Difference between revisions of "D4Science Portal Installation"

From Gcube Wiki
Jump to: navigation, search
(Main install)
m
Line 64: Line 64:
 
* Place the '''host certificates''' of you machine in a convenient location and make suere the rights for the host certificate are: '''rw-r--r--''' anf for the key '''r--------'''.
 
* Place the '''host certificates''' of you machine in a convenient location and make suere the rights for the host certificate are: '''rw-r--r--''' anf for the key '''r--------'''.
  
* If the distro you are using is SLC4, make sure '''combat-lib*''' is installed.
+
* If the distro you are using is SLC4, make sure '''compat-lib*''' is installed.
  
 
* Install '''voms-proxy-init''' command
 
* Install '''voms-proxy-init''' command
Line 150: Line 150:
 
=== Common Errors:===
 
=== Common Errors:===
  
1) If the distro you are using is SLC4, make sure combat-lib* is installed, or you will get the following error:
+
1) If the distro you are using is SLC4, make sure compat-lib* is installed, or you will get the following error:
 
<source lang=java5>  
 
<source lang=java5>  
 
voms-proxy-init: error while loading shared libraries: libstdc++.so.5: cannot open shared object file: No such file or directory  
 
voms-proxy-init: error while loading shared libraries: libstdc++.so.5: cannot open shared object file: No such file or directory  

Revision as of 16:05, 16 June 2009

Alert icon2.gif THIS SECTION OF GCUBE DOCUMENTATION IS CURRENTLY UNDER UPDATE.

Install gCore

In order to install D4Science Portal, you need to install gCore. You can download the last version of gCore from here. Instuctions about how to install gCore can be found here

Install Tomcat

If there is no tomcat installation on your node, you need to download and install it. You should use tomcat v. 5.5.20. You can download tomcat from here.
After installing tomcat, you should edit $CATALINA_HOME/conf/server.xml file:

  1. Change the listener port in <Connector> for http from 8080 to whatever you want (if needed).
  2. In the same <Connector>, add the statement emptySessionPath="true". This forces all web-applications to use the same session ID.

Setup Tomcat

In order to enable tomcat to consume WSRF services, you have to apply some changes on tomcat's files:

  1. modify $CATALINA_HOME/bin/setclasspath.sh => Remove the line where the classpath is reset (CLASSPATH=)
  2. around line 72 of $CATALINA_HOME/bin/setclasspath.sh modify the CALSSPATH like this CLASSPATH="$CLASSPATH":"$JAVA_HOME"/lib/tools.jar
  3. add the mail.jar in $CATALINA_HOME/common/endorsed

Setup Environment

  1. The new D4Science portal requires a Gridsphere 3.1. Installation. You can download a clean version of Gridsphere 3.1 from ETICS ). Then unzip - untar the file.
  2. You will also need this sh file. This is a replacement of the original globus-devel-env.sh which excludes some jars from gCore (because they are older than the needed by the portal and they create conflicts). Download it and store it in $CATALINA_HOME.
  3. Clone the current ~/.bashrc to ~/.bashrc_portal, and modify the following:
    1. clean CLASSPATH: "export CLASSPATH="
    2. add CATALINA_HOME evn. variable (the home directory of tomcat)
    3. add GRIDSPHERE_HOME env. variable (the home directory of gridpshere)
    4. add JAVA_HOME env. variable (the home directory of java)
    5. add GLOBUS_LOCATION env. variable (the home directory of gCore)
    6. add CATALINA_OPTS env. variable "export CATALINA_OPTS=-DGLOBUS_LOCATION=$GLOBUS_LOCATION"
    7. add CATALINA_PID env. variable "export CATALINA_PID=~/pid.txt"
    8. remove the "source" command of globus-devel-env
    9. add a new "source" command for the modifies globus-devel-env script: "source $CATALINA_HOME/globus-devel-env-local.sh"
  4. Some jars of gCore create conflicts that can only be resolved by removing them... These are the naming*.jar jars and can be found in $GLOBUS_LOCATION/lib folder. So you have to remove these jars and then add the jars found here.

Install Gridsphere

If you want to have the D4Science look and fell, you have to apply the theme patch. You can download it from here. Then unzip - untar the file and from the D4Science-ThemesAndLayouts directory execute: "source patch.sh".

Now you are ready to deploy gridsphere!!! (If you want to deploy gridsphere on a different context that "/gridsphere/gridsphere", then you have to modify $GRIDSPHERE_HOME/build.properties file). Execute the following command:

  • source ~/.bashrc_portal
  • cd $GRIDSPHERE_HOME
  • ant install

Now, you have a portal instance! However, this gridsphere version has a bug regarding static content (htmls), so some more steps are still needed:

  • start tomcat and finish portal setup (database, first login account, etc). After setup nothing will be displayed, follow the next instruction.
  • stop tomcat
  • execute the following command: "rm -rf ~/.gridsphere/content/repository; cp -Rf $GRIDSPHERE_HOME/webapps/gridsphere/WEB-INF/CustomPortal/content/ ~/.gridsphere/"
    => This command replaces the content so it correctly render header and footer...
  • start tomcat again

Start /Stop Tomcat

In order to start / stop tomcat, you should execute the following commands correspondingly:

  • source ~/.bashrc_portal; $CATALINA_HOME/bin/catalina.sh start
  • source ~/.bashrc_portal; $CATALINA_HOME/bin/catalina.sh stop -force


