OMII Training Day Steven Newhouse & Stephen Crouch 1 Training Day Contents: Introduction to Web Services & the OMII Installing the OMII Client Installing the OMII Server Developing with OMII Advanced Configuration Process: Lectures – Me talking! Demonstrations – See it happening! Practical – You do it on the training resources 2 Introduction to Web Services 9.00 Coffee 9.30 Welcome 9.40 Web Services & the OMII Architecture 3 Installing the OMII Client 10.00 Part 1: Basic Client Installation 10.20 Part 2: Advanced Client Installation 10.40 Part 3: Cauchy Client Installation 11.00 Break 4 Installing the OMII Server 11.15 Part 1: Base & Extensions Installation 11.45 Part 2: Basic Services Installation 12.15 Part 3: Cauchy Server Installation 12.45 Break 5 Developing with OMII 13.30 Java Client Tutorial 14.15 Application Integration Tutorial 15.00 Break 6 Advanced Configuration Overview 15.15 Securing the OMII container with HTTPS 15.30 Using Condor, PBS etc 15.45 Where to go from here 16.00 Close 7 Logistics Breaks: Coffee & Tea will be upstairs Toilets: Across the corridor Lunch: Upstairs Fire exits Thanks: To NeSC Events & Training teams 8 Web Services & the OMII 9 Open Middleware Infrastructure Institute The source of open source grid software Institute of the University of Southampton Utilise existing software and standards Production focused software development Integrate, test & document ‘a product’ Focus on the user experience Easy to install & use Utilise existing software and standards Provide a solid web service base for others to build on 10 OMII_1 as a Service Provider Goal: I want others to access my resources & applications I want to provide secure controlled access to: My applications: Specify who can access which applications My computational resources: I can limit external usage of my resources Provides an interface that allows remote users to access my resources Enable collaboration with other partners 11 OMII_1 as a User (or Client) Goal: I want to use other resources & applications Through a network of service providers I can…: Gain access to applications that I do not have installed locally Use remote machines with more CPU, memory or storage Process larger problems sizes Transparently switch between different service providers No exposure to underlying OS, queuing policy, disk layout etc. 12 Grid Architecture Today The best way of designing Grids… The best way of running Grids… Loosely coupled services Message based exchange Interoperability between versions & grids Standards for infrastructure & services The best way of building Grids… Leverage existing infrastructure & standards Use Web Services… 13 Some Web Service Definitions A service is the logical manifestation of some physical or logical resources (databases, programs, devices, humans, etc) and/or some application logic that is exposed to the network Service interaction is facilitated by message exchanges A service is an abstract resource that represents a capability of performing tasks that represents a coherent functionality from the point of view of provider entities and requester entities. To be used, a service must be realised by a concrete provider agent 14 Web Services (WS) jargon XML: Platform neutral mechanism to describe data SOAP: Mechanism to describe message exchange Simple Object Access Protocol Service Oriented Access Protocol Not simple and nothing to do with Objects! Re-engineering of acronym to fit current use! WSDL: Defines the service interface 15 More WS concepts… Services have to reside in a supporting environment: Called: hosting environment or container Marshals requests into and response out of the service Service can discover local configuration parameters Provides a standard infrastructure for service developers Processing incoming requests & outgoing responses Called: Message handlers Manipulates elements of the message header Primarily the SOAP header Handlers can be applied to message traffic into or out of the whole container or a specific service 16 Putting it all together… Architecturally web services provide… Process of independent loosely coupling services Defining service interfaces (or contract) Defining the format of the messages interchange Platform neutral Flexible granularity Clearly defined boundaries Need an implementation… 