middleware:Unicore/64/server
From Dgiref
Contents |
UNICORE server v.6.4
Prepare
- Software
- Scientific Linux version 5.6 64 bit
- Sun Java Runtime Environment version >= 1.6.0
- Perl version >= 5.8.8
- Torque Client
- UMD repo
Optimizing the configuration:
Use minimal operating system installation without firewall. To verify installed packages use the command
-
rpm -qa | grep package_name
Install the following additional packages:
-
yum -y install wget yum rpm make gcc gcc-c++ tar sed zlib openssl
After the installation is complete, turn off any unnecessary services (like gpm, sendmail, cups, haldaemon, messagebus, pcmcia, anacron, atd) with the following command:
-
chkconfig <SERVICE> off
Configure the following settings for the server:
- Server Certificates for the Gateway service, the XUUDB service, the unicorex service
- Users
- A userid to start and administer the above services (not root!)
- A userid to execute status queries to the local resource management system (qstat) (not root!)
- Others
- NFS-Export of users home directories
- Register your Resource with GRRS: Web Form.
- Firewall configuration
The UNICORE Gateway is the entry to a site, it authenticates the users and forwards all client requests to the corresponding local service. The Gateway's port (8080 by default) needs to be accessible from the Internet. Therefore is must be open in the firewall for incoming https connections.
The unicorex service registers with the central UNICORE Registry with Port 9110. unicorex must be able to make a connection to this system on the given port, so that the firewall should allow that outgoing connection (how to open port in firewall).
administrator's script: prepare.sh
#!/bin/bash# prepare# Declare the variables section ------------# Please insert your actual configuration# USER_UNICORE=user to install unicore# from here ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~USER_UNICORE=njsadmin# till here ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~# install prerequisitesyum -y install perl python java
# create non-root user for unicore installationadduser $USER_UNICORE -d /localhome/unicore
# stop local firewallservice iptables stop
chkconfig iptables off
# create directory for the grid host certificatesmkdir /etc/grid-security/
# after copy the host certificate and host key into /etc/grid-security/# install umd#clean oldrm /etc/yum.repos.d/UMD* /etc/yum.repos.d/epel*
wget http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
wget http://repository.egi.eu/sw/production/umd/1/sl5/x86_64/updates/umd-release-1.0.2-1.el5.noarch.rpm
rm -f epel-release-5-4.noarch.rpm umd-release-1.0.2-1.el5.noarch.rpm
yum install epel-release-5-4.noarch.rpm
yum install yum-prioritiesyum install umd-release-1.0.2-1.el5.noarch.rpm
sed -i -e "s/priority=.*/priority=5/g" /etc/yum.repos.d/UMD-1-base.repo
sed -i -e "s/priority=.*/priority=4/g" /etc/yum.repos.d/UMD-1-updates.repo
Install
- Install Unicore components unicore-unicorex, unicore-xuudb, unicore-gateway, unicore-tsi from UMD
- Install Unicore ucc client from UMD
administrator's script: install.sh
yum -y install unicore-unicorex unicore-xuudb unicore-gateway unicore-tsi
# clientyum -y install unicore-ucc
Configure
- Truststore configuration
- Gateway configure
- Customization of connections.properties
- Customization of gateway.properties
- Customization of security.properties
- Unicorex configure
- Don't change jmxremote.password, logging.properties, security_policy.xml, ucc.logging.properties, xacml.config, xnjs.xml,
- Change an user name in simpleuudb
- Adapt of site-info.glue for site configurations
- Configure uas.config
- Configure wsrflite.xml
- Configure xnjs_legacy.xml
- Configure simpleidb
- Change registry server in uas.config
- Set uas.externalregistry.url.2=https://iwrunicore.fzk.de:9110/D-Grid-KIT/services/Registry?res=default_registry in uas.config manyally
- Create path and set storage <tt>uas.storagefactory.DEFAULT.path=/etc/unicore/unicorex/storage
- Adapt wsrflite.xml
- xuudb configure
- Customization xuudb_client.conf
- Customization acl list /etc/unicore/xuudb/xuudb.acl
- tsi files tsi.properties and xuudb_server.conf customization
- Convert grid-mapfile to xuudb_in
| config file | usage | dynamically reloaded |
|---|---|---|
| uas.config | General properties, startup behaviour,registry, file transfer properties | yes |
| wsrflite.xml | Services to be deployed, SSL settings, Web server settings | yes |
| simpleidb | Backend, installed applications, resources | yes |
| xnjs.xml | Back end properties | no |
| xnjs_legacy.xml | Back end properties preconfigured for the Perl TSI | no |
| logging.properties | logging levels, logfiles and their properties | yes |
| security_policy.xml | Access control policy for securing the web services | via xacml.config (do 'touch xacml.config' to trigger) |
| xacml.config | Configure the access control component | yes |
 For details use Unicorex manual |
| Registry server is not a part of Referece Installation. For configuration see Registry manual |
administrator's script: configure.sh
#!/bin/bash# configure unicore 6.4HOSTNAME=`hostname`
SITENAME="DGIREF_SCC"
passw="!!!!yourpasswordputhere!!!!"
