_PASSWORD="mongopass"
# datastore_replicants / CONF_DATASTORE_REPLICANTS
# Default: the value of datastore_hostname (no replication)
# A comma-separated list of MongoDB replicants to be used as a
# replica set. For each replicant, if you omit the port specification
# for that replicant, port :27017 will be appended.
#
# To install and configure a HA replica set, install at least three
# hosts with the datastore component, and when all are complete,
# all hostnames resolve and all databases are reachable,
# on one host execute the configure_datastore_add_replicants
# action to configure the replica set; e.g. (on the last host only):
#CONF_ACTIONS=do_all_actions,configure_datastore_add_replicants
# All hosts should be installed with all replicants specified:
#CONF_DATASTORE_REPLICANTS="datastore01.example.com:27017,datastore02.example.com:27017,datastore03.example.com:27017"
# mongodb_replset / CONF_MONGODB_REPLSET
# Default: ose
# In a replicated setup, this is the name of the replica set.
#CONF_MONGODB_REPLSET="ose"
# mongodb_key / CONF_MONGODB_KEY
# Default: OSEnterprise
# In a replicated setup, this is the key that slaves will use to
# authenticate with the master.
#CONF_MONGODB_KEY="OSEnterprise"
# openshift_user1 / CONF_OPENSHIFT_USER1
# openshift_password1 / CONF_OPENSHIFT_PASSWORD1
# Default: demo/changeme
# This user and password are entered in the /etc/openshift/htpasswd
# file as a demo/test user. You will likely want to remove it after
# installation (or just use a different auth method).
#CONF_OPENSHIFT_USER1="demo"
#CONF_OPENSHIFT_PASSWORD1="changeme"
# conf_broker_auth_salt / CONF_BROKER_AUTH_SALT
#CONF_BROKER_AUTH_SALT=""
# conf_broker_session_secret / CONF_BROKER_SESSION_SECRET
#CONF_BROKER_SESSION_SECRET=""
# conf_console_session_secret / CONF_CONSOLE_SESSION_SECRET
#CONF_CONSOLE_SESSION_SECRET=""
#conf_valid_gear_sizes / CONF_VALID_GEAR_SIZES (comma-separated list)
#CONF_VALID_GEAR_SIZES="small"
# The KrbServiceName value for mod_auth_kerb configuration
#CONF_BROKER_KRB_SERVICE_NAME=""
# The KrbAuthRealms value for mod_auth_kerb configuration
#CONF_BROKER_KRB_AUTH_REALMS=""
# The Krb5KeyTab value of mod_auth_kerb is not configurable -- the keytab
# is expected in /var/www/openshift/broker/httpd/conf.d/http.keytab
# idle_interval / CONF_IDLE_INTERVAL
# Default: do not idle gears on the node
# Specify the number of hours after which a gear should be idled if it
# has not been accessed. Creates an hourly cron job to check for
# inactive gears and idle them.
#CONF_IDLE_INTERVAL=240
# routing_plugin / CONF_ROUTING_PLUGIN
# routing_plugin_user / CONF_ROUTING_PLUGIN_USER
# routing_plugin_pass / CONF_ROUTING_PLUGIN_PASS
# Default: do not install the sample routing plugin
# When enabled, the routing plugin publishes routing events to a topic
# on the ActiveMQ instance(s) used by OpenShift Enterprise.
# For more info: http://red.ht/1eG9lHr
#CONF_ROUTING_PLUGIN=true
#CONF_ROUTING_PLUGIN_USER=routinginfo
#CONF_ROUTING_PLUGIN_PASS=routinginfopassword
# metapkgs / CONF_METAPKGS
# Default: recommended
# Specify which cartridge dependency metapackages should be installed
# Comma or space-separated options include:
# none - Install none of the cart dep metapackages
# recommended - Install only the recommended cart dep metapackages
# optional - Install the optional AND recommended cart dep metapackages
# CONF_METAPKGS=optional
########################################################################
########################################################################
# Synchronize the system clock to the NTP servers and then synchronize
# hardware clock with that.
synchronize_clock()
{
# Synchronize the system clock using NTP.
ntpdate clock.redhat.com
# Synchronize the hardware clock to the system clock.
hwclock --systohc
}
configure_repos()
{
echo "OpenShift: Begin configuring repos."
