Difference between revisions of "Core Services Installation"

From Gcube Wiki
Jump to: navigation, search
(Credentials Renewal Post-installation Configuration)
(Security-related Services Installation)
 
(146 intermediate revisions by 12 users not shown)
Line 1: Line 1:
== Platform Wide Dependencies ==
+
[[Category:Administrator's Guide]]
  
== Environment Setup ==
 
  
== Keeper ==
+
The Core Services are the minimal set of gCube Services needed to setup and manage VOs and to create dynamic VREs in a gCube infrastructure. Due to their nature and the deployment scenario we currently adopt/suggest, part of this group of services must be statically deployed. This section of the manual explains how to install, configure and verify single instances of such services.
  
=== Pre-installation setup ===
+
Please, refer to [[Administration|How to create a Virtual Organization]] section for a detailed explanation of their suggested deployment scenario (distribution, replication, etc.).
Actions to be performed before initiating the installation of this service.
+
  
=== Main installation procedure ===
+
== [[Information System Installation]] ==
Describe in full detail all required steps for installing/deploying all components of the service. Group the steps in subparagraphs providing a meaningful header. This section should contain instructions for at least the following sub-services:
+
* Package Repository
+
* DL Management and
+
* Hosting Node Management
+
  
=== Post-installation configuration ===
+
== [[VRE Management Installation]] ==
Configuration files that have to be edited after the installation. Scripts that have to be run that take care of post installation activities.
+
  
=== Testing and verifying the installation ===
+
== Security-related Services Installation ==
Provide instructions that will assist the administrator in verifying that the service has been installed and is running appropriately. Troubleshooting of the installation together with error messages and common compensation actions should be provided in detail in chapter 4.
+
: <strike>[[SOA3_HowTo | SOA3 Components Installation]]</strike>
 +
: <strike>[[Shibboleth_and_gCube | Shibboleth Configuration]]</strike>
 +
: <strike>[[Argus Installation]]</strike>
 +
: [[Authorization_service_installation | How to install the Authorization Service]]
  
=== Installation troubleshooting ===
+
== [[Usage Tracker Installation]] ==
Things that can go wrong. Error messages that my appear. Workarounds to common problems
+
 
+
== Broker & Matchmaker (BMM) ==
+
The BMM Service is composed by the following components:
+
* The '''BMM Connector''' (Java Library) and the '''BMM API''' (Java Library) allow clients (e.g. the DL Management service) to send a matching request, and notify  them with the response.
+
* The '''DIS Connector''' (Java Library) is in charge of keeping up-to-date tracks of the DHN profiles received from the DIS and to query the DIS in order to gather information the service or the algorithm needs for their computations.
+
* The '''BMM Service''' (WSRF Service) provides the core functionalities of the BMM component. By invoking the DIS Connector it queries the DIS in order to gather information about packages, then it forwards the BMM Connector request to the BMM Algorithm and, when the response is ready, it returns back the result.
+
* The '''BMM Utils''' (Java Library) is a library shared by other components. It defines exceptions and provides the validator used to parse the request and the response, as well as other helper classes.
+
* The '''BMM Algorithm''' (Java Library) calculates, by running a customized version of first-fit algorithm, the associations among packages and DHNs.
+
 
+
=== Pre-installation setup ===
+
The BMM Service is VO specific service (there is the need of an instance of it for each VO) and so the service installation requires a node (DHN) for each VO.
+
The BMM API and the BMM Connector libraries should be deployed on the client side. The other components on the server side.
+
 
+
=== Main installation procedure ===
+
The BMM ServiceArchive 0_3_0 can be downloaded from the [http://grids17.eng.it/engrepository/ Eng repository ]. These are the installation steps to follow:
+
* Unpack the ServiceArchive tar.gz file;
+
* type globus-deploy-gar bmm.matchMaker-service.gar to deploy the BMM Service on the local container;
+
* copy ServiceProfile_broker_BMM.xml under the ''$GLOBUS_LOCATION/etc/org_diligentproject_keeperservice_hnm/ServicesProfiles/'' folder in order to publish the BMM Service on the Running Instance of the DHN and in order to enable the service to accept requests from its clients.
+
DONE!
+
 
+
=== Post-installation configuration ===
+
None.
+
 
+
=== Testing and verifying the installation ===
+
Provide instructions that will assist the administrator in verifying that the service has been installed and is running appropriately. Troubleshooting of the installation together with error messages and common compensation actions should be provided in detail in chapter 4.
+
 
+
=== Installation troubleshooting ===
+
Things that can go wrong. Error messages that may appear. Workarounds to common problems
+
 
+
== DILIGENT Information Service (DIS) ==
+
 
+
The following components compose the DILIGENT Information Service:
+
*DIS-IP (Library) – The DIS-IP is responsible for registering/unregistering a group of resource properties as Aggregator Source to one or more DIS-ICs. It also allows to register/unregister groups of Topics in the DIS-Broker.
+
*DIS-HLSClient (Library) – The DIS-HLSClient is a library used by DILIGENT services to access the information maintained by the DILIGENT Information Service. Using a DIS-HLSClient it is possible to query a DIS-IC to discover Profiles or WS-Resource properties.
+
*DIS-IC (WSRFService) – This service is the Information Collector (IC) of all the data published in the DIS. It is implemented as Aggregator Sink that collects RPs from the registered (via DIS-IP) Aggregator Sources.
+
*DIS-BDIIClient (WSRFService) – This service is in charge of harvesting resource information from the BDII Server1 it has been configured to interact with. The gathered information is manipulated in order to make it compliant with the schema adopted in DILIGENT. Then such information is published as WS-Resources via the DIS-IP and as a DILIGENT Resource of type gLiteResource using the mechanism offered by the DIS-Registry Service.
+
*DIS-Registry (WSRFService) – This service provides registration and un-registration facilities for the DILIGENT resources profiles.
+
*DILIGENTProvider (Library) – This operation provider adds resource properties to the group of properties registered by a service in the DIS-IC. This additional information allows enlarging the spectrum of functionalities offered to identify the source that publishes the data and to perform fine-grained queries.
+
*DIS-Broker (WSRFService) – This service provides registration/unregistration of Topics (events to be notified on) for DILIGENT Services. This allows clients to subscribe to/unsubscribe from topics without having to know the physical locations of the services that expose them.
+
 
+
=== Pre-installation setup ===
+
 
+
The DIS core Services (DIS-Registry, DIS-Broker and DIS-IC), are VO specific services ( there is the need of an instance of those  services for each VO). Starting from the root VO ( the "diligent" root VO), but at the time being also all the sub-VO (i.e. ARTE) need a manual installation.
+
The root DIS is the first DILIGENT services that has to be installed in the infrastructure: it will contain all DHN Profiles and RI Profiles of Services running on the root VO and DHN profiles of Sub-VO node ( that can be assigned to sub-VOs by VO Managers).
+
 
+
The Installation of the root DIS requires at least 3 nodes:
+
 
+
* the DIS-Registry DHN
+
 
+
* the DIS-Broker DHN
+
 
+
* the DIS-IC DHN
+
 
+
The DIS-BDIIClient is a VO specific Services and is no needed at root VO level.
+
In order to speed up the performance and exploits the distributed nature of the GT4 Aggregator Framework, the best DIS Services deployment strategy would be:
+
 
+
* Deploy the DIS-Broker and the DIS-Registry on the same DHN
+
 
+
* Deploy the DIS-IC on a separate DHN.
+
 
+
The following installation documentation assumes that this is the target deployment schema.
+
 
+
=== Main installation procedure ===
+
 
+
The DIS Installation needs a manual change on the DHN behaviour. The HNM in general is configured to publish the RI profiles of the codeployed services and the related DHN profile on the root VO. In case the HNM is codeployed toghether with DIS Services (so it has to register Profiles using the codeployed  instance of the DIS-Registry) the DHN has to be configured to act as a "root" DHN. The related HNMService inthis context will create all the DIS Running Instance Profiles (togheter with the DHN profile), but it will be DIS-Registry itself that will register these profiles.
+
 
+
==== DHN root Installation  ====
+
 
+
The "root" DHN has to be installed following the  [http://ddwiki.di.uoa.gr/mediawiki/index.php/DHN_Installation Admin guide]. Once the installation has been done, the only change to standard DHN installation is on the HNM Service JNDI file:
+
* The "rootDHN" parameter has to be set to true ( the DIS DHN is also of type Static)
+
 
+
==== DIS-IC Installation ====
+
 
+
TBD
+
 
+
==== DIS-Broker Installation ====
+
 
+
The DISBroker ServiceArchive 0_3_0 can be downloaded from the [http://grids17.eng.it/engrepository/ Eng repository ]. These are the installation steps to follow:
+
* Unpack the ServiceArchive tar.gz file;
+
* type globus-deploy-gar org_diligentproject_informationservice_disbroker.gar to deploy the DIS-Broker Service on the local container;
+
 
+
DONE!
+
 
+
==== DIS-Registry Installation ====
+
 
+
The DISRegistry ServiceArchive 0_3_0 can be downloaded from the [http://grids17.eng.it/engrepository/ Eng repository ]. These are the installation steps to follow:
+
* Unpack the ServiceArchive tar.gz file;
+
* type globus-deploy-gar org_diligentproject_informationservice_disregistry.gar to deploy the DIS-Registry Service on the local container;
+
 