# ========================================================================== truststore configuration# put the hostcert to the $hostcertPath#logpath=/var/log/unicore-*password=$paassw
hostcertPath=/etc/grid-security/dgiref-unicore.fzk.de.p12
truststorePath=/etc/grid-security/truststore.jks
# create trustorecd toolspython create_gw_truststore.py -o $truststorePath
# put the truststore.jks to the $truststorePathkeytoolkeytool -import -file /etc/grid-security/hostcert.pem -alias hostcert -keystore $truststorePath
# Certificate was added to keystore# ========================================================================== Gateway configurationcd /etc/unicore/gateway
echo "$SITENAME = https://$HOSTNAME:7777" > connections.properties
echo '
hostname = https://0.0.0.0:8080http.connection.chunked = truehttp.socket.timeout = 1000000http.connection.timeout = 1000000http.connection.gzip = truehttp.protocol.expect-continue = truehttp.connection.maxTotal = 100http.connection.maxPerService = 20signConsignorToken = falseconsignorTokenTimeTolerance = 30consignorTokenValidity = 60registration.enable=falseproxyValidation=false'>gateway.properties
echo "\
keystore=$hostcertPathkeystorepassword=$passwordtruststore=$truststorePathtruststorepassword=$password" > security.properties
# ========================================================================== xuudb configurationcd /etc/unicore/xuudb
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Configure client_logging.properties# do not change# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Configure logging.properties# do not change# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Configure xuudb_client.confecho "
xuudb_http_host=https://$HOSTNAME#SSL yes/noxuudb_use_ssl=true# Port on which the XUUDB server is listeningxuudb_http_port=34463# When using SSL you have to specify a keystore and a truststore.# It is possible, that they are the same file. In that case, you do not# have to specify xuudb_truststore_* properties.# Possible store types are JKS and PKCS12# The truststore has to contain the CA certificate of the XUUDB server cert.xuudb_keystore_file=$hostcertPathxuudb_keystore_password=$passwordxuudb_keystore_type=PKCS12xuudb_truststore_file=$truststorePathxuudb_truststore_password=$passwordxuudb_truststore_type=JKS" > xuudb_client.conf
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Configure xuudb.aclecho "
#RE demo xuudbCN=iwrunicore.fzk.de,OU=FZK,O=GermanGrid,C=DECN=dgiref-unicore.fzk.de,OU=FZK,O=GermanGrid,C=DE">> /etc/unicore/xuudb/xuudb.acl
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Configure xuudb_server.confecho "
xuudb_http_port=34463xuudb_use_ssl=truexuudb_acl_file=xuudb.aclxuudb_keystore_file=$hostcertPathxuudb_keystore_type=PKCS12xuudb_keystore_password=$passwordxuudb_truststore_file=$truststorePathxuudb_truststore_type=JKSxuudb_truststore_password=$passwordxuudb_data_file=/var/lib/unicore/xuudb/data/UnicoreUserDB.dataxuudb_type=dn">/etc/unicore/xuudb/xuudb_server.conf
# ========================================================================== generate mapfile for UNICORE 6:wget https://dispatch.fz-juelich.de:8814/dgridmap --no-check-certificate -O /usr/bin/dgridmapdgridmap
chmod +x /usr/bin/dgridmap
dgridmap -cert-path /etc/grid-security -output-xu /etc/unicore/xuudb/xuudb_in.csv
unicore-xuudb-admin import /etc/unicore/xuudb/xuudb_in.csv
# ========================================================================== Unicorex/XNJS configurationcd /etc/unicore/unicorex
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Configure site-info.glue# adapt for site configurationsecho '
<?xml version="1.0" encoding="UTF-8"?><glue:Domains xmlns:glue="http://schemas.ogf.org/glue/2008/05/spec_2.0_d42_r01"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><glue:AdminDomain CreationTime="2009-12-16T10:05:12Z" Validity="500"BaseType="Domain"><ID>urn:admindomain:somesite</ID><!--Name and Description commented because bess common name and longdescription properties have the same semantics--><!--<Name>DGIREF_SCC</Name><Description>DGIREF site Deployment</Description>--><WWW>http://dgiref-unicore.fzk.de</WWW><OtherInfo>dgiref_scc site Part of D-Grid</OtherInfo><Distributed>false</Distributed><Owner>scc.kit.edu</Owner><Contact CreationTime="2008-04-21T10:05:12Z" Validity="500"><LocalID>mailto:dgrid-admin@scc.kit.edu</LocalID><URL>mailto:dgrid-admin@scc.kit.edu</URL><Type>general</Type><OtherInfo>working hours: 8-18</OtherInfo></Contact><Services><ComputingService CreationTime="2008-04-21T10:05:12Z"Validity="500" BaseType="Service"><!-- dynamic --><ID>urn:fzj:jsc:bes</ID><!-- dynamic --><Name>dgiref-unicore.fzk.de</Name><!--</Capability>unicore.xnjs.jobexecution.embedded_tsi</Capability>--><Capability>unicore.xnjs.jobexecution.legacy_tsi</Capability><Type>de.fzj.unicore.tsf</Type><QualityLevel>production</QualityLevel><!--<StatusPage>http://someurlofamonitoringpageshowintthestatusofthisservice</StatusPage>--><Location CreationTime="2008-04-21T10:05:12Z" Validity="500"><LocalID>kit/scc</LocalID><Name>Steinbuch Centre for Computing</Name><Address>Hermann-von-Helmholtz-Platz 1</Address><Place>Karlsruhe</Place><Country>Germany</Country><PostCode>D-76344</PostCode><Latitude>49.09</Latitude><Longitude>8.43</Longitude></Location><OtherInfo>D-Grid Computing Ressource</OtherInfo><ComputingEndpoint><ID>dgiref-unicore.fzk.de</ID><Name>DGIREF_SCC</Name><Technology>webservice</Technology><InterfaceName>TargetSystemFactory</InterfaceName><InterfaceVersion>1.0</InterfaceVersion><SupportedProfile>WS-I 1.0</SupportedProfile><SupportedProfile>WS-RF</SupportedProfile><SupportedProfile>WS-Security X.509 Profile</SupportedProfile><SupportedProfile>WS-Security Username Token Profile</SupportedProfile><SupportedProfile>WS-Security SAML Token Profile</SupportedProfile><Semantics>http://www.ogf.org/documents/GFD.108.pdf</Semantics><Implementor>UNICORE</Implementor><ImplementationName>UNICORE</ImplementationName><ImplementationVersion>6.4.0</ImplementationVersion><!-- development, production, pre-production --><QualityLevel>production</QualityLevel><!-- ok, other, critical, unknown, warning --><HealthState>ok</HealthState><HealthStateInfo>Im fine, thanks for asking</HealthStateInfo><ServingState>production</ServingState></ComputingEndpoint><ComputingManager BaseType="Manager"><ID>dgiref-unicore.fzk.de</ID><Name>Torque</Name><TotalPhysicalCPUs>20</TotalPhysicalCPUs><TotalLogicalCPUs>20</TotalLogicalCPUs><ExecutionEnvironment BaseType="Resource"><ID>dgiref-unicore.fzk.de</ID><Name>dgiref-cluster</Name><!-- i386, amd64, itanium, powerpc, sparc, any --><Platform>amd64</Platform></ExecutionEnvironment></ComputingManager></ComputingService></Services></glue:AdminDomain></glue:Domains>'>site-info.glue
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Configure uas.configecho '
uas.wsrflite.configfile=/etc/unicore/unicorex/wsrflite.xmluas.targetsystemfactory.xnjs.configfile=/etc/unicore/unicorex/xnjs_legacy.xmluas.targetsystem.sitename=DGIREF_SCCuas.registry.global=falseuas.registry.global.advertise=falseuas.externalregistry.use=trueuas.externalregistry.autodiscover=falseuas.externalregistry.url=https://dgrid-unic.fz-juelich.de:9110/D-Grid/services/Registry?res=default_registryuas.externalregistry.url.2=https://iwrunicore.fzk.de:9110/D-Grid-KIT/services/Registry?res=default_registryuas.gatewayregistration=falseuas.gatewayregistration.updateinterval=60uas.onstartup.wait=trueuas.onstartup=de.fzj.unicore.uas.util.DefaultOnStartup \de.fzj.unicore.cisprovider.impl.InitOnStartup \de.fzj.unicore.bes.util.BESOnStartupuas.security.accesscontrol=trueuas.security.accesscontrol.pdp.config=/etc/unicore/unicorex/xacml2.configuas.security.accesscontrol.pdp=eu.unicore.uas.pdp.local.LocalHerasafPDPuas.security.signatures=trueuas.security.consignor.checksignature=falseuas.security.attributes.order=XUUDBuas.security.attributes.combiningPolicy=MERGE_LAST_OVERRIDESuas.security.attributes.FILE.class=eu.unicore.uas.security.file.FileAttributeSourceuas.security.attributes.FILE.file=/etc/unicore/unicorex/simpleuudbuas.security.attributes.FILE.matching=strictuas.security.attributes.XUUDB.class=eu.unicore.uas.security.xuudb.XUUDBAuthoriseruas.security.attributes.XUUDB.xuudbHost=https://localhostuas.security.attributes.XUUDB.xuudbPort=34463uas.security.attributes.XUUDB.xuudbGCID=DGIREF_SCCuas.security.attributes.VO-PULL.class=eu.unicore.uas.security.vo.SAMLPullAuthoriseruas.security.attributes.VO-PULL.configurationFile=vo.configuas.security.attributes.VO-PUSH.class=eu.unicore.uas.security.vo.SAMLPushAuthoriseruas.security.attributes.VO-PUSH.configurationFile=vo.configuas.sms.protocols=RBYTEIO SBYTEIO BFTuas.filetransfer.protocol.BFT=de.fzj.unicore.uas.fts.BaselineFileTransferImpluas.filetransfer.protocol.RBYTEIO=de.fzj.unicore.uas.fts.byteio.RandomByteIOImpluas.filetransfer.protocol.SBYTEIO=de.fzj.unicore.uas.fts.byteio.StreamableByteIOImpluas.storagefactory.types=DEFAULTuas.storagefactory.DEFAULT.description=Default filesystemuas.storagefactory.DEFAULT.path=/etc/unicore/unicorex/storageuas.storagefactory.DEFAULT.cleanup=trueunicore.gridbean.directory=/var/lib/unicore/unicorex/gridbeanscip.data.path=site-info.gluebes.is.accepting.new.activities=truebes.naming.profile=http://schemas.ggf.org/bes/2006/08/bes/naming/BasicWSAddressingbes.local.resource.manager.type=http://fzj.unicore.de/bes/2006/08/bes/resources/NonQueuingbes.common.name=BES-DGIREF-SCCbes.long.description=BES Interface for DGIREF_SCCbes.factory.id=default_bes_factorybes.extension=http://schemas.ggf.org/bes/2006/08/bes-extensions/SupportsLifetimes http://schemas.ogf.org/hpcp/2007/01/bp/BasicFilterbes.job.mode=bes'>uas.conf
mkdir storagechown -R unicore.unicore storage
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Configure wsrflite.xmlecho '
<?xml version="1.0" encoding="UTF-8"?><services><!-- Configuration with Gateway --><property name="unicore.wsrflite.baseurl"value="https://iwrunicore.fzk.de:9110/DGIREF_SCC/services"/><!-- physical hostname (or IP address) and port --><property name="unicore.wsrflite.host" value="dgiref-unicore.fzk.de"/><property name="unicore.wsrflite.port" value="7777"/><!-- Jetty server parameters --><property name="unicore.wsrflite.jetty.maxIdleTime" value="30000"/><property name="unicore.wsrflite.jetty.lowResourceMaxIdleTime" value="10000"/><property name="unicore.wsrflite.jetty.maxThreads" value="255"/><property name="unicore.wsrflite.jetty.lowThreads" value="50"/><!-- default lifetime for service instances (seconds)you can set a value per-service--><!-- use 10 days for jobs and storages --><property name="wsrflite.lifetime.default.JobManagement" value="864000"/><property name="wsrflite.lifetime.default.StorageManagement" value="864000"/><!-- the default value is used for all services not listed explicitely --><property name="wsrflite.lifetime.default" value="864000"/><!-- Service Group / Registry setting --><!-- default termination time for registry entries in seconds --><property name="unicore.wsrflite.sg.defaulttermtime" value="1800"/><!-- persistence settings --><!-- use database (H2 by default)--><property name="unicore.wsrflite.persistence.persist"value="de.fzj.unicore.wsrflite.persistence.Persistence"/><!-- directory for database files (use a fast filesystem on the unicore/x machine) --><property name="persistence.directory"value="/var/lib/unicore/unicorex"/><!--Security settings--><!-- SSL --><property name="unicore.wsrflite.ssl" value="true"/><property name="unicore.wsrflite.ssl.clientauth" value="true"/><!-- UNICORE/X server identity (keystore definition) --><property name="unicore.wsrflite.ssl.keystore"value="HOSTPATH!"/><property name="unicore.wsrflite.ssl.keypass" value="HOSTKEY!"/><property name="unicore.wsrflite.ssl.keytype" value="PKCS12"/><!-- <property name="unicore.wsrflite.ssl.keyalias" value="njs test certificate"/> --><!-- UNICORE/X truststore (can be the same as the keystore) --><property name="unicore.wsrflite.ssl.truststore"value="KEYPATH!"/><property name="unicore.wsrflite.ssl.truststorepass" value="KEYKEY!"/><property name="unicore.wsrflite.ssl.truststoretype" value="JKS"/><!--<property name="unicore.maxInstancesPerUser.JobManagement" value="200"/><property name="unicore.maxInstancesPerUser.BESActivity" value="200"/><property name="unicore.maxInstancesPerUser.StorageManagement" value="250"/><property name="unicore.maxInstancesPerUser.TargetSystemService" value="20"/><property name="unicore.maxInstancesPerUser.FileTransfer" value="200"/><property name="unicore.maxInstancesPerUser.FileTransferBFT" value="200"/><property name="unicore.maxInstancesPerUser.FileTransferRBYTEIO" value="200"/><property name="unicore.maxInstancesPerUser.FileTransferSBYTEIO" value="200"/><property name="unicore.maxInstancesPerUser.FileTransferUDT" value="200"/>--><!-- the target system factory service --><service name="TargetSystemFactoryService" wsrf="true" persistent="true"><interface class="de.fzj.unicore.uas.TargetSystemFactory" /><implementation class="de.fzj.unicore.uas.impl.tss.TargetSystemFactoryHomeImpl"/></service><!-- the target system service --><service name="TargetSystemService" wsrf="true" persistent="true"><interface class="de.fzj.unicore.uas.TargetSystem" /><implementation class="de.fzj.unicore.uas.impl.tss.TargetSystemHomeImpl"/></service><!-- the job management service --><service name="JobManagement" wsrf="true" persistent="true"><interface class="de.fzj.unicore.uas.JobManagement" /><implementation class="de.fzj.unicore.uas.impl.job.JobManagementHomeImpl"/></service><!-- the storage management service --><service name="StorageManagement" wsrf="true" persistent="true"><interface class="de.fzj.unicore.uas.StorageManagement" /><implementation class="de.fzj.unicore.uas.impl.sms.StorageManagementHomeImpl"/></service><!-- the storage factory service --><service name="StorageFactory" wsrf="true"persistent="true" enabled="false"><interface class="de.fzj.unicore.uas.StorageFactory" /><implementation class="de.fzj.unicore.uas.impl.sms.StorageFactoryHomeImpl"/></service><!-- the enumeration service --><service name="Enumeration" wsrf="true" persistent="true"><interface class="de.fzj.unicore.uas.Enumeration" /><implementation class="de.fzj.unicore.uas.impl.enumeration.EnumerationHomeImpl"/></service><!-- the file transfer services --><!-- server to server file transfer service --><service name="FileTransfer" wsrf="true" persistent="true"><interface class="de.fzj.unicore.uas.fts.FileTransfer" /><implementation class="de.fzj.unicore.uas.fts.FileTransferHomeImpl"/></service><!-- HTTPs-based --><service name="FileTransferBFT" wsrf="true" persistent="true"><interface class="de.fzj.unicore.uas.fts.FileTransfer" /><implementation class="de.fzj.unicore.uas.fts.FileTransferHomeImpl"/></service><!-- OGSA Random access Byte-IO --><service name="FileTransferRBYTEIO" wsrf="true" persistent="true"><interface class="de.fzj.unicore.uas.fts.byteio.RandomByteIO" /><implementation class="de.fzj.unicore.uas.fts.FileTransferHomeImpl"/></service><!-- OGSA Streamable Byte-IO --><service name="FileTransferSBYTEIO" wsrf="true" persistent="true"><interface class="de.fzj.unicore.uas.fts.byteio.StreamableByteIO" /><implementation class="de.fzj.unicore.uas.fts.FileTransferHomeImpl"/></service><!-- the next three services implement the OGSA BES specification --><service name="BESFactory" wsrf="true" ><interface class="de.fzj.unicore.bes.BESFactory" /><implementation class="de.fzj.unicore.bes.impl.factory.BESFactoryHomeImpl" /></service><service name="BESActivity" wsrf="true" ><interface class="de.fzj.unicore.bes.BESActivity" /><implementation class="de.fzj.unicore.bes.impl.activity.BESActivityHomeImpl" /></service><service name="BESManagement" wsrf="false"><interface class="de.fzj.unicore.bes.BESManagement" /><implementation class="de.fzj.unicore.bes.impl.management.BESManagementImpl" /></service><!-- Local Registry: use the next two entries when this container should use the localregistry only (i.e. when *not* using this container as a shared registry)--><service name="ServiceGroupEntry" wsrf="true" persistent="true"><interface class="de.fzj.unicore.wsrflite.xmlbeans.sg.ServiceGroupEntry"/><implementation class="de.fzj.unicore.uas.impl.registry.LocalRegistryEntryHomeImpl"/></service><!-- the local registry service --><service name="Registry" wsrf="true" persistent="true"><interface class="de.fzj.unicore.uas.Registry"/><implementation class="de.fzj.unicore.uas.impl.registry.LocalRegistryHomeImpl"/></service><!--GPE GridBean ServiceThe directory where the Gridbeans are is configured in uas.config--><service name="GridBeanService" wsrf="false"><interface class="com.intel.gpe.gridbeans.GridBeanService" /><implementation class="com.intel.gpe.gridbeans.GridBeanServiceImpl"/></service><!-- the information provider for the common information service --><service name="CISInfoProvider" wsrf="false"><interface class="de.fzj.unicore.cisprovider.CISInfoProvider" /><implementation class="de.fzj.unicore.cisprovider.impl.CISInfoProviderImpl"/></service><!-- the wsrflite admin service. If you enable the service,access control for this service should be enabled as well.--><!-- <property name="uas.security.accesscontrol.AdminTool" value="true"/><service name="AdminService" wsrf="true"><interface class="de.fzj.unicore.wsrflite.admin.service.AdminService" /><implementation class="de.fzj.unicore.wsrflite.admin.service.AdminServiceHomeImpl"/></service>--></services>'> wsrflite.xml
sed -i "s/HOSTPATH!/$hostcertPath/g" wsrflite.xml
sed -i "s/HOSTKEY!/$password/g" wsrflite.xml
sed -i "s/KEYPATH!/$truststorePath/g" wsrflite.xml
sed -i "s/KEYKEY!/$password/g" wsrflite.xml
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Configure xnjs_legacy.xmlecho'<?xml version="1.0" encoding="UTF-8"?><!--XNJS configuration that uses a Perl TSIThe XNJS and the Perl TSI communicate via sockets, and canthus be on different machines.For more information, visit http://www.unicore.eu/documentation--><eng:EngineConfiguration xmlns:eng="http://www.fz-juelich.de/unicore/xnjs/engine"><eng:Core><!-- execution management --><eng:Manager>de.fzj.unicore.xnjs.simple.BasicManager</eng:Manager><eng:ExecutionContextManager>de.fzj.unicore.xnjs.simple.LocalECManager</eng:ExecutionContextManager><eng:TSIFactory>de.fzj.unicore.xnjs.simple.BasicTSIFactory</eng:TSIFactory><eng:Execution>de.fzj.unicore.xnjs.legacy.Execution</eng:Execution><eng:Grounder>de.fzj.unicore.xnjs.simple.BasicGrounder</eng:Grounder><eng:ProcessorFactory>de.fzj.unicore.xnjs.ems.processors.DefaultProcessorFactory</eng:ProcessorFactory><!-- reservation interface, uncomment to use the TSI reservation functions (Reservation.pm) --><!-- <eng:Reservation>de.fzj.unicore.xnjs.legacy.Reservation</eng:Reservation> --><!-- i/o --><eng:FileTransferEngine>de.fzj.unicore.xnjs.io.simple.SimpleFileTransferEngine</eng:FileTransferEngine><!-- persistence --><eng:ActionStorageFactory>de.fzj.unicore.xnjs.persistence.JDBCActionStoreFactory</eng:ActionStorageFactory></eng:Core><!-- processing --><eng:ProcessingChain actionType="JSDL" jobDescriptionType="{http://schemas.ggf.org/jsdl/2005/11/jsdl}JobDefinition"><eng:Processor>de.fzj.unicore.xnjs.jsdl.JSDLProcessor</eng:Processor><eng:Processor>de.fzj.unicore.xnjs.ems.processors.UsageLogger</eng:Processor></eng:ProcessingChain><eng:ProcessingChain actionType="JSDL_STAGEIN"><eng:Processor>de.fzj.unicore.uas.xnjs.Unicore6FileTransferProcessor</eng:Processor></eng:ProcessingChain><eng:ProcessingChain actionType="JSDL_STAGEOUT"><eng:Processor>de.fzj.unicore.uas.xnjs.Unicore6FileTransferProcessor</eng:Processor></eng:ProcessingChain><!-- properties --><eng:Properties><!-- Directory used for job directories (must be on the TSI machine --><eng:Property name="XNJS.filespace" value="/home/UNICORE_FILE"/><!-- Directory used for storing XNJS state (must be on the XNJS machine --><eng:Property name="XNJS.statedir" value="/etc/unicore/unicorex/NJSSTATE"/><!-- The IDB file (must be on the XNJS machine --><eng:Property name="XNJS.idbfile" value="/etc/unicore/unicorex/simpleidb"/><eng:Property name="XNJS.numberofworkers" value="4"/><eng:Property name="XNJS.autosubmit" value="false"/><eng:Property name="XNJS.tsiclass" value="de.fzj.unicore.xnjs.legacy.LegacyTSI"/><!-- classic TSI properties --><eng:Property name="CLASSICTSI.machine" value="HOSTNAME!"/><!-- the port on the TSI machine where the TSI listens --><eng:Property name="CLASSICTSI.port" value="4433"/><!-- the port on the XNJS machine which the TSI talks to --><eng:Property name="CLASSICTSI.replyport" value="7654"/><!-- a user who may see all the jobs on the batch system (can not be 'root'!) -->
<eng:Property name="CLASSICTSI.priveduser" value="BATH_MANAGER_USER!"/><!-- minimum time between batch system job status updates(in milliseconds)--><eng:Property name="CLASSICTSI.statusupdate.interval" value="3000"/><!-- how often to re-check job status before assuming job is finished --><eng:Property name="CLASSICTSI.statusupdate.grace" value="2"/><!-- various command locations (on the TSI machine) --><eng:Property name="CLASSICTSI.TSI_LS" value="/usr/share/unicore/tsi_selected/perl/tsi_ls"/><eng:Property name="CLASSICTSI.TSI_DF" value="/usr/share/unicore/tsi_selected/perl/tsi_df"/><eng:Property name="CLASSICTSI.CP" value="/bin/cp"/><eng:Property name="CLASSICTSI.RM" value="/bin/rm"/><eng:Property name="CLASSICTSI.RMDIR" value="/bin/rm -rf"/><eng:Property name="CLASSICTSI.MKDIR" value="/bin/mkdir -p"/><eng:Property name="CLASSICTSI.CHMOD" value="/bin/chmod"/><eng:Property name="CLASSICTSI.CHGRP" value="/bin/chgrp"/><eng:Property name="CLASSICTSI.GROUPS" value="/usr/bin/groups"/><eng:Property name="CLASSICTSI.PERL" value="/usr/bin/perl"/><!-- I/O buffer size for reading files from and writing files to the TSI --><eng:Property name="CLASSICTSI.BUFFERSIZE" value="1000000"/></eng:Properties></eng:EngineConfiguration>' > xnjs_legacy.xml
sed -i "s/JOB_PATH!/\/home\/UNICORE_FILE/g" xnjs_legacy.xml
sed -i "s/XNJS_PATH!/\/etc\/unicore\/unicorex\/NJSSTATE/g" xnjs_legacy.xml
sed -i "s/HOSTNAME!/$HOSTNAME/g" xnjs_legacy.xml
sed -i "s/BATH_MANAGER_USER!/dgdt0129/g" xnjs_legacy.xml
mkdir /home/UNICORE_FILE #this folder should be available from WN via nfs
mkdir /etc/unicore/unicorex/NJSSTATE
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Configure simpleidbecho '
<?xml version="1.0" encoding="UTF-8"?><!--Example IDB fileFor information on the possibilities, see http://www.unicore.eu/documentationespeciallyhttp://www.unicore.eu/documentation/manuals/unicore6/unicorex/xnjs-idb.html--><idb:IDB xmlns:idb="http://www.fz-juelich.de/unicore/xnjs/idb"><!-- Applications --><!-- Custom executable (used by the Generic gridbean) --><idb:IDBApplication><idb:ApplicationName>Custom executable</idb:ApplicationName><idb:ApplicationVersion>1.0</idb:ApplicationVersion><jsdl:POSIXApplication xmlns:jsdl="http://schemas.ggf.org/jsdl/2005/11/jsdl-posix"><jsdl:Executable>$EXECUTABLE</jsdl:Executable><jsdl:Argument>$ARGUMENTS?</jsdl:Argument></jsdl:POSIXApplication><idb:PreCommand>chmod +x $EXECUTABLE</idb:PreCommand><idb:PreCommand>PATH=$PATH:. ; export PATH</idb:PreCommand></idb:IDBApplication><!-- DATE --><idb:IDBApplication><idb:ApplicationName>Date</idb:ApplicationName><idb:ApplicationVersion>1.0</idb:ApplicationVersion><jsdl:POSIXApplication xmlns:jsdl="http://schemas.ggf.org/jsdl/2005/11/jsdl-posix"><jsdl:Executable>/bin/date</jsdl:Executable></jsdl:POSIXApplication></idb:IDBApplication><!-- POVRay --><idb:IDBApplication><idb:ApplicationName>POVRay</idb:ApplicationName><!-- please do not change the version (bug in povray gridbean) --><idb:ApplicationVersion>3.5</idb:ApplicationVersion><jsdl:POSIXApplication xmlns:jsdl="http://schemas.ggf.org/jsdl/2005/11/jsdl-posix"><jsdl:Executable>/usr/bin/povray</jsdl:Executable><jsdl:Argument Type="filename" Description="The scene definition file" MimeType="model/x-pov">+I$SOURCE?</jsdl:Argument><jsdl:Argument MimeType="image/png" >+O$TARGET?</jsdl:Argument><jsdl:Argument Type="int" Default="320" Description="Width of the rendered image">+W$WIDTH?</jsdl:Argument><jsdl:Argument Type="int" Default="200" Description="Height of the rendered image">+H$HEIGHT?</jsdl:Argument><jsdl:Argument Type="int" Description="Do antialiasing on the pixels until the difference between adjacent pixels is less than one tenth of this value.">+A$ANTIALIASING_THRESHOLD?</jsdl:Argument><jsdl:Argument Type="int" Description="Specify the initial frame number for an animation.">+KFI$INITIAL_FRAME_NUMBER?</jsdl:Argument><jsdl:Argument Type="int" Description="Specify the final frame number for an animation. This must be set to a value other than 1 in order to render multiple frames at once." DependsOn="INITIAL_FRAME_NUMBER">+KFF$FINAL_FRAME_NUMBER?</jsdl:Argument><jsdl:Argument Type="int" Description="Render a subset of frames from an animation, starting at this frame." DependsOn="INITIAL_FRAME_NUMBER">+SF$SUBSET_START?</jsdl:Argument><jsdl:Argument Type="int" Description="Render a subset of frames from an animation, stopping at this frame." DependsOn="INITIAL_FRAME_NUMBER">+EF$SUBSET_END?</jsdl:Argument><jsdl:Argument Type="double" Description="Specify the clock value for the initial frame of an animation" DependsOn="INITIAL_FRAME_NUMBER">+KI$INITIAL_CLOCK_VALUE?</jsdl:Argument><jsdl:Argument Type="double" Description="Specify the clock value for the final frame of an animation" DependsOn="INITIAL_FRAME_NUMBER">+KF$FINAL_CLOCK_VALUE?</jsdl:Argument><jsdl:Argument>$ARGUMENTS?</jsdl:Argument></jsdl:POSIXApplication></idb:IDBApplication><!-- Blender --><idb:IDBApplication><idb:ApplicationName>Blender</idb:ApplicationName><idb:ApplicationVersion>2.42</idb:ApplicationVersion><jsdl:POSIXApplication xmlns:jsdl="http://schemas.ggf.org/jsdl/2005/11/jsdl-posix"><jsdl:Executable>/usr/bin/blender</jsdl:Executable><jsdl:Argument Type="filename" Description="The Blender source file" MimeType="">-b $SOURCE?</jsdl:Argument><jsdl:Argument Type="string" Description="The name of the scene to be rendered (leave empty for default scene)">-S $SCENE?</jsdl:Argument><jsdl:Argument Type="choice" ValidValues="PNG BMP TGA IRIS HAMX JPEG MOVIE IRIZ RAWTGA AVIRAW AVIJPEG FRAMESERVER" Description="Output format">-F $FORMAT?</jsdl:Argument><jsdl:Argument>-x 0</jsdl:Argument><jsdl:Argument>-o //out_####.$(echo $FORMAT|tr [A-Z] [a-z])</jsdl:Argument><jsdl:Argument Type="int" Default="1" Description="Frame to render as still image">-f $FRAME?</jsdl:Argument><jsdl:Argument Type="boolean" Default="false" Description="Render an animation?" Excludes="FRAME">-a $ANIMATE?</jsdl:Argument><jsdl:Argument Type="int" Default="1" Description="Start frame for animation" DependsOn="ANIMATE">-s $START?</jsdl:Argument><jsdl:Argument Type="int" Default="100" Description="End frame for animation" DependsOn="ANIMATE">-e $END?</jsdl:Argument></jsdl:POSIXApplication></idb:IDBApplication><!-- SCRIPTS --><!-- Bash shell --><idb:IDBApplication><idb:ApplicationName>Bash shell</idb:ApplicationName><idb:ApplicationVersion>3.1.16</idb:ApplicationVersion><jsdl:POSIXApplication xmlns:jsdl="http://schemas.ggf.org/jsdl/2005/11/jsdl-posix"><jsdl:Executable>/bin/bash</jsdl:Executable><jsdl:Argument>--debugger$DEBUG?</jsdl:Argument><jsdl:Argument>-v$VERBOSE?</jsdl:Argument><jsdl:Argument>$OPTIONS?</jsdl:Argument><jsdl:Argument>-- $SOURCE?</jsdl:Argument><jsdl:Argument>$ARGUMENTS?</jsdl:Argument></jsdl:POSIXApplication></idb:IDBApplication><!-- C shell --><idb:IDBApplication><idb:ApplicationName>C shell</idb:ApplicationName><idb:ApplicationVersion>6.14.00</idb:ApplicationVersion><jsdl:POSIXApplication xmlns:jsdl="http://schemas.ggf.org/jsdl/2005/11/jsdl-posix"><jsdl:Executable>/bin/csh</jsdl:Executable><jsdl:Argument>-x$DEBUG?</jsdl:Argument><jsdl:Argument>-v$VERBOSE?</jsdl:Argument><jsdl:Argument>$OPTIONS?</jsdl:Argument><jsdl:Argument>$SOURCE?</jsdl:Argument><jsdl:Argument>$ARGUMENTS?</jsdl:Argument></jsdl:POSIXApplication></idb:IDBApplication><!-- Korn Shell --><idb:IDBApplication><idb:ApplicationName>Korn shell</idb:ApplicationName><idb:ApplicationVersion>Version M 1993-12-28 q</idb:ApplicationVersion><jsdl:POSIXApplication xmlns:jsdl="http://schemas.ggf.org/jsdl/2005/11/jsdl-posix"><jsdl:Executable>/usr/bin/ksh</jsdl:Executable><jsdl:Argument>$OPTIONS?</jsdl:Argument><jsdl:Argument>$SOURCE?</jsdl:Argument><jsdl:Argument>$ARGUMENTS?</jsdl:Argument></jsdl:POSIXApplication></idb:IDBApplication><!-- Perl script --><idb:IDBApplication><idb:ApplicationName>Perl</idb:ApplicationName><idb:ApplicationVersion>5.8.8</idb:ApplicationVersion><jsdl:POSIXApplication xmlns:jsdl="http://schemas.ggf.org/jsdl/2005/11/jsdl-posix"><jsdl:Executable>/usr/bin/perl</jsdl:Executable><jsdl:Argument>-d$DEBUG?</jsdl:Argument><jsdl:Argument>-d:DProf$PROFILING?</jsdl:Argument><jsdl:Argument>-c$VERBOSE?</jsdl:Argument><jsdl:Argument>$OPTIONS?</jsdl:Argument><jsdl:Argument>-- $SOURCE?</jsdl:Argument><jsdl:Argument>$ARGUMENTS?</jsdl:Argument></jsdl:POSIXApplication></idb:IDBApplication><!-- Python script --><idb:IDBApplication><idb:ApplicationName>Python Script</idb:ApplicationName><idb:ApplicationVersion>2.4.2</idb:ApplicationVersion><jsdl:POSIXApplication xmlns:jsdl="http://schemas.ggf.org/jsdl/2005/11/jsdl-posix"><jsdl:Executable>/usr/bin/python</jsdl:Executable><jsdl:Argument>-d$DEBUG?</jsdl:Argument><jsdl:Argument>-v$VERBOSE?</jsdl:Argument><jsdl:Argument>$OPTIONS?</jsdl:Argument><jsdl:Argument>$SOURCE?</jsdl:Argument><jsdl:Argument>$ARGUMENTS?</jsdl:Argument></jsdl:POSIXApplication></idb:IDBApplication><!-- Resources --><idb:TargetSystemProperties><jsdl:Resources xmlns:jsdl="http://schemas.ggf.org/jsdl/2005/11/jsdl"><!-- CPU architecture, e.g. x86, x86_64, ia64, powerpc, sparc or other --><jsdl:CPUArchitecture><jsdl:CPUArchitectureName>x86_64</jsdl:CPUArchitectureName></jsdl:CPUArchitecture><!-- Operating system (as defined by JSDL),e.g. LINUX, MACOS, WINNT, AIX, --><jsdl:OperatingSystem><jsdl:OperatingSystemType><jsdl:OperatingSystemName>LINUX</jsdl:OperatingSystemName></jsdl:OperatingSystemType><jsdl:OperatingSystemVersion>2.6.28</jsdl:OperatingSystemVersion><jsdl:Description>Ubuntu GNU/Linux</jsdl:Description></jsdl:OperatingSystem><!-- wall time for the job in seconds --><jsdl:IndividualCPUTime><jsdl:Exact>3600</jsdl:Exact><jsdl:Range><jsdl:LowerBound>1</jsdl:LowerBound><jsdl:UpperBound>86400</jsdl:UpperBound></jsdl:Range></jsdl:IndividualCPUTime><!-- Memory per node (bytes) --><jsdl:IndividualPhysicalMemory><jsdl:Exact>268435456</jsdl:Exact><jsdl:Range><jsdl:LowerBound>1048576</jsdl:LowerBound><jsdl:UpperBound>1073741824</jsdl:UpperBound></jsdl:Range></jsdl:IndividualPhysicalMemory><!-- CPUs per node --><jsdl:IndividualCPUCount><jsdl:Exact>1.0</jsdl:Exact><jsdl:Range><jsdl:LowerBound>1.0</jsdl:LowerBound><jsdl:UpperBound>2.0</jsdl:UpperBound></jsdl:Range></jsdl:IndividualCPUCount><!-- Nodes --><jsdl:TotalResourceCount><jsdl:Exact>1.0</jsdl:Exact><jsdl:Range><jsdl:LowerBound>1.0</jsdl:LowerBound><jsdl:UpperBound>10.0</jsdl:UpperBound></jsdl:Range></jsdl:TotalResourceCount><!-- total CPUs --><jsdl:TotalCPUCount><jsdl:Range><jsdl:LowerBound>1.0</jsdl:LowerBound><jsdl:UpperBound>20.0</jsdl:UpperBound></jsdl:Range></jsdl:TotalCPUCount></jsdl:Resources></idb:TargetSystemProperties></idb:IDB>'>simpleidb
#!!!!ADAPT THIS FILE MANYALLY!!!! it should contain information about your cluster!!!# ========================================================================== tsi configuration# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Configure tsi.properties/etc/init.d/unicore-tsi setup
#in case torque batch system just choose Torquesed -i "s/localhost/$HOSTNAME/g" /usr/share/unicore/tsi_selected/conf/tsi.properties
# setup path to the qstat into /usr/share/unicore/tsi/tsi/linux_torque/tsi# my $pbs_bin_dir = "/usr/bin";
Proceed
- Start unicore-gateway unicore-tsi unicore-unicorex unicore-xuudb
- Import users to xuudb
- Change owner of log files
- Make unicore-gateway unicore-tsi unicore-unicorex unicore-xuudb as a services for OS and add put to autoboot system. So will be started during boot.
administrator's script: proceed.sh
#!/bin/bash# start unicore 6.4service unicore-gateway start
service unicore-tsi start
service unicore-unicorex start
service unicore-xuudb start
# After starting the XUUDB add the D-Grid users# Import the user records at the same time delete all the old records:unicore-xuudb-admin import /etc/unicore/xuudb/xuudb_in.csv clearDB
# checkunicore-xuudb-admin list
chown unicore.unicore /var/log/unicore/gateway/startup.log
chown unicore.unicore /var/log/unicore/unicorex/unicorex-startup.log
chown unicore.unicore /var/log/unicore/unicorex/unicorex.log
chkconfig unicore-gateway on
chkconfig unicore-tsi on
chkconfig unicore-unicorex on
chkconfig unicore-xuudb on
Initial test
- Check state of process from server side
- Submit job from client side:
- Grid user auth
- Prepare preferences for client
- Prepare test job
- Test ucc connect
- Test run job
administrator's script: test.sh
#!/bin/bash# test unicore 6 installation#Server side:ps -ef | grep tsi
ps -ef | grep unicore
#From ui side:grid-proxy-init
echo '
registry=https://dgrid-unic.fz-juelich.de:9110/D-GRID/services/Registry?res=default_registry,https://iwrunicore.fzk.de:9110/D-Grid-KIT/services/Registry?res=default_registryoutput=/var/log/nagios/outputkeystore=/var/log/nagios/.globus/mykeystore.p12storetype=pkcs12password=!!!!PASSWORD!!!!truststore=/usr/local/unicore/certs/truststore.jkstruststorePassword=t00ltec'>preferences.ucc
echo '
{ApplicationName: Date,ApplicationVersion: 1.0,}'>testjob.u
ucc connect -v -c preference.ucc
ucc run testjob.u -s DGIREF_SCC -c preference.ucc -a
Update
For update just use yum update for unicore packages. The update will be automatically use rpm repo
administrator's script: update.sh
yum clean allyum -y update unicore-unicorex unicore-xuudb unicore-gateway unicore-tsi
#warning: /etc/init.d/unicore-gateway saved as /etc/init.d/unicore-gateway.rpmsave#warning: /etc/unicore-gateway/security.properties saved as /etc/unicore-gateway/security.properties.rpmsave#warning: /etc/unicore-gateway/gateway.properties saved as /etc/unicore-gateway/gateway.properties.rpmsave#warning: /etc/unicore-gateway/connections.properties saved as /etc/unicore-gateway/connections.properties.rpmsave#warning: /etc/unicore-unicorex/wsrflite.xml saved as /etc/unicore-unicorex/wsrflite.xml.rpmsave#warning: /etc/unicore-unicorex/ucc.preferences saved as /etc/unicore-unicorex/ucc.preferences.rpmsave#warning: /etc/unicore-unicorex/uas.config saved as /etc/unicore-unicorex/uas.config.rpmsave#warning: /etc/unicore-unicorex/site-info.glue saved as /etc/unicore-unicorex/site-info.glue.rpmsave#warning: /etc/unicore-unicorex/simpleuudb saved as /etc/unicore-unicorex/simpleuudb.rpmsave#warning: /etc/unicore-xuudb/xuudb_server.conf saved as /etc/unicore-xuudb/xuudb_server.conf.rpmsave#warning: /etc/unicore-xuudb/xuudb_client.conf saved as /etc/unicore-xuudb/xuudb_client.conf.rpmsave#warning: /etc/init.d/unicore-xuudb saved as /etc/init.d/unicore-xuudb.rpmsave