# Determine which channels we need and define corresponding predicate
# functions.
# Make need_${repo}_repo return false by default.
for repo in optional infra node jbosseap_cartridge client_tools jbosseap jbossews; do
eval "need_${repo}_repo() { false; }"
done
is_true "$CONF_OPTIONAL_REPO" && need_optional_repo() { :; }
if activemq || broker || datastore || named; then
# The ose-infrastructure channel has the activemq, broker, and mongodb
# packages. The ose-infrastructure and ose-node channels also include
# the yum-plugin-priorities package, which is needed for the installation
# script itself, so we require ose-infrastructure here even if we are
# only installing named.
need_infra_repo() { :; }
# The rhscl channel is needed for the ruby193 software collection.
need_rhscl_repo() { :; }
fi
# Bug 1054405 Currently oo-admin-yum-validator enables the client tools repo
# whenever the broker role is selected (even if the goal is only to install
# support infrastructure like activemq). Until that is fixed we must always
# install the client tools repo along with the infrastructure repo.
need_infra_repo && need_client_tools_repo() { :; }
if node; then
# The ose-node channel has node packages including all the cartridges.
need_node_repo() { :; }
# The jbosseap and jbossas cartridges require the jbossas packages
# in the jbappplatform channel.
is_false "${CONF_NO_JBOSSEAP}" \
&& need_jbosseap_cartridge_repo() { :; } \
&& need_jbosseap_repo() { :; }
# The jbossews cartridge requires the tomcat packages in the jb-ews channel.
is_false "${CONF_NO_JBOSSEWS}" && need_jbossews_repo() { :; }
# The rhscl channel is needed for several cartridge platforms.
need_rhscl_repo() { :; }
fi
# The configure_yum_repos, configure_rhn_channels, and
# configure_rhsm_channels functions will use the need_${repo}_repo
# predicate functions define above.
case "$CONF_INSTALL_METHOD" in
(yum)
configure_yum_repos
;;
(rhn)
configure_rhn_channels
;;
(rhsm)
configure_rhsm_channels
;;
esac
echo "OpenShift: Completed configuring repos."
}
configure_yum_repos()
{
configure_rhel_repo
for repo in optional jbosseap jbossews rhscl; do
eval "need_${repo}_repo && configure_${repo}_repo"
done
configure_ose_yum_repos
yum clean metadata
yum_install_or_exit openshift-enterprise-release
}
configure_ose_yum_repos()
{ # define plain yum repos if the parameters are given
# this can be useful even if the main subscription is via RHN
for repo in infra node jbosseap_cartridge client_tools; do
if [ "$ose_repo_base" != "" ]; then
layout=puddle; [ -n "$CONF_CDN_LAYOUT" ] && layout=cdn
eval "need_${repo}_repo && def_ose_yum_repo $ose_repo_base $layout $repo"
fi
if [ "$ose_extra_repo_base" != "" ]; then
eval "need_${repo}_repo && def_ose_yum_repo $ose_extra_repo_base extra $repo"
fi
done
}
configure_rhel_repo()
{
# In order for the %post section to succeed, it must have a way of
# installing from RHEL. The post section cannot access the method that
# was used in the base install. This configures a RHEL yum repo which
# you must supply.
if [ "${rhel_repo}x" != "x" ]; then
cat > /etc/yum.repos.d/rhel.repo <<YUM
[rhel6]
name=RHEL 6 base OS
baseurl=${rhel_repo}
enabled=1
gpgcheck=0
priority=20
sslverify=false
exclude=tomcat6*
YUM
fi
}
configure_optional_repo()
{
if [ "${rhel_optional_repo}x" != "x" ]; then
cat > /etc/yum.repos.d/rheloptional.repo <<YUM
[rhel6_optional]
name=RHEL 6 Optional
baseurl=${rhel_optional_repo}
enabled=1
gpgcheck=0
priority=20
sslverify=false
YUM
fi
}
def_ose_yum_repo()
{
repo_base=$1
layout=$2 # one of: puddle, extra, cdn
channel=$3 # one of: client_tools, infra, node, jbosseap_cartridge
declare -A map
case $layout in
puddle | extra)
map=([client_tools]=RHOSE-CLIENT-2.1 [infra]=RHOSE-INFRA-2.1 [node]=RHOSE-NODE-2.1 [jbosseap_cartridge]=RHOSE-JBOSSEAP-2.1)
url="$repo_base/${map[$channel]}/x86_64/os/"
;;
cdn | * )
map=([client_tools]=ose-rhc [infra]=ose-infra [node]=ose-node [jbosseap_cartridge]=ose-jbosseap)
url="$repo_base/${map[$channel]}/2.0/os"
;;
esac
cat > "/etc/yum.repos.d/openshift-${channel}-${layout}.repo" <<YUM
[openshift_${channel}_${layout}]
name=OpenShift $channel $layout
baseurl=$url
enabled=1
gpgcheck=0
priority=10
sslverify=false
YUM
}
configure_jbosseap_repo()
{
# The JBossEAP cartridge depends on Red Hat's JBoss packages.
if [ "x${jboss_repo_base}" != "x" ]; then
cat <<YUM > /etc/yum.repos.d/jbosseap.repo
[jbosseap]
name=jbosseap
baseurl=${jboss_repo_base}/jbeap/6/os
enabled=1
priority=30
gpgcheck=0
YUM
fi
}
configure_jbossews_repo()
{
# The JBossEWS cartridge depends on Red Hat's JBoss packages.
if [ "x${jboss_repo_base}" != "x" ]; then
cat <<YUM > /etc/yum.repos.d/jbossews.repo
[jbossews]
name=jbossews
baseurl=${jboss_repo_base}/jbews/2/os
enabled=1
priority=30
gpgcheck=0
YUM
fi
}
configure_rhscl_repo()
{
if [ "x${rhscl_repo_base}" != "x" ]; then
cat <<YUM > /etc/yum.repos.d/rhscl.repo
[rhscl]
name=rhscl
baseurl=${rhscl_repo_base}/rhscl/1/os/
enabled=1
priority=30
gpgcheck=0
YUM
fi
}
configure_subscription()
{
configure_ose_yum_repos # if requested
# install our tool to enable repo/channel configuration
yum_install_or_exit openshift-enterprise-yum-validator
roles="" # we will build the list of roles we need, then enable them.
need_infra_repo && roles="$roles --role broker"
need_client_tools_repo && roles="$roles --role client"
need_node_repo && roles="$roles --role node"
need_jbosseap_cartridge_repo && roles="$roles --role node-eap"
oo-admin-yum-validator -o 2.0 --fix-all $roles # when fixing, rc is always false
oo-admin-yum-validator -o 2.0 $roles || abort_install # so check when fixes are done
# Normally we could just install o-e-release and it would pull in yum-validator;
# however it turns out the ruby dependencies can sometimes be pulled in from the
# wrong channel before yum-validator does its work. So, install it afterward.
yum_install_or_exit openshift-enterprise-release
configure_ose_yum_repos # refresh if overwritten by validator
}
configure_rhn_channels()
{
if [ "x$CONF_RHN_REG_ACTKEY" != x ]; then
echo "OpenShift: Register to RHN Classic using an activation key"
eval "rhnreg_ks --force --activationkey=${CONF_RHN_REG_ACTKEY} --profilename='$profile_name' ${CONF_RHN_REG_OPTS}" || abort_install
elif [[ "${CONF_RHN_USER}" && "${CONF_RHN_PASS}" ]]
then
echo "OpenShift: Register to RHN Classic with username and password"
set +x # don't log password
echo "rhnreg_ks --force --profilename='$profile_name' --username '${CONF_RHN_USER}' ${CONF_RHN_REG_OPTS}"
eval "rhnreg_ks --force --profilename='$profile_name' --username '${CONF_RHN_USER}' --password '${CONF_RHN_PASS}' ${CONF_RHN_REG_OPTS}" || abort_install
set -x
else
echo "OpenShift: No credentials given for RHN Classic; assuming already configured"
fi
if [[ "${CONF_RHN_USER}" && "${CONF_RHN_PASS}" ]]
then
# Enable the node or infrastructure channel to enable installing the release RPM
repos=('rhel-x86_64-server-6-rhscl-1')
if ! need_node_repo || need_infra_repo ; then
repos+=('rhel-x86_64-server-6-ose-2.1-infrastructure')
fi
need_node_repo && repos+=('rhel-x86_64-server-6-ose-2.1-node' 'jb-ews-2-x86_64-server-6-rpm')
need_client_tools_repo && repos+=('rhel-x86_64-server-6-ose-2.1-rhc')
need_jbosseap_cartridge_repo && repos+=('rhel-x86_64-server-6-ose-2.1-jbosseap' 'jbappplatform-6-x86_64-server-6-rpm')
set +x # don't log password
for repo in "${repos[@]}"; do
[[ "$(rhn-channel -l)" == *"$repo"* ]] || rhn-channel --add --channel "$repo" --user "${CONF_RHN_USER}" --password "${CONF_RHN_PASS}" || abort_install
done
set -x
fi
configure_subscription
}
configure_rhsm_channels()
{
if [[ "${CONF_RHN_USER}" && "${CONF_RHN_PASS}" ]]
then
set +x # don't log password
echo "OpenShift: Register with RHSM"
echo "subscription-manager register --force --username='$CONF_RHN_USER' --name '$profile_name' ${CONF_RHN_REG_OPTS}"
eval "subscription-manager register --force --username='$CONF_RHN_USER' --password='$CONF_RHN_PASS' --name '$profile_name' ${CONF_RHN_REG_OPTS}" || abort_install
set -x
else
echo "OpenShift: No credentials given for RHSM; assuming already configured"
fi
if [[ "${CONF_SM_REG_POOL}" ]]
then
echo "OpenShift: Removing all current subscriptions"
subscription-manager remove --all
else
echo "OpenShift: No pool ids were given, so none are being registered"