+
DONE!
+
 
+
==== Security Setting ====
+
 
+
All DIS services can be configured to run in a secure/unsecure context. In case the VO to deploy has to run in a secure way the stardard installation will provide ''server-config.wsdd'' files that already contain security-descriptor for DIS services.
+
In case the VO has to be deployed without security just:
+
* enter the specific container folder of DIS services (i.e for DIS-Registry : $GLOBUS_LOCATION/etc/org_diligentproject_informationservice_disregistry )
+
* copy the content of ''deploy-server.wsdd_NOSEC'' file inside ''server-config.wsdd'' file
+
* this will remove the link to the service security-descriptor and has to be done for all DIS services.
+
 
+
=== Post-installation configuration ===
+
 
+
After the deployment the  VOMap for the VO the DIS installed refers to has to be properly configured. So in case of /diligent root VO just change the file ''VOMap_diligent.xml'' located into the $GLOBUS_LOCATION/etc/org_diligentproject_keeperservice_hnm/VOMaps modifyng service endpoint according to your DIS installation. In case of sub-VO DIS installation just creates a VOMap_<yourSubVo>.xml file containing as above the endpoint to your DIS installation.
+
 
+
=== Testing and verifying the installation ===
+
Provide instructions that will assist the administrator in verifying that the service has been installed and is running appropriately. Troubleshooting of the installation together with error messages and common compensation actions should be provided in detail in chapter 4.
+
 
+
=== Installation troubleshooting ===
+
Things that can go wrong. Error messages that my appear. Workarounds to common problems
+
 
+
== VDL Generator ==
+
 
+
=== Pre-installation setup ===
+
Actions to be performed before initiating the installation of this service.
+
 
+
=== Main installation procedure ===
+
Describe in full detail all required steps for installing/deploying all components of the service. Group the steps in subparagraphs providing a meaningful header. This section should contain instructions for at least the following sub-services:
+
* Package Repository
+
* DL Management and
+
* Hosting Node Management
+
 
+
=== Post-installation configuration ===
+
Configuration files that have to be edited after the installation. Scripts that have to be run that take care of post installation activities.
+
 
+
=== Testing and verifying the installation ===
+
Provide instructions that will assist the administrator in verifying that the service has been installed and is running appropriately. Troubleshooting of the installation together with error messages and common compensation actions should be provided in detail in chapter 4.
+
 
+
=== Installation troubleshooting ===
+
Things that can go wrong. Error messages that my appear. Workarounds to common problems
+
 
+
== Dynamic Virtual Organization Support (DVOS) ==
+
The components of the Dynamic Virtual Organization Support are:
+
* DVOS Common library - A package containing common classes used in DVOS components (part of the Diligent Hosting Node, see [http://ddwiki.di.uoa.gr/mediawiki/index.php/DHN_Installation here] for installation instructions)
+
* Authentication-API library - A library providing DILIGENT services with some utility method useful to manage authentication tokens (part of the Diligent Hosting Node, see [http://ddwiki.di.uoa.gr/mediawiki/index.php/DHN_Installation here] for installation instructions)
+
* Delegation Service - A service allowing clients to delegate proxy credentials to DILIGENT services running on a DHN (part of the Diligent Hosting Node, see [http://ddwiki.di.uoa.gr/mediawiki/index.php/DHN_Installation here] for installation instructions)
+
* Credentials Renewal Service - A in charge of periodically refresh credentials of DILIGENT services
+
* Authorization service - A service allowing management of DILIGENT authorization elements, for a detailed description of DILIGENT authorization model see [http://ddwiki.di.uoa.gr/mediawiki/index.php/DILIGENT_Security_Model here]
+
 
+
=== Pre-installation setup ===
+
The DILIGENT security model is based on some existing security components. Following services must be installed (or already present in the infrastructure) to enable security funcionalities.
+
 
+
* MyProxy repository - This repository is required to host temporary credentials of users liable for DILIGENT RIs. These credentials are then delegated to services. To install and configure a MyProxy repository service you can follow [http://grid.ncsa.uiuc.edu/myproxy/install.html these] steps.
+
* MyProxy OnlineCA - This service is required to create temporary credentials for users and services authenticated with the DILIGENT Simple Certification Authority. To install and configure a MyProxy online CA service you can follow [http://grid.ncsa.uiuc.edu/myproxy/ca/ these] steps.
+
* VOMS - This component can be already installed to manage VO in your grid infrastructure or it can be installed following [[LINK_TO_BE_ADDED]] steps.
+
* VOMSServlet - the servlet required by DILIGENT services to interoperate with the VOMS administration web interface. For detailed information about how to install such a component you can refer [http://ddwiki.di.uoa.gr/mediawiki/index.php/DILIGENT_Gridsphere_and_Portal_Security_patch#Install_and_configure_the_VOMS_servlet here].
+
 
+
=== Main installation procedure ===
+
 
+
 
+
==== Credentials Renewal Installation ====
+
 
+
The Credentials Renewal ServiceArchive 0_3_0 can be downloaded from the [http://grids17.eng.it/engrepository/ Eng repository ]. These are the installation steps to follow:
+
* Unpack the ServiceArchive tar.gz file;
+
* type <code>$GLOBUS_LOCATION/bin/globus-deploy-gar dvos.credential-renewal-service.gar</code> to deploy the Credentials Renewal Service on the local container;
+
 
+
DONE!
+
 
+
==== Authorization Service Installation ====
+
 
+
TO BE ADDED
+
 
+
=== Post-installation configuration ===
+
 
+
==== Credentials Renewal Post-installation Configuration ====
+
 
+
Following properties must be properly set in the $GLOBUS_LOCATION/etc/dvos.credential-renewal-service/jndi-config.xml file after the installation of the Credentials Renewal Service:
+
 
+
{| border="1" cellpadding="5" cellspacing="0"
+
|-
+
! Parameter Name || Description || Example
+
|-
+
| myProxyRepositoryHost || The hostname of the machine hosting the MyProxy repository service || grids02.eng.it
+
|-
+
| myProxyRepositoryPort || The port number of the MyProxy repository service || 7512
+
|-
+
| myProxyOnlineCAHost || The hostname of the machine hosting the MyProxy online CA service || grids04.eng.it
+
|-
+
| myProxyOnlineCAPort || The port number of the MyProxy online CA service || 7512
+
|-
+
| voName || The name of the VOMS VO backing your infrastructure installation, as in the vomses file installed in the local machine for the VO created in the Credentials Renewal Service Pre-installation steps || diligent-dev
+
|-
+
| groupName || The name of the VO root group || /diligent
+
|-
+
| serviceCA || The DN of the online CA in the OSG format || /O=Grid/OU=GlobusTest/
+
OU=simpleCA-gauss.eng.it/
+
CN=Globus Simple CA
+
|-
+
| serviceDN ||  The DN of the Credentials Renewal Service certificate in the OSG format || /O=Grid/OU=GlobusTest/
+
OU=simpleCA-gauss.eng.it/
+
OU=eng.it/CN=CredentialsRenewalService
+
|-
+
| servletHost || The VOMS Servlet host name || grids15.eng.it
+
|-
+
| servletPort || The VOMS Servlet port name || 8094
+
|}
+
 
+
==== Authorization Service Post-installation Configuration ====
+
 
+
TO BE ADDED
+
 
+
=== Testing and verifying the installation ===
+
Provide instructions that will assist the administrator in verifying that the service has been installed and is running appropriately. Troubleshooting of the installation together with error messages and common compensation actions should be provided in detail in chapter 4.
+
 
+
=== Installation troubleshooting ===
+
Things that can go wrong. Error messages that my appear. Workarounds to common problems
+
 
+
== Portals ==
+
 
+
=== Pre-installation setup ===
+
Actions to be performed before initiating the installation of this service.
+
 
+
=== Main installation procedure ===
+
Describe in full detail all required steps for installing/deploying all components of the service. Group the steps in subparagraphs providing a meaningful header. This section should contain instructions for at least the following sub-services:
+
* Package Repository
+
* DL Management and
+
* Hosting Node Management
+
 
+
=== Post-installation configuration ===
+
Configuration files that have to be edited after the installation. Scripts that have to be run that take care of post installation activities.
+
 
+
=== Testing and verifying the installation ===
+
Provide instructions that will assist the administrator in verifying that the service has been installed and is running appropriately. Troubleshooting of the installation together with error messages and common compensation actions should be provided in detail in chapter 4.
+
 
+
=== Installation troubleshooting ===
+
Things that can go wrong. Error messages that my appear. Workarounds to common problems
+

Latest revision as of 18:12, 27 May 2016


The Core Services are the minimal set of gCube Services needed to setup and manage VOs and to create dynamic VREs in a gCube infrastructure. Due to their nature and the deployment scenario we currently adopt/suggest, part of this group of services must be statically deployed. This section of the manual explains how to install, configure and verify single instances of such services.

Please, refer to How to create a Virtual Organization section for a detailed explanation of their suggested deployment scenario (distribution, replication, etc.).

Information System Installation

VRE Management Installation

Security-related Services Installation

SOA3 Components Installation
Shibboleth Configuration
Argus Installation
How to install the Authorization Service

Usage Tracker Installation