17 Where does our software come from? Open Source Community Software Repository Tomcat, Axis, etc., Accept software contributions Software deployed, tested & graded to provide feedback Managed Programme Fill gaps to build a solid enabling infrastructure Projects to bring research software to production quality 18 OS Hosting Environment Tomcat: Servlet hosting environment Axis: A servlet that understands WS Tomcat 19 Axis Handlers Tomcat manages transport: http & https Axis handlers on client & server: OMII can use https to secure message transport Serial / deserialisation from XML to Java Processing of message headers OMII distribution includes handlers for: WS-Security: sign message & verify signature 20 Process Based Access Control: A model for implementing AAA Authentication: CA issued X.509 certificates Authorisation: Interaction dependent authorisation process Access control lists tied to process context and state i.e. impose server side workflow requirements Supports “delegation” and “subordination” actions Accounting: Activity matched against allocated quota Clients control who can access “their” allocated quota Collaboration with minimal overhead for service providers 21 Managed Programme GridSAM (Job Submission & Monitoring service) BPEL (Workflow service) Grimoires (Registry service based on UDDI) FIRMS (Reliable messaging) FINS (Notification) GeodiseLab (Matlab toolbox) WSRF::Lite integration OGSA-DAI (Database service) WSeSS (Using SSH to tunnel requests to resources) 22 OMII 1:Basic File-Compute Grid Enables a generic computational task Move input data from the client to the service provider Process the data using an application on the service provider Retrieve the output data from the service provider 23 OMII 1:Basic File-Compute Grid Consists of: Base (Tomcat 5.0.25 & Axis 1.2b) Extensions (Axis Handlers) WS-Security Support for Process Based Access Control Basic Services Sample application Plus installers, README’s & documentation 24 OMII-1 Architecture Management (Browser) Admin Application database of accounts resources applications WS Security Web Services resources Accounting Client Application Resource Mgmt Data Staging computation data storage applications Application Application Job Submission Application 25 Tomcat & Axis OMII 1:Base & Extensions Base: Tomcat & Axis Extensions to Axis handler chain: WS-Security Use X.509 certificates to sign & verify messages Support for Process Based Access Control Enforce dynamic flexible authorisation model Requires database to record interaction ‘state’ 26 OMII 1:Basic Services Based on a group of four services Functional: Data & Application execution Running jobs using pre-installed applications Movement of input and output data files Management: Account and Resources Must have an account with a service provider Or delegated access to someone else’s account 27 OMII 1:Exemplar Application Cauchy Horizons Contents: Simple Java application Transforms a surface (list of 3D points) Server side installer (Application) Client side installer Client may distribute work between different service providers 28 OMII Server Infrastructure ExampleService PBAC PBACTestService Job Data Allocation Account Resource Acct Mgmt Mgmt Servlet Servlet Happy Axis WS-Security AXIS Static Webpage TOMCAT 29 Summary WS provide an effective mechanism to build loosely coupled message based systems WS exchange XML messages over http/https More to WS than XML, SOAP & WSDL but not needed at this stage… OMII_1 uses WS to provide a basic File & Compute Grid 30 Installing the OMII Client Part 1: The Basics 31 What we will cover… Where to get the client How to install the client Verifying the installation Resolving some common problems 32 Where to get the client Register at www.omii.ac.uk & login Go to the downloads page Download the client distribution (version 1.2.0) SuSE 9.0 / Redhat Enterprise Linux 3.0 ES/WS Windows XP (SP 1 & 2) Distribution requires JDK 1.4.2_04 Does not work with ‘just’ a JRE Will not work with JDK 1.4.2_05/06 & JDK 1.5.0 (This will be fixed in the next release.) No testing with earlier JDKs. 33 Tutorial Resources We have provided some RHEL 3.0 resources Work in paired machines NeSC Training machines Client: Install locally on your desktop Server: Install remotely on your partners machine Login on