fi
# If CONF_SM_REG_POOL was not specified, this for loop is a no-op.
for poolid in ${CONF_SM_REG_POOL//[, :+\/-]/ }; do
echo "OpenShift: Registering subscription from pool id $poolid"
subscription-manager attach --pool "$poolid" || abort_install
done
# Enable the node or infrastructure repo to enable installing the release RPM
if need_node_repo; then subscription-manager repos --enable=rhel-6-server-ose-2.1-node-rpms || abort_install
else subscription-manager repos --enable=rhel-6-server-ose-2.1-infra-rpms || abort_install
fi
configure_subscription
}
abort_install()
{
[[ "$@"x == x ]] || echo "$@"
# don't change this; could be used as an automation cue.
echo "OpenShift: Aborting Installation."
exit 1
}
yum_install_or_exit()
{
echo "OpenShift: yum install $*"
yum install -y $* $disable_plugin
if [ $? -ne 0 ]
then
echo "OpenShift: Command failed: yum install $*"
echo "OpenShift: Please ensure relevant repos/subscriptions are configured."
abort_install
fi
}
# Install the client tools.
install_rhc_pkg()
{
yum_install_or_exit rhc
}
# Set up the system express.conf so our broker will be used by default.
configure_rhc()
{
# set_conf expects there to be a new line
echo "" >> /etc/openshift/express.conf
# set up the system express.conf so this broker will be used by default
set_conf /etc/openshift/express.conf libra_server "'${broker_hostname}'"
}
# Install broker-specific packages.
install_broker_pkgs()
{
pkgs="openshift-origin-broker"
pkgs="$pkgs openshift-origin-broker-util"
pkgs="$pkgs rubygem-openshift-origin-msg-broker-mcollective"
pkgs="$pkgs ruby193-mcollective-client"
pkgs="$pkgs rubygem-openshift-origin-auth-remote-user"
pkgs="$pkgs rubygem-openshift-origin-dns-nsupdate"
pkgs="$pkgs openshift-origin-console"
pkgs="$pkgs rubygem-openshift-origin-admin-console"
is_true "$CONF_ROUTING_PLUGIN" && pkgs="$pkgs rubygem-openshift-origin-routing-activemq"
yum_install_or_exit $pkgs
}
# Install node-specific packages.
install_node_pkgs()
{
pkgs="rubygem-openshift-origin-node ruby193-rubygem-passenger-native"
pkgs="$pkgs openshift-origin-node-util"
pkgs="$pkgs ruby193-mcollective openshift-origin-msg-node-mcollective"
# We use semanage in this script, so we need to install
# policycoreutils-python.
pkgs="$pkgs policycoreutils-python"
pkgs="$pkgs rubygem-openshift-origin-container-selinux"
pkgs="$pkgs rubygem-openshift-origin-frontend-nodejs-websocket"
case "$node_apache_frontend" in
mod_rewrite)
pkgs="$pkgs rubygem-openshift-origin-frontend-apache-mod-rewrite"
;;
vhost)
pkgs="$pkgs rubygem-openshift-origin-frontend-apache-vhost"
;;
*)
echo "Invalid value: CONF_NODE_APACHE_FRONTEND=${node_apache_frontend}"
abort_install
;;
esac
yum_install_or_exit $pkgs
}