CheatSheet for PicketLink on Red Hat OpenShift

(This article is in progress and is not definitive until this WARNING exists)

 

Step 1:  Get access to Red Hat OpenShift Platform

If you are a new user, you need to sign up for a RHN account.  All the regular registration and you should see an email in your inbox.

(If you already have a RHN account, you can just sign in)

Step 2:  Install the Client Tools for your platform

RPM based system such as RHEL or Fedora

 

 

$ sudo vi /etc/yum.repos.d/openshift.repo
$ $ sudo yum install rhc

.....
Installed:
  rhc.noarch 0:0.75.9-1.el6_1                                                                                            

Dependency Installed:
  compat-readline5.i686 0:5.2-17.fc12         ruby.i686 0:1.8.7.352-1.fc14          ruby-irb.noarch 0:1.8.7.352-1.fc14  
  ruby-libs.i686 0:1.8.7.352-1.fc14           ruby-rdoc.noarch 0:1.8.7.352-1.fc14   rubygem-json.i686 0:1.4.3-2.fc14    
  rubygem-parseconfig.noarch 0:0.5.2-3.fc14   rubygems.noarch 0:1.3.7-2.fc14       

Complete!

 

openshift.repo

[openshift-express]
name=Openshift-express
baseurl=https://openshift.redhat.com/app/repo/rpms/$releasever/$basearch/
failovermethod=priority
skip_if_unavailable=1
gpgkey=https://openshift.redhat.com/app/repo/RPM-GPG-KEY-redhat-beta
ggpkey=https://openshift.redhat.com/app/repo/RPM-GPG-KEY-redhat-release
enabled=1
gpgcheck=1

 

Non-rpm based systems (Windows,Ubuntu,Mac etc)

https://www.redhat.com/openshift/kb/kb-e1000/installing-openshift-express-client-tools-on-non-rpm-based-systems

 

Step 3:  Create a sub domain 

A sub-domain will provide you a url   such as    mysubdomain .  rhcloud  . com

 

NOTE:  Do not try to use a sub-domain that may be blacklisted.  Subdomains such as hibernate, picketlink etc are unavailable.

 

$ rhc-create-domain -n anilsaldhana -l asaldhan
Password:  
OpenShift Express key found at /home/anil/.ssh/libra_id_rsa.  Reusing...
Contacting https://openshift.redhat.com
Creation successful

You may now create an application.  Please make note of your local config file
in /home/anil/.openshift/express.conf which has been created and populated for you.

You may be asked to enter a password for the keypair OpenShift creates for you.

 

Step 4:  Create an application space

 

In my example, I created an application space called "sso"

 

$ rhc-create-app -a sso -t jbossas-7.0
Password:  

Found a bug? Post to the forum and we'll get right on it.
    IRC: #openshift on freenode
    Forums: https://www.redhat.com/openshift/forums

Attempting to create remote application space: sso
Contacting https://openshift.redhat.com
API version:    1.1.1
Broker version: 1.1.1

RESULT:
Successfully created application: sso

Checking ~/.ssh/config
Contacting https://openshift.redhat.com
Found rhcloud.com in ~/.ssh/config... No need to adjust
Now your new domain name is being propagated worldwide (this might take a minute)...
Pulling new repo down
Warning: Permanently added 'sso-anilsaldhana.rhcloud.com,50.17.109.166' (RSA) to the list of known hosts.
Enter passphrase for key '/home/anil/.ssh/libra_id_rsa': 
Confirming application sso is available
  Attempt # 1

Success!  Your application is now published here:

      http://sso-anilsaldhana.rhcloud.com/

The remote repository is located here:

    ssh://e54f14ef73c4482693887a77ac48fd3a@sso-anilsaldhana.rhcloud.com/~/git/sso.git/

To make changes to your application, commit to sso/.
Then run 'git push' to update your OpenShift Express space

anil@localhost:~$ 

 

 

Now you should see a local directory called "sso" with a deployment directory and a README file.

Now is the time to sit (with a cup of coffee) and read the README file.  Particularly the section on zipped war deployments or unzipped deployments with the .dodeploy suffix.

 

 

We have completed the OpenShift commitments.  Now onto PicketLink.

Step 5:  PicketLink Related Stuff

 

In the deployments folder of your application space,  you can unzip the picketlink as7 web apps.

