Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 634 lines (474 sloc) 24.722 kB
a5bc840 Added a setup doc...
Mark Somers authored
1
2
cef5be6 Updated documentation...
Mark Somers authored
3
a5bc840 Added a setup doc...
Mark Somers authored
4 HOW TO SETUP LGI
5 ----------------
6
7 In this document a howto is presented on the setup of LGI. The document
8f6c181 Removed typo...
Mark Somers authored
8 is divided into four parts. Part I will show you how to setup a resource
a5bc840 Added a setup doc...
Mark Somers authored
9 within an existing LGI project, part II will show you how to setup a new
cef5be6 Updated documentation...
Mark Somers authored
10 LGI project with a project server. Part III will show you how to add an
11 extra project server into an existing LGI project. The last part part IV
12 will detail on the maintenance of your LGI project servers.
a5bc840 Added a setup doc...
Mark Somers authored
13
a619be8 Updated code and doc and can now reload config in daemon...
Mark Somers authored
14 NOTE: For RHEL 5 and 6 based system, .spec files are present in the specs
15 directory to build .rpm files.
16
a5bc840 Added a setup doc...
Mark Somers authored
17
18
19 Part I : Howto setup a resource
20 -------------------------------
21
a619be8 Updated code and doc and can now reload config in daemon...
Mark Somers authored
22 NOTE: For RHEL 5 and 6 based system, .spec files are present in the specs
23 directory to build .rpm files. The rpm make installing a resource easier!
24
cef5be6 Updated documentation...
Mark Somers authored
25 Setting up a resource within an LGI project is rather easy. Just follow the
a5bc840 Added a setup doc...
Mark Somers authored
26 following steps:
27
cef5be6 Updated documentation...
Mark Somers authored
28 - Untar or checkout the source tree in '~/LGI'.
a5bc840 Added a setup doc...
Mark Somers authored
29
92b19c2 Updated tools and documentation...
Mark Somers authored
30 - Get in contact with the project administrator to get the X.509 certificate
3066fbd Updated documentation a bit...
Mark Somers authored
31 and a private key for your resource.
a5bc840 Added a setup doc...
Mark Somers authored
32
33 - Copy the key and certificate files into the '~/LGI/certificates' directory.
34
35 - Make sure that libcurl is installed. Visit http://curl.haxx.se/libcurl/ if
3066fbd Updated documentation a bit...
Mark Somers authored
36 you do not have this yet.
a5bc840 Added a setup doc...
Mark Somers authored
37
8eb09e1 Added python dir and moved src...
Mark Somers authored
38 - Go to the '~/LGI/src' directory and invoke make. If you have a different
39 compiler installed than GNU's g++, or you have libcurl installed in a
40 different location, adjust the first few lines of the file Makefile to
3066fbd Updated documentation a bit...
Mark Somers authored
41 your needs.
a5bc840 Added a setup doc...
Mark Somers authored
42
43 - If you want, you can also invoke make with the 'make install' command. If
8eb09e1 Added python dir and moved src...
Mark Somers authored
44 you do that the directory '~/LGI/bin' will be created and you can include
45 that in your PATH for convencience.
a5bc840 Added a setup doc...
Mark Somers authored
46
47 - Edit the '~/LGI/daemon/LGI.cfg' example configuration file. It has been
3066fbd Updated documentation a bit...
Mark Somers authored
48 setup to run the hello_world application by just simple forking scripts.
49 Other example scripts on how to use the 'hello_world' example using Torque
852bb00 Updated documentation...
Mark Somers authored
50 / PBS or LoadLeveler are included to in the corresponding '~/LGI/daemon/
3066fbd Updated documentation a bit...
Mark Somers authored
51 hello_world_XX_scripts' subdirectories. Please make sure you refer to
52 the right LGI project server, use the correct project name and use the
53 correct private key and certificate files from the '~/LGI/certificates'
54 directory. Also be sure to use absolute paths in the configuration file
55 so it is possible to invoke the daemon from any other directory. Finally
56 set the run directory correctly if you do not want it to be the default.
a5bc840 Added a setup doc...
