TWiki> APACgrid Web>GatewayMachines>VmdetailsVomrs (21 Feb 2007, ChrisKendrick)EditAttach
-- ChrisKendrick - 13 Dec 2006

VOMRS Server Build Guide 3

Purpose - Document of how to build the APAC Grid VOMRS Server

Responsible Group - VPAC

Contact - Chris Kendrick - kendrick@vpac.org

Technology - CentOS 4.4, VDT VOMS, VOMRS

Step One: Virtual Machine (VM) Creation.

Create Logical Volume (disk space) for VOMRS Virtual Machine

Whilst being sure to change the keyword NG2 to VOMRS follow the notes Basic Xen Install under the heading "Creation of Other Domains (e.g. NG2)". To create disk space for the new VOMRS VM.

Create VM

Whilst being sure to:

  • change the keyword NG2 to VOMRS.
  • ensure the mac address you assign to /etc/xen/VOMRS is unique.
Follow the notes Basic Xen Install under the heading "Bootstrapping CentOS 4.4". To create a base VM to build the VOMS/VOMRS server on.

Configure you new vomrs VM now that its up and running 

# vi /etc/ntp.conf
Modify the section in "OUR TIMESERVERS to only have "server edda-m.vpac.org" 
# vi /etc/postfix/main.cf
Change the line "#mydomain = domain.tld" to "mydomain = apac.edu.au" Also change the line "#myorigin = $myhostname" to "myorigin = $myhostname" 
# vi /etc/sysconfig/network-scripts/ifcfg-eth0 .. set BOOTPROTO=static, IPADDR=131.170.184.32, NETMASK=255.255.255.0
# vi /etc/sysconfig/network .. set HOSTNAME=vomrs.apac.edu.au, GATEWAY=131.170.184.254
# vi /etc/hosts .. add: 131.170.184.32 vomrs.apac.edu.au vomrs
# service network restart
# yum -y install openssh-server
# service sshd start
# init 6
# exit
# ssh vomrs.apac.edu.au

Step Two: Installing VDT VOMS

Install Host Certificate Now get a host certificate (hostcert.pem) and private key (hostkey.pem) for the machine and save them in /etc/grid-security setting the permissions as follows: 

# mkdir /etc/grid-security && cd /etc/grid-security/
# chown root:root /etc/grid-security/hostkey.pem
# chmod 400 /etc/grid-security/hostkey.pem
# chown root:root /etc/grid-security/hostcert.pem
# chmod 644 /etc/grid-security/hostcert.pem
Install VDT VOMS 
# yum install Gbuild
# /usr/local/sbin/BuildVomsVdt161.sh

Install the APACGrid VO and configure VOMS to start on boot 

# source /etc/profile
# /opt/vdt/vdt/setup/configure_voms --vo APACGrid --smtp-host vpac.org
Reboot machine and check if mysql, apache, tomcat and voms service start automatically 
# init 6
Then log into the vomrs server as root and check that all services are running. 
# ps aux | grep mysql, Note the vdt mysql init.d file doesn't seem to work quire right, so just check if mysql is running manually
# service tomcat-5 start, Sould fail stating that service is already running
# service apache start, Sould fail stating that service is already running
# service voms start, Sould fail stating that service is already running

Add yourself as an administrator

Copy your user certificate to /root/admin_usercert.pem 

# X509_USER_CERT=/etc/grid-security/http/httpcert.pem
# X509_USER_KEY=/etc/grid-security/http/httpkey.pem
# voms-admin --vo APACGrid create-user /root/admin_usercert.pem assign-role VO VO-Admin /root/admin_usercert.pem

Then open a web browser and go to https://vomrs.apac.edu.au:8443/voms/APACGrid

Allow VOMS database queries

While at the web interface click "Administer the VO", then click "GLOBAL ACL", then click "Edit this ACL", them from the "Operation" pulldown select "list", then check "Anyone who presents a certificate issued by a known CA", then click "Add new entry"

Step Three: Installing VOMRS

Install VOMRS 

# cd /opt/
# pacman -pretend-platform linux-rhel-4 -get http://www.uscms.org/SoftwareComputing/Grid/VO/VOMRS:vomrs

Set root password for mysql database 

# mysql -u root
# SET PASSWORD FOR 'root'@'vomrs.apac.edu.au' = PASSWORD('secret');
# SET PASSWORD FOR 'root'@'localhost' = PASSWORD('secret');

Update your /opt/vdt/apache/conf/httpd.conf

So that it looks more like to following 

JkMount /* tomcat5
<Location /voms>
    SSLVerifyClient require
</Location>

<Location /vo>
    SSLCACertificatePath /etc/grid-security/certificates
    SSLVerifyClient require
    SSLVerifyDepth  10
    SSLOptions +StdEnvVars +ExportCertData
</Location>

<Location /vomses>
    SSLVerifyClient require
</Location>

Install APACGrid VO 

# export VOMRS_LOCATION=/opt/vomrs-1.3
# cd $VOMRS_LOCATION/sbin
# ./vomrs_configure

Follow all defaults except for the following (change any user specific values as needed):

  • Do you want to continue (y,n,quit): y
  • Enter the name of the Virtual Organization: APACGrid
  • Enter the name of organization that oversees all grid resources for this VO (default: OSG )APACGrid
  • Enter the home page url of for this organization (default: http://osg-docdb.opensciencegrid.org )http://grid.apac.edu.au/
  • Do you want VO member to sign AUPs located on this node (y,n,quit):n
  • Enter the fully qualified name of your organization mail server (default: smtp.apac.edu.au )vpac.org
  • Enter the email subject you want to appear in email send by VOMRS (default: AUTOMATIC NOTIFICATION FROM VOMRS APACGrid )AUTOMATIC NOTIFICATION FROM APACGrid VOMRS SERVER
  • Enter the email address of the sender (default: vomrs-admin@apac.edu.au )vomrs-admin@vpac.org
  • Enter the password of the admin user vomrs13_apacgri:
  • Re-enter your password:
  • Enter the database host (default: localhost.localdomain )localhost
  • Enter the database port (default: 3306 )49151
  • Enter the name of VOMS installation (default: apacgrid )APACGrid
  • Enter the synchronization interval (default: 5 minutes)2
  • You can either quit and set it OR enter it now: /opt/vdt/tomcat/v5
  • Enter the unix user name that will be running tomcat: (default: tomcat4) : daemon
  • Do you want DN and CA populated from a certificate file (y,n,quit): n
  • Enter VO Admin's DN: /C=AU/O=APACGrid/OU=VPAC/CN=Chris Kendrick
  • Enter VO Admin's CA: /C=AU/O=APACGrid/OU=CA/CN=APACGrid/Email=camanager@vpac.org
  • Enter VO Admin's Email: c.kendrick@vpac.org
  • Enter the name of your home institution: APACGrid
  • Enter First name: Chris
  • Enter Last name: Kendrick
  • Enter Phone: +61 (03) 9925 4947
  • Do you want to change member's information? (y,n,quit): n
  • Do you want to create/recreate database (y,n,quit): y
  • Enter password:

Restart tomcat and apache 

# service tomcat-5 restart
# service apache restart

Test that vomrs.war file is installed properly by going to: 

# https://vomrs.apac.edu.au:8443/vo/APACGrid/vomrs

Add vomrs to system services and configure to start on boot 

# cp /opt/vomrs-1.3/etc/profile.d/vomrs.sh.template /opt/vomrs-1.3/etc/profile.d/vomrs.sh
Edit vomrs.sh adding the following lines 
export JAVA_DIR=/opt/vdt/jdk1.5
export PATH=$PATH:$JAVA_DIR/bin
Then 
# cp /opt/vomrs-1.3/etc/init.d/vomrs /etc/init.d/
Edit vomrs file. Find the line that matches 
VOMRS_LOCATION=${VOMRS_LOCATION:-$DEFAULT_VOMRS_LOCATION}
And after it paste 
export VOMRS_LOCATION=/opt/vomrs-1.3
Then 
# chkconfig --add vomrs
# chkconfig vomrs on

Reboot machine and check if vomrs service starts automatically 

# init 6
Then log into the vomrs server as root and check that the vomrs service is running. 
# service vomrs status

Then open a web browser and go to https://vomrs.apac.edu.au:8443/vo/APACGrid/vomrs

Step Four: Configuring the VOMS/VOMRS server to handle proxies

Unfortunatly the VOMS/VOMRS server by default doesn't work with proxies, due to apache not being able to handle them. So apache needs to be shut down and tomcat needs to be configured to allow proxies which are needed for the grix to communicate with the vomrs server over web services

Stop apache and tomcat-5 service 

# service apache stop
# service tomcat-5 stop

Backup the current tomcat-5 /opt/vdt/tomcat/v5/conf/server.xml and create a new one 

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Server>

<Server port='8005' shutdown='SHUTDOWN'>
  <Service name='Catalina'>
    <Connector sslProtocol='TLS' maxThreads='150' maxSpareThreads='75' secure='true' enableLookups='false' sslKey='/etc/grid-security/http/httpkey.pem' sslCAFiles='/etc/grid-security/certificates/*.0' crlFiles='/etc/grid-security/certificates/*.r0' minSpareThreads='25' disableUploadTimeout='true' sSLImplementation='org.glite.security.trustmanager.tomcat.TMSSLImplementation' acceptCount='100' clientAuth='true' debug='0' sslCertFile='/etc/grid-security/http/httpcert.pem' scheme='https' port='8443' log4jConfFile='/opt/vdt/tomcat/v5/conf/log4j-trustmanager.properties'/>
    <Engine name='Catalina' defaultHost='localhost'>
     <Logger className="org.apache.catalina.logger.FileLogger" prefix="catalina_log." suffix=".txt" timestamp="true"/>
      <Logger className="org.apache.catalina.logger.FileLogger" directory="logs"  prefix="localhost_log." suffix=".txt" timestamp="true"/>
      <Host name='localhost' appBase='webapps'/>
    </Engine>
  </Service>
</Server>

Copy some .jar files to the right place 

# cd /opt/vomrs-1.3/server/lib && cp glite-security-trustmanager.jar glite-security-util-java.jar puretls.jar log4j-1.2.8.jar /opt/vdt/tomcat/v5/server/lib/
# cd /opt/vdt/tomcat/v5/server/lib/ && chown daemon:daemon glite-security-trustmanager.jar glite-security-util-java.jar puretls.jar log4j-1.2.8.jar

Stop apache from starting on boot 

# chkconfig apache off

Start tomcat-5 

# service tomcat-5 start

Test that Grix works with voms/vomrs server 

# If the Grix is working with the voms/vomrs server you will be able to see what groups you are in (if you are in any).  If you are not in any groups you should be able to apply for one.

See Also

VOMRS Server Build Guide 1 (Deprecated)

VOMRS Server Build Guide 2 (Deprecated)

Edit | Attach | Print version | History: r109 < r108 < r107 < r106 < r105 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r109 - 21 Feb 2007 - 20:26:28 - ChrisKendrick
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback