Skip to content
This repository
Newer
Older
100644 631 lines (474 sloc) 24.722 kb
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
1
2
cef5be6e » Mark Somers
2007-11-03 Updated documentation...
3
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
4 HOW TO SETUP LGI
5 ----------------
6
7 In this document a howto is presented on the setup of LGI. The document
8f6c181d » Mark Somers
2007-12-05 Removed typo...
8 is divided into four parts. Part I will show you how to setup a resource
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
9 within an existing LGI project, part II will show you how to setup a new
cef5be6e » Mark Somers
2007-11-03 Updated documentation...
10 LGI project with a project server. Part III will show you how to add an
11 extra project server into an existing LGI project. The last part part IV
12 will detail on the maintenance of your LGI project servers.
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
13
a619be8c » Mark Somers
2011-03-11 Updated code and doc and can now reload config in daemon...
14 NOTE: For RHEL 5 and 6 based system, .spec files are present in the specs
15 directory to build .rpm files.
16
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
17
18
19 Part I : Howto setup a resource
20 -------------------------------
21
a619be8c » Mark Somers
2011-03-11 Updated code and doc and can now reload config in daemon...
22 NOTE: For RHEL 5 and 6 based system, .spec files are present in the specs
23 directory to build .rpm files. The rpm make installing a resource easier!
24
cef5be6e » Mark Somers
2007-11-03 Updated documentation...
25 Setting up a resource within an LGI project is rather easy. Just follow the
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
26 following steps:
27
cef5be6e » Mark Somers
2007-11-03 Updated documentation...
28 - Untar or checkout the source tree in '~/LGI'.
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
29
92b19c28 » Mark Somers
2007-12-05 Updated tools and documentation...
30 - Get in contact with the project administrator to get the X.509 certificate
3066fbda » Mark Somers
2008-10-08 Updated documentation a bit...
31 and a private key for your resource.
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
32
33 - Copy the key and certificate files into the '~/LGI/certificates' directory.
34
35 - Make sure that libcurl is installed. Visit http://curl.haxx.se/libcurl/ if
3066fbda » Mark Somers
2008-10-08 Updated documentation a bit...
36 you do not have this yet.
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
37
8eb09e1e » Mark Somers
2010-06-26 Added python dir and moved src...
38 - Go to the '~/LGI/src' directory and invoke make. If you have a different
39 compiler installed than GNU's g++, or you have libcurl installed in a
40 different location, adjust the first few lines of the file Makefile to
3066fbda » Mark Somers
2008-10-08 Updated documentation a bit...
41 your needs.
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
42
43 - If you want, you can also invoke make with the 'make install' command. If
8eb09e1e » Mark Somers
2010-06-26 Added python dir and moved src...
44 you do that the directory '~/LGI/bin' will be created and you can include
45 that in your PATH for convencience.
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
46
47 - Edit the '~/LGI/daemon/LGI.cfg' example configuration file. It has been
3066fbda » Mark Somers
2008-10-08 Updated documentation a bit...
48 setup to run the hello_world application by just simple forking scripts.
49 Other example scripts on how to use the 'hello_world' example using Torque
852bb004 » Mark Somers
2008-11-26 Updated documentation...
50 / PBS or LoadLeveler are included to in the corresponding '~/LGI/daemon/
3066fbda » Mark Somers
2008-10-08 Updated documentation a bit...
51 hello_world_XX_scripts' subdirectories. Please make sure you refer to
52 the right LGI project server, use the correct project name and use the
53 correct private key and certificate files from the '~/LGI/certificates'
54 directory. Also be sure to use absolute paths in the configuration file
55 so it is possible to invoke the daemon from any other directory. Finally
56 set the run directory correctly if you do not want it to be the default.
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
57
cef5be6e » Mark Somers
2007-11-03 Updated documentation...
58 - Start the daemon by invoking the daemon like:
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
59
8eb09e1e » Mark Somers
2010-06-26 Added python dir and moved src...
60 ~/LGI/daemon/bin/LGI_daemon -d -l ~/LGI/daemon/LGI.log ~/LGI/daemon/LGI.cfg
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
61
3066fbda » Mark Somers
2008-10-08 Updated documentation a bit...
62 You can now inspect the log file '~/LGI/daemon/LGI.log' and see if everything
63 was setup correctly.
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
64
cef5be6e » Mark Somers
2007-11-03 Updated documentation...
65 - You can gracefully stop the dameon by sending it a 'kill' signal:
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
66
cef5be6e » Mark Somers
2007-11-03 Updated documentation...
67 killall LGI_daemon
68
3066fbda » Mark Somers
2008-10-08 Updated documentation a bit...
69 While the daemon is running, you can edit the configuration file without any
70 problems. You can also edit the scripts in the mean time, only newly spawned
71 jobs will be affected by these changes.
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
72
7167a895 » Mark Somers
2008-10-14 Updated screenshots and docs...
73 Keep in mind for a project administrator, you should also include the new resource
74 into the projects database. See part IV for an example.
4cb6f88c » Mark Somers
2008-10-08 Updated daemon to handle capabilities, updated qstat and beautfied ou…
75
a619be8c » Mark Somers
2011-03-11 Updated code and doc and can now reload config in daemon...
76 NOTE: For RHEL 5 and 6 based system, .spec files are present in the specs
77 directory to build .rpm files.
78
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
79
80
81 Part II : Howto setup a project server
82 --------------------------------------
83
84 Setting up your own project is not too hard either. You can decide to be
16706672 » Mark Somers
2007-12-06 Updated documentation...
85 a fully independent project by setting up your own X.509 Certificate
86 Authority, or you can decide to be a sub project and thus be an X.509 sub-CA
87 of the LGI-CA. In this part, it is shown how to become an independant project
a619be8c » Mark Somers
2011-03-11 Updated code and doc and can now reload config in daemon...