Mark Somers authored
57
cef5be6 Updated documentation...
Mark Somers authored
58 - Start the daemon by invoking the daemon like:
a5bc840 Added a setup doc...
Mark Somers authored
59
8eb09e1 Added python dir and moved src...
Mark Somers authored
60 ~/LGI/daemon/bin/LGI_daemon -d -l ~/LGI/daemon/LGI.log ~/LGI/daemon/LGI.cfg
a5bc840 Added a setup doc...
Mark Somers authored
61
3066fbd Updated documentation a bit...
Mark Somers authored
62 You can now inspect the log file '~/LGI/daemon/LGI.log' and see if everything
63 was setup correctly.
a5bc840 Added a setup doc...
Mark Somers authored
64
cef5be6 Updated documentation...
Mark Somers authored
65 - You can gracefully stop the dameon by sending it a 'kill' signal:
a5bc840 Added a setup doc...
Mark Somers authored
66
cef5be6 Updated documentation...
Mark Somers authored
67 killall LGI_daemon
68
3066fbd Updated documentation a bit...
Mark Somers authored
69 While the daemon is running, you can edit the configuration file without any
70 problems. You can also edit the scripts in the mean time, only newly spawned
71 jobs will be affected by these changes.
a5bc840 Added a setup doc...
Mark Somers authored
72
7167a89 Updated screenshots and docs...
Mark Somers authored
73 Keep in mind for a project administrator, you should also include the new resource
74 into the projects database. See part IV for an example.
4cb6f88 Updated daemon to handle capabilities, updated qstat and beautfied ou…
Mark Somers authored
75
a619be8 Updated code and doc and can now reload config in daemon...
Mark Somers authored
76 NOTE: For RHEL 5 and 6 based system, .spec files are present in the specs
77 directory to build .rpm files.
78
a5bc840 Added a setup doc...
Mark Somers authored
79
80
81 Part II : Howto setup a project server
82 --------------------------------------
83
84 Setting up your own project is not too hard either. You can decide to be
1670667 Updated documentation...
Mark Somers authored
85 a fully independent project by setting up your own X.509 Certificate
86 Authority, or you can decide to be a sub project and thus be an X.509 sub-CA
87 of the LGI-CA. In this part, it is shown how to become an independant project
a619be8 Updated code and doc and can now reload config in daemon...
Mark Somers authored
88 and be your own X.509 CA.
89
90 NOTE: One perhaps should use TinyCA (http://tinyca.sm-zone.net/) for managing
91 certificates and keys for your project.
92
93 NOTE: For RHEL 5 and 6 based system, .spec files are present in the specs
94 directory to build .rpm files. The rpm automatically installs a project LGI
95 and gives a working setup but excludes the MySQL and PHP APC optimizations
96 detailed below!
a5bc840 Added a setup doc...
Mark Somers authored
97
3c2d4df Adapted some pbs run scripts, addes pbs sadvr scripts, updated docs...
Mark Somers authored
98 - Make sure libcurl, Perl, PHP, MySQL, Apache and OpenSSL are installed on
99 your system.
a5bc840 Added a setup doc...
Mark Somers authored
100
101 - Make sure MySQL is configured correctly and mysqld is running.
102
be3a8de Updated docs to mention APC PHP PECL module...
Mark Somers authored
103 - Make sure PHP is configured correctly. It is highly recommended that you
104 also correctly instal PHP PEAR so that you can install the APC PHP PECL
105 module too. It will enable caching of PHP bytecode from the ZEND engine
106 and enhance the PHP performance significantly.
a5bc840 Added a setup doc...
Mark Somers authored
107
108 - Switch to the user apache and make sure you install the source tree
4cb6f88 Updated daemon to handle capabilities, updated qstat and beautfied ou…
Mark Somers authored
109 into the home of user apache where it will be served:
a5bc840 Added a setup doc...
Mark Somers authored
110
111 sudo su -l -s /bin/