Monday, December 3, 2012

OpenShift Broker Configuration and Log Files

There are a lot of moving parts in an OpenShift Broker service. There are the four back-end services to start with. Then there's the front end HTTP daemon and the Rails broker application. There's SELinux security and the Passenger Rails accelerator service. Each of these needs some kind of configuration which may need some tweaking. Each of them also has either a specific log file or some other output somewhere that can be used for status checks and diagnostics.

In this post I'm going to run down a list of these configurations and logs and the service components they relate to.  Each of these gets some attention in the Build-Your-Own wiki instructions.

Configuration Directories

The OpenShift broker service (even if you set aside the back-end services) is an amalgam of components.  Each of these may have some customization for for the final working environment.  Each is also an opportunity for something to get broken or tweaked.

Without some understanding of the interactions between the components the set of configurations might seem unfathomable.  Even with some understanding it can be complex, but it does not need to be overwhelming.

These are the places where configuration files are known to lurk.  

OpenShift Broker Configuration Directories
/etc/openshift Master Location Master configuration directory for all openshift related services
/etc/openshift/plugins.d Broker Plugin Configuration This is where plugin configuration files are placed. These files select the plugins for each back end service. They also contain customization (service location, authentication information etc).
/var/www/openshift/broker Rails Application Root This directory contains the Rails application which is the OpenShift Broker service. At the top level are the Gemfile and Gemfile.lock which control the application rubygems.
/var/www/openshift/broker/config/environments Rails configuration This directory contains the Rails application "environments". Each file here corresponds to a possible run mode for the OpenShift broker service. See also /etc/openshift/development
/var/www/openshift/broker/config/httpd/conf.d Broker HTTPD This directory contains the broker httpd configuration files.
/etc/httpd/conf.d Front end HTTPD This directory is the standard configuration location for the front-end Apache2 daemon.

If you're poking around wondering what goes on behind the scenes and how it's controlled, these are the places to start.

Configuration Files

Each of the locations above can contain a number of different and only marginally related configuration files. The list below contains all of the files that appear to need special attention of some kind during service configuration.  I don't try to mention every possible setting or switch here.  I'm just trying to give you an idea of what you might find in each one.  See the Build-Your-Own wiki page and the official OpenShift Enterprise service documentation for details.

This file defines a number of parameters for the service. This is the development configuration.

OpenShift Broker Configuration Files
/etc/openshift/broker.conf Shell Key/Value This file defines a number of parameters for the service. This is the production configuration.
/etc/openshift/broker-dev.conf Shell Key/Value
/etc/openshift/development none When this file exists the broker service will start in dev mode, using the broker-dev.conf and developement.rb files.
/etc/openshift/server_priv.pem PEM/RSA This key file is used to authenticate optional services.
Generated by openssl
/etc/openshift/server_pub.pem PEM/RSA This key file is used to authenticate optional services
Generated by openssl
/etc/openshift/rsync_id_rsa.* SSH/RSA This key file pair is used to authenticate when moving gears from one node to another.
Generated by ssh-keygen
/etc/openshift/plugins.d/*.conf Shell Key/Value These are magic files. The file name must match the name of a local rubygem and end with .conf.The gem is loaded and the configuration file is parsed and included by the plugin gem
These plugins are loaded as part of the Rails start up process, as specified in the Gemfile
/var/www/openshift/broker/Gemfile Rails/Bundler This file defines the rubygem package requirements for the broker application.
It is used by the bundle command to generate the Gemfile.lock
/var/www/openshift/broker/Gemfile.lock Rails/Bundler This file defines the actual rubygem packages which fullfill the broker application requirements on this system. It is regenerated each time the openshift-broker service is restarted.
/var/www/openshift/broker/httpd/conf.d/*.conf Apache Pick one of the auth conf samples.
This file controls the broker service user identification/authentication when the "remote user" plugin is selected. The "remote user" plugin delegates the authentication to the httpd service which can then use any auth module.
Currently there are example config files for Basic auth, for LDAP and Kerberos.
/etc/openshift/htpasswd Apache If the broker httpd uses the Basic Auth module, this file contains the username/password pairs for the broker service.
/var/www/openshift/broker/config/environments/production.rb Ruby/Rails This file defines the production configuration values for the OpenShift broker service. Debugging stack traces are suppressed.
/var/www/openshift/broker/config/environments/development.rb Ruby/Rails This file defines the development configuration values for the OpenShift broker service. Debugging stack traces are returned in line.
/etc/httpd/conf.d/000000_openshift_origin_broker_proxy.conf Apache2 This file defines the proxy configurations for the Openshift broker and console services. It also sets the ServerName for the system as a whole
/etc/mcollective/client.cfg YAML This file defines the Mcollective client communications parameters. It connects to the underlying message service.  It also can indicate where the client activity is logged and control the logging level.

Broker Plugin Configuration Files

The files in /etc/openshift/plugins.d are a bit magical.  They are loaded when the Gemfile is processed as the Rails application starts.  Each file in that directory that ends in .conf will be processed.  The file name (minus the .conf extension must be the name of a locally installed rubygem.  The named gem is loaded and the config  file is then processed by the gem.  You can't just create a new config file there and put config values in it.  Well you can but it will cause your broker to fail.

Log Files

If things aren't behaving as you think they should, or if you just want to get a sense of how things should look, these are places you can check.

OpenShift Log Files
/var/log/messages syslog System wide log file
/var/log/mcollective-client.log MCollective client Mcollective log file. Location defined in client.cfg. Log level also defined.
/var/log/httpd/access_log httpd Front end proxy httpd
/var/log/httpd/error_log httpd Front end proxy httpd
/var/log/httpd/ssl_access_log httpd Front end proxy httpd
/var/log/httpd/ssl_error_log httpd Front end proxy httpd
/var/log/secure syslog System access
/var/log/audit/audit.log syslog SELinux activity
/var/www/openshift/broker/log/development.log Rails Logs from development mode
/var/www/openshift/broker/log/production.log Rails Logs from production mode
/var/www/openshift/broker/httpd/logs/access_log Apache 2 Broker access
/var/www/openshift/broker/httpd/logs/error_log Apache 2 Broker errors

No comments:

Post a Comment