---

Old Page

This page has been migrated to http://www.grid.apac.edu.au/repository/trac/systems/wiki/HowTo/InstallNgPortal

Please do not edit this page, it has been kept for historic reasons.

---

NGPortal

Responsible Person

Ashley Wright QUT

Technology Summary and Contents

• Java 1.5.0
• Apache Tomcat 5.5.20
• Apache Ant 1.6.5
• Gridsphere 2.2.7
• Gridportlets 1.3.2
• UserMapping and VOMS GridMap Generation (No longer supported, replaced by VmdetailsGUMS)

Installation

This version has some major changes to previous ngportal releases that did not use the APAC repository and should be done from a fresh install. yum update should work for future updates.

1. install the base OS, See: XenInstall
2. setup yum
   • wget -P /etc/yum.repos.d http://www.grid.apac.edu.au/repository/dist/APAC-Grid.repo
   • wget -P /etc/yum.repos.d http://www.vpac.org/grid/files/eugridpma.repo
   • NOTE: Currently RPMs are in the development repo, this is disabled by default, so you will need to enable it i.e. "enabled=1" under the [apacdevel] section of /etc/yum.repos.d/APAC-Grid.repo
     • TODO: this needs to be fixed, using live repository for production machines
   • rpm --import http://dist.eugridpma.info/distribution/igtf/current/GPG-KEY-EUGridPMA-RPM-3
     • You may need to download the file first using wget with http_proxy set
   • rpm --import http://dries.ulyssis.org/rpm/RPM-GPG-KEY.dries.txt
     • TODO: dries repository is not downloaded above!
3. Apply for and install a host certificate (and key) for the machine as shown at: HostCertRequestAPAC
4. Verify host certificates
   WARNING: the RPM at the end of this section provides the dependencies for other RPMs and should only be installed if you have your host certificate and key setup. Proceeding without your certificates in place could make life difficult.
   • check for hostcert.pem and hostkey.pem in /etc/grid-security
   • rpm -ivh http://hpc-aw.its.tils.qut.edu.au/files/portal/APAC-gateway-host-certificates-0.1-1.noarch.rpm
     • TODO: this should come from the APAC repository? Do we really need it, other machines don't!
5. install ngportal RPM
   • yum install APAC-gateway-ngportal
6. install GridSphere source code
   • yum install APAC-gridsphere-devel APAC-gridportlets-devel

Post Install Configuration

1. obtain CRLs and generate grid-mapfile
   • /etc/cron.daily/05-get-crl
2. get a listing on the Grid Operations Center
   • /sbin/service httpd start
   • /sbin/service tomcat start
   • /usr/local/bin/gridpulse.sh
3. setup the gridsphere root account
   • visit http://your.host.name/gridsphere/
4. setup a Resources.xml file for gridportlets (sample in attachments)
   • /usr/local/apache-tomcat/webapps/gridportlets/WEB-INF/Resources.xml
5. enable cluster user accounts for the usermapping tool
   • detailed on the UserMapping page

Firewalls

You will need to open ports 80, 443, 8443 to allow users to access the portal. It is recommended to have these ports open to everyone.

See: GatewayIps for more information.

Optional Configuration

Securing your tomcat server

• avoid listening on port 8080 (after you've verified your setup works)
  • edit /usr/local/apache-tomcat/conf/server.xml and comment out the Connector element with attribute port="8080"
• only allow connections to the manager from localhost
  • edit /usr/local/apache-tomcat/conf/server.xml and find the host element with attribute name="localhost" and add the following XML

      <Context path="/manager" debug="0" privileged="true" docBase="/usr/local/apache-tomcat/server/webapps/manager">
         <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.0.0.1"/>
      </Context>

Mapping other tomcat webapps

If you have webapps which contain servlets you may need to add a mapping for your project. This will allow you to access your project via a url like http://your.host.name/yourproject, instead of http://your.host.name:8080/yourproject.

• Make sure you project is accessable and working from tomcat on port 8080.
• edit /etc/httpd/conf.d/mod_jk.conf
  • At the bottom of the file add a line like: "JKMount /yourproject/* ajp13"
• service httpd reload

File Location information

Here is the location of main components. You can also query RPMs for the location of files (eg. rpm -ql APAC-gridsphere).

• TOMCAT: /usr/local/apache-tomcat/
• ANT: /usr/local/apache-ant

Dependency Information

DC 25/7/07 This information is a guide only and may not be completely up-to-date. eg. gridmap, usermapping are no longer required.

APAC-gateway-ngportal

• APAC-gridsphere
• APAC-gridportlets
• APAC-gateway-gridpulse
• APAC-gateway-crl-update
• APAC-gateway-usermapping-tool
• APAC-gateway-config-ant
• APAC-gateway-config-gridmap
• APAC-gateway-config-mod_jk
• APAC-gateway-config-gridsphere
• ca_APAC

APAC-gridsphere

• APAC-apache-tomcat
• APAC-gateway-config-tomcat

APAC-gridportlets

• APAC-gridsphere

APAC-gateway-gridpulse

• /usr/bin/Mail

APAC-gateway-crl-update

• fetch-crl
• ca_APAC

APAC-gateway-usermapping-tool

• APAC-mod_auth_pam
• php
• mod_ssl

APAC-gateway-config-ant

• APAC-apache-ant

APAC-gateway-config-gridmap

• edg-mkgridmap

APAC-gateway-config-mod_jk

• APAC-mod_jk

APAC-gateway-config-gridsphere

• APAC-apache-tomcat
• /etc/grid-security/hostcert.pem
• /etc/grid-security/hostkey.pem

APAC-apache-tomcat

• jdk
• APAC-gateway-config-java (DC 25/7/07 was not installed by APAC-apache-tomcat)

APAC-gateway-config-tomcat

• APAC-apache-tomcat-jsvc
• APAC-gateway-config-java

APAC-mod_auth_pam

• httpd
• perl

APAC-apache-ant

• jdk

APAC-mod_jk

• httpd
• APAC-apache-tomcat

APAC-gateway-config-java

• jdk

APAC-apache-tomcat-jsvc

• APAC-apache-tomcat

Old Version

Please see VmdetailsNgportalOld

Usermapping and gridmap generation was handled by APAC-gateway-gridmap-gen.