88 and be your own X.509 CA.
89
90 NOTE: One perhaps should use TinyCA (http://tinyca.sm-zone.net/) for managing
91 certificates and keys for your project.
92
93 NOTE: For RHEL 5 and 6 based system, .spec files are present in the specs
94 directory to build .rpm files. The rpm automatically installs a project LGI
95 and gives a working setup but excludes the MySQL and PHP APC optimizations
96 detailed below!
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
97
3c2d4dfd » Mark Somers
2008-10-29 Adapted some pbs run scripts, addes pbs sadvr scripts, updated docs...
98 - Make sure libcurl, Perl, PHP, MySQL, Apache and OpenSSL are installed on
99 your system.
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
100
101 - Make sure MySQL is configured correctly and mysqld is running.
102
be3a8de9 » Mark Somers
2009-05-25 Updated docs to mention APC PHP PECL module...
103 - Make sure PHP is configured correctly. It is highly recommended that you
104 also correctly instal PHP PEAR so that you can install the APC PHP PECL
105 module too. It will enable caching of PHP bytecode from the ZEND engine
106 and enhance the PHP performance significantly.
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
107
108 - Switch to the user apache and make sure you install the source tree
4cb6f88c » Mark Somers
2008-10-08 Updated daemon to handle capabilities, updated qstat and beautfied ou…
109 into the home of user apache where it will be served:
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
110
111 sudo su -l -s /bin/bash apache
112
cef5be6e » Mark Somers
2007-11-03 Updated documentation...
113 tar -zxf LGI.tar.gz -C /var/www/html
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
114
733f18e5 » Mark Somers
2011-09-14 Changed doc, implemented xml comments and BaseName...
115 A better approach is to create a user LGI on the project server and make the
116 user apache also member of the LGI group. In this case all files should be
117 group readable, the repository directory should be 'sticky' and all
118 directories should be group executable. The default settings in the .tar.gz
119 file take care of this. The .rpm installation also takes care of this,
120 uses the LGI username and also implements init scripts.
121
d1863616 » Mark Somers
2007-12-05 Removed typos's
122 - Use OpenSSL to create a CA private key and certificate with which you can
4cb6f88c » Mark Somers
2008-10-08 Updated daemon to handle capabilities, updated qstat and beautfied ou…
123 create and sign your project server, resource and client certificates:
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
124
4cb6f88c » Mark Somers
2008-10-08 Updated daemon to handle capabilities, updated qstat and beautfied ou…
125 Start by creating a private key for your CA:
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
126
127 openssl genrsa -out /var/www/html/LGI/certificates/exampleCA.key 4096
128
4cb6f88c » Mark Somers
2008-10-08 Updated daemon to handle capabilities, updated qstat and beautfied ou…
129 Then create an X.509 selfsigned certificate for it:
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
130
131 openssl req -new -x509 -days 365 -set_serial 0 -extensions v3_ca
132 -key /var/www/html/LGI/certificates/exampleCA.key
133 -out /var/www/html/LGI/certificates/exampleCA.crt
134
4cb6f88c » Mark Somers
2008-10-08 Updated daemon to handle capabilities, updated qstat and beautfied ou…
135 and create a CA serial number file:
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
136
137 echo "0100" > /var/www/html/LGI/certificates/exampleCA.srl
138
4cb6f88c » Mark Somers
2008-10-08 Updated daemon to handle capabilities, updated qstat and beautfied ou…
139 Now create a private key for your server:
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
140
141 openssl genrsa -out /var/www/html/LGI/certificates/exampleserver.key 4096
142
4cb6f88c » Mark Somers
2008-10-08 Updated daemon to handle capabilities, updated qstat and beautfied ou…
143 Then create a sign request for it:
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
144
145 openssl req -new -key /var/www/html/LGI/certificates/exampleserver.key
146 -out /var/www/html/LGI/certificates/exampleserver.crs
147
a61b8f12 » Mark Somers
2011-09-19 Updated docs...
148 and in filling in the commonname of the server certificate, be sure to use the
4cb6f88c » Mark Somers
2008-10-08 Updated daemon to handle capabilities, updated qstat and beautfied ou…
149 correct LGI format 'apache@exampleserver.somewhere.org; exampleprojectname'.
733f18e5 » Mark Somers
2011-09-14 Changed doc, implemented xml comments and BaseName...
150 If you decided to use a special LGI username; make sure you use the correct
151 commonname accordingly.
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
152
4cb6f88c » Mark Somers
2008-10-08 Updated daemon to handle capabilities, updated qstat and beautfied ou…
153 Now create the CA signed server certificate from this request:
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
154
155 openssl x509 -req -in /var/www/html/LGI/certificates/exampleserver.crs
156 -days 365 -CA /var/www/html/LGI/certificates/exampleCA.crt
157 -CAkey /var/www/html/LGI/certificates/exampleCA.key
158 -CAserial /var/www/html/LGI/certificates/exampleCA.srl
159 -out /var/www/html/LGI/certificates/exampleserver.crt
160
4cb6f88c » Mark Somers
2008-10-08 Updated daemon to handle capabilities, updated qstat and beautfied ou…
161 You should now safely store the CA private key file somewere not on
162 this server computer that is conected to the internet. Or, at least, if
163 you do not do that, encrypt the file using a password protection:
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
164
92b19c28 » Mark Somers
2007-12-05 Updated tools and documentation...