Setup a Secure Environment

Main install

  • Place the host certificates of you machine in a convenient location and make suere the rights for the host certificate are: rw-r--r-- anf for the key r--------.
  • If the distro you are using is SLC4, make sure compat-lib* is installed.
  • Install voms-proxy-init command
  • Download the required rpms and configuration file from [1] or retrieve the rpms from the repositories. In order to find out wether the rpms exist in the system's repository, execute the following command:
 ls -l /etc/yum.repos.d/

and see if the glite.repo appears in the list

  • Install rpms in the order in which they appear in the download page. In order to install the rpms, execute the following commands:
yum install glite-security-voms-cpp.i386
 
yum install glite-security-voms-clients.i386
 
yum install gpt.i386
 
yum install vdt_globus_essentials.i386
  • Copy the configuration file to the directory /etc/glite/profile.d/
  • Modify the configuration file in accordance with the local values of the environment variables JAVA_HOME and GLOBUS_LOCATION

The glite_setenv.sh must be executed at startup to properly initialize environment variables for the voms-proxy-init command.

  • You must also install the VOMS rpm that can be found here

Execute:

	- rpm -i voms-d4science.research-infrastructures.eu-1-0.2.i386.rpm


  • You must also have INFN CA certificate in /etc/grid-security/certificates. If you don't have it you can get it using "fetch-crl" command. In order to install the command execute:
	yum install fetch-crl.noarch

When "fetch-crl" is installed execute the following:

	/usr/sbin/fetch-crl -o /etc/grid-security/certificates -q >> /var/log/glite/glite-fetch-crl-cron.log 2>&1


  • Make sure the machine is synchronized with an ntp server and concenquently with the VOMS server. In order to install ntp, execute:
		yum install ntp


  • Configure VOMS credentials

VOMS credentials must be installed in the local system to verify VOMS assertions. To do this:

  • Copy the certificates of trusted VOMS servers in $GLOBUS_LOCATION/etc/grid-security/vomsdir

Note:Please check that certificate files have -rw-r--r-- permissions.

  • Create VOMS files in /opt/glite/etc/vomses using the following conventions:
    • file naming convention:
<VO Name>-<VOMS SERVICE HOSTNAME>
    • content convention:
<VO Name>-<VOMS SERVICE HOSTNAME>

Example: "gCube" "voms.research-infrastructures.eu" "15001" "/C=IT/O=INFN/OU=Host/L=NMIS-ISTI/CN=voms.research-infrastructures.eu" "gCube"

Note: If you don't have the VOMS certificate, you can export it from you browser: D4S VOMS server (from Firefox: Preferences -> Advanced -> Encryption -> View Certificates -> Servers). Then, you can install it as an rpm file on your server.


  • Ask the administrator of the D4S VOMS server to add your host certificate in the VO with "VO-Admin" privileges. The information needed to give him is:

- the fully qualified name of the machine In order to find the fully quilified name execute:

 openssl x509 -noout -in cert.pem -subject

where cert.pem is your host certificate - the admin email

Test Environment

Run voms-proxy-init command in order to generate a proxy certificate. An example of how to run the voms-proxy-init command is presented bellow:

 voms-proxy-init -cert your_host_cert.pem -key you_host_key.pem -out /path/to/proxy -voms gCube:/gCube/Role=VO-Admin

The command will ask you for the password that protects "your_host_key.pem", if provided.

The rights for the host certificate must be rw-r--r-- and the rights for the key must be r--------

Expected output: the proxy certificate (the location of which will be later specified in the vomsAPI.properties file)

Common Errors:

1) If the distro you are using is SLC4, make sure compat-lib* is installed, or you will get the following error:

 
voms-proxy-init: error while loading shared libraries: libstdc++.so.5: cannot open shared object file: No such file or directory

2) Make sure the machine is synchronized with an ntp server and concenquently with the VOMS server, or you will get the followin error:

 Error: Could not establish authenticated connection with the server.
    globus_gss_assist token :-1: read failure: unknown


3) "fetch-crl" needs to run in crontab or else you'll have to renew your proxy certificate every 12 hours.

Install ASL

If dynamic deployment is available, then you should prefer it.
Otherwise, in order to install ASL, you have to execute a set of steps:

  1. Download its lastest version from distribution site and place it under $GLOBUS_LOCATION/lib
  2. Copy its dependency jars to $GLOBUS_LOCATION/lib folder.
    The set of these jars for 1.0.4 version can be found here. However, they can be stale. In this case, you have to go to ETICS Reports and download their latest version.
  3. Create a new directory "$CATALINA_HOME/shared/d4s"
  4. Add to $CATALINA_HOME/shared/d4s a vomsAPI.properties file containing information described here

Deploy Basic Portlets

In order to be able to login on a VRE, and to administer users and VREs, you have to deploy two portlets. Follow these steps:

  1. Download org.gcube.portlets-admin.user-management-0.0.0-0.tar.gz and org.gcube.portlets-user.login-portlet-0.0.0-0.tar.gz
  2. Create two new folders (anywhere you like): "login-portlet", and "usermanagement-portlet" (
  3. Extract each of these files to the corresponding newly created folder.
  4. Go to each of the folder and execute the command: "ant"
  5. Restart tomcat

Portlet Deplyment Servlet

First Run Of the Portal

GS will ask you to decide which database you want to make it using. D4Science is going to use a centralized PostgreSQL DB. Ask to D4Science support team for its location and connection data.

Changing Gridsphere DB Location once portal is installed

You should stop Tomcat, change the file located in $portaluser/.gridsphere/database/hibernate.properties Startup Tomcat

For info on the Authorative LDAP DB please refer to the next section in this guide.