data:Ogsadai/22/server
From Dgiref
Contents |
Ogsadai/22/server
Prepare
- Operating system
- SuSE Linux Enterprise Server version 10 SP1 64 bit
Optimizing the configuration:
Use minimal operating system installation without firewall. To verify installed packages use the command
-
rpm -qa | grep package_name
Install the following additional packages:
-
yum -y install wget yum rpm make gcc gcc-c++ tar sed zlib openssl
After the installation is complete, turn off any unnecessary services (like gpm, sendmail, cups, haldaemon, messagebus, pcmcia, anacron, atd) with the following command:
-
chkconfig <SERVICE> off
Configure the following settings for the server:
- Additional Software
- the Globus_toolkit prerequisites without Torque client:
- java-1_5_0-sun (not fully compatible with java-1_5_0-ibm)
- PostgreSQL 8.1.9 (postgresql, postgresql-libs, postgresql-server)
- Perl 5.8.8 (with XML::PARSER)
- sudo
- ant 1.6.5
 To make all libraries from ant available do the following as root: su - cd /usr/share/ant/lib ln -s /usr/share/java/ant.jar ant.jar ln -s /usr/share/java/ant-launcher.jar ant-launcher.jar |
- There is specially prepared Globus binary version for OGSA-DAI which was designed to run on 64 bit SLES 10 platforms.
- DBMS (MySQL, PostgreSQL or Oracle)
- JDBC driver
- MySQL versions 3.1.6 and 5.0.6
- PostgreSQL version 8.1-407 (JDBC2)
- Oracle version 1.4
WARNING: Oracle is not fully supported at the moment. If you use Oracle, you need to setup the user accounts and databases for VOs manually. The user accounts and databases have to match the settings as they are defined withing the 'SiteConfigure.properties' file.
- Firewall configuration
The GT4 frontend runs GRAM + MDS + GridFTP + RFT services (how to open port in firewall).
| Service | Incoming ports (TCP) | Change to default default |
| GRAM (GT2) | 2119 | No |
| GRAM (GT2) | 20000-25000 | Yes |
| WS-GRAM | 8443 | No |
| WS-GRAM | 20000-25000 | Yes |
| WS-MDS | 8443 | No |
| GridFTP | 2811 | No |
| GridFTP | 20000-25000 | Yes |
| RFT | 8443 | No |
administrator's script: prepare.sh
#!/bin/bash# prepare ogsadai server for installation# Declare the variables section ------------# Please insert your actual configuration# The two users '''edguser''' and '''edginfo''' must be added on information provider nodes# They are not needed on other nodes but, since their presence will do no harm, they may be# added on all nodes.# BASE_URL="URL where the install packages are stored"# PACKAGE_VERSION="version of the package"# PACKAGE_VERSION="package version: x86-ogsa-linux-gnu-bin"# PACKAGE_GPT_32="gpt-3.2-src"# PACKAGE_OGSADAI="ogsadai-wsrf-2.2"# PACKAGE_SecurityExtensions="SecurityExtensions.jar"# PACKAGE_SiteConfigure="SiteConfigure.properties"# PACKAGE_setupSite="setupSite.sh"# PACKAGE_sec_desc="sec_desc.xml"# user_globus=globus# user_grid=grid user name# WORK_DIR="working directory"# GLOBUS_LOCATION= path to globus instance# path_globus=globus location, default: /usr/local/globus# path_certificates=certificates location, default: /etc/grid-security/certificates# path_gpt=gpt location, default: /usr/local/gpt-3.2# JAVA_HOME=java location, default: /usr/java/jdk1.6.0_13/# ANT_HOME=ant location, default: /usr/share/ant# Database specific configurations# yum_mysql_packages=packages to install with yum for mysql: "mysql mysql-jdbc"# yum_postgres_packages=packages to install with yum for postgres: "postgresql postgresql-jdbc2 postgresql-libs postgresql-server"# yum_oracle_packages=packages to install with yum for oracle: "oracle oracle-jdbc"# database_name= Possible choice: [MySQL | PGSQL | Oracle]# yum_db_package= Dependent from $database_name. Possible choice: [$yum_mysql_packages, $yum_postgres_packages, $yum_oracle_packages]# PACKAGE_JDBC= Dependent from $database_name. Possible choice: ["mysql-connector-java-5.0.8-bin.jar", "postgresql-8.0-314.jdbc2.jar"]# from here ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~BASE_URL="http://mirror.scc.kit.edu/downloads/src"
PACKAGE_VERSION="wsrf-2.2"
PACKAGE_GLOBUS="Lrz_SLES10.x-gt4.0.7_binary-x86-ogsa-linux-gnu-bin"
PACKAGE_GPT_32="gpt-3.2-src"
PACKAGE_OGSADAI="ogsadai-${PACKAGE_VERSION}"
PACKAGE_SecurityExtensions="SecurityExtensions.jar"
PACKAGE_SiteConfigure="SiteConfigure.properties"
PACKAGE_setupSite="setupSite.sh"
PACKAGE_sec_desc="sec_desc.xml"
user_globus=globususer_grid=dgdt0001WORK_DIR="/localhome/$user_globus"
GLOBUS_LOCATION=/usr/local/globus
path_globus=/usr/local/globus
path_certificates=/etc/grid-security/certificates
path_gpt=/usr/local/gpt-3.2
JAVA_HOME=/usr/lib64/jvm/java-1.5.0
ANT_HOME=/usr/share/ant
# Database specific configurationsyum_mysql_packages="mysql mysql-jdbc"
yum_postgres_packages="postgresql postgresql-jdbc2 postgresql-libs postgresql-server"
yum_oracle_packages="oracle oracle-jdbc"
# database_name; Possible choice: [MySQL | PGSQL | Oracle]database_name="MySQL"
# yum_db_package; Dependent from $database_name. Possible choice: [$yum_mysql_packages, $yum_postgres_packages, $yum_oracle_packages]yum_db_package=$yum_mysql_packages
# PACKAGE_JDBC; Dependent from $database_name. Possible choice: ["mysql-connector-java-5.0.8-bin.jar", "postgresql-8.0-314.jdbc2.jar"]PACKAGE_JDBC="mysql-connector-java-5.0.8-bin.jar"
# till here ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~yum -y install java-1_5_0-sun perl sudo ant
# Database Management system: (choose one of them)yum -y install ${yum_db_package}
# install globus# Create the user globus as the Globus administrator and the group globus:# su rootgroupadd $user_globususeradd -m -g $user_globus -d /localhome/$user_globus $user_globus
# Create the installation directory for Globus /usr/local/globus and set the globus user as owner:mkdir -p $path_globus
chown -R $user_globus.$user_globus $path_globus
# Create the directory for authorization and authentication functions (GSI):mkdir -p $path_certificates
# Each grid user needs a certificates directory . As grid user create this directory by:mkdir -p /localhome/.$user_globus
chown $user_grid /localhome/.$user_globus
### Environment Variables# As '''root''' create a new setup file called ''/usr/local/bin/globus-env-setup.sh'':echo "\
export GPT_LOCATION=${path_gpt}export GLOBUS_LOCATION=${path_globus}export GLOBUS_USAGE_OPTOUT=1export GLOBUS_TCP_PORT_RANGE=20000,25000export JAVA_HOME=${JAVA_HOME}export ANT_HOME=${ANT_HOME}export CLASSPATH=$CLASSPATH:$JAVA_HOME/libexport PATH=$ANT_HOME/bin:$JAVA_HOME/bin:$PATHexport PATH=$GLOBUS_LOCATION/bin:$GLOBUS_LOCATION/sbin:$PATHexport PATH=$GLOBUS_LOCATION/etc:$GPT_LOCATION/sbin:$PATHif [ -r $GLOBUS_LOCATION/etc/globus-user-env.sh ]; then. $GLOBUS_LOCATION/etc/globus-user-env.shelseecho "error: globus may not be installed yet"
fi" > /usr/local/bin/globus-env-setup.sh
# The file should be marked as executable:chmod +x /usr/local/bin/globus-env-setup.sh
#In order to execute this script for every user automatically, link in the directory /etc/profile.d as follows:ln -s /usr/local/bin/globus-env-setup.sh /etc/profile.d
# GPT# # As 'root' create the directory /usr/local/gpt-3.2 for the GPT installation and for# the user 'globus' must have the necessary privileges:# su rootmkdir -p $path_gpt
chown -R $user_globus.$user_globus $path_gpt
# Download the GPT-3.2 and Globus Toolkit packages#su globuscd $WORK_DIR
wget ${BASE_URL}/globus/${PACKAGE_GPT_32}.tar.gz
wget ${BASE_URL}/globus/${PACKAGE_GLOBUS}.tar.gz
# Install GPT as the user '''globus''':su $user_globus
. /usr/local/bin/globus-env-setup.sh
tar zxvf ${PACKAGE_GPT_32}.tar.gz
cd gpt-3.2
./build_gptcd ..rm -rf gpt-3.2/
rm gpt-3.2-src.tar.gz
# Install packages:# install (configuration option was ''./configure --prefix=$GLOBUS_LOCATION --enable-wsgram-pbs'')$GPT_LOCATION/sbin/gpt-install ${PACKAGE_GLOBUS}.tar.gz
$GPT_LOCATION/sbin/gpt-postinstall
Install
To provide OGSA-DAI, you need to install the Globus Toolkit middleware. The Globus toolkit installation instructions are available here.
| The uniqueness of this special Globus version is that the GRAM service has been removed. Therefore, in the Globus installation instructions you can ignore all PBS/Torque, Gatekeeper and GRAM related contents. All other steps must be performed without changes. |
administrator's script: install.sh
#!/bin/bash# install ogsadai server# load parameters from prepare sectioncd `dirname $0`
source prepare.sh# Install the OGSA-DAI Web service#The Globus Container may NOT run during the installation.# The following steps must be carriedsu $user_globus
## 1.1. download Globus Web Service Containercd $WORK_DIR
wget ${BASE_URL}/ogsadai/${PACKAGE_OGSADAI}-bin.tar.gz
## 1.2. Unpack to a directory of your choice, for example the home directory of the globus user,# using the following command:tar xfvz ${PACKAGE_OGSADAI}-bin.tar.gz
## 1.3. Install# Now change into the subdirectory 'ogsadai-${PACKAGE_VERSION}' and execute the following command:cd ${PACKAGE_OGSADAI}
ant install -Ddai.container=$GLOBUS_LOCATION
# Now all OGSA-DAI libraries are copied to '$GLOBUS_LOCATION/lib'.#### deployed at the Globus container## Subsequently, the OGSA-DAI Web service will be deployed at the Globus container.# To do so execute the following command:ant deployService -Ddai.container=$GLOBUS_LOCATION -Ddai.service.name=ogsadai/DataService
# Now the OGSA-DAI Web service is available at the URL#<protocol>://<host:port>/wsrf/services/ogsadai/DataService# Download a JDBC database driver#### Finally you have to download a JDBC database driver, according to the database managemant system,# installed at your site.# A list of download URLs for the supported database systems can be# http://www.ogsadai.org.uk/documentation/ogsadai3.0/ogsadai3.0-gt/DataResourceProducts.html.# For MySQL and PostgreSQL we provide a direct download of tested drivers.# Place the JDBC driver jar file, which fits your installed database system, under $GLOBUS_LOCATION/lib.cd $GLOBUS_LOCATION/lib/
# Configured by the $PACKAGE_JDBC parameter from prepare.sh scriptwget ${BASE_URL}/ogsadai/${PACKAGE_JDBC}
Configure
The following database setup assumes that the database is located on the same machine as the Globus container by default. If this is not the case, the admin user mentioned in the properties file below must be allowed to access the database server from the OGSA-DAI host. Standard database admin users e.g. root, are only allowed to access the database from 'localhost'. For detailed explanation on changing user privileges for your database system please consult the database documentation.
To see how to update the user mappings please refer to the section 'Grid-mapfile update' and the cfengine setup.
administrator's script: configure.sh
#!/bin/bash# configure ogsadai server# load parameters from prepare sectioncd `dirname $0`
source prepare.shsu $user_globus
#-> start routinecd $GLOBUS_LOCATION/lib/
wget ${BASE_URL}/ogsadai/${PACKAGE_SecurityExtensions}
# Download SiteConfigure.properties# As a next step, please download SiteConfigure.properties to the OGSA-DAI Server.# Adjust the settings inside the file depending on the conditions of your site.# Please pay attention to the comments within the file. The VO related settings should,# where possible, remain unchanged.wget ${BASE_URL}/ogsadai/${PACKAGE_SiteConfigure}
# Download setupSite.sh# When all settings are taken please download setupSite.sh to your OGSA-DAI Server, too.wget ${BASE_URL}/ogsadai/${PACKAGE_setupSite}
### Then change the umask and start the script with the following parameters:# Select one of the database types (MySQL, PGSQL or Oracle), using the '--type' command# line switch.# The value of this option depends on the database system installed at your site.# Other data resource types are currently not supported by this tool.# Please keep in mind the 'Oracle is not fully supported' by the tool,# so the user setup is not carried out automatically!# The '--sp' command line switch must point to the 'SiteConfigure.properties' file adapted before.chmod 755 ${PACKAGE_setupSite}
./${PACKAGE_setupSite} --type ${database_name} --sp ${PACKAGE_SiteConfigure}
###Now the tool performs the following steps:# * Creating one database user per VO (not for Oracle)# * Creating one database per VO (not for Oracle)# * Deployment and publication of one data resource per VO# * MDS 4 registry activation for each data resource# * Setting up the global Rolemap for access authorization depending on VO membership# It is assumed that all VOs use the same database system.# For individual settings modifications to the available data resources are necessary.# By default OGSA-DAI only uses Transport Level Security (TLS). For running on D-Grid# OGSA-DAI needs to be configured with full security support (Message Level Security (MLS))cd $GLOBUS_LOCATION/etc/ogsadai_wsrf/
wget ${BASE_URL}/ogsadai/${PACKAGE_sec_desc}
# Finally edit the file $GLOBUS_LOCATION/etc/ogsadai_wsrf/server-config.wsdd and insert the# following line before the </service> entry:config_file=$GLOBUS_LOCATION/etc/ogsadai_wsrf/server-config.wsdd
config_string="\ <parameter name=\"securityDescriptor\" value=\"${GLOBUS_LOCATION}/etc/ogsadai_wsrf/sec_desc.xml\"/\>"
if grep -q "securityDescriptor" $config_file;
thenecho "configuration is already in $config_file"
elsesed -i "/\/service/ i\
${config_string} \
" $config_filefi#<-end routine
Proceed
- start / stop scripts
administrator's script: proceed.sh
#!/bin/bash# proceed
Initial test
- Testing general connectivity
The following steps must be executed as user 'globus'. The expected result should look as follows:
Buildfile: build.xml
setupClientSecurity:
listResourcesClient:
[java] Service version: OGSA-DAI WSRF 2.2
[java] Number of resources: 17
[java] Resource: WisentResource
[java] Resource: HepcgResource
[java] Resource: DgcmsResource
[java] Resource: IngridResource
[java] Resource: GdigridResource
[java] Resource: AstrogridResource
[java] Resource: KerndgridResource
[java] Resource: LifescienceResource
[java] Resource: MedigridResource
[java] Resource: TextgridResource
[java] Resource: ProgridResource
[java] Resource: C3gridResource
[java] Resource: EducationResource
[java] Resource: DgtestResource
[java] Resource: PartnergridResource
[java] Resource: FingridResource
[java] Resource: BwgridResource
BUILD SUCCESSFUL
Total time: 18 secondsadministrator's script: test.sh
#!/bin/bash# test ogsadai server# Declare the variables section ------------# Please insert your actual configuration# PACKAGE_OGSADAI=ogsadai-wsrf-2.2# OGSADAI_HOST=ogsadai host with the valid certificate# WORK_DIR="working directory"# from here ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~PACKAGE_OGSADAI=ogsadai-wsrf-2.2
OGSADAI_HOST=dgiref-ogsadai.fzk.deWORK_DIR="/localhome/$user_globus"
# till here ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~# Testing general connectivitysu globuscd ${WORK_DIR}/${PACKAGE_OGSADAI}/
source setenv.shgrid-proxy-init -cert /etc/grid-security/containercert.pem -key /etc/grid-security/containerkey.pem
ant listResourcesClient -Ddai.url=https://${OGSADAI_HOST}:8443/wsrf/services/ogsadai/DataService
Update
- to uninstall OGSA-DAI, stop the Globus container and remove the files in:
- $GLOBUS_LOCATION/etc/ogsadai_wsrf
- $GLOBUS_LOCATION/share/schema/ogsadai
- $GLOBUS_LOCATION/lib/ogsadai*
- if you want to cleanup all OGSA-DAI related content remember to recursively remove the directories ~globus/ogsadai-wsrf-2.2/
- to reinstall OGSA-DAI uninstall OGSA-DAI and execute all installation and configuration steps again
administrator's script: update.sh
#!/bin/bash# update ogsadai server# stop Globus containersu - globus -c "/usr/local/globus/sbin/globus-stop-container-detached"
# uninstall OGSA-DAIrm $GLOBUS_LOCATION/etc/ogsadai_wsrf -R
rm $GLOBUS_LOCATION/share/schema/ogsadai -R
rm $GLOBUS_LOCATION/lib/ogsadai*
# cleanup all OGSA-DAI related contentrm -rf ~globus/ogsadai-wsrf-2.2/