local desktop: Username: omii Password: omiiuser 34 Once you’ve logged in… cd /tmp/omii sudo –s Start sshd /etc/init.d/sshd status If not running: /etc/init.d/sshd start chmod u+x j2sdk-1_4_2_04-linux-i586-rpm.bin ./j2sdk-1_4_2_04-linux-i586-rpm.bin Use password: omiiuser Enter yes to get the RPM rpm –iv j2sdk-1_4_2_04-linux-i586.rpm Exit from the root shell 35 Setting up your user environment In the user shell: export JAVA_HOME=/usr/java.j2sdk1.,4.2_04/ export PATH=$JAVA_HOME/bin:$PATH To check: which java 36 The Client Distribution Install as ‘normal’ user Software available from: Copy into home directory and expand: /tmp/omii unzip omii-client-1.2.0.zip Within the expanded directory, run the install script: cd omii-client-1.2/client ./OMIIclientInstall.sh 37 Installation Overview Define the client environment: Get a certificate for the client: Location Proxy (http & https) Provide hostname & other details Complete Installation Verify the installation 38 Inputs into the script Installation location: Default: $HOME Accept default & installation will take place in: Do you use a proxy to access the internet? $HOME/OMIICLIENT For http? NO For https? NO Request a certificate… 39 Certificate Generation – Input Machine name: sjn-desktop.omii.ac.uk Organisation: University of Southampton Organisational Unit: OMII Location: Southampton State: England Country: UK Email address: s.newhouse@omii.ac.uk 40 Some notes on the certificate A certificate is needed on the client (WS-Sec) Details passed to the OMII CA Provides a certificate of low value No authentication checks Expires after a month Values are not verified Any non-null input will be OK 41 Installation Complete! Files are copied & configured Next stage testing… 42 Checking the client install CLIENT testservicesConnection PBAC ExampleService PBACTestService PBAC Job Data Allocation Account Resource Acct Mgmt Mgmt Servlet Servlet non_PBAC Happy Axis WS-Security AXIS Static Webpage TOMCAT 43 Testing the installation Three tests at the end of the installation All will fail if the container is not up & running OR If you have no connection to the test servers 44 Test server All installation tests can be run against omiidemo1.omii.ac.uk 45 Testing the basics Is the remote container up? Browser to: http://<remote host>:18080/ Should see ‘Welcome to Tomcat’ page If not contact the service provider For omiidemo1 contact support@omii.ac.uk 46 Testing the non-PBAC service Enter service provider hostname and port Provide a test message that will be echoed back to you Access a secured service Will fail if the client certificate installation is not correct 47 Testing the PBAC Service Enter service provider hostname and port Provide a test message that will be echoed back to you Creates a ‘conversation’ Uses this conversation to access a PBAC service Second phase will fail if not able to create a conversation 48 Testing connection to the 4 Services Connection Test (testservicesConnection): Verifies that the 4 services are accessible Will fail if there is a server side problem Will fail if the services are not accessible Firewall, network failure etc. 49 Examining the Installation Go to the installation directory: cd ~/OMIICLIENT [default location] Can rerun the previous tests from here: invoke_nonPBACTestService invoke_PBACTestService test-services/testservicesConnection 50 Some common problems: The wrong JDK: Make sure both the PATH & JAVA_HOME are set Must point to the same JDK (not JRE) 51 Summary Basic installation very simple Low-value certificate generated on demand Will expire after 30 days (just to get you started!) Advised to obtain a UK e-Science CA certificate For more details: http://ca.grid-support.ac.uk Tests to verify client installation To connect & interact with reference services 52 Installing the OMII Client Part 2: Advanced Client Installation 53 Testing: Putting it all together Request an account on the service provider Use the account to: Request a resource allocation To move an input data set from the client to the server as part of this allocation To invoke an application on this data set To return an output data set from the server back to the client 54 Requesting an account Use the ogre_client.sh command ogre_client.sh open <accounts file> ./ogre_client.sh open test-services/test/Account-test.xml Complete the pop-up form [see next slide] ‘Account opened’ on success The accounts file: XML file – easy to follow & edit by hand Records your accounts with each service provider Each service provider will be contacted during the tendering process (more later) 55 Complete the Account Form Name: Demo Account [Your arbitrary human readable reference for the account.] Address in the URL for the service provider. HOST should be replaced by: omiidemo1.omii.ac.uk:18080 Credit details: Enter the credit limit for your account. e.g. 10000 •OMII accounts approved automatically •Other service providers may require further verification 56 Using the account details Use the OMII services to run a test application Operations encapsulated in the script: test-services/testservicesApplication Run the script: Pre-requisites: Has an account been generated? – YES Has testservicesConnection been run? – YES Press return to issue tenders to service providers Select the single offer 57 Tendering Model – Costing Where to tender (Accounts.xml) ? What to tender for (Requirements.xml) ? List of service providers known to the user Upload/download data volume CPU speed & time Start & end reservation times Cost model defined by each service provider CPU and bandwidth costs 58 Tendering Model – Operation Accept an offer from a service provider Predicted usage cost deducted from your quota Submit job & required resources (Work.xml) Generally, Work.xml uses figures from Requirements.xml Unless, several jobs are being submitted as part of this allocation (i.e. S Work == Requirements) Unused allocation returned to the user account 59 Doing it manually (1/3) What is the test application? Sorts words in a text file Input text file, manipulated to output text file In the following slides: Use the *.xml files from: ~/OMIICLIENT/test-services/test The <TaskName> can be any string, e.g. MyJob Your reference to link separate actions into one activity 60 Doing it manually (2/3) Generate the Requirements.xml file: java CreateRequirementsFile http://omii.org/GRIATestApp test-services/test/Requirements.xml Initiate the tender between service providers: ./ogre_client.sh tender test-services/test/Account-test.xml test-services/test/Requirements.xml <TaskName> Create the input data archive from the file test.txt in ~/OMIICLIENT/conf cd ~/OMIICLIENT/conf zip input.zip test.txt cp input.zip ~/OMIICLIENT Move the input archive to the server cd ~/OMIICLIENT ./ogre_client.sh upload <TaskName> input.zip Remember to change <TaskName> to something else e.g. MyTask 61 Doing it manually (3/3) Run the job Get the output archive ./ogre_client.sh run <TaskName> http://omii.org/GRIATestApp test-services/test/Work-test.xml --input input.zip –-output output.zip ./ogre_client.sh download output.zip Cleanup ./ogre_client.sh finish 62 Examine your account Invoke the client monitoring GUI ./ogre_client.sh browse Within the GUI… Select the account and right-click Select the ‘Get Statement’ option from the menu A few minutes after ‘finishing’ the task it will show the completed account transaction 63 Installing the OMII Client Part 3: The Cauchy Application 64 The Cauchy Application Simple application to find a ‘Cauchy Horizon’ Map a set of points (input -> output) Client & Server installation 65 The Cauchy Distribution Software provided on: Copy into home directory and expand: /tmp/omii tar –zxf omii-application-1.2.0.tar.gz Run the install script: cd omii-application-1.2/cauchy/client/cauchy ./OMIIcauchyClientInstall.sh 66 Client Installation Script Installation location: Default: $HOME Accept default & installation will take place in: $HOME/OMIICLIENT Done! 67 Testing the Cauchy installation Go to the Cauchy install directory: cd ~/OMIICLIENT/cauchy To run the application script you need an account: Copy the account file from the previous tests cp ../test-services/test/Account-test.xml conf/Accounts-cauchy.xml 68 Running Cauchy Invoke the script: Provide various inputs: ./cauchy Pre-requisites met – YES By default PlotWS is available on OMII demo servers Select tender offers – GUI Script runs to completion View the results using a browser: file:~/OMIICLIENT/cauchy/CauchyView.html 69 Installing the OMII server Part 1: The Base & Extensions 70 OMII Infrastructure – Complete ExampleService PBACTestService