D4Science Portal Installation

From Gcube Wiki
Jump to: navigation, search

Install gCore

  1. In order to install D4Science Portal, you need to install gCore. You can download the last version of gCore from here. Instuctions about how to install gCore can be found here
  2. If the installed gCore will not be running the "$GLOBUS_LOCATION/config/GHNConfig.client.xml" should be configured properly.

Install Tomcat

If there is no tomcat installation on your node, you need to download and install it. You should use tomcat v. 5.5.20. You can download tomcat from here.
After installing tomcat, you should edit $CATALINA_HOME/conf/server.xml file:

  1. Change the listener port in <Connector> for http from 8080 to whatever you want (if needed).
  2. In the same <Connector>, add the statement emptySessionPath="true". This forces all web-applications to use the same session ID.

Setup Tomcat

In order to enable tomcat to consume WSRF services, you have to apply some changes on tomcat's files:

  1. modify $CATALINA_HOME/bin/setclasspath.sh => Remove the line where the classpath is reset (CLASSPATH=)
  2. around line 72 of $CATALINA_HOME/bin/setclasspath.sh modify the CALSSPATH like this CLASSPATH="$CLASSPATH":"$JAVA_HOME"/lib/tools.jar
  3. add the mail.jar in $CATALINA_HOME/common/endorsed
  4. add the activation.jar in $CATALINA_HOME/common/endorsed

Setup Environment

  1. The new D4Science portal requires a Gridsphere 3.1. Installation. You can download a clean version of Gridsphere 3.1 from ETICS ). Then unzip - untar the file.
  2. You will also need this sh file. This is a replacement of the original globus-devel-env.sh which excludes some jars from gCore (because they are older than the needed by the portal and they create conflicts). Download it and store it in $CATALINA_HOME.
  3. Clone the current ~/.bashrc to ~/.bashrc_portal, and modify the following:
    1. clean CLASSPATH: "export CLASSPATH="
    2. add CATALINA_HOME evn. variable (the home directory of tomcat)
    3. add GRIDSPHERE_HOME env. variable (the home directory of gridpshere)
    4. add JAVA_HOME env. variable (the home directory of java)
    5. add GLOBUS_LOCATION env. variable (the home directory of gCore)
    7. add CATALINA_PID env. variable "export CATALINA_PID=~/pid.txt"
    8. remove the "source" command of globus-devel-env
    9. add a new "source" command for the modified globus-devel-env script: "source $CATALINA_HOME/globus-devel-env-local.sh"
  4. Some jars of gCore create conflicts that can only be resolved by removing them... These are the naming*.jar jars and can be found in $GLOBUS_LOCATION/lib folder. So you have to remove these jars and then add the jars found here.

Install Gridsphere

If you want to have the D4Science look and fell, you have to apply the theme patch before deploying the gridsphere. You can download it from here. Then unzip - untar the file and from the D4Science-ThemesAndLayouts directory execute: "source ~/.bashrc_portal; source patch.sh".

After the themes are installed you can deploy the Gridsphere. (Notice that if you want to deploy gridsphere on a different context than "/gridsphere/gridsphere", you have to modify $GRIDSPHERE_HOME/build.properties file).
Execute the following command:

  • source ~/.bashrc_portal
  • ant install

After deploying the gridsphere you have to perform the steps described below:

  • start tomcat and finish portal setup (database, first login account, etc). After setup nothing will be displayed and you have to follow the next instructions.
  • stop tomcat
  • execute the following command: "rm -rf ~/.gridsphere/content/repository; cp -Rf $GRIDSPHERE_HOME/webapps/gridsphere/WEB-INF/CustomPortal/content/ ~/.gridsphere/"
    => This command replaces the content so it correctly render header and footer...
  • start tomcat again

Some portlets use a client side notification mechanism for communicating. In order for this mechanism to work you should configure the portal installation properly. Follow the instructions that can be found here

Start /Stop Tomcat

In order to start / stop tomcat, you should execute the following commands correspondingly:

  • source ~/.bashrc_portal; $CATALINA_HOME/bin/catalina.sh start
  • source ~/.bashrc_portal; $CATALINA_HOME/bin/catalina.sh stop -force

Setup a Secure Environment

Main install

  • The following procedure that results in the creation of the proxy certificate, requires root privileges. At the end, the certificates (host and proxy) must be copied in a convenient location in the account of the user where the portal is installed.
  • Place the host certificates of you machine in /etc/grid-security and make sure the access rights are set to rw-r--r-- for the host certificate and to r-------- for the key. Note: A good practice is to rename the certificate to hostpubliccert.pem and the key to hostprivatekey.pem as these are the default names (e.g. this way it is not required to explicitly define them in the vomsAPI.properties file).
  • If the distro you are using is SLC4, make sure compat-lib* is installed.
  • Install voms-proxy-init command. Using yum:
yum install glite-security-voms-api-cpp.i386 glite-security-voms-clients.i386 gpt.i386 vdt_globus_essentials.i386 lcg-CA

Important! that to successfully install the above, the glite repository should be registered to yum. Check /etc/yum.repos.d/ to make sure glite.repo exists underneath, otherwise the file must be created containing the following:

name=gLite Base
name=gLite Base
#Please also make sure that the jpackage repository is enabled (e.g. via /etc/yum.repos.d/jpackage.repo):
name=JPackage 1.6, generic
name=JPackage 1.6 for Red Hat Enterprise Linux 4
# DAG repository (e.g.  via /etc/yum.repos.d/dag.repo)
name=DAG (http://dag.wieers.com) additional RPMS repository

Note that glite repository requires jpackage repository (/etc/yum.repos.d/jpackage.repo) to be enabled.

Another (not recomended) way is to download the required rpms from [1] and install them manually using the rpm -i command. Either way, install them in the order in which they appear above.

  • Download the configuration file from [2] into the /etc/glite/profile.d/ directory (create it if necessary) and modify it in accordance to the local values of the environment variables JAVA_HOME and GLOBUS_LOCATION

TODO change: The glite_setenv.sh must be executed at startup to properly initialize environment variables for the voms-proxy-init command.

  • You must also install the VOMS rpm that can be found here: [3]


	- rpm -i voms-d4science.research-infrastructures.eu-1-0.2.i386.rpm

  • You must also have INFN CA certificate in /etc/grid-security/certificates. If you don't have it you can get it using "fetch-crl" command. In order to install the command execute:
	yum install fetch-crl.noarch

When "fetch-crl" is installed execute the following:

	/usr/sbin/fetch-crl -o /etc/grid-security/certificates -q >> /var/log/glite/glite-fetch-crl-cron.log 2>&1

If necessary create /etc/grid-security/certificates and /var/log/glite/ directories.

  • Make sure the machine is synchronized with an ntp server and concenquently with the VOMS server. In order to install ntp, execute:
		yum install ntp

  • Configure VOMS credentials

VOMS credentials must be installed in the local system to verify VOMS assertions. To do this:

  • Copy the certificates of trusted VOMS servers in $GLOBUS_LOCATION/etc/grid-security/vomsdir

Note:Please check that certificate files have -rw-r--r-- permissions. TODO: where to find them

  • Create VOMS files using the following conventions:
    • file naming convention:
    • content convention:

Example: "gCube" "voms.research-infrastructures.eu" "15001" "/C=IT/O=INFN/OU=Host/L=NMIS-ISTI/CN=voms.research-infrastructures.eu" "gCube"

Note: If you don't have the VOMS certificate, you can export it from you browser: D4S VOMS server (from Firefox: Preferences -> Advanced -> Encryption -> View Certificates -> Servers).

