There are a lot of moving parts in an OpenShift Broker service. There are the four back-end services to start with. Then there's the front end HTTP daemon and the Rails broker application. There's SELinux security and the Passenger Rails accelerator service. Each of these needs some kind of configuration which may need some tweaking. Each of them also has either a specific log file or some other output somewhere that can be used for status checks and diagnostics.
In this post I'm going to run down a list of these configurations and logs and the service components they relate to. Each of these gets some attention in the Build-Your-Own wiki instructions.
In this post I'm going to run down a list of these configurations and logs and the service components they relate to. Each of these gets some attention in the Build-Your-Own wiki instructions.
Configuration Directories
The OpenShift broker service (even if you set aside the back-end services) is an amalgam of components. Each of these may have some customization for for the final working environment. Each is also an opportunity for something to get broken or tweaked.
Without some understanding of the interactions between the components the set of configurations might seem unfathomable. Even with some understanding it can be complex, but it does not need to be overwhelming.
These are the places where configuration files are known to lurk.
| Directory | Purpose | Description |
|---|---|---|
/etc/openshift |
Master Location | Master configuration directory for all openshift related services |
/etc/openshift/plugins.d |
Broker Plugin Configuration | This is where plugin configuration files are placed. These files select the plugins for each back end service. They also contain customization (service location, authentication information etc). |
/var/www/openshift/broker |
Rails Application Root | This directory contains the Rails application which is the OpenShift Broker service. At the top level are the Gemfile and Gemfile.lock which control the application rubygems. |
/var/www/openshift/broker/config/environments |
Rails configuration | This directory contains the Rails application
"environments". Each file here corresponds to a possible run
mode for the OpenShift broker service. See also
/etc/openshift/development
|
/var/www/openshift/broker/config/httpd/conf.d |
Broker HTTPD | This directory contains the broker httpd configuration files. |
/etc/httpd/conf.d |
Front end HTTPD | This directory is the standard configuration location for the front-end Apache2 daemon. |
If you're poking around wondering what goes on behind the scenes and how it's controlled, these are the places to start.
Configuration Files
Each of the locations above can contain a number of different and only marginally related configuration files. The list below contains all of the files that appear to need special attention of some kind during service configuration. I don't try to mention every possible setting or switch here. I'm just trying to give you an idea of what you might find in each one. See the Build-Your-Own wiki page and the official OpenShift Enterprise service documentation for details.
This file defines a number of parameters for the service. This is the development configuration.
| File | Format | Description |
|---|---|---|
/etc/openshift/broker.conf |
Shell Key/Value | This file defines a number of parameters for the service. This is the production configuration. |
/etc/openshift/broker-dev.conf |
Shell Key/Value | |
/etc/openshift/development |
none | When this file exists the broker service will start in dev mode, using the broker-dev.conf and developement.rb files. |
/etc/openshift/server_priv.pem |
PEM/RSA | This key file is used to authenticate optional services. Generated by openssl |
/etc/openshift/server_pub.pem |
PEM/RSA | This key file is used to authenticate optional services Generated by openssl |
/etc/openshift/rsync_id_rsa.* |
SSH/RSA | This key file pair is used to authenticate when moving gears
from one node to another. Generated by ssh-keygen |
/etc/openshift/plugins.d/*.conf |
Shell Key/Value | These are magic files. The file name must match the name of a local rubygem and end with .conf.The gem is loaded and the configuration file is parsed and included by the plugin gem These plugins are loaded as part of the Rails start up process, as specified in the Gemfile |
/var/www/openshift/broker/Gemfile |
Rails/Bundler | This file defines the rubygem package requirements for the
broker application. It is used by the bundle command to generate the Gemfile.lock |
/var/www/openshift/broker/Gemfile.lock |
Rails/Bundler | This file defines the actual rubygem packages which fullfill the broker application requirements on this system. It is regenerated each time the openshift-broker service is restarted. |
/var/www/openshift/broker/httpd/conf.d/*.conf |
Apache | Pick one of the auth conf samples. This file controls the broker service user identification/authentication when the "remote user" plugin is selected. The "remote user" plugin delegates the authentication to the httpd service which can then use any auth module. Currently there are example config files for Basic auth, for LDAP and Kerberos. |
/etc/openshift/htpasswd |
Apache | If the broker httpd uses the Basic Auth module, this file contains the username/password pairs for the broker service. |
/var/www/openshift/broker/config/environments/production.rb |
Ruby/Rails | This file defines the production configuration values for the OpenShift broker service. Debugging stack traces are suppressed. |
/var/www/openshift/broker/config/environments/development.rb |
Ruby/Rails | This file defines the development configuration values for the OpenShift broker service. Debugging stack traces are returned in line. |
/etc/httpd/conf.d/000000_openshift_origin_broker_proxy.conf |
Apache2 | This file defines the proxy configurations for the Openshift broker and console services. It also sets the ServerName for the system as a whole |
/etc/mcollective/client.cfg |
YAML | This file defines the Mcollective client communications parameters. It connects to the underlying message service. It also can indicate where the client activity is logged and control the logging level. |
Broker Plugin Configuration Files
The files in
/etc/openshift/plugins.d are a bit magical. They are loaded when the Gemfile is processed as the Rails application starts. Each file in that directory that ends in .conf will be processed. The file name (minus the .conf extension must be the name of a locally installed rubygem. The named gem is loaded and the config file is then processed by the gem. You can't just create a new config file there and put config values in it. Well you can but it will cause your broker to fail.Log Files
If things aren't behaving as you think they should, or if you just want to get a sense of how things should look, these are places you can check.
| File | Source | Description |
|---|---|---|
/var/log/messages |
syslog | System wide log file |
/var/log/mcollective-client.log |
MCollective client | Mcollective log file. Location defined in client.cfg. Log level also defined. |
/var/log/httpd/access_log |
httpd | Front end proxy httpd |
/var/log/httpd/error_log |
httpd | Front end proxy httpd |
/var/log/httpd/ssl_access_log |
httpd | Front end proxy httpd |
/var/log/httpd/ssl_error_log |
httpd | Front end proxy httpd |
/var/log/secure |
syslog | System access |
/var/log/audit/audit.log |
syslog | SELinux activity |
/var/www/openshift/broker/log/development.log |
Rails | Logs from development mode |
/var/www/openshift/broker/log/production.log |
Rails | Logs from production mode |
/var/www/openshift/broker/httpd/logs/access_log |
Apache 2 | Broker access |
/var/www/openshift/broker/httpd/logs/error_log |
Apache 2 | Broker errors |
References
- Apache2 Authentication Configuration
- Apache mod-auth-ldap
- Apache mod-auth-kerb
- Apache htpasswd command
- Mcollective Client Configuration
- Ruby on Rails Configuration
- openssl rsa man page
- ssh-keygen man page
No comments:
Post a Comment