Difference between revisions of "D4Science Portal Installation"
m |
(→Main install) |
||
Line 68: | Line 68: | ||
* Install '''voms-proxy-init''' command | * Install '''voms-proxy-init''' command | ||
− | * | + | * Install glite-security-voms-cpp, glite-security-voms-clients, gpt and vdt_globus_essentials, using yum: |
− | + | ||
− | and | + | |
− | + | ||
− | + | ||
<source lang=java5> | <source lang=java5> | ||
yum install glite-security-voms-cpp.i386 | yum install glite-security-voms-cpp.i386 | ||
Line 82: | Line 78: | ||
yum install vdt_globus_essentials.i386 | yum install vdt_globus_essentials.i386 | ||
</source> | </source> | ||
− | + | ||
− | * | + | Note that to successfully install the above, the '''glite''' repository should be registered to yum. Check '''/etc/yum.repos.d/''' to make sure '''glite.repo''' exists underneath, otherwise the file must be created containing the following: |
+ | |||
+ | <source lang=java5> | ||
+ | [main] | ||
+ | [glite] | ||
+ | name=gLite Base | ||
+ | baseurl=http://glitesoft.cern.ch/EGEE/gLite/APT/R3.0/sl4-compat/ | ||
+ | enabled=1 | ||
+ | |||
+ | [glite-ca] | ||
+ | name=gLite Base | ||
+ | baseurl=http://linuxsoft.cern.ch/LCG-CAs/current | ||
+ | enabled=1 | ||
+ | |||
+ | #Please also make sure that the jpackage repository is enabled (e.g. via /etc/yum.repos.d/jpackage.repo): | ||
+ | |||
+ | [main] | ||
+ | [jpackage16-generic] | ||
+ | name=JPackage 1.6, generic | ||
+ | baseurl=http://linuxsoft.cern.ch/jpackage/1.6/generic/free/ | ||
+ | enabled=1 | ||
+ | |||
+ | [jpackage16-rhel40] | ||
+ | name=JPackage 1.6 for Red Hat Enterprise Linux 4 | ||
+ | baseurl=http://linuxsoft.cern.ch/jpackage/1.6/redhat-el-4.0/free/ | ||
+ | enabled=0 | ||
+ | |||
+ | # DAG repository (e.g. via /etc/yum.repos.d/dag.repo) | ||
+ | |||
+ | [main] | ||
+ | [dag] | ||
+ | name=DAG (http://dag.wieers.com) additional RPMS repository | ||
+ | baseurl=http://linuxsoft.cern.ch/dag/redhat/el4/en/$basearch/dag | ||
+ | enabled=1 | ||
+ | </source> | ||
+ | |||
+ | Another (not recomended) way is to download the required rpms from [http://dlib.sns.it/bscw/bscw.cgi/108734] and install them manually using the '''rpm -i''' command. Either way, install them in the order in which they appear above. | ||
+ | |||
+ | * Download the configuration file from [http://dlib.sns.it/bscw/bscw.cgi/108734] into the '''/etc/glite/profile.d/''' directory and modify it in accordance to the local values of the environment variables JAVA_HOME and GLOBUS_LOCATION | ||
The glite_setenv.sh must be executed at startup to properly initialize environment variables for the voms-proxy-init command. | The glite_setenv.sh must be executed at startup to properly initialize environment variables for the voms-proxy-init command. |
Revision as of 15:51, 17 June 2009
THIS SECTION OF GCUBE DOCUMENTATION IS CURRENTLY UNDER UPDATE.
Contents
Install gCore
In order to install D4Science Portal, you need to install gCore. You can download the last version of gCore from here. Instuctions about how to install gCore can be found here
Install Tomcat
If there is no tomcat installation on your node, you need to download and install it. You should use tomcat v. 5.5.20.
You can download tomcat from here.
After installing tomcat, you should edit $CATALINA_HOME/conf/server.xml file:
- Change the listener port in <Connector> for http from 8080 to whatever you want (if needed).
- In the same <Connector>, add the statement emptySessionPath="true". This forces all web-applications to use the same session ID.
Setup Tomcat
In order to enable tomcat to consume WSRF services, you have to apply some changes on tomcat's files:
- modify $CATALINA_HOME/bin/setclasspath.sh => Remove the line where the classpath is reset (CLASSPATH=)
- around line 72 of $CATALINA_HOME/bin/setclasspath.sh modify the CALSSPATH like this CLASSPATH="$CLASSPATH":"$JAVA_HOME"/lib/tools.jar
- add the mail.jar in $CATALINA_HOME/common/endorsed
Setup Environment
- The new D4Science portal requires a Gridsphere 3.1. Installation. You can download a clean version of Gridsphere 3.1 from ETICS ). Then unzip - untar the file.
- You will also need this sh file. This is a replacement of the original globus-devel-env.sh which excludes some jars from gCore (because they are older than the needed by the portal and they create conflicts). Download it and store it in $CATALINA_HOME.
- Clone the current ~/.bashrc to ~/.bashrc_portal, and modify the following:
- clean CLASSPATH: "export CLASSPATH="
- add CATALINA_HOME evn. variable (the home directory of tomcat)
- add GRIDSPHERE_HOME env. variable (the home directory of gridpshere)
- add JAVA_HOME env. variable (the home directory of java)
- add GLOBUS_LOCATION env. variable (the home directory of gCore)
- add CATALINA_OPTS env. variable "export CATALINA_OPTS=-DGLOBUS_LOCATION=$GLOBUS_LOCATION"
- add CATALINA_PID env. variable "export CATALINA_PID=~/pid.txt"
- remove the "source" command of globus-devel-env
- add a new "source" command for the modifies globus-devel-env script: "source $CATALINA_HOME/globus-devel-env-local.sh"
- Some jars of gCore create conflicts that can only be resolved by removing them... These are the naming*.jar jars and can be found in $GLOBUS_LOCATION/lib folder. So you have to remove these jars and then add the jars found here.
Install Gridsphere
If you want to have the D4Science look and fell, you have to apply the theme patch. You can download it from here. Then unzip - untar the file and from the D4Science-ThemesAndLayouts directory execute: "source patch.sh".
Now you are ready to deploy gridsphere!!! (If you want to deploy gridsphere on a different context that "/gridsphere/gridsphere", then you have to modify $GRIDSPHERE_HOME/build.properties file). Execute the following command:
- source ~/.bashrc_portal
- cd $GRIDSPHERE_HOME
- ant install
Now, you have a portal instance! However, this gridsphere version has a bug regarding static content (htmls), so some more steps are still needed:
- start tomcat and finish portal setup (database, first login account, etc). After setup nothing will be displayed, follow the next instruction.
- stop tomcat
- execute the following command: "rm -rf ~/.gridsphere/content/repository; cp -Rf $GRIDSPHERE_HOME/webapps/gridsphere/WEB-INF/CustomPortal/content/ ~/.gridsphere/"
=> This command replaces the content so it correctly render header and footer... - start tomcat again
Start /Stop Tomcat
In order to start / stop tomcat, you should execute the following commands correspondingly:
- source ~/.bashrc_portal; $CATALINA_HOME/bin/catalina.sh start
- source ~/.bashrc_portal; $CATALINA_HOME/bin/catalina.sh stop -force
Setup a Secure Environment
Main install
- Place the host certificates of you machine in a convenient location and make suere the rights for the host certificate are: rw-r--r-- anf for the key r--------.
- If the distro you are using is SLC4, make sure compat-lib* is installed.
- Install voms-proxy-init command
- Install glite-security-voms-cpp, glite-security-voms-clients, gpt and vdt_globus_essentials, using yum:
yum install glite-security-voms-cpp.i386 yum install glite-security-voms-clients.i386 yum install gpt.i386 yum install vdt_globus_essentials.i386
Note that to successfully install the above, the glite repository should be registered to yum. Check /etc/yum.repos.d/ to make sure glite.repo exists underneath, otherwise the file must be created containing the following:
[main] [glite] name=gLite Base baseurl=http://glitesoft.cern.ch/EGEE/gLite/APT/R3.0/sl4-compat/ enabled=1 [glite-ca] name=gLite Base baseurl=http://linuxsoft.cern.ch/LCG-CAs/current enabled=1 #Please also make sure that the jpackage repository is enabled (e.g. via /etc/yum.repos.d/jpackage.repo): [main] [jpackage16-generic] name=JPackage 1.6, generic baseurl=http://linuxsoft.cern.ch/jpackage/1.6/generic/free/ enabled=1 [jpackage16-rhel40] name=JPackage 1.6 for Red Hat Enterprise Linux 4 baseurl=http://linuxsoft.cern.ch/jpackage/1.6/redhat-el-4.0/free/ enabled=0 # DAG repository (e.g. via /etc/yum.repos.d/dag.repo) [main] [dag] name=DAG (http://dag.wieers.com) additional RPMS repository baseurl=http://linuxsoft.cern.ch/dag/redhat/el4/en/$basearch/dag enabled=1
Another (not recomended) way is to download the required rpms from [1] and install them manually using the rpm -i command. Either way, install them in the order in which they appear above.
- Download the configuration file from [2] into the /etc/glite/profile.d/ directory and modify it in accordance to the local values of the environment variables JAVA_HOME and GLOBUS_LOCATION
The glite_setenv.sh must be executed at startup to properly initialize environment variables for the voms-proxy-init command.
- You must also install the VOMS rpm that can be found here
Execute:
- rpm -i voms-d4science.research-infrastructures.eu-1-0.2.i386.rpm
- You must also have INFN CA certificate in /etc/grid-security/certificates. If you don't have it you can get it using "fetch-crl" command. In order to install the command execute:
yum install fetch-crl.noarch
When "fetch-crl" is installed execute the following:
/usr/sbin/fetch-crl -o /etc/grid-security/certificates -q >> /var/log/glite/glite-fetch-crl-cron.log 2>&1
- Make sure the machine is synchronized with an ntp server and concenquently with the VOMS server. In order to install ntp, execute:
yum install ntp
- Configure VOMS credentials
VOMS credentials must be installed in the local system to verify VOMS assertions. To do this:
- Copy the certificates of trusted VOMS servers in $GLOBUS_LOCATION/etc/grid-security/vomsdir
Note:Please check that certificate files have -rw-r--r-- permissions.
- Create VOMS files in /opt/glite/etc/vomses using the following conventions:
- file naming convention:
<VO Name>-<VOMS SERVICE HOSTNAME>
- content convention:
<VO Name>-<VOMS SERVICE HOSTNAME>
Example: "gCube" "voms.research-infrastructures.eu" "15001" "/C=IT/O=INFN/OU=Host/L=NMIS-ISTI/CN=voms.research-infrastructures.eu" "gCube"
Note: If you don't have the VOMS certificate, you can export it from you browser: D4S VOMS server (from Firefox: Preferences -> Advanced -> Encryption -> View Certificates -> Servers). Then, you can install it as an rpm file on your server.
- Ask the administrator of the D4S VOMS server to add your host certificate in the VO with "VO-Admin" privileges. The information needed to give him is:
- the fully qualified name of the machine In order to find the fully quilified name execute:
openssl x509 -noout -in cert.pem -subject
where cert.pem is your host certificate - the admin email
Test Environment
Run voms-proxy-init command in order to generate a proxy certificate. An example of how to run the voms-proxy-init command is presented bellow:
voms-proxy-init -cert your_host_cert.pem -key you_host_key.pem -out /path/to/proxy -voms gCube:/gCube/Role=VO-Admin
The command will ask you for the password that protects "your_host_key.pem", if provided.
The rights for the host certificate must be rw-r--r-- and the rights for the key must be r--------
Expected output: the proxy certificate (the location of which will be later specified in the vomsAPI.properties file)
Common Errors:
1) If the distro you are using is SLC4, make sure compat-lib* is installed, or you will get the following error:
voms-proxy-init: error while loading shared libraries: libstdc++.so.5: cannot open shared object file: No such file or directory
2) Make sure the machine is synchronized with an ntp server and concenquently with the VOMS server, or you will get the followin error:
Error: Could not establish authenticated connection with the server. globus_gss_assist token :-1: read failure: unknown
3) "fetch-crl" needs to run in crontab or else you'll have to renew your proxy certificate every 12 hours.
Install ASL
If dynamic deployment is available, then you should prefer it.
Otherwise, in order to install ASL, you have to execute a set of steps:
- Download its lastest version from distribution site and place it under $GLOBUS_LOCATION/lib
- Copy its dependency jars to $GLOBUS_LOCATION/lib folder.
The set of these jars for 1.0.4 version can be found here. However, they can be stale. In this case, you have to go to ETICS Reports and download their latest version. - Create a new directory "$CATALINA_HOME/shared/d4s"
- Add to $CATALINA_HOME/shared/d4s a vomsAPI.properties file containing information described here
Deploy Basic Portlets
In order to be able to login on a VRE, and to administer users and VREs, you have to deploy two portlets. Follow these steps:
- Download org.gcube.portlets-admin.user-management-0.0.0-0.tar.gz and org.gcube.portlets-user.login-portlet-0.0.0-0.tar.gz
- Create two new folders (anywhere you like): "login-portlet", and "usermanagement-portlet" (
- Extract each of these files to the corresponding newly created folder.
- Go to each of the folder and execute the command: "ant"
- Restart tomcat
Portlet Deplyment Servlet
First Run Of the Portal
GS will ask you to decide which database you want to make it using. D4Science is going to use a centralized PostgreSQL DB. Ask to D4Science support team for its location and connection data.
Changing Gridsphere DB Location once portal is installed
You should stop Tomcat, change the file located in $portaluser/.gridsphere/database/hibernate.properties Startup Tomcat
For info on the Authorative LDAP DB please refer to the next section in this guide.