OMII Training Day Steven Newhouse & Stephen Crouch 1

advertisement
OMII Training Day
Steven Newhouse &
Stephen Crouch
1
Training Day

Contents:






Introduction to Web Services & the OMII
Installing the OMII Client
Installing the OMII Server
Developing with OMII
Advanced Configuration
Process:



Lectures – Me talking!
Demonstrations – See it happening!
Practical – You do it on the training resources
2
Introduction to Web Services



9.00 Coffee
9.30 Welcome
9.40 Web Services & the OMII Architecture
3
Installing the OMII Client




10.00 Part 1: Basic Client Installation
10.20 Part 2: Advanced Client Installation
10.40 Part 3: Cauchy Client Installation
11.00 Break
4
Installing the OMII Server




11.15 Part 1: Base & Extensions Installation
11.45 Part 2: Basic Services Installation
12.15 Part 3: Cauchy Server Installation
12.45 Break
5
Developing with OMII



13.30 Java Client Tutorial
14.15 Application Integration Tutorial
15.00 Break
6
Advanced Configuration
Overview




15.15 Securing the OMII container with HTTPS
15.30 Using Condor, PBS etc
15.45 Where to go from here
16.00 Close
7
Logistics



Breaks: Coffee & Tea will be upstairs
Toilets: Across the corridor
Lunch:



Upstairs
Fire exits
Thanks:

To NeSC Events & Training teams
8
Web Services & the OMII
9
Open Middleware
Infrastructure Institute
The source of open source grid software





Institute of the University of Southampton
Utilise existing software and standards
Production focused software development
Integrate, test & document ‘a product’
Focus on the user experience


Easy to install & use
Utilise existing software and standards

Provide a solid web service base for others to build on
10
OMII_1 as a Service Provider


Goal: I want others to access my resources &
applications
I want to provide secure controlled access to:




My applications:
 Specify who can access which applications
My computational resources:
 I can limit external usage of my resources
Provides an interface that allows remote users to
access my resources
Enable collaboration with other partners
11
OMII_1 as a User (or Client)


Goal: I want to use other resources & applications
Through a network of service providers I can…:



Gain access to applications that I do not have installed locally
Use remote machines with more CPU, memory or storage
 Process larger problems sizes
Transparently switch between different service providers
 No exposure to underlying OS, queuing policy, disk layout etc.
12
Grid Architecture Today

The best way of designing Grids…



The best way of running Grids…



Loosely coupled services
Message based exchange
Interoperability between versions & grids
Standards for infrastructure & services
The best way of building Grids…


Leverage existing infrastructure & standards
Use Web Services…
13
Some Web Service Definitions



A service is the logical manifestation of some
physical or logical resources (databases, programs,
devices, humans, etc) and/or some application logic
that is exposed to the network
Service interaction is facilitated by message
exchanges
A service is an abstract resource that represents a
capability of performing tasks that represents a
coherent functionality from the point of view of
provider entities and requester entities. To be used,
a service must be realised by a concrete provider
agent
14
Web Services (WS) jargon


XML: Platform neutral mechanism to describe
data
SOAP: Mechanism to describe message
exchange

Simple Object Access Protocol


Service Oriented Access Protocol


Not simple and nothing to do with Objects!
Re-engineering of acronym to fit current use!
WSDL: Defines the service interface
15
More WS concepts…

Services have to reside in a supporting environment:





Called: hosting environment or container
Marshals requests into and response out of the service
Service can discover local configuration parameters
Provides a standard infrastructure for service developers
Processing incoming requests & outgoing responses



Called: Message handlers
Manipulates elements of the message header
 Primarily the SOAP header
Handlers can be applied to message traffic into or out of
the whole container or a specific service
16
Putting it all together…

Architecturally web services provide…







Process of independent loosely coupling services
Defining service interfaces (or contract)
Defining the format of the messages interchange
Platform neutral
Flexible granularity
Clearly defined boundaries
Need an implementation…
17
Where does our software come
from?

Open Source Community


Software Repository



Tomcat, Axis, etc.,
Accept software contributions
Software deployed, tested & graded to provide
feedback
Managed Programme


Fill gaps to build a solid enabling infrastructure
Projects to bring research software to production
quality
18
OS Hosting Environment


Tomcat: Servlet hosting environment
Axis: A servlet that understands WS
Tomcat
19
Axis Handlers

Tomcat manages transport: http & https


Axis handlers on client & server:



OMII can use https to secure message transport
Serial / deserialisation from XML to Java
Processing of message headers
OMII distribution includes handlers for:

WS-Security: sign message & verify signature
20
Process Based Access Control:
A model for implementing AAA


Authentication: CA issued X.509 certificates
Authorisation: Interaction dependent authorisation
process



Access control lists tied to process context and state
 i.e. impose server side workflow requirements
Supports “delegation” and “subordination” actions
Accounting: Activity matched against allocated quota


Clients control who can access “their” allocated quota
Collaboration with minimal overhead for service providers
21
Managed Programme









GridSAM (Job Submission & Monitoring service)
BPEL (Workflow service)
Grimoires (Registry service based on UDDI)
FIRMS (Reliable messaging)
FINS (Notification)
GeodiseLab (Matlab toolbox)
WSRF::Lite integration
OGSA-DAI (Database service)
WSeSS (Using SSH to tunnel requests to resources)
22
OMII 1:Basic File-Compute Grid




Enables a generic computational task
Move input data from the client to the service
provider
Process the data using an application on the
service provider
Retrieve the output data from the service
provider
23
OMII 1:Basic File-Compute Grid

Consists of:






Base (Tomcat 5.0.25 & Axis 1.2b)
Extensions (Axis Handlers)
 WS-Security
Support for Process Based Access Control
Basic Services
Sample application
Plus installers, README’s & documentation
24
OMII-1 Architecture
Management
(Browser)
Admin
Application
database
of
accounts
resources
applications
WS Security
Web Services
resources
Accounting
Client
Application
Resource Mgmt
Data Staging
computation
data storage
applications
Application
Application
Job Submission
Application
25
Tomcat & Axis
OMII 1:Base & Extensions


Base: Tomcat & Axis
Extensions to Axis handler chain:

WS-Security


Use X.509 certificates to sign & verify messages
Support for Process Based Access Control


Enforce dynamic flexible authorisation model
Requires database to record interaction ‘state’
26
OMII 1:Basic Services


Based on a group of four services
Functional: Data & Application execution



Running jobs using pre-installed applications
Movement of input and output data files
Management: Account and Resources


Must have an account with a service provider
Or delegated access to someone else’s account
27
OMII 1:Exemplar Application

Cauchy Horizons



Contents:



Simple Java application
Transforms a surface (list of 3D points)
Server side installer (Application)
Client side installer
Client may distribute work between different
service providers
28
OMII Server Infrastructure
ExampleService
PBAC
PBACTestService
Job
Data
Allocation
Account
Resource Acct
Mgmt
Mgmt
Servlet Servlet
Happy
Axis
WS-Security
AXIS
Static Webpage
TOMCAT
29
Summary




WS provide an effective mechanism to build
loosely coupled message based systems
WS exchange XML messages over http/https
More to WS than XML, SOAP & WSDL but
not needed at this stage…
OMII_1 uses WS to provide a basic File &
Compute Grid
30
Installing the
OMII Client
Part 1: The Basics
31
What we will cover…




Where to get the client
How to install the client
Verifying the installation
Resolving some common problems
32
Where to get the client



Register at www.omii.ac.uk & login
Go to the downloads page
Download the client distribution (version 1.2.0)



SuSE 9.0 / Redhat Enterprise Linux 3.0 ES/WS
Windows XP (SP 1 & 2)
Distribution requires JDK 1.4.2_04



Does not work with ‘just’ a JRE
Will not work with JDK 1.4.2_05/06 & JDK 1.5.0 (This will
be fixed in the next release.)
No testing with earlier JDKs.
33
Tutorial Resources

We have provided some RHEL 3.0 resources


Work in paired machines



NeSC Training machines
Client: Install locally on your desktop
Server: Install remotely on your partners machine
Login on local desktop:


Username: omii
Password: omiiuser
34
Once you’ve logged in…


cd /tmp/omii
sudo –s


Start sshd





/etc/init.d/sshd status
If not running: /etc/init.d/sshd start
chmod u+x j2sdk-1_4_2_04-linux-i586-rpm.bin
./j2sdk-1_4_2_04-linux-i586-rpm.bin


Use password: omiiuser
Enter yes to get the RPM
rpm –iv j2sdk-1_4_2_04-linux-i586.rpm
Exit from the root shell
35
Setting up your user
environment

In the user shell:



export JAVA_HOME=/usr/java.j2sdk1.,4.2_04/
export PATH=$JAVA_HOME/bin:$PATH
To check:

which java
36
The Client Distribution


Install as ‘normal’ user
Software available from:


Copy into home directory and expand:


/tmp/omii
unzip omii-client-1.2.0.zip
Within the expanded directory, run the install
script:


cd omii-client-1.2/client
./OMIIclientInstall.sh
37
Installation Overview

Define the client environment:



Get a certificate for the client:



Location
Proxy (http & https)
Provide hostname & other details
Complete Installation
Verify the installation
38
Inputs into the script

Installation location:

Default: $HOME

Accept default & installation will take place in:


Do you use a proxy to access the internet?



$HOME/OMIICLIENT
For http? NO
For https? NO
Request a certificate…
39
Certificate Generation – Input







Machine name: sjn-desktop.omii.ac.uk
Organisation: University of Southampton
Organisational Unit: OMII
Location: Southampton
State: England
Country: UK
Email address: s.newhouse@omii.ac.uk
40
Some notes on the certificate



A certificate is needed on the client (WS-Sec)
Details passed to the OMII CA
Provides a certificate of low value



No authentication checks
Expires after a month
Values are not verified

Any non-null input will be OK
41
Installation Complete!


Files are copied & configured
Next stage testing…
42
Checking the client install
CLIENT
testservicesConnection
PBAC
ExampleService
PBACTestService
PBAC
Job
Data
Allocation
Account
Resource Acct
Mgmt
Mgmt
Servlet Servlet
non_PBAC
Happy
Axis
WS-Security
AXIS
Static Webpage
TOMCAT
43
Testing the installation



Three tests at the end of the installation
All will fail if the container is not up & running
OR
If you have no connection to the test servers
44
Test server

All installation tests can be run against
omiidemo1.omii.ac.uk
45
Testing the basics


Is the remote container up?

Browser to: http://<remote host>:18080/

Should see ‘Welcome to Tomcat’ page
If not contact the service provider

For omiidemo1 contact support@omii.ac.uk
46
Testing the non-PBAC service



Enter service provider hostname and port
Provide a test message that will be echoed back
to you
Access a secured service

Will fail if the client certificate installation is not correct
47
Testing the PBAC Service




Enter service provider hostname and port
Provide a test message that will be echoed back
to you
Creates a ‘conversation’
Uses this conversation to access a PBAC service

Second phase will fail if not able to create a conversation
48
Testing connection to the 4
Services

Connection Test (testservicesConnection):



Verifies that the 4 services are accessible
Will fail if there is a server side problem
Will fail if the services are not accessible

Firewall, network failure etc.
49
Examining the Installation

Go to the installation directory:


cd ~/OMIICLIENT [default location]
Can rerun the previous tests from here:



invoke_nonPBACTestService
invoke_PBACTestService
test-services/testservicesConnection
50
Some common problems:

The wrong JDK:


Make sure both the PATH & JAVA_HOME are set
Must point to the same JDK (not JRE)
51
Summary


Basic installation very simple
Low-value certificate generated on demand


Will expire after 30 days (just to get you started!)
Advised to obtain a UK e-Science CA certificate


For more details: http://ca.grid-support.ac.uk
Tests to verify client installation

To connect & interact with reference services
52
Installing the
OMII Client
Part 2: Advanced Client
Installation
53
Testing: Putting it all together


Request an account on the service provider
Use the account to:




Request a resource allocation
To move an input data set from the client to the
server as part of this allocation
To invoke an application on this data set
To return an output data set from the server back
to the client
54
Requesting an account

Use the ogre_client.sh command





ogre_client.sh open <accounts file>
./ogre_client.sh open
test-services/test/Account-test.xml
Complete the pop-up form [see next slide]
‘Account opened’ on success
The accounts file:



XML file – easy to follow & edit by hand
Records your accounts with each service provider
Each service provider will be contacted during the tendering
process (more later)
55
Complete the Account Form
Name: Demo Account
[Your arbitrary human readable
reference for the account.]
Address in the URL for the
service provider. HOST should
be replaced by:
omiidemo1.omii.ac.uk:18080
Credit details: Enter the credit
limit for your account.
e.g. 10000
•OMII accounts approved
automatically
•Other service providers may
require further verification
56
Using the account details


Use the OMII services to run a test application
Operations encapsulated in the script:


test-services/testservicesApplication
Run the script:

Pre-requisites:



Has an account been generated? – YES
Has testservicesConnection been run? – YES
Press return to issue tenders to service providers

Select the single offer
57
Tendering Model – Costing

Where to tender (Accounts.xml) ?


What to tender for (Requirements.xml) ?




List of service providers known to the user
Upload/download data volume
CPU speed & time
Start & end reservation times
Cost model defined by each service provider

CPU and bandwidth costs
58
Tendering Model – Operation

Accept an offer from a service provider



Predicted usage cost deducted from your quota
Submit job & required resources (Work.xml)

Generally, Work.xml uses figures from
Requirements.xml

Unless, several jobs are being submitted as part of
this allocation (i.e. S Work == Requirements)
Unused allocation returned to the user account
59
Doing it manually (1/3)

What is the test application?



Sorts words in a text file
Input text file, manipulated to output text file
In the following slides:


Use the *.xml files from:
~/OMIICLIENT/test-services/test
The <TaskName> can be any string, e.g. MyJob

Your reference to link separate actions into one activity
60
Doing it manually (2/3)





Generate the Requirements.xml file:
java CreateRequirementsFile http://omii.org/GRIATestApp
test-services/test/Requirements.xml
Initiate the tender between service providers:
./ogre_client.sh tender
test-services/test/Account-test.xml
test-services/test/Requirements.xml <TaskName>
Create the input data archive from the file test.txt in ~/OMIICLIENT/conf
 cd ~/OMIICLIENT/conf
 zip input.zip test.txt
 cp input.zip ~/OMIICLIENT
Move the input archive to the server
 cd ~/OMIICLIENT
 ./ogre_client.sh upload <TaskName> input.zip
Remember to change <TaskName> to something else
 e.g. MyTask
61
Doing it manually (3/3)

Run the job


Get the output archive


./ogre_client.sh run <TaskName>
http://omii.org/GRIATestApp
test-services/test/Work-test.xml
--input input.zip –-output output.zip
./ogre_client.sh download output.zip
Cleanup

./ogre_client.sh finish
62
Examine your account

Invoke the client monitoring GUI


./ogre_client.sh browse
Within the GUI…



Select the account and right-click
Select the ‘Get Statement’ option from the menu
A few minutes after ‘finishing’ the task it will show
the completed account transaction
63
Installing the
OMII Client
Part 3: The Cauchy Application
64
The Cauchy Application



Simple application
to find a ‘Cauchy
Horizon’
Map a set of points
(input -> output)
Client & Server
installation
65
The Cauchy Distribution

Software provided on:


Copy into home directory and expand:


/tmp/omii
tar –zxf omii-application-1.2.0.tar.gz
Run the install script:


cd omii-application-1.2/cauchy/client/cauchy
./OMIIcauchyClientInstall.sh
66
Client Installation Script

Installation location:

Default: $HOME

Accept default & installation will take place in:


$HOME/OMIICLIENT
Done!
67
Testing the Cauchy installation

Go to the Cauchy install directory:


cd ~/OMIICLIENT/cauchy
To run the application script you need an
account:

Copy the account file from the previous tests

cp ../test-services/test/Account-test.xml
conf/Accounts-cauchy.xml
68
Running Cauchy

Invoke the script:


Provide various inputs:




./cauchy
Pre-requisites met – YES
 By default PlotWS is available on OMII demo servers
Select tender offers – GUI
Script runs to completion
View the results using a browser:
file:~/OMIICLIENT/cauchy/CauchyView.html
69
Installing the
OMII server
Part 1: The Base & Extensions
70
OMII Infrastructure – Complete
ExampleService
PBACTestService
PBAC
Job
Data
Allocation
Account
Resource Acct
Mgmt
Mgmt
Servlet Servlet
Happy
Axis
WS-Security
AXIS
Static Webpage
TOMCAT
71
Multi-layered Server Distribution

Base & Extensions:



Services:



WS Infrastructure: Tomcat & Axis,
WS Handlers: WS-Security & PBAC
Functional: Job & Data
Management: Account & Resource Allocation
Applications:

Cauchy
72
OMII Infrastructure – Base
Happy
Axis
AXIS
Static Webpage
TOMCAT
73
Installing Base & Extensions

Pre-requisites:


Log onto your ‘remote’ machine using ssh




Use the remote omiiserv account
Become root: sudo –s
Obtain omii-base-extensions-1.2.0.tgz
from /tmp/omii
Expand the archive



Must be ROOT & SuSE 9.0/Redhat Enterprise Linux 3.0
ES/WS
tar –zxf omii-base-extensions-1.2.0.tgz
cd omii-base-extensions-1.2/base
Start the installation script:./OMIIbaseinstall.sh
74
Installation Script – Install

Specify the installation directory:




Named in these notes: OMII_BASE_HOME
Default: /usr/local/OMII
Verifies JDK, disk space & free port (18080)
Expands & installs: Ant, Tomcat & Axis
75
Installation Script – Testing


Starts the Tomcat container
Verifies that:




The Tomcat home page exists
The Axis environment exists
The HappyAxis install is OK
Stops the Tomcat container
76
Installation Script – Permissions

Creates:



Installation directory:



Group: omii_tomcat
Users: omii_tomcat_owner & omii_tomcat_user
Owned by: omii_tomcat_owner:omii_tomcat
Runs as omii_tomcat_user
Additional users can start/stop tomcat

Add into omii_tomcat group
77
Starting the OMII server


Will need to start/stop container on occasions
Commands in:




OMII_BASE_HOME/jakarta-tomcat-5.0.25/bin
Stop the container: ./shutdown_base.sh
Start the container: ./start_base.sh
Verify the container has been started

Examine the page – http://<HOST>:18080/
78
OMII Infrastructure – Extensions
ExampleService
PBACTestService
PBAC
Happy
Axis
WS-Security
AXIS
Static Webpage
TOMCAT
79
Extensions install script

Go to the extensions directory


cd ../extension
Run the extensions install script

./OMIIextensionInstall.sh
80
Installing the Extension


Verify that the Base is installed correctly
Request a certificate for this machine



Similar information as the client install
Download archive and expand locally
Rest of the install script requires <CR>

For default options!
81
Installing the GridServIT pack


Provides support the WS-Security & PBAC
Installation Script:

Capture the OMII security configuration



The defaults are acceptable for the:



Location of the keystore & its password
Names of the certificates with the keystore
Keystore obtained during the installation process
Default installation location
Deploy the test service
82
Testing the GridServIT install


Tomcat started
View the list of deployed services:

Point a browser: http://<HOST>:18080/axis

Follow ‘View the list of deployed Web Services’ link
Look for the ‘TestServices’ service


Run the TestService client


Sends a test message which is echoed back
Tomcat stopped
83
Installing PBAC


Tomcat started
PostgreSQL RPMs installed





Supporting database for PBAC configured
PBAC Example service deployed
Tomcat restarted
Test the PBAC installation as a client



Ignore RPM signature warnings - ‘No key errors’
Creates a conversation ID – returns a number
Send & receive a test message
Tomcat stopped
84
Problems with PostgreSQL

An existing installation can cause problems!



Ideally remove out of the way!
Obviously backup existing installation
Install scripts assume a ‘clean’ installation

Permissions file may need to be edited
 /var/lib/pgsql/data/pg_hba.conf

Directory tree may need to be cleaned
 Use initdb command
85
Summary

Basic OMII infrastructure installed

Verify the installation from your client

Re-start the tomcat server
$OMII_BASE_HOME/jakarta-tomcat-5.0.25/bin/
start_base.sh

Run the tests:


invoke_nonPBACTestService
invoke_PBACTestService
86
Installing the
OMII server
Part 2: Installing the Basic Services
87
The Services Distribution

Pre-requisites:

Working base & extensions packs




Tomcat & Axis infrastructure
GridServIT & PBAC handlers
Perl: For the test application (part of SuSE
9.0/RHEL 3.0)
Provides Services:


Functional: Job & Data
Management: Account & Resource Allocation
88
OMII Infrastructure – Services
ExampleService
PBACTestService
PBAC
Job
Data
Allocation
Account
Resource Acct
Mgmt
Mgmt
Servlet Servlet
Happy
Axis
WS-Security
AXIS
Static Webpage
TOMCAT
89
Services Install Scripts

Expand the archive and execute the script:




From /tmp/omii
tar –zxf omii-services-1.2.0.tar.gz
cd omii-services-1.2/services
./OMIIservicesInstall1.pl
90
User Inputs (1/2)

Enter the machine hostname:


Accept the default
Watch the output go past…


See an expanded archive dumped to the screen
Some failed SQL ‘drop’ statements



On installation we ‘drop’ any existing tables
If this is a new installation there are no old tables to be
dropped!
The error message are perfectly normal!
91
User Inputs (2/2)

Installing the test application (GRIATestApp)



Sensible defaults are provided - <CR> to accept
These values can be altered later
Configuration parameters:






Application URI (unique identifier):
 e.g. http://omii.org/GRIATestApp
Relative machine performance
Application memory size
Application storage limit
Number of processors
Upload & download bandwidth limits & costs
92
Interim Summary


Services & the test application are installed
Verify the installation from your client

test-services/testservicesConnection
! Make sure the container is started before
running the test.
93
Running an application


Uses the services and PBAC elements on the
service provider
Basic pre-requisite is an account on the
service provider



Default installation requires the account
application be approved manually
Can be configured for automatic approval
Runs the test application
94
Applying for an account

Your accounts file currently has a single entry



vi ~/OMIICLIENT/testservices/test/Account-test.xml
References your account on omiidemo1
Apply for a new account:

./ogre_client.sh open
test-services/test/Account-test.xml

Use your container details: host name & port #
Generates a second entry in accounts file

95
Examine Your Account Status


As a user (client side)

./ogre_client.sh browse

Highlight new account and examine status (pending)
As a service provider (server side)

http://<HOST>:18080/acct_admin

Username: acct Password: admin
Look at Accounts awaiting credit checks
 Click on ‘ID’ link
 Account Status ‘change’ link
 Approve with credit (e.g. 10000)

96
Invoking the test application




Once your account has been approved…
Run… testservicesApplication
Each service provider in your Accounttest.xml will respond to your work request
The ‘tender’ window now has two responses:

omiidemo1

Your server
97
Summary

Installed the complete OMII stack



Infrastructure: Base & Extensions
Services: Job, Data, Resource Allocation & Account
Seen how to


Approve accounts
Manage user usage through credit limit
98
Installing the
OMII Server
Part 3: Installing the Cauchy
Server Application
99
The Cauchy Install Script

Expand the archive and run the install script:





From: /tmp/omii
tar -zxf omii-application-1.2.0.tar.gz
cd omii-application-1.2/cauchy/server
./OMIIcauchyServerInstall.sh
User Input:




Hostname:
JVM location:
OMII Server location:
Database location, name, username & password:
100
Resource Allocation Admin

Configuring the installed applications



Application Management




GRIATestApp (test application)
Cauchy
http://<HOST>:18080/ra_admin
Username: ra Password: admin
Recall configuration info from services install
Restart tomcat
101
Summary


Installed an application on top of base,
extensions & services
Verify the installation by running the Cauchy
client
102
103
Advanced
Configuration Options
Securing the OMII container with
https
104
AAA Within OMII_1

Authentication


Authorisation


Verified digital signature used within PBAC
Accounting


All messages signed by X.509 certificates
Resource allocation model records quota usage
By default provide non-repudiation but not
confidentiality (http traffic)

Use https to provide message confidentiality
105
Moving from http -> https

Prepare Server Certificates



We will use those obtained during installation
Convert the hosting environment to use https
Convert the client to use https
106
1. Server Certificates for https

Assume:

Default installation location:


OMII_BASE_HOME -> /usr/local/OMII
Use the keystore generated during installation

omii.ks: Contains omii_server & omii_ca certs.

Keystore password: tmpstore
107
Converting the OMII keystore

Within OMII_BASE_HOME:


Change the certificate alias and securing password



Duplicate keystore: cp omii.ks omii.ssl.ks
Copy the omii_server certificate to the tomcat alias:
 keytool –keyclone –alias omii_server
–dest tomcat –keypass tmpkey
–new tmpstore –keystore omii.ssl.ks
Delete the old certificate alias omii_server
 keytool –delete –alias omii_server
–keystore omii.ssl.ks
Verify the change (only tomcat & omii_ca certs):

keytool –list –keystore omii.ssl.ks
108
2a. Converting the container to
https

Alter the server.xml file in:


OMII_BASE_HOME/jakarta-tomcat-5.0.25/conf
Find the commented out SSL configuration:
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443
-->
<!—
<Connector port="8443“ … />
-->
109
2a. Converting the container to
https
Remove the comments (<!-- & -->) and change the text (in bold) to:
<!-- Define a SSL Coyote HTTP/1.1 Connector on port
18443 -->
<Connector port=“18443”
maxThreads=“150” minSpareThreads=“25”
maxSpareThreads=“75”
enableLookups=“false” disableUploadTimeout=“true”
acceptCount=“100”
debug=“0” scheme=“https” secure=“true”
clientAuth=“false” sslProtocol=“TLS”
keystorePass=“tmpstore”
keystoreFile=“OMII_BASE_HOME/omii.ssl.ks”
truststorePass=“tmpstore”
truststoreFile=“OMII_BASE_HOME/omii.ssl.ks”
/>
110

2a. Converting the container to
https

Alter the server.xml file in:
OMII_BASE_HOME/jakarta-tomcat-5.0.25/conf
Find the current http configuration:
<!-- Define a non-SSL Coyote HTTP/1.1
Connector on port 18080 -->
<Connector port="18080" … />

Comment out the above code like this:
<!-- <Connector port="18080“ … />
-->

111
2b. Alter the OMII service
configuration

In the following files replace:


http with https and 18080 with 18443
The files (relative to OMII_BASE_HOME) are:

jakarta-tomcat-5.0.25/webapps/axis/WEB-INF/classes/





jakarta-tomcat-5.0.25/webapps/acct_admin/WEBINF/classes/



acct_service.properties
serviceprovider.properties
jobservice.properties
dataservice.properties
acct_service.properties
serviceprovider.properties
jakarta-tomcat-5.0.25/webapps/axis/WEB-INF/

server-config.wsdd
112
Restarting the OMII server


For the changes to take effect the container must
be stopped and started
Commands in:




OMII_BASE_HOME/jakarta-tomcat-5.0.25/bin
Stop the container: ./shutdown_base.sh
Start the container: ./start_base.sh
Verify the container has been re-configured

Examine the page – https://<HOST>:18443/
113
3. Modifying the Client to use
SSL

In all user inputs & scripts substitute:


Need to alter the account information



Accounts-test.xml
Account-cauchy.xml
Scripts: invoke_PBACTestService &
invoke_nonPBACTestService:


http with https and 18080 with 18443
Change http -> https in Java statements
Run test scripts to verify correct operation
114
Advanced
Configuration Options
Switching to Condor or PBS
115
Switching to Condor or PBS

Job service supports execution on different platforms:




PBS uses POSIX batch scheduling interface


Local resources (default & fully tested)
Condor (demonstrated but not fully tested or supported)
PBS (demonstrated but not fully tested or supported)
 Full PBS test installation on the NGS
Porting to other POSIX systems (e.g. SGE) should be
straightforward!
Demonstration only as the test servers do not have
Condor or PBS
116
Platform Scripts


Abstract platform dependent configuration from
the job service
Located in:
OMII_BASE_HOME/demo/demo/wrappers/platform

Consult the documentation for more details:

Services -> Installation -> Platform Models
117
For PBS examine rm_pbs

Each platform directory has three scripts:




Configure the script for your local environment:



RM_PATH=/opt/pbs/bin
RM_SERVER=localhost
Assumes:


startJob.sh
getJobStatus.pl
killJob.pl
omii_tomcat_user can submit jobs to PBS
Can configure for submission into a specific queue
118
Advanced
Configuration Options
Removing our software
119
Removing our software


Each installer has its own uninstall scripts
To remove completely, execute in order:




All located in OMII_BASE_HOME


OMIIservicesUninstall.pl
OMIIextensionUninstall.sh
OMIIbaseuninstall.sh
Default: /usr/local/OMII
Obvious dependencies between packages

i.e. services will not work without base
120
Where to go from
here?
121
If you have questions…



Talk to the instructors now
Look at the (extensive) documentation later
Talk to us about your needs


Feature requests, enhancements, etc.
Let us know what we can do to help you:


Professional services
Contact with the developer teams
122
Support

Web: http://www.omii.ac.uk


Follow links  Downloads  Feedback
Email: support@omii.ac.uk
123
Finally…

Any questions…
124
Download