 

Now I need to change the standalone.xml as follows:

 

Particularly, add the system properties section right after extensions.  Then add the security domains.

 

 

 </extensions>

 <system-properties>
     <property name="org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR" value="false"/>
     <property name="idp.url" value="http://idp-jbossdev.rhcloud.com/" />
     <property name="sales.url" value="http://sso-anilsaldhana.rhcloud.com/sales/" />
     <property name="sales-post.url" value="http://sso-anilsaldhana.rhcloud.com/sales-post/" />
     <property name="employee.url" value="http://sso-anilsaldhana.rhcloud.com/employee/" />
     <property name="employee-post.url" value="http://sso-anilsaldhana.rhcloud.com/employee-post/" />

    </system-properties>

   
<subsystem xmlns="urn:jboss:domain:security:1.0">
            <security-domains>
                <security-domain name="other" cache-type="default">
                    <authentication>
                        <login-module code="UsersRoles" flag="required"/>
                    </authentication>
                </security-domain>
                <security-domain name="jmx-console" cache-type="default">
                    <authentication>
                        <login-module code="UsersRoles" flag="required">
                            <module-option name="usersProperties" value="users.properties"/>
                            <module-option name="rolesProperties" value="roles.properties"/>
                        </login-module>
                    </authentication>
                </security-domain>
                <security-domain name="idp" cache-type="default">
                    <authentication>
                        <login-module code="UsersRoles" flag="required">
                            <module-option name="usersProperties" value="users.properties"/>
                            <module-option name="rolesProperties" value="roles.properties"/>
                        </login-module>
                    </authentication>
                </security-domain>
                <security-domain name="sp" cache-type="default">
                    <authentication>
                        <login-module code="org.picketlink.identity.federation.bindings.jboss.auth.SAML2LoginModule" flag="required"/>
                    </authentication>
                </security-domain>
            </security-domains>
        </subsystem>

 

Step 6:  Git commit and push

 

Since we are just using prebuilt war files,  you can remove the src directory and pom.xml

 

anil@localhost:~/sso/deployments$ unzip ~/picketlink/picketlink/federation/trunk/picketlink-webapps/as7/assembly/target/picketlink-fed-webapps-as7-assembly-2.0.2-SNAPSHOT.zip 
Archive:  /home/anil/picketlink/picketlink/federation/trunk/picketlink-webapps/as7/assembly/target/picketlink-fed-webapps-as7-assembly-2.0.2-SNAPSHOT.zip
   creating: picketlink/
  inflating: picketlink/idp.war      
  inflating: picketlink/sales.war    
  inflating: picketlink/employee.war  
  inflating: picketlink/sales-post.war  
  inflating: picketlink/employee-post.war  
  inflating: picketlink/sales-saml11.war  
  inflating: picketlink/employee-saml11.war  
  inflating: picketlink/picketlink-sts.war  
  inflating: picketlink/pdp.war      
anil@localhost:~/sso/deployments$ ls
picketlink
anil@localhost:~/sso/deployments$ git add picketlink/
anil@localhost:~/sso/deployments$ git status
# On branch master
# Changes to be committed:
#   (use "git reset HEAD <file>..." to unstage)
#
#       new file:   picketlink/employee-post.war
#       new file:   picketlink/employee-saml11.war
#       new file:   picketlink/employee.war
#       new file:   picketlink/idp.war
#       new file:   picketlink/pdp.war
#       new file:   picketlink/picketlink-sts.war
#       new file:   picketlink/sales-post.war
#       new file:   picketlink/sales-saml11.war
#       new file:   picketlink/sales.war
#
# Changes not staged for commit:
#   (use "git add <file>..." to update what will be committed)
#   (use "git checkout -- <file>..." to discard changes in working directory)
#
#       modified:   ../.openshift/config/standalone.xml
#
anil@localhost:~/sso/deployments$ cd ..
anil@localhost:~/sso$ vi .openshift/config/standalone.xml 
anil@localhost:~/sso$ git status
# On branch master
# Changes to be committed:
#   (use "git reset HEAD <file>..." to unstage)
#
#       new file:   deployments/picketlink/employee-post.war
#       new file:   deployments/picketlink/employee-saml11.war
#       new file:   deployments/picketlink/employee.war
#       new file:   deployments/picketlink/idp.war
#       new file:   deployments/picketlink/pdp.war
#       new file:   deployments/picketlink/picketlink-sts.war
#       new file:   deployments/picketlink/sales-post.war
#       new file:   deployments/picketlink/sales-saml11.war
#       new file:   deployments/picketlink/sales.war
#
# Changes not staged for commit:
#   (use "git add <file>..." to update what will be committed)
#   (use "git checkout -- <file>..." to discard changes in working directory)
#
#       modified:   .openshift/config/standalone.xml
#
anil@localhost:~/sso$ git commit -a -m "add picketlink jars"
[master 75867c6] add picketlink jars
 10 files changed, 11 insertions(+), 0 deletions(-)
 create mode 100644 deployments/picketlink/employee-post.war
 create mode 100644 deployments/picketlink/employee-saml11.war
 create mode 100644 deployments/picketlink/employee.war
 create mode 100644 deployments/picketlink/idp.war
 create mode 100644 deployments/picketlink/pdp.war
 create mode 100644 deployments/picketlink/picketlink-sts.war
 create mode 100644 deployments/picketlink/sales-post.war
 create mode 100644 deployments/picketlink/sales-saml11.war
 create mode 100644 deployments/picketlink/sales.war
anil@localhost:~/sso$ vi README 
anil@localhost:~/sso$ git push
Enter passphrase for key '/home/anil/.ssh/libra_id_rsa': 
Counting objects: 21, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (15/15), done.
Writing objects: 100% (16/16), 113.80 KiB, done.
Total 16 (delta 6), reused 0 (delta 0)
remote: Stopping application...
remote: Done
remote: Removing existing standalone.xml
remote: Found pom.xml... attempting to build with 'mvn clean package -Popenshift -DskipTests'
remote: Apache Maven 3.0.3 (r1075437; 2011-06-20 13:22:37-0400)
remote: Maven home: /etc/alternatives/maven-3.0
remote: Java version: 1.6.0_20, vendor: Sun Microsystems Inc.
remote: Java home: /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre
remote: Default locale: en_US, platform encoding: UTF-8
remote: OS name: "linux", version: "2.6.32-131.12.1.el6.x86_64", arch: "amd64", family: "unix"
remote: [INFO] Scanning for projects...
remote: [INFO]                                                                         
remote: [INFO] ------------------------------------------------------------------------
remote: [INFO] Building sso 1.0
remote: [INFO] ------------------------------------------------------------------------
remote: [INFO] 
remote: [INFO] --- maven-clean-plugin:2.4.1:clean (default-clean) @ sso ---
remote: [INFO] 
remote: [INFO] --- maven-resources-plugin:2.4.3:resources (default-resources) @ sso ---
remote: [INFO] Using 'UTF-8' encoding to copy filtered resources.
remote: [INFO] Copying 1 resource
remote: [INFO] 
remote: [INFO] --- maven-compiler-plugin:2.3.2:compile (default-compile) @ sso ---
remote: [INFO] Nothing to compile - all classes are up to date
remote: [INFO] 
remote: [INFO] --- maven-resources-plugin:2.4.3:testResources (default-testResources) @ sso ---
remote: [INFO] Using 'UTF-8' encoding to copy filtered resources.
remote: [INFO] skip non existing resourceDirectory /var/lib/libra/e54f14ef73c4482693887a77ac48fd3a/sso/repo/src/test/resources
remote: [INFO] 
remote: [INFO] --- maven-compiler-plugin:2.3.2:testCompile (default-testCompile) @ sso ---
remote: [INFO] No sources to compile
remote: [INFO] 
remote: [INFO] --- maven-surefire-plugin:2.7.2:test (default-test) @ sso ---
remote: [INFO] Tests are skipped.
remote: [INFO] 
remote: [INFO] --- maven-war-plugin:2.1.1:war (default-war) @ sso ---
remote: [INFO] Packaging webapp
remote: [INFO] Assembling webapp [sso] in [/var/lib/libra/e54f14ef73c4482693887a77ac48fd3a/sso/repo/target/sso]
remote: [INFO] Processing war project
remote: [INFO] Copying webapp resources [/var/lib/libra/e54f14ef73c4482693887a77ac48fd3a/sso/repo/src/main/webapp]
remote: [INFO] Webapp assembled in [146 msecs]
remote: [INFO] Building war: /var/lib/libra/e54f14ef73c4482693887a77ac48fd3a/sso/repo/deployments/ROOT.war
remote: [INFO] WEB-INF/web.xml already added, skipping
remote: [INFO] ------------------------------------------------------------------------
remote: [INFO] BUILD SUCCESS
remote: [INFO] ------------------------------------------------------------------------
remote: [INFO] Total time: 3.327s
remote: [INFO] Finished at: Fri Sep 30 15:09:58 EDT 2011
remote: [INFO] Final Memory: 6M/142M
remote: [INFO] ------------------------------------------------------------------------
remote: ~/git/sso.git
remote: Running .openshift/action_hooks/build
remote: Starting application...Done
To ssh://e54f14ef73c4482693887a77ac48fd3a@sso-anilsaldhana.rhcloud.com/~/git/sso.git/
   f1ca42d..75867c6  master -> master
anil@localhost:~/sso$ ls
deployments  pom.xml  README  src
anil@localhost:~/sso$ rm -rf src/ pom.xml 
anil@localhost:~/sso$ git status
# On branch master
# Changes not staged for commit:
#   (use "git add/rm <file>..." to update what will be committed)
#   (use "git checkout -- <file>..." to discard changes in working directory)
#
#       deleted:    pom.xml
#       deleted:    src/main/java/.gitkeep
#       deleted:    src/main/resources/.gitkeep
#       deleted:    src/main/webapp/WEB-INF/web.xml
#       deleted:    src/main/webapp/health.jsp
#       deleted:    src/main/webapp/images/jbosscorp_logo.png
#       deleted:    src/main/webapp/index.html
#       deleted:    src/main/webapp/modules.jsp
#       deleted:    src/main/webapp/snoop.jsp
#
no changes added to commit (use "git add" and/or "git commit -a") 