165 openssl aes-256-cbc -e -in /var/www/html/LGI/certificates/exampleCA.key
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
166 -out /var/www/html/LGI/certificates/exampleCA.key.aes; rm
167 /var/www/html/LGI/certificates/exampleCA.key
168
4cb6f88c » Mark Somers
2008-10-08 Updated daemon to handle capabilities, updated qstat and beautfied ou…
169 Now copy the public certificates to a place that Apache will serve:
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
170
171 cp /var/www/html/LGI/certificates/exampleCA.crt /var/www/html/LGI
172
173 cp /var/www/html/LGI/certificates/exampleserver.crt /var/www/html/LGI
174
733f18e5 » Mark Somers
2011-09-14 Changed doc, implemented xml comments and BaseName...
175 - Next create a certificate for Apache itself. The previously generated
176 certificate is used by the scheduler running as apache or LGI on the project
177 server. Apache itself also needs a certificate to identify itself to resources
178 and interfacing communicating with the project server. Keep in mind in this
179 Apache certificate (the 'exampleserver_apache' files in this manual below) the
180 commonname should be the fully qualified hostname. It can also be signed
181 by the CA setup in the previous step. If you choose not to use another
182 certificate for your Apache with the correct fully quallified hostname as
183 the commonname, be aware that you need to relax the checkings of resources
184 with their daemons and the command line interface utilities through the '-W'
185 option.
186
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
187 - Make sure Apache is setup correctly to use client and server certificates
4cb6f88c » Mark Somers
2008-10-08 Updated daemon to handle capabilities, updated qstat and beautfied ou…
188 for https and check that the following options have been set correctly into
82396b82 » Mark Somers
2010-07-05 Updated documentation...
189 the https (virtual host) configuration:
4cb6f88c » Mark Somers
2008-10-08 Updated daemon to handle capabilities, updated qstat and beautfied ou…
190
09116d73 » Mark Somers
2010-07-04 Updated docs a bit...
191 SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
192 SSLSessionCacheTimeout 5
82396b82 » Mark Somers
2010-07-05 Updated documentation...
193
733f18e5 » Mark Somers
2011-09-14 Changed doc, implemented xml comments and BaseName...
194 SSLCertificateFile /var/www/html/LGI/certificates/exampleserver_apache.crt
195 SSLCertificateKeyFile /var/www/html/LGI/certificates/exampleserver_apache.key
4cb6f88c » Mark Somers
2008-10-08 Updated daemon to handle capabilities, updated qstat and beautfied ou…
196 SSLCertificateChainFile /var/www/html/LGI/certificates/exampleCA.crt
197 SSLCACertificateFile /var/www/html/LGI/certificates/exampleCA.crt
198 SSLVerifyClient require
199 SSLVerifyDepth 5
200 SSLOptions +ExportCertData
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
201
4cb6f88c » Mark Somers
2008-10-08 Updated daemon to handle capabilities, updated qstat and beautfied ou…
202 <Files ~ "\.(cgi|shtml|phtml|php3?)$">
203 SSLOptions +StdEnvVars
204 </Files>
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
205
4cb6f88c » Mark Somers
2008-10-08 Updated daemon to handle capabilities, updated qstat and beautfied ou…
206 Also make sure the AccessFileName has been set correctly in the Apache main
5eb0596e » Mark Somers
2008-10-09 Added PUT capabilities into LGI for repositories... updated documenta…
207 configuration so that the LGI document tree can be protected by .htaccess
09116d73 » Mark Somers
2010-07-04 Updated docs a bit...
208 files (if desired), make sure the important directories are carefully
209 protected and for performance reasons, make sure KeepAlive is turned on,
210 KeepAliveTimeOut is set low and MaxKeepAliveRequests set high in the
82396b82 » Mark Somers
2010-07-05 Updated documentation...
211 main server configuration of Apache. Also make sure the Timeout is not to
212 high and no DNS queries are perfomed for each request:
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
213
4cb6f88c » Mark Somers
2008-10-08 Updated daemon to handle capabilities, updated qstat and beautfied ou…
214 DocumentRoot "/var/www/html"
215 AccessFileName .htaccess
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
216
82396b82 » Mark Somers
2010-07-05 Updated documentation...
217 HostnameLookups off
218 Timeout 15
09116d73 » Mark Somers
2010-07-04 Updated docs a bit...
219 KeepAlive On
220 KeepAliveTimeout 1
221 MaxKeepAliveRequests 100
82396b82 » Mark Somers
2010-07-05 Updated documentation...
222
223 <Directory />
224 Options FollowSymLinks
225 AllowOverride None
226 </Directory>
09116d73 » Mark Somers
2010-07-04 Updated docs a bit...
227
4cb6f88c » Mark Somers
2008-10-08 Updated daemon to handle capabilities, updated qstat and beautfied ou…
228 <Directory "/var/www/html/LGI">
83677caf » Mark Somers
2010-06-28 Removed some typos...
229 AllowOverride All
4cb6f88c » Mark Somers
2008-10-08 Updated daemon to handle capabilities, updated qstat and beautfied ou…
230 </Directory>
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
231
5eb0596e » Mark Somers
2008-10-09 Added PUT capabilities into LGI for repositories... updated documenta…
232 <Directory "/var/www/html/LGI/repository/JOB_*">
6798c875 » Mark Somers
2008-10-16 Updated docs and secures Apache a bit more...
233 AllowOverride None
234 Options -ExecCGI
5eb0596e » Mark Somers
2008-10-09 Added PUT capabilities into LGI for repositories... updated documenta…
235 php_flag engine off
236 SSLRequireSSL
3b2df45f » Mark Somers
2008-10-14 Updated to more secure Apache config...
237 SSLRequire ( %{SSL_CLIENT_VERIFY} == "SUCCESS" )
527cb8c5 » Mark Somers
2008-10-13 Relocated put.cgi script into repository dir...
238 Script PUT /LGI/repository/put.cgi
01927953 » Mark Somers
2008-10-14 Added support for DELETE method into config and docs...
239 Script DELETE /LGI/repository/delete.cgi
527cb8c5 » Mark Somers
2008-10-13 Relocated put.cgi script into repository dir...
240 <Limit GET PUT DELETE>
5eb0596e » Mark Somers
2008-10-09 Added PUT capabilities into LGI for repositories... updated documenta…
241 Allow from all
242 </Limit>
243 </Directory>
244
24447b69 » Mark Somers
2008-10-09 Updated documentation and configuration of Apache for security...
245 <Directory "/var/www/html/LGI/repository">
5eb0596e » Mark Somers
2008-10-09 Added PUT capabilities into LGI for repositories... updated documenta…
246 Deny from all
02544e4e » Mark Somers
2008-10-12 Added repo listing API and updated docs a bit...
247 <Files "repository_content.php">
248 SSLRequireSSL
3b2df45f » Mark Somers
2008-10-14 Updated to more secure Apache config...
249 SSLRequire ( %{SSL_CLIENT_VERIFY} == "SUCCESS" )
02544e4e » Mark Somers
2008-10-12 Added repo listing API and updated docs a bit...
250 Allow from all
251 </Files>
527cb8c5 » Mark Somers
2008-10-13 Relocated put.cgi script into repository dir...
252 <Files "put.cgi">
253 SSLRequireSSL
3b2df45f » Mark Somers
2008-10-14 Updated to more secure Apache config...
254 SSLRequire ( %{SSL_CLIENT_VERIFY} == "SUCCESS" )
527cb8c5 » Mark Somers
2008-10-13 Relocated put.cgi script into repository dir...
255 Allow from all
256 Options +ExecCGI
257 AddHandler cgi-script .cgi
258 </Files>
01927953 » Mark Somers
2008-10-14 Added support for DELETE method into config and docs...
259 <Files "delete.cgi">
260 SSLRequireSSL
3b2df45f » Mark Somers
2008-10-14 Updated to more secure Apache config...
261 SSLRequire ( %{SSL_CLIENT_VERIFY} == "SUCCESS" )
01927953 » Mark Somers
2008-10-14 Added support for DELETE method into config and docs...
262 Allow from all
263 Options +ExecCGI
264 AddHandler cgi-script .cgi
265 </Files>
24447b69 » Mark Somers
2008-10-09 Updated documentation and configuration of Apache for security...
266 </Directory>
267
268 <Directory "/var/www/html/LGI/inc">
269 Deny from all
270 </Directory>
271
e6cc32d2 » Mark Somers
2008-10-09 Updated Apache config and added .htaccess files in subdirectories...
272 <Directory "/var/www/html/LGI/tools">
273 Deny from all
274 </Directory>
275
276 <Directory "/var/www/html/LGI/daemon">
277 Deny from all
278 </Directory>
279
8eb09e1e » Mark Somers
2010-06-26 Added python dir and moved src...
280 <Directory "/var/www/html/LGI/src">
281 Deny from all
282 </Directory>
83677caf » Mark Somers
2010-06-28 Removed some typos...
283
8eb09e1e » Mark Somers
2010-06-26 Added python dir and moved src...
284 <Directory "/var/www/html/LGI/bin">
285 Deny from all
286 </Directory>
83677caf » Mark Somers
2010-06-28 Removed some typos...
287
288 <Directory "/var/www/html/LGI/python">
289 Deny from all
290 </Directory>
42bce3e7 » Mark Somers
2011-01-08 Added spec files to build RPMs on RHEL systems...
291
292 <Directory "/var/www/html/LGI/specs">
293 Deny from all
294 </Directory>
8eb09e1e » Mark Somers
2010-06-26 Added python dir and moved src...
295
8ede8b57 » Mark Somers
2010-06-06 Updated tools, docs and added pulse check query into scheduler...
296 <Directory "/var/www/html/LGI/scheduler">
297 Deny from all
298 </Directory>
299
24447b69 » Mark Somers
2008-10-09 Updated documentation and configuration of Apache for security...
300 <Directory "/var/www/html/LGI/certificates">
301 Deny from all
302 </Directory>
303
304 <Directory "/var/www/html/LGI/basic_interface">
305 php_value upload_max_filesize 16M
306 php_value post_max_size 16M
307 </Directory>
308
309 <Directory "/var/www/html/LGI/interfaces">
310 php_value upload_max_filesize 16M
311 php_value post_max_size 16M
312 </Directory>
313
314 <Directory "/var/www/html/LGI/resources">
315 php_value upload_max_filesize 16M
316 php_value post_max_size 16M
317 </Directory>
318
5eb0596e » Mark Somers
2008-10-09 Added PUT capabilities into LGI for repositories... updated documenta…
319 Make sure you have an .htaccess file in the '/var/www/html/LGI/certificates',
8eb09e1e » Mark Somers
2010-06-26 Added python dir and moved src...
320 '/var/www/html/LGI/inc', '/var/www/html/LGI/tools', '/var/www/html/LGI/daemon',
189b0c07 » Mark Somers
2011-01-08 Update doc...
321 '/var/www/html/LGI/scheduler', '/var/www/html/LGI/src', '/var/www/html/LGI/bin',
322 '/var/www/html/LGI/specs' and '/var/www/html/LGI/python' directories with the
323 content:
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
324
4cb6f88c » Mark Somers
2008-10-08 Updated daemon to handle capabilities, updated qstat and beautfied ou…
325 Deny from all
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
326
02544e4e » Mark Somers
2008-10-12 Added repo listing API and updated docs a bit...
327 Make sure you have an .htaccess file in the '/var/www/html/LGI/repository'
328 directory with the content:
329
6316bf86 » Mark Somers
2008-10-12 Removed error in docs...
330 Deny from all
331 <Files "repository_content.php">
332 SSLRequireSSL
3b2df45f » Mark Somers
2008-10-14 Updated to more secure Apache config...
333 SSLRequire ( %{SSL_CLIENT_VERIFY} == "SUCCESS" )
6316bf86 » Mark Somers
2008-10-12 Removed error in docs...
334 Allow from all
335 </Files>
527cb8c5 » Mark Somers
2008-10-13 Relocated put.cgi script into repository dir...
336 <Files "put.cgi">
337 SSLRequireSSL
3b2df45f » Mark Somers
2008-10-14 Updated to more secure Apache config...
338 SSLRequire ( %{SSL_CLIENT_VERIFY} == "SUCCESS" )
527cb8c5 » Mark Somers
2008-10-13 Relocated put.cgi script into repository dir...
339 Allow from all
340 Options +ExecCGI
341 AddHandler cgi-script .cgi
342 </Files>
01927953 » Mark Somers
2008-10-14 Added support for DELETE method into config and docs...
343 <Files "delete.cgi">
344 SSLRequireSSL
3b2df45f » Mark Somers
2008-10-14 Updated to more secure Apache config...
345 SSLRequire ( %{SSL_CLIENT_VERIFY} == "SUCCESS" )
01927953 » Mark Somers
2008-10-14 Added support for DELETE method into config and docs...
346 Allow from all
347 Options +ExecCGI
348 AddHandler cgi-script .cgi
349 </Files>
02544e4e » Mark Somers
2008-10-12 Added repo listing API and updated docs a bit...
350
5eb0596e » Mark Somers
2008-10-09 Added PUT capabilities into LGI for repositories... updated documenta…
351 Make sure you have an .htaccess file in the directories
24447b69 » Mark Somers
2008-10-09 Updated documentation and configuration of Apache for security...
352 '/var/www/html/LGI/basic_interface', '/var/www/html/LGI/interfaces' and
353 '/var/www/html/LGI/resources' with the following content:
354
355 php_value upload_max_filesize 16M
356 php_value post_max_size 16M
357
ba6131e0 » Mark Somers
2009-01-10 Added safety 'index.html' files and updated docs...
358 Make sure you have an 'index.html' file in the subdirectories
359 '/var/www/html/LGI/repository', '/var/www/html/LGI/inc',
360 '/var/www/html/LGI/interfaces', '/var/www/html/LGI/servers'
361 '/var/www/html/LGI/resources', '/var/www/html/LGI/daemon',
8eb09e1e » Mark Somers
2010-06-26 Added python dir and moved src...
362 '/var/www/html/LGI/tools', '/var/www/html/LGI/certificates',
83677caf » Mark Somers
2010-06-28 Removed some typos...
363 '/var/www/html/LGI/src', '/var/www/html/LGI/bin',
189b0c07 » Mark Somers
2011-01-08 Update doc...
364 '/var/www/html/LGI/python', '/var/www/html/LGI/specs' and
365 '/var/www/html/LGI/scheduler' with the content:
ba6131e0 » Mark Somers
2009-01-10 Added safety 'index.html' files and updated docs...
366
367 <html>
368 ! No browsing allowed !
369 </html>
370
82396b82 » Mark Somers
2010-07-05 Updated documentation...
371 For high performance, make sure you scale the Apache MPM settings to your
372 needs taking the amount of RAM your server has into account:
373
374 http://httpd.apache.org/docs/2.2/mod/prefork.html
375 http://www.ibm.com/developerworks/linux/library/l-tune-lamp-2.html
376
377 It is also advised to set the net.ipv4.tcp_fin_timeout to 15s or less with
378 the sysctl command. Make this setting permanent by adding it into the file
379 /etc/sysctl.conf. This setting will make sure that keep-alive connections,
380 when closed by Apache, do not linger to long until the client finaly closes
381 the socket.
382
4cb6f88c » Mark Somers
2008-10-08 Updated daemon to handle capabilities, updated qstat and beautfied ou…
383 Finally check your Apache configuration with the 'apachectl configtest' command.
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
384
6798c875 » Mark Somers
2008-10-16 Updated docs and secures Apache a bit more...
385 !!!!! WORD OF CAUTION !!!!!
386
387 The above configuration of Apache seems superfluous but ensures a secure
388 environment. Please be very carefull when diverting from the above
389 suggested configuration. Web application security is a complicated matter
390 and a lot of care has been taken to ensure a secure default configuration
82396b82 » Mark Somers
2010-07-05 Updated documentation...
391 that will work out-of-the box mostly tuned for performance.
6798c875 » Mark Somers
2008-10-16 Updated docs and secures Apache a bit more...
392
393 !!!!! WORD OF CAUTION !!!!!
394
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
395 - Now create a MySQL user and database for your project with the database
4cb6f88c » Mark Somers
2008-10-08 Updated daemon to handle capabilities, updated qstat and beautfied ou…
396 name equal to your project name "exampleprojectname":
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
397
398 mysqladmin -u root password "yourmysqlrootpassword"
399
400 mysqladmin -u root -p create "exampleprojectname"
401
402 echo 'GRANT ALL PRIVILEGES ON exampleprojectname.* to
403 "examplemysqluser"@"localhost" IDENTIFIED BY "examplemysqluserpasswd"'
404 | mysql -u root -p mysql
405
406 mysql -u examplemysqluser -p exampleprojectname < /var/www/html/LGI/LGI.db
407
b4521194 » Mark Somers
2010-07-13 Tweaked MySQL setup and updated stats...
408 For high performance reasons you might want to set the the following options
409 in /etc/my.cnf for MySQL if you have enough resources available:
410
411 table_cache = 512
412 max_connections = 128
413 query_cache_size = 128M
414 key_buffer_size = 128M
415 sort_buffer_size = 128M
f130982b » Mark Somers
2010-07-13 Removed typo...
416 query_cache_type = 1
b4521194 » Mark Somers
2010-07-13 Tweaked MySQL setup and updated stats...
417 thread_cache_size = 64
418 innodb_log_buffer_size = 16M
419 innodb_flush_method = O_DIRECT
420 innodb_fast_shutdown = 1
421 innodb_flush_log_at_trx_commit = 0
422 innodb_log_archive = 0
423 innodb_buffer_pool_size = 2048M
424 innodb_additional_mem_pool_size = 8M
210e8ec7 » Mark Somers
2010-07-14 Removed ORDER BY from queries, updated indices, updated docs and stat…
425 innodb_file_io_threads = 32
b4521194 » Mark Somers
2010-07-13 Tweaked MySQL setup and updated stats...
426 innodb_lock_wait_timeout = 50
427 innodb_thread_concurrency = 32
428
429 See the LGI.pdf document for more details on scaling and performance.
8dc87b65 » Mark Somers
2010-07-08 Removed a race-condition and optimized locks for resources...
430
8ede8b57 » Mark Somers
2010-06-06 Updated tools, docs and added pulse check query into scheduler...
431 - Insert your project server entry into the database by using the database
432 management tool:
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
433
8ede8b57 » Mark Somers
2010-06-06 Updated tools, docs and added pulse check query into scheduler...
434 /var/www/html/LGI/tools/ManageDB add resources allowed exampleprojectname
435 localhost examplemysqluser examplemysqluserpasswd
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
436
8ede8b57 » Mark Somers
2010-06-06 Updated tools, docs and added pulse check query into scheduler...
437 Enter resource name: apache@exampleserver.somewhere.org
438 Enter resource url: https://exampleserver.somewhere.org/LGI
a61b8f12 » Mark Somers
2011-09-19 Updated docs...
439 Enter certificate file: /var/www/html/LGI/certificates/exampleserver.crt
8ede8b57 » Mark Somers
2010-06-06 Updated tools, docs and added pulse check query into scheduler...
440 Enter project server flag: 1
1cfb158b » Mark Somers
2010-10-26 Updated some pending stuff...
441 Enter servers to update: any
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
442
1cfb158b » Mark Somers
2010-10-26 Updated some pending stuff...
443 Just make sure you set the servers to be updated to 'any'. This will
444 make sure that this insert is recorded as update nr 1 and when adding
445 slave servers later on, everything will be automatically synchronized.
8ede8b57 » Mark Somers
2010-06-06 Updated tools, docs and added pulse check query into scheduler...
446
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
447 - Make sure you edit the project web server configuration file
4cb6f88c » Mark Somers
2008-10-08 Updated daemon to handle capabilities, updated qstat and beautfied ou…
448 '/var/www/html/LGI/inc/Config.inc':
449
450 $Config[ "SERVER_URL" ] = "https://exampleserver.somewhere.org/LGI";
451 $Config[ "SERVER_NAME" ] = "apache@exampleserver.somewhere.org";
452 $Config[ "SERVER_SSL_CERTIFICATE_FILE" ] = "../certificates/exampleserver.crt";
453 $Config[ "SERVER_SSL_KEY" ] = "../certificates/exampleserver.key";
454 $Config[ "SERVER_SSL_CA_CERTIFICATE_URL" ] =
455 "https://exampleserver.somewhere.org/LGI/exampleCA.crt";
456 $Config[ "SERVER_SSL_CA_CERTIFICATE_FILE" ] = "../certificates/exampleCA.crt";
457 $Config[ "MYSQL_URL" ] = "localhost";
458 $Config[ "MYSQL_USER" ] = "examplemysqluser";
459 $Config[ "MYSQL_PASSWD" ] = "examplemusqluserpasswd";
460 $Config[ "MYSQL_DEFAULT_DATABASE" ] = "exampleprojectname";
461 $Config[ "REPOSITORY_DIRECTORY" ] = "/var/www/html/LGI/repository";
462 $Config[ "REPOSITORY_SERVER_NAME" ] = $Config[ "SERVER_NAME" ];
463 $Config[ "REPOSITORY_URL" ] = $Config[ "SERVER_URL" ]."/repository";
464
8ede8b57 » Mark Somers
2010-06-06 Updated tools, docs and added pulse check query into scheduler...
465 - Edit the /var/www/html/LGI/scheduler/scheduler.php file if more than one
466 project is configured. Just uncomment the required array_push lines to
467 add your projects to the list:
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
468
8ede8b57 » Mark Somers
2010-06-06 Updated tools, docs and added pulse check query into scheduler...
469 array_push( $Projects, "secondprojectname" );
470 array_push( $Projects, "thirdprojectname" );
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
471
8fd6300d » Mark Somers
2010-06-06 Updated docs...
472 Each project has an independant database on the web server, by creating a
473 second database, as described above, a second project has been setup.
474
53c86f60 » Mark Somers
2010-07-14 Updated doc for scheduler...
475 Edit the /var/www/html/LGI/scheduler/check_running script to use the correct
476 LGI_ROOT directory to run the scheduler. Now you can start the scheduler on
477 the background like:
8ede8b57 » Mark Somers
2010-06-06 Updated tools, docs and added pulse check query into scheduler...
478
53c86f60 » Mark Somers
2010-07-14 Updated doc for scheduler...
479 /var/www/html/LGI/scheduler/check_running
480
481 You can also add a crontab entry to automatically check if the scheduler is
482 running once per hour:
483
a61b8f12 » Mark Somers
2011-09-19 Updated docs...
484 MAILTO=""
53c86f60 » Mark Somers
2010-07-14 Updated doc for scheduler...
485 1 * * * * /var/www/html/LGI/scheduler/check_running
02544e4e » Mark Somers
2008-10-12 Added repo listing API and updated docs a bit...
486
8fd6300d » Mark Somers
2010-06-06 Updated docs...
487 Your project servers has been setup now and can be used!
488
a619be8c » Mark Somers
2011-03-11 Updated code and doc and can now reload config in daemon...
489 NOTE: For RHEL 5 and 6 bases system, .spec files are present in the specs
490 directory to build .rpm files. The rpm automatically installs a working
491 project LGI but the MySQL and python APC optimisations detailed above
492 have not been implemented into the rpm installation yet!
493
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
494
495
496 Part III : Howto setup a second slave project server
497 ----------------------------------------------------
498
499 After having successfully setup your first LGI master project server yourself,
cef5be6e » Mark Somers
2007-11-03 Updated documentation...
500 adding slave servers is fairly straightforward. Follow the same procedure on
501 the slave server as was described in part II for the master server, but now
502 there is no need to setup a CA. You only have to generate a server key and a
503 certificate request for the slave server, and obviously sign that request with
a61b8f12 » Mark Somers
2011-09-19 Updated docs...
504 your CA certificate. Also keep in mind that for the slave server Apache
733f18e5 » Mark Somers
2011-09-14 Changed doc, implemented xml comments and BaseName...
505 configuration an extra certificate is needed with the commonname set to the
506 correct fully quallified hostname.
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
507
fec1e2a8 » Mark Somers
2007-11-02 Updated setup text...
508 However, at the point where you insert the server entry into the fresh database
509 in part II, use that command now to insert the MASTER server data into the
510 slave database:
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
511
8fd6300d » Mark Somers
2010-06-06 Updated docs...
512 (on the slave server)
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
513
514 wget https://exampleserver.somewhere.org/exampleCA.crt
515 -O /var/www/html/LGI/certificates/exampleCA.crt
516
517 wget https://exampleserver.somewhere.org/exampleserver.crt
518 -O /var/www/html/LGI/certificates/exampleserver.crt
519
8ede8b57 » Mark Somers
2010-06-06 Updated tools, docs and added pulse check query into scheduler...
520 /var/www/html/LGI/tools/ManageDB add resources allowed exampleprojectname
521 localhost exampleslavemysqluser exampleslavemysqluserpasswd
522
523 Enter resource name: apache@exampleserver.somewhere.org
524 Enter resource url: https://exampleserver.somewhere.org/LGI
525 Enter certificate file: /var/www/html/LGI/certificates/exampleserver.crt
526 Enter project server flag: 1
1cfb158b » Mark Somers
2010-10-26 Updated some pending stuff...
527 Enter servers to update: any
528
529 Again be sure to set the servers to be updated to 'any'. This will make sure
530 that the first update of this slave and of the master server are synchronized.
531 All other updates from the master server (including the addition of this
a61b8f12 » Mark Somers
2011-09-19 Updated docs...
532 slave below) will be automatically picked up by this slave once the scheduler
533 runs.
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
534
1cfb158b » Mark Somers
2010-10-26 Updated some pending stuff...
535 Now insert the slave server details into the master server database:
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
536
8fd6300d » Mark Somers
2010-06-06 Updated docs...
537 (on the master server)
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
538
539 wget https://exampleslaveserver.somewhere.org/exampleslaveserver.crt
540 -O /var/www/html/LGI/certificates/exampleslaveserver.crt
541
8ede8b57 » Mark Somers
2010-06-06 Updated tools, docs and added pulse check query into scheduler...
542 /var/www/html/LGI/tools/ManageDB add resources allowed exampleprojectname
543 localhost examplemysqluser examplemysqluserpasswd
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
544
8ede8b57 » Mark Somers
2010-06-06 Updated tools, docs and added pulse check query into scheduler...
545 Enter resource name: apache@exampleslaveserver.somewhere.org
546 Enter resource url: https://exampleslaveserver.somewhere.org/LGI
547 Enter certificate file: /var/www/html/LGI/certificates/exampleslaveserver.crt
548 Enter project server flag: 2
549 Enter servers to update: any
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
550
8ede8b57 » Mark Somers
2010-06-06 Updated tools, docs and added pulse check query into scheduler...
551 Make sure you use the correct server flag value '2' and set the servers to be
8fd6300d » Mark Somers
2010-06-06 Updated docs...
552 updated to 'any'. This will make sure that all other slave servers will also
553 pick up the change and updates from the database. It will also make sure that
554 your slave server currently being setup will load it's certificate into it's
555 database through an update automatically. Just continue with configuring the
556 slave servers config file and scheduler as described in part II. When done, the
557 two servers are linked together and the schedulers ensure that any updates
558 pending in the 'updates' table of the master server database are transfered
559 to the slave server. Users can now use both the slave and the master server
560 independantly to submit jobs. The resource daemon will automatically request
561 work from all servers of the project.
fec1e2a8 » Mark Somers
2007-11-02 Updated setup text...
562
563
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
564
fec1e2a8 » Mark Somers
2007-11-02 Updated setup text...
565 Part IV: Updating and maintaining project servers:
566 --------------------------------------------------
a5bc840c » Mark Somers
2007-11-01 Added a setup doc...
567
cc92c112 » Mark Somers
2007-11-02 Added start of gp2pc paper...
568 By default on each project server, the basic interface is active and
569 any user is allowed to have only two jobs in the database. If you want
570 certain users or groups of users to be able to submit more, you can add
3461e39b » Mark Somers
2007-11-02 Added tool...
