Difference between revisions of "D4Science Portal Installation"

From Gcube Wiki
Jump to: navigation, search
(Main install)
(Common Errors:)
Line 184: Line 184:
  
 
   no files with suffix '.crl_url' found in '/etc/grid-security/certificates'
 
   no files with suffix '.crl_url' found in '/etc/grid-security/certificates'
 +
 
in the /var/log/glite/glite-fetch-crl-cron.log file then installing the root rpm of the certification authority should solve the problem:
 
in the /var/log/glite/glite-fetch-crl-cron.log file then installing the root rpm of the certification authority should solve the problem:
 
<source lang=java5>  
 
<source lang=java5>  
Line 201: Line 202:
 
   
 
   
 
4) "fetch-crl" needs to run in crontab or else you'll have to renew your proxy certificate every 12 hours.
 
4) "fetch-crl" needs to run in crontab or else you'll have to renew your proxy certificate every 12 hours.
 +
 +
5) If they are not automatically retrieved to satisfy dependencies, the certification authorities packages should also be installed (e.g. '''ca_HellasGrid-Root.noarch''', '''ca_INFN-CA-2006.noarch''')
  
 
== Install ASL ==  
 
== Install ASL ==  

Revision as of 12:05, 19 June 2009

Alert icon2.gif THIS SECTION OF GCUBE DOCUMENTATION IS CURRENTLY UNDER UPDATE.

Install gCore

In order to install D4Science Portal, you need to install gCore. You can download the last version of gCore from here. Instuctions about how to install gCore can be found here

Install Tomcat

If there is no tomcat installation on your node, you need to download and install it. You should use tomcat v. 5.5.20. You can download tomcat from here.
After installing tomcat, you should edit $CATALINA_HOME/conf/server.xml file:

  1. Change the listener port in <Connector> for http from 8080 to whatever you want (if needed).
  2. In the same <Connector>, add the statement emptySessionPath="true". This forces all web-applications to use the same session ID.

Setup Tomcat

In order to enable tomcat to consume WSRF services, you have to apply some changes on tomcat's files:

  1. modify $CATALINA_HOME/bin/setclasspath.sh => Remove the line where the classpath is reset (CLASSPATH=)
  2. around line 72 of $CATALINA_HOME/bin/setclasspath.sh modify the CALSSPATH like this CLASSPATH="$CLASSPATH":"$JAVA_HOME"/lib/tools.jar
  3. add the mail.jar in $CATALINA_HOME/common/endorsed

Setup Environment

  1. The new D4Science portal requires a Gridsphere 3.1. Installation. You can download a clean version of Gridsphere 3.1 from ETICS ). Then unzip - untar the file.
  2. You will also need this sh file. This is a replacement of the original globus-devel-env.sh which excludes some jars from gCore (because they are older than the needed by the portal and they create conflicts). Download it and store it in $CATALINA_HOME.
  3. Clone the current ~/.bashrc to ~/.bashrc_portal, and modify the following:
    1. clean CLASSPATH: "export CLASSPATH="
    2. add CATALINA_HOME evn. variable (the home directory of tomcat)
    3. add GRIDSPHERE_HOME env. variable (the home directory of gridpshere)
    4. add JAVA_HOME env. variable (the home directory of java)
    5. add GLOBUS_LOCATION env. variable (the home directory of gCore)
    6. add CATALINA_OPTS env. variable "export CATALINA_OPTS=-DGLOBUS_LOCATION=$GLOBUS_LOCATION"
    7. add CATALINA_PID env. variable "export CATALINA_PID=~/pid.txt"
    8. remove the "source" command of globus-devel-env
    9. add a new "source" command for the modifies globus-devel-env script: "source $CATALINA_HOME/globus-devel-env-local.sh"
  4. Some jars of gCore create conflicts that can only be resolved by removing them... These are the naming*.jar jars and can be found in $GLOBUS_LOCATION/lib folder. So you have to remove these jars and then add the jars found here.

Install Gridsphere

If you want to have the D4Science look and fell, you have to apply the theme patch. You can download it from here. Then unzip - untar the file and from the D4Science-ThemesAndLayouts directory execute: "source patch.sh".

Now you are ready to deploy gridsphere!!! (If you want to deploy gridsphere on a different context that "/gridsphere/gridsphere", then you have to modify $GRIDSPHERE_HOME/build.properties file). Execute the following command:

  • source ~/.bashrc_portal
  • cd $GRIDSPHERE_HOME
  • ant install

Now, you have a portal instance! However, this gridsphere version has a bug regarding static content (htmls), so some more steps are still needed:

  • start tomcat and finish portal setup (database, first login account, etc). After setup nothing will be displayed, follow the next instruction.
  • stop tomcat
  • execute the following command: "rm -rf ~/.gridsphere/content/repository; cp -Rf $GRIDSPHERE_HOME/webapps/gridsphere/WEB-INF/CustomPortal/content/ ~/.gridsphere/"
    => This command replaces the content so it correctly render header and footer...
  • start tomcat again

Start /Stop Tomcat

In order to start / stop tomcat, you should execute the following commands correspondingly:

  • source ~/.bashrc_portal; $CATALINA_HOME/bin/catalina.sh start
  • source ~/.bashrc_portal; $CATALINA_HOME/bin/catalina.sh stop -force


Setup a Secure Environment

Main install

  • The following procedure that results in the creation of the proxy certificate, requires root privileges. At the end, the certificates (host and proxy) must be copied in a convenient location in the account of the user where the portal is installed.
  • Place the host certificates of you machine in /etc/grid-security and make sure the access rights are set to rw-r--r-- for the host certificate and to r-------- for the key. Note: A good practice is to rename the certificate to hostpubliccert.pem and the key to hostprivatekey.pem as these are the default names (e.g. this way it is not required to explicitly define them in the vomsAPI.properties file).
  • If the distro you are using is SLC4, make sure compat-lib* is installed.
  • Install voms-proxy-init command. Using yum:
yum install glite-security-voms-api-cpp.i386 glite-security-voms-clients.i386 gpt.i386 vdt_globus_essentials.i386

Important! that to successfully install the above, the glite repository should be registered to yum. Check /etc/yum.repos.d/ to make sure glite.repo exists underneath, otherwise the file must be created containing the following:

[main]
[glite]
name=gLite Base
baseurl=http://glitesoft.cern.ch/EGEE/gLite/APT/R3.0/sl4-compat/
enabled=1
 
[glite-ca]
name=gLite Base
baseurl=http://linuxsoft.cern.ch/LCG-CAs/current
enabled=1
 
#Please also make sure that the jpackage repository is enabled (e.g. via /etc/yum.repos.d/jpackage.repo):
 
[main]
[jpackage16-generic]
name=JPackage 1.6, generic
baseurl=http://linuxsoft.cern.ch/jpackage/1.6/generic/free/
enabled=1
 
[jpackage16-rhel40]
name=JPackage 1.6 for Red Hat Enterprise Linux 4
baseurl=http://linuxsoft.cern.ch/jpackage/1.6/redhat-el-4.0/free/
enabled=0
 
# DAG repository (e.g.  via /etc/yum.repos.d/dag.repo)
 
[main]
[dag]
name=DAG (http://dag.wieers.com) additional RPMS repository
baseurl=http://linuxsoft.cern.ch/dag/redhat/el4/en/$basearch/dag
enabled=1

Note that glite repository requires jpackage repository (/etc/yum.repos.d/jpackage.repo) to be enabled.

Another (not recomended) way is to download the required rpms from [1] and install them manually using the rpm -i command. Either way, install them in the order in which they appear above.

  • Download the configuration file from [2] into the /etc/glite/profile.d/ directory (create it if necessary) and modify it in accordance to the local values of the environment variables JAVA_HOME and GLOBUS_LOCATION

TODO change: The glite_setenv.sh must be executed at startup to properly initialize environment variables for the voms-proxy-init command.

  • You must also install the VOMS rpm that can be found here

Execute:

	- rpm -i voms-d4science.research-infrastructures.eu-1-0.2.i386.rpm


  • You must also have INFN CA certificate in /etc/grid-security/certificates. If you don't have it you can get it using "fetch-crl" command. In order to install the command execute:
	yum install fetch-crl.noarch

When "fetch-crl" is installed execute the following:

	/usr/sbin/fetch-crl -o /etc/grid-security/certificates -q >> /var/log/glite/glite-fetch-crl-cron.log 2>&1

If necessary create /etc/grid-security/certificates and /var/log/glite/ directories.

  • Make sure the machine is synchronized with an ntp server and concenquently with the VOMS server. In order to install ntp, execute:
		yum install ntp


  • Configure VOMS credentials

VOMS credentials must be installed in the local system to verify VOMS assertions. To do this:

  • Copy the certificates of trusted VOMS servers in $GLOBUS_LOCATION/etc/grid-security/vomsdir

Note:Please check that certificate files have -rw-r--r-- permissions. TODO: where to find them

  • Create VOMS files using the following conventions:
    • file naming convention:
<VO Name>-<VOMS SERVICE HOSTNAME>
    • content convention:
<VO Name>-<VOMS SERVICE HOSTNAME>

Example: "gCube" "voms.research-infrastructures.eu" "15001" "/C=IT/O=INFN/OU=Host/L=NMIS-ISTI/CN=voms.research-infrastructures.eu" "gCube"

Note: If you don't have the VOMS certificate, you can export it from you browser: D4S VOMS server (from Firefox: Preferences -> Advanced -> Encryption -> View Certificates -> Servers). Then, you can install it as an rpm file on your server.

  • When done move the VOMS file in /opt/glite/etc/vomses/ and make a copy also in /root/.glite/vomses/ (create the directory if necessary). Additionally, in /root/.glite/vomses/ copy the /etc/grid-security/hostpubliccert.pem
  • Ask the administrator of the D4S VOMS server to add your host certificate in the VO with "VO-Admin" privileges. The information needed to give him is:

- the fully qualified name of the machine In order to find the fully quilified name execute:

 openssl x509 -noout -in cert.pem -subject

where cert.pem is your host certificate - the admin email

Test Environment

Run voms-proxy-init command in order to generate a proxy certificate. An example of how to run the voms-proxy-init command is presented bellow:

 voms-proxy-init -cert your_host_cert.pem -key you_host_key.pem -out /whereto/save/proxycertificate -voms gCube:/gCube/Role=VO-Admin

The command will ask you for the password that protects "your_host_key.pem", if provided.

The rights for the host certificate must be rw-r--r-- and the rights for the key must be r--------

Expected output: the proxy certificate (the location of which will be later specified in the vomsAPI.properties file)

Common Errors:

1) If running fetch-crl results in something like

 no files with suffix '.crl_url' found in '/etc/grid-security/certificates'

in the /var/log/glite/glite-fetch-crl-cron.log file then installing the root rpm of the certification authority should solve the problem:

 
yum install ca_HellasGrid-Root.noarch

2) If the distro you are using is SLC4, make sure compat-lib* is installed, or you will get the following error:

 
voms-proxy-init: error while loading shared libraries: libstdc++.so.5: cannot open shared object file: No such file or directory

3) Make sure the machine is synchronized with an ntp server and concenquently with the VOMS server, or you will get the followin error:

 Error: Could not establish authenticated connection with the server.
    globus_gss_assist token :-1: read failure: unknown


4) "fetch-crl" needs to run in crontab or else you'll have to renew your proxy certificate every 12 hours.

5) If they are not automatically retrieved to satisfy dependencies, the certification authorities packages should also be installed (e.g. ca_HellasGrid-Root.noarch, ca_INFN-CA-2006.noarch)

Install ASL

If dynamic deployment is available, then you should prefer it.
Otherwise, in order to install ASL, you have to execute a set of steps:

  1. Download its lastest version from distribution site and place it under $GLOBUS_LOCATION/lib
  2. Copy its dependency jars to $GLOBUS_LOCATION/lib folder.
    The set of these jars for 1.0.4 version can be found here. However, they can be stale. In this case, you have to go to ETICS Reports and download their latest version.
  3. Create a new directory "$CATALINA_HOME/shared/d4s"
  4. Add to $CATALINA_HOME/shared/d4s a vomsAPI.properties file containing information described here

Deploy Basic Portlets

In order to be able to login on a VRE, and to administer users and VREs, you have to deploy two portlets. Follow these steps:

  1. Download org.gcube.portlets-admin.user-management-0.0.0-0.tar.gz and org.gcube.portlets-user.login-portlet-0.0.0-0.tar.gz
  2. Create two new folders (anywhere you like): "login-portlet", and "usermanagement-portlet" (
  3. Extract each of these files to the corresponding newly created folder.
  4. Go to each of the folder and execute the command: "ant"
  5. Restart tomcat

Portlet Deplyment Servlet

First Run Of the Portal

GS will ask you to decide which database you want to make it using. D4Science is going to use a centralized PostgreSQL DB. Ask to D4Science support team for its location and connection data.

Changing Gridsphere DB Location once portal is installed

You should stop Tomcat, change the file located in $portaluser/.gridsphere/database/hibernate.properties Startup Tomcat

For info on the Authorative LDAP DB please refer to the next section in this guide.