  • When done move the VOMS file in /opt/glite/etc/vomses/ and make a copy also in /root/.glite/vomses/ (create the directory if necessary). Additionally, in /root/.glite/vomses/ copy the /etc/grid-security/hostpubliccert.pem
  • Ask the administrator of the D4S VOMS server to add your host certificate in the VO with "VO-Admin" privileges. The information needed to give him is:

- the fully qualified name of the machine In order to find the fully quilified name execute:

 openssl x509 -noout -in cert.pem -subject

where cert.pem is your host certificate - the admin email

Test Environment

Run voms-proxy-init command in order to generate a proxy certificate. An example of how to run the voms-proxy-init command is presented bellow:

 voms-proxy-init -cert your_host_cert.pem -key you_host_key.pem -out /path/to/proxycertificate -voms gCube:/gCube/Role=VO-Admin

The expected output is the proxy certificate (the location of which will be later specified in the vomsAPI.properties file). Change permissions to rw-r--r--.

The command will ask you for the password that protects "your_host_key.pem", if provided.

The rights for the host certificate must be rw-r--r-- and the rights for the key must be r--------

Expected output: the proxy certificate

Common Errors:

1) If running fetch-crl results in something like

 no files with suffix '.crl_url' found in '/etc/grid-security/certificates'

in the /var/log/glite/glite-fetch-crl-cron.log file then installing the root rpm of the certification authority should solve the problem:

yum install ca_HellasGrid-Root.noarch

2) If the distro you are using is SLC4, make sure compat-lib* is installed, or you will get the following error:

voms-proxy-init: error while loading shared libraries: libstdc++.so.5: cannot open shared object file: No such file or directory

3) Make sure the machine is synchronized with an ntp server and concenquently with the VOMS server, or you will get the followin error:

 Error: Could not establish authenticated connection with the server.
    globus_gss_assist token :-1: read failure: unknown

4) "fetch-crl" needs to run in crontab or else you'll have to renew your proxy certificate every 12 hours.

5) If they are not automatically retrieved to satisfy dependencies, installing the certification authorities packages (e.g. ca_HellasGrid-Root.noarch, ca_INFN-CA-2006.noarch) could solve problems related to the voms-proxy-init.

Install ASL

If dynamic deployment is available, then you should prefer it.
Otherwise, in order to install ASL, you have to execute a set of steps:

  1. Download its lastest version from distribution site and place it under $GLOBUS_LOCATION/lib
  2. Copy its dependency jars to $GLOBUS_LOCATION/lib folder.
    The set of these jars for 1.0.4 version can be found here. However, they can be stale. In this case, you have to go to ETICS Reports and download their latest version.
  3. Create a new directory "$CATALINA_HOME/shared/d4s" and add to it the configuration file vomsAPI.properties, containing information described here: [4]

Deploy Basic Portlets & Configure them

  • In order to be able to login on a VO/VRE

Follow these steps:

  1. Download the VO-login portlet from distribution site and deploy it
  2. Restart tomcat
  • All the other portlets that will be defined in the layout by using the Layout portlet should be deployed in this portal installation

The Dynamic deployment should be preferred

  • If the geospatial portlet is deployed you should create a google map key for the machine that hosts this portlet
    • Go to http://code.google.com/apis/maps/signup.html and sign up for a google map key
    • Copy the produced map key to the jsp file of the geospatial portlet. This file can be found at: $CATALINA_HOME/webapps/geospatial/jsp folder
    • Restart tomcat

Portlet Deplyment Servlet

First Run Of the Portal

GS will ask you to decide which database you want to make it using. D4Science is going to use a centralized PostgreSQL DB. Ask to D4Science support team for its location and connection data.

Changing Gridsphere DB Location once portal is installed

You should stop Tomcat, change the file located in $portaluser/.gridsphere/database/hibernate.properties Startup Tomcat

For more information on the Authoritative LDAP DB please refer to the next section in this guide ([LDAP Authorization]).