(This article is in progress and is not definitive until this WARNING exists)
Step 1: Get access to Red Hat OpenShift Platform
If you are a new user, you need to sign up for a RHN account. All the regular registration and you should see an email in your inbox.
(If you already have a RHN account, you can just sign in)
Step 2: Install the Client Tools for your platform
RPM based system such as RHEL or Fedora
$ sudo vi /etc/yum.repos.d/openshift.repo $ $ sudo yum install rhc ..... Installed: rhc.noarch 0:0.75.9-1.el6_1 Dependency Installed: compat-readline5.i686 0:5.2-17.fc12 ruby.i686 0:1.8.7.352-1.fc14 ruby-irb.noarch 0:1.8.7.352-1.fc14 ruby-libs.i686 0:1.8.7.352-1.fc14 ruby-rdoc.noarch 0:1.8.7.352-1.fc14 rubygem-json.i686 0:1.4.3-2.fc14 rubygem-parseconfig.noarch 0:0.5.2-3.fc14 rubygems.noarch 0:1.3.7-2.fc14 Complete!
openshift.repo
[openshift-express] name=Openshift-express baseurl=https://openshift.redhat.com/app/repo/rpms/$releasever/$basearch/ failovermethod=priority skip_if_unavailable=1 gpgkey=https://openshift.redhat.com/app/repo/RPM-GPG-KEY-redhat-beta ggpkey=https://openshift.redhat.com/app/repo/RPM-GPG-KEY-redhat-release enabled=1 gpgcheck=1
Non-rpm based systems (Windows,Ubuntu,Mac etc)https://www.redhat.com/openshift/kb/kb-e1000/installing-openshift-express-client-tools-on-non-rpm-based-systems
Step 3: Create a sub domain
A sub-domain will provide you a url such as mysubdomain . rhcloud . com
NOTE: Do not try to use a sub-domain that may be blacklisted. Subdomains such as hibernate, picketlink etc are unavailable.
$ rhc-create-domain -n anilsaldhana -l asaldhan Password: OpenShift Express key found at /home/anil/.ssh/libra_id_rsa. Reusing... Contacting https://openshift.redhat.com Creation successful You may now create an application. Please make note of your local config file in /home/anil/.openshift/express.conf which has been created and populated for you.
You may be asked to enter a password for the keypair OpenShift creates for you.
Step 4: Create an application space
In my example, I created an application space called "sso"
$ rhc-create-app -a sso -t jbossas-7.0 Password: Found a bug? Post to the forum and we'll get right on it. IRC: #openshift on freenode Forums: https://www.redhat.com/openshift/forums Attempting to create remote application space: sso Contacting https://openshift.redhat.com API version: 1.1.1 Broker version: 1.1.1 RESULT: Successfully created application: sso Checking ~/.ssh/config Contacting https://openshift.redhat.com Found rhcloud.com in ~/.ssh/config... No need to adjust Now your new domain name is being propagated worldwide (this might take a minute)... Pulling new repo down Warning: Permanently added 'sso-anilsaldhana.rhcloud.com,50.17.109.166' (RSA) to the list of known hosts. Enter passphrase for key '/home/anil/.ssh/libra_id_rsa': Confirming application sso is available Attempt # 1 Success! Your application is now published here: http://sso-anilsaldhana.rhcloud.com/ The remote repository is located here: ssh://e54f14ef73c4482693887a77ac48fd3a@sso-anilsaldhana.rhcloud.com/~/git/sso.git/ To make changes to your application, commit to sso/. Then run 'git push' to update your OpenShift Express space anil@localhost:~$
Now you should see a local directory called "sso" with a deployment directory and a README file.
Now is the time to sit (with a cup of coffee) and read the README file. Particularly the section on zipped war deployments or unzipped deployments with the .dodeploy suffix.
We have completed the OpenShift commitments. Now onto PicketLink.
Step 5: PicketLink Related Stuff
Latest instructions are available at: https://docs.jboss.org/author/display/PLINK/OpenShift+-+Installation+of+PicketLink+and+Quickstarts
In the deployments folder of your application space, you can unzip the picketlink as7 web apps.
Now I need to change the standalone.xml as follows:
Particularly, add the system properties section right after extensions. Then add the security domains.
</extensions> <system-properties> <property name="org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR" value="false"/> <property name="idp.url" value="http://idp-jbossdev.rhcloud.com/" /> <property name="sales.url" value="http://sso-anilsaldhana.rhcloud.com/sales/" /> <property name="sales-post.url" value="http://sso-anilsaldhana.rhcloud.com/sales-post/" /> <property name="employee.url" value="http://sso-anilsaldhana.rhcloud.com/employee/" /> <property name="employee-post.url" value="http://sso-anilsaldhana.rhcloud.com/employee-post/" /> </system-properties> <subsystem xmlns="urn:jboss:domain:security:1.0"> <security-domains> <security-domain name="other" cache-type="default"> <authentication> <login-module code="UsersRoles" flag="required"/> </authentication> </security-domain> <security-domain name="jmx-console" cache-type="default"> <authentication> <login-module code="UsersRoles" flag="required"> <module-option name="usersProperties" value="users.properties"/> <module-option name="rolesProperties" value="roles.properties"/> </login-module> </authentication> </security-domain> <security-domain name="idp" cache-type="default"> <authentication> <login-module code="UsersRoles" flag="required"> <module-option name="usersProperties" value="users.properties"/> <module-option name="rolesProperties" value="roles.properties"/> </login-module> </authentication> </security-domain> <security-domain name="sp" cache-type="default"> <authentication> <login-module code="org.picketlink.identity.federation.bindings.jboss.auth.SAML2LoginModule" flag="required"/> </authentication> </security-domain> </security-domains> </subsystem>
Step 6: Git commit and push
Since we are just using prebuilt war files, you can remove the src directory and pom.xml
anil@localhost:~/sso/deployments$ unzip ~/picketlink/picketlink/federation/trunk/picketlink-webapps/as7/assembly/target/picketlink-fed-webapps-as7-assembly-2.0.2-SNAPSHOT.zip Archive: /home/anil/picketlink/picketlink/federation/trunk/picketlink-webapps/as7/assembly/target/picketlink-fed-webapps-as7-assembly-2.0.2-SNAPSHOT.zip creating: picketlink/ inflating: picketlink/idp.war inflating: picketlink/sales.war inflating: picketlink/employee.war inflating: picketlink/sales-post.war inflating: picketlink/employee-post.war inflating: picketlink/sales-saml11.war inflating: picketlink/employee-saml11.war inflating: picketlink/picketlink-sts.war inflating: picketlink/pdp.war anil@localhost:~/sso/deployments$ ls picketlink anil@localhost:~/sso/deployments$ git add picketlink/ anil@localhost:~/sso/deployments$ git status # On branch master # Changes to be committed: # (use "git reset HEAD <file>..." to unstage) # # new file: picketlink/employee-post.war # new file: picketlink/employee-saml11.war # new file: picketlink/employee.war # new file: picketlink/idp.war # new file: picketlink/pdp.war # new file: picketlink/picketlink-sts.war # new file: picketlink/sales-post.war # new file: picketlink/sales-saml11.war # new file: picketlink/sales.war # # Changes not staged for commit: # (use "git add <file>..." to update what will be committed) # (use "git checkout -- <file>..." to discard changes in working directory) # # modified: ../.openshift/config/standalone.xml # anil@localhost:~/sso/deployments$ cd .. anil@localhost:~/sso$ vi .openshift/config/standalone.xml anil@localhost:~/sso$ git status # On branch master # Changes to be committed: # (use "git reset HEAD <file>..." to unstage) # # new file: deployments/picketlink/employee-post.war # new file: deployments/picketlink/employee-saml11.war # new file: deployments/picketlink/employee.war # new file: deployments/picketlink/idp.war # new file: deployments/picketlink/pdp.war # new file: deployments/picketlink/picketlink-sts.war # new file: deployments/picketlink/sales-post.war # new file: deployments/picketlink/sales-saml11.war # new file: deployments/picketlink/sales.war # # Changes not staged for commit: # (use "git add <file>..." to update what will be committed) # (use "git checkout -- <file>..." to discard changes in working directory) # # modified: .openshift/config/standalone.xml # anil@localhost:~/sso$ git commit -a -m "add picketlink jars" [master 75867c6] add picketlink jars 10 files changed, 11 insertions(+), 0 deletions(-) create mode 100644 deployments/picketlink/employee-post.war create mode 100644 deployments/picketlink/employee-saml11.war create mode 100644 deployments/picketlink/employee.war create mode 100644 deployments/picketlink/idp.war create mode 100644 deployments/picketlink/pdp.war create mode 100644 deployments/picketlink/picketlink-sts.war create mode 100644 deployments/picketlink/sales-post.war create mode 100644 deployments/picketlink/sales-saml11.war create mode 100644 deployments/picketlink/sales.war anil@localhost:~/sso$ vi README anil@localhost:~/sso$ git push Enter passphrase for key '/home/anil/.ssh/libra_id_rsa': Counting objects: 21, done. Delta compression using up to 2 threads. Compressing objects: 100% (15/15), done. Writing objects: 100% (16/16), 113.80 KiB, done. Total 16 (delta 6), reused 0 (delta 0) remote: Stopping application... remote: Done remote: Removing existing standalone.xml remote: Found pom.xml... attempting to build with 'mvn clean package -Popenshift -DskipTests' remote: Apache Maven 3.0.3 (r1075437; 2011-06-20 13:22:37-0400) remote: Maven home: /etc/alternatives/maven-3.0 remote: Java version: 1.6.0_20, vendor: Sun Microsystems Inc. remote: Java home: /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre remote: Default locale: en_US, platform encoding: UTF-8 remote: OS name: "linux", version: "2.6.32-131.12.1.el6.x86_64", arch: "amd64", family: "unix" remote: [INFO] Scanning for projects... remote: [INFO] remote: [INFO] ------------------------------------------------------------------------ remote: [INFO] Building sso 1.0 remote: [INFO] ------------------------------------------------------------------------ remote: [INFO] remote: [INFO] --- maven-clean-plugin:2.4.1:clean (default-clean) @ sso --- remote: [INFO] remote: [INFO] --- maven-resources-plugin:2.4.3:resources (default-resources) @ sso --- remote: [INFO] Using 'UTF-8' encoding to copy filtered resources. remote: [INFO] Copying 1 resource remote: [INFO] remote: [INFO] --- maven-compiler-plugin:2.3.2:compile (default-compile) @ sso --- remote: [INFO] Nothing to compile - all classes are up to date remote: [INFO] remote: [INFO] --- maven-resources-plugin:2.4.3:testResources (default-testResources) @ sso --- remote: [INFO] Using 'UTF-8' encoding to copy filtered resources. remote: [INFO] skip non existing resourceDirectory /var/lib/libra/e54f14ef73c4482693887a77ac48fd3a/sso/repo/src/test/resources remote: [INFO] remote: [INFO] --- maven-compiler-plugin:2.3.2:testCompile (default-testCompile) @ sso --- remote: [INFO] No sources to compile remote: [INFO] remote: [INFO] --- maven-surefire-plugin:2.7.2:test (default-test) @ sso --- remote: [INFO] Tests are skipped. remote: [INFO] remote: [INFO] --- maven-war-plugin:2.1.1:war (default-war) @ sso --- remote: [INFO] Packaging webapp remote: [INFO] Assembling webapp [sso] in [/var/lib/libra/e54f14ef73c4482693887a77ac48fd3a/sso/repo/target/sso] remote: [INFO] Processing war project remote: [INFO] Copying webapp resources [/var/lib/libra/e54f14ef73c4482693887a77ac48fd3a/sso/repo/src/main/webapp] remote: [INFO] Webapp assembled in [146 msecs] remote: [INFO] Building war: /var/lib/libra/e54f14ef73c4482693887a77ac48fd3a/sso/repo/deployments/ROOT.war remote: [INFO] WEB-INF/web.xml already added, skipping remote: [INFO] ------------------------------------------------------------------------ remote: [INFO] BUILD SUCCESS remote: [INFO] ------------------------------------------------------------------------ remote: [INFO] Total time: 3.327s remote: [INFO] Finished at: Fri Sep 30 15:09:58 EDT 2011 remote: [INFO] Final Memory: 6M/142M remote: [INFO] ------------------------------------------------------------------------ remote: ~/git/sso.git remote: Running .openshift/action_hooks/build remote: Starting application...Done To ssh://e54f14ef73c4482693887a77ac48fd3a@sso-anilsaldhana.rhcloud.com/~/git/sso.git/ f1ca42d..75867c6 master -> master anil@localhost:~/sso$ ls deployments pom.xml README src anil@localhost:~/sso$ rm -rf src/ pom.xml anil@localhost:~/sso$ git status # On branch master # Changes not staged for commit: # (use "git add/rm <file>..." to update what will be committed) # (use "git checkout -- <file>..." to discard changes in working directory) # # deleted: pom.xml # deleted: src/main/java/.gitkeep # deleted: src/main/resources/.gitkeep # deleted: src/main/webapp/WEB-INF/web.xml # deleted: src/main/webapp/health.jsp # deleted: src/main/webapp/images/jbosscorp_logo.png # deleted: src/main/webapp/index.html # deleted: src/main/webapp/modules.jsp # deleted: src/main/webapp/snoop.jsp # no changes added to commit (use "git add" and/or "git commit -a") anil@localhost:~/sso$ git push Enter passphrase for key '/home/anil/.ssh/libra_id_rsa': anil@localhost:~/sso$ git commit -a -m "remove src and pom" [master 0d4c3ce] remove src and pom 7 files changed, 0 insertions(+), 690 deletions(-) delete mode 100644 pom.xml delete mode 100644 src/main/java/.gitkeep delete mode 100644 src/main/resources/.gitkeep delete mode 100644 src/main/webapp/WEB-INF/web.xml delete mode 100644 src/main/webapp/health.jsp delete mode 100644 src/main/webapp/images/jbosscorp_logo.png delete mode 100644 src/main/webapp/index.html delete mode 100644 src/main/webapp/modules.jsp delete mode 100644 src/main/webapp/snoop.jsp anil@localhost:~/sso$ git push Enter passphrase for key '/home/anil/.ssh/libra_id_rsa': Counting objects: 3, done. Delta compression using up to 2 threads. Compressing objects: 100% (2/2), done. Writing objects: 100% (2/2), 228 bytes, done. Total 2 (delta 1), reused 0 (delta 0) remote: Stopping application... remote: Done remote: Removing existing standalone.xml remote: Running .openshift/action_hooks/build remote: Starting application...Done To ssh://e54f14ef73c4482693887a77ac48fd3a@sso-anilsaldhana.rhcloud.com/~/git/sso.git/ 75867c6..0d4c3ce master -> master anil@localhost:~/sso$ ls
There as an issue with a missing module. For that reason, I deleted the pdp.war
anil@localhost:~/sso/deployments/picketlink$ rm pdp.war anil@localhost:~/sso/deployments/picketlink$ git status # On branch master # Changes not staged for commit: # (use "git add/rm <file>..." to update what will be committed) # (use "git checkout -- <file>..." to discard changes in working directory) # # deleted: pdp.war # no changes added to commit (use "git add" and/or "git commit -a") anil@localhost:~/sso/deployments/picketlink$ git rm pdp.war rm 'deployments/picketlink/pdp.war' anil@localhost:~/sso/deployments/picketlink$ git status # On branch master # Changes to be committed: # (use "git reset HEAD <file>..." to unstage) # # deleted: pdp.war # anil@localhost:~/sso/deployments/picketlink$ git commit -a -m "remove pdp.war" [master bbd7adb] remove pdp.war 1 files changed, 0 insertions(+), 0 deletions(-) delete mode 100644 deployments/picketlink/pdp.war anil@localhost:~/sso/deployments/picketlink$ git push Enter passphrase for key '/home/anil/.ssh/libra_id_rsa': Counting objects: 7, done. Delta compression using up to 2 threads. Compressing objects: 100% (4/4), done. Writing objects: 100% (4/4), 375 bytes, done. Total 4 (delta 2), reused 0 (delta 0) remote: Stopping application... remote: Done remote: Removing existing standalone.xml remote: Running .openshift/action_hooks/build remote: Starting application...Done To ssh://e54f14ef73c4482693887a77ac48fd3a@sso-anilsaldhana.rhcloud.com/~/git/sso.git/ 076a5bb..bbd7adb master -> master
Step 7: Test the endpoints
Remember when it redirects to the IDP, the test user is "tomcat" and password is "tomcat".
My end points in different browser tabs are:
http://sso-anilsaldhana.rhcloud.com/sales/
http://sso-anilsaldhana.rhcloud.com/employee/
http://sso-anilsaldhana.rhcloud.com/sales-post/
http://sso-anilsaldhana.rhcloud.com/employee-post/
Other Useful Information
Delete an Application Space
Assume you created an application space called "sales" and you hate it. You can delete it as:
$ rhc-ctl-app -c destroy -a sales Password: Contacting https://openshift.redhat.com !!!! WARNING !!!! WARNING !!!! WARNING !!!! You are about to destroy the sales application. This is NOT reversible, all remote data for this application will be removed. Do you want to destroy this application (y/n): y Contacting https://openshift.redhat.com API version: 1.1.1 Broker version: 1.1.1 RESULT: Successfully destroyed application: sales
Can I configure standalone.xml on express?
It should be under .openshift/config of your application space.
~/sso/.openshift/config$ ls standalone.xml
How do I get access to the application log entries?
$ rhc-tail-files --opts '-n 1000' -a sso
That will give you 1000 lines of the application log entries.
Comments