anil@localhost:~/sso$ git push
Enter passphrase for key '/home/anil/.ssh/libra_id_rsa': 

anil@localhost:~/sso$ git commit -a -m "remove src and pom"
[master 0d4c3ce] remove src and pom
 7 files changed, 0 insertions(+), 690 deletions(-)
 delete mode 100644 pom.xml
 delete mode 100644 src/main/java/.gitkeep
 delete mode 100644 src/main/resources/.gitkeep
 delete mode 100644 src/main/webapp/WEB-INF/web.xml
 delete mode 100644 src/main/webapp/health.jsp
 delete mode 100644 src/main/webapp/images/jbosscorp_logo.png
 delete mode 100644 src/main/webapp/index.html
 delete mode 100644 src/main/webapp/modules.jsp
 delete mode 100644 src/main/webapp/snoop.jsp
anil@localhost:~/sso$ git push
Enter passphrase for key '/home/anil/.ssh/libra_id_rsa': 
Counting objects: 3, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (2/2), 228 bytes, done.
Total 2 (delta 1), reused 0 (delta 0)
remote: Stopping application...
remote: Done
remote: Removing existing standalone.xml
remote: Running .openshift/action_hooks/build
remote: Starting application...Done
To ssh://e54f14ef73c4482693887a77ac48fd3a@sso-anilsaldhana.rhcloud.com/~/git/sso.git/
   75867c6..0d4c3ce  master -> master
anil@localhost:~/sso$ ls

Other Useful Information

Delete an Application Space

 

Assume you created an application space called "sales" and you hate it.  You can delete it as:

 

$  rhc-ctl-app -c destroy -a sales
Password: 

Contacting https://openshift.redhat.com
!!!! WARNING !!!! WARNING !!!! WARNING !!!!
You are about to destroy the sales application.

This is NOT reversible, all remote data for this application will be removed.
Do you want to destroy this application (y/n): y
Contacting https://openshift.redhat.com
API version:    1.1.1
Broker version: 1.1.1

RESULT:
Successfully destroyed application: sales

 

Can I configure standalone.xml on express?

 

It should be under .openshift/config of your application space.

 

~/sso/.openshift/config$ ls
standalone.xml

 

How do I get access to the application log entries?

 

$ rhc-tail-files --opts '-n 1000' -a sso

 

That will give you 1000 lines of the application log entries.