PBAC Job Data Allocation Account Resource Acct Mgmt Mgmt Servlet Servlet Happy Axis WS-Security AXIS Static Webpage TOMCAT 71 Multi-layered Server Distribution Base & Extensions: Services: WS Infrastructure: Tomcat & Axis, WS Handlers: WS-Security & PBAC Functional: Job & Data Management: Account & Resource Allocation Applications: Cauchy 72 OMII Infrastructure – Base Happy Axis AXIS Static Webpage TOMCAT 73 Installing Base & Extensions Pre-requisites: Log onto your ‘remote’ machine using ssh Use the remote omiiserv account Become root: sudo –s Obtain omii-base-extensions-1.2.0.tgz from /tmp/omii Expand the archive Must be ROOT & SuSE 9.0/Redhat Enterprise Linux 3.0 ES/WS tar –zxf omii-base-extensions-1.2.0.tgz cd omii-base-extensions-1.2/base Start the installation script:./OMIIbaseinstall.sh 74 Installation Script – Install Specify the installation directory: Named in these notes: OMII_BASE_HOME Default: /usr/local/OMII Verifies JDK, disk space & free port (18080) Expands & installs: Ant, Tomcat & Axis 75 Installation Script – Testing Starts the Tomcat container Verifies that: The Tomcat home page exists The Axis environment exists The HappyAxis install is OK Stops the Tomcat container 76 Installation Script – Permissions Creates: Installation directory: Group: omii_tomcat Users: omii_tomcat_owner & omii_tomcat_user Owned by: omii_tomcat_owner:omii_tomcat Runs as omii_tomcat_user Additional users can start/stop tomcat Add into omii_tomcat group 77 Starting the OMII server Will need to start/stop container on occasions Commands in: OMII_BASE_HOME/jakarta-tomcat-5.0.25/bin Stop the container: ./shutdown_base.sh Start the container: ./start_base.sh Verify the container has been started Examine the page – http://<HOST>:18080/ 78 OMII Infrastructure – Extensions ExampleService PBACTestService PBAC Happy Axis WS-Security AXIS Static Webpage TOMCAT 79 Extensions install script Go to the extensions directory cd ../extension Run the extensions install script ./OMIIextensionInstall.sh 80 Installing the Extension Verify that the Base is installed correctly Request a certificate for this machine Similar information as the client install Download archive and expand locally Rest of the install script requires <CR> For default options! 81 Installing the GridServIT pack Provides support the WS-Security & PBAC Installation Script: Capture the OMII security configuration The defaults are acceptable for the: Location of the keystore & its password Names of the certificates with the keystore Keystore obtained during the installation process Default installation location Deploy the test service 82 Testing the GridServIT install Tomcat started View the list of deployed services: Point a browser: http://<HOST>:18080/axis Follow ‘View the list of deployed Web Services’ link Look for the ‘TestServices’ service Run the TestService client Sends a test message which is echoed back Tomcat stopped 83 Installing PBAC Tomcat started PostgreSQL RPMs installed Supporting database for PBAC configured PBAC Example service deployed Tomcat restarted Test the PBAC installation as a client Ignore RPM signature warnings - ‘No key errors’ Creates a conversation ID – returns a number Send & receive a test message Tomcat stopped 84 Problems with PostgreSQL An existing installation can cause problems! Ideally remove out of the way! Obviously backup existing installation Install scripts assume a ‘clean’ installation Permissions file may need to be edited /var/lib/pgsql/data/pg_hba.conf Directory tree may need to be cleaned Use initdb command 85 Summary Basic OMII infrastructure installed Verify the installation from your client Re-start the tomcat server $OMII_BASE_HOME/jakarta-tomcat-5.0.25/bin/ start_base.sh Run the tests: invoke_nonPBACTestService invoke_PBACTestService 86 Installing the OMII server Part 2: Installing the Basic Services 87 The Services Distribution Pre-requisites: Working base & extensions packs Tomcat & Axis infrastructure GridServIT & PBAC handlers Perl: For the test application (part of SuSE 9.0/RHEL 3.0) Provides Services: Functional: Job & Data Management: Account & Resource Allocation 88 OMII Infrastructure – Services ExampleService PBACTestService PBAC Job Data Allocation Account Resource Acct Mgmt Mgmt Servlet Servlet Happy Axis WS-Security AXIS Static Webpage TOMCAT 89 Services Install Scripts Expand the archive and execute the script: From /tmp/omii tar –zxf omii-services-1.2.0.tar.gz cd omii-services-1.2/services ./OMIIservicesInstall1.pl 90 User Inputs (1/2) Enter the machine hostname: Accept the default Watch the output go past… See an expanded archive dumped to the screen Some failed SQL ‘drop’ statements On installation we ‘drop’ any existing tables If this is a new installation there are no old tables to be dropped! The error message are perfectly normal! 91 User Inputs (2/2) Installing the test application (GRIATestApp) Sensible defaults are provided - <CR> to accept These values can be altered later Configuration parameters: Application URI (unique identifier): e.g. http://omii.org/GRIATestApp Relative machine performance Application memory size Application storage limit Number of processors Upload & download bandwidth limits & costs 92 Interim Summary Services & the test application are installed Verify the installation from your client test-services/testservicesConnection ! Make sure the container is started before running the test. 93 Running an application Uses the services and PBAC elements on the service provider Basic pre-requisite is an account on the service provider Default installation requires the account application be approved manually Can be configured for automatic approval Runs the test application 94 Applying for an account Your accounts file currently has a single entry vi ~/OMIICLIENT/testservices/test/Account-test.xml References your account on omiidemo1 Apply for a new account: ./ogre_client.sh open test-services/test/Account-test.xml Use your container details: host name & port # Generates a second entry in accounts file 95 Examine Your Account Status As a user (client side) ./ogre_client.sh browse Highlight new account and examine status (pending) As a service provider (server side) http://<HOST>:18080/acct_admin Username: acct Password: admin Look at Accounts awaiting credit checks Click on ‘ID’ link Account Status ‘change’ link Approve with credit (e.g. 10000) 96 Invoking the test application Once your account has been approved… Run… testservicesApplication Each service provider in your Accounttest.xml will respond to your work request The ‘tender’ window now has two responses: omiidemo1 Your server 97 Summary Installed the complete OMII stack Infrastructure: Base & Extensions Services: Job, Data, Resource Allocation & Account Seen how to Approve accounts Manage user usage through credit limit 98 Installing the OMII Server Part 3: Installing the Cauchy Server Application 99 The Cauchy Install Script Expand the archive and run the install script: From: /tmp/omii tar -zxf omii-application-1.2.0.tar.gz cd omii-application-1.2/cauchy/server ./OMIIcauchyServerInstall.sh User Input: Hostname: JVM location: OMII Server location: Database location, name, username & password: 100 Resource Allocation Admin Configuring the installed applications Application Management GRIATestApp (test application) Cauchy http://<HOST>:18080/ra_admin Username: ra Password: admin Recall configuration info from services install Restart tomcat 101 Summary Installed an application on top of base, extensions & services Verify the installation by running the Cauchy client 102 103 Advanced Configuration Options Securing the OMII container with https 104 AAA Within OMII_1 Authentication Authorisation Verified digital signature used within PBAC Accounting All messages signed by X.509 certificates Resource allocation model records quota usage By default provide non-repudiation but not confidentiality (http traffic) Use https to provide message confidentiality 105 Moving from http -> https Prepare Server Certificates We will use those obtained during installation Convert the hosting environment to use https Convert the client to use https 106 1. Server Certificates for https Assume: Default installation location: OMII_BASE_HOME -> /usr/local/OMII Use the keystore generated during installation omii.ks: Contains omii_server & omii_ca certs. Keystore password: tmpstore 107 Converting the OMII keystore Within OMII_BASE_HOME: Change the certificate alias and securing password Duplicate keystore: cp omii.ks omii.ssl.ks Copy the omii_server certificate to the tomcat alias: keytool –keyclone –alias omii_server –dest tomcat –keypass tmpkey –new tmpstore –keystore omii.ssl.ks Delete the old certificate alias omii_server keytool –delete –alias omii_server –keystore omii.ssl.ks Verify the change (only tomcat & omii_ca certs): keytool –list –keystore omii.ssl.ks 108 2a. Converting the container to https Alter the server.xml file in: OMII_BASE_HOME/jakarta-tomcat-5.0.25/conf Find the commented out SSL configuration: <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --> <!— <Connector port="8443“ … /> --> 109 2a. Converting the container to https Remove the comments (<!-- & -->) and change the text (in bold) to: <!-- Define a SSL Coyote HTTP/1.1 Connector on port 18443 --> <Connector port=“18443” maxThreads=“150” minSpareThreads=“25” maxSpareThreads=“75” enableLookups=“false” disableUploadTimeout=“true” acceptCount=“100” debug=“0” scheme=“https” secure=“true” clientAuth=“false” sslProtocol=“TLS” keystorePass=“tmpstore” keystoreFile=“OMII_BASE_HOME/omii.ssl.ks” truststorePass=“tmpstore” truststoreFile=“OMII_BASE_HOME/omii.ssl.ks” /> 110 2a. Converting the container to https Alter the server.xml file in: OMII_BASE_HOME/jakarta-tomcat-5.0.25/conf Find the current http configuration: <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 18080 --> <Connector port="18080" … /> Comment out the above code like this: <!-- <Connector port="18080“ … /> --> 111 2b. Alter the OMII service configuration In the following files replace: http with https and 18080 with 18443 The files (relative to OMII_BASE_HOME) are: jakarta-tomcat-5.0.25/webapps/axis/WEB-INF/classes/ jakarta-tomcat-5.0.25/webapps/acct_admin/WEBINF/classes/ acct_service.properties serviceprovider.properties jobservice.properties dataservice.properties acct_service.properties serviceprovider.properties jakarta-tomcat-5.0.25/webapps/axis/WEB-INF/ server-config.wsdd 112 Restarting the OMII server For the changes to take effect the container must be stopped and started Commands in: OMII_BASE_HOME/jakarta-tomcat-5.0.25/bin Stop the container: ./shutdown_base.sh Start the container: ./start_base.sh Verify the container has been re-configured Examine the page – https://<HOST>:18443/ 113 3. Modifying the Client to use SSL In all user inputs & scripts substitute: Need to alter the account information Accounts-test.xml Account-cauchy.xml Scripts: invoke_PBACTestService & invoke_nonPBACTestService: http with https and 18080 with 18443 Change http -> https in Java statements Run test scripts to verify correct operation 114 Advanced Configuration Options Switching to Condor or PBS 115 Switching to Condor or PBS Job service supports execution on different platforms: PBS uses POSIX batch scheduling interface Local resources (default & fully tested) Condor (demonstrated but not fully tested or supported) PBS (demonstrated but not fully tested or supported) Full PBS test installation on the NGS Porting to other POSIX systems (e.g. SGE) should be straightforward! Demonstration only as the test servers do not have Condor or PBS 116 Platform Scripts Abstract platform dependent configuration from the job service Located in: OMII_BASE_HOME/demo/demo/wrappers/platform Consult the documentation for more details: Services -> Installation -> Platform Models 117 For PBS examine rm_pbs Each platform directory has three scripts: Configure the script for your local environment: RM_PATH=/opt/pbs/bin RM_SERVER=localhost Assumes: startJob.sh getJobStatus.pl killJob.pl omii_tomcat_user can submit jobs to PBS Can configure for submission into a specific queue 118 Advanced Configuration Options Removing our software 119 Removing our software Each installer has its own uninstall scripts To remove completely, execute in order: All located in OMII_BASE_HOME OMIIservicesUninstall.pl OMIIextensionUninstall.sh OMIIbaseuninstall.sh Default: /usr/local/OMII Obvious dependencies between packages i.e. services will not work without base 120 Where to go from here? 121 If you have questions… Talk to the instructors now Look at the (extensive) documentation later Talk to us about your needs Feature requests, enhancements, etc. Let us know what we can do to help you: Professional services Contact with the developer teams 122 Support Web: http://www.omii.ac.uk Follow links Downloads Feedback Email: support@omii.ac.uk 123 Finally… Any questions… 124