571 that user or group with a new limit for a certain application. One
8ede8b57 » Mark Somers
2010-06-06 Updated tools, docs and added pulse check query into scheduler...
572 should do that with the ManageDB tool:
92b19c28 » Mark Somers
2007-12-05 Updated tools and documentation...
573
8ede8b57 » Mark Somers
2010-06-06 Updated tools, docs and added pulse check query into scheduler...
574 /var/www/html/LGI/tools/ManageDB add users allowed exampleprojectname
575 localhost examplemysqluser examplemysqluserpasswd
3461e39b » Mark Somers
2007-11-02 Added tool...
576
8ede8b57 » Mark Somers
2010-06-06 Updated tools, docs and added pulse check query into scheduler...
577 Enter user name: theusername
578 Enter application: hello_world
579 Enter job limit: 10
580 Enter servers to update: any
3461e39b » Mark Somers
2007-11-02 Added tool...
581
8ede8b57 » Mark Somers
2010-06-06 Updated tools, docs and added pulse check query into scheduler...
582 The ManageDB tool can be used to perform most project management tasks. If
583 you want, you can also configure it with default settings (see script itself)
584 to avoid long command with usernames and passwords:
3461e39b » Mark Somers
2007-11-02 Added tool...
585
8ede8b57 » Mark Somers
2010-06-06 Updated tools, docs and added pulse check query into scheduler...
586 # some default settings...
587 MYSQL_HOST="localhost"
588 MYSQL_USER="examplemysqluser"
589 MYSQL_PASSWD="examplemysqluserpasswd"
590 MYSQL_DB="exampleprojectname"
3461e39b » Mark Somers
2007-11-02 Added tool...
591
8ede8b57 » Mark Somers
2010-06-06 Updated tools, docs and added pulse check query into scheduler...
592 To find out what can all be managed; just run the tool without any parameters:
3461e39b » Mark Somers
2007-11-02 Added tool...
593
8ede8b57 » Mark Somers
2010-06-06 Updated tools, docs and added pulse check query into scheduler...
594 /var/www/html/LGI/tools/ManageDB
3461e39b » Mark Somers
2007-11-02 Added tool...
595
8ede8b57 » Mark Somers
2010-06-06 Updated tools, docs and added pulse check query into scheduler...
596 ManageDB {list|add|del} {users|groups|resources} {allowed|denied} [DB [HST
597 [USR [PWD]]]]
3461e39b » Mark Somers
2007-11-02 Added tool...
598
8ede8b57 » Mark Somers
2010-06-06 Updated tools, docs and added pulse check query into scheduler...
599 Also read the LGI documentation in the docs directory to understand what
600 limits can be set and what meaning they have. In general a limit value of 0
601 means there is no limit; a positive limit value means a maximum total number
602 of jobs limit and a negative limit is a maximum number of queued or running
603 jobs in the database. None the less please read the documentation to
604 understand which tables have precedence over what.
3461e39b » Mark Somers
2007-11-02 Added tool...
605
8ede8b57 » Mark Somers
2010-06-06 Updated tools, docs and added pulse check query into scheduler...
606 A new resource is also easily added now:
02544e4e » Mark Somers
2008-10-12 Added repo listing API and updated docs a bit...
607
8ede8b57 » Mark Somers
2010-06-06 Updated tools, docs and added pulse check query into scheduler...
608 /var/www/html/LGI/tools/ManageDB add resources allowed
02544e4e » Mark Somers
2008-10-12 Added repo listing API and updated docs a bit...
609
8ede8b57 » Mark Somers
2010-06-06 Updated tools, docs and added pulse check query into scheduler...
610 Enter resource name: user@resource
611 Enter resource url: user@resource
612 Enter certificate file: resource.crt
613 Enter project server flag: 0
614 Enter servers to update: any
02544e4e » Mark Somers
2008-10-12 Added repo listing API and updated docs a bit...
615
8fd6300d » Mark Somers
2010-06-06 Updated docs...
616 Here a new group is added on the slave server only:
cef5be6e » Mark Somers
2007-11-03 Updated documentation...
617
8ede8b57 » Mark Somers
2010-06-06 Updated tools, docs and added pulse check query into scheduler...
618 /var/www/html/LGI/tools/ManageDB add groups allowed
3461e39b » Mark Somers
2007-11-02 Added tool...
619
8ede8b57 » Mark Somers
2010-06-06 Updated tools, docs and added pulse check query into scheduler...
620 Enter group name: newgroup
621 Enter application: any
622 Enter job limit: -10
623 Enter servers to update: apache@exampleslaveserver.somewhere.org
14e016b0 » Mark Somers
2010-03-19 Added new DB management tool into tree...
624
8ede8b57 » Mark Somers
2010-06-06 Updated tools, docs and added pulse check query into scheduler...
625 Or a user is denied on the master server only:
14e016b0 » Mark Somers
2010-03-19 Added new DB management tool into tree...
626
8ede8b57 » Mark Somers
2010-06-06 Updated tools, docs and added pulse check query into scheduler...
627 /var/www/html/LGI/tools/ManageDB add users denied
4cb6f88c » Mark Somers
2008-10-08 Updated daemon to handle capabilities, updated qstat and beautfied ou…
628
8ede8b57 » Mark Somers
2010-06-06 Updated tools, docs and added pulse check query into scheduler...
629 Enter user name: baduser
630 Enter application: any
631 Enter servers to update: apache@exampleserver.somewhere.org
4cb6f88c » Mark Somers
2008-10-08 Updated daemon to handle capabilities, updated qstat and beautfied ou…
632
633
Something went wrong with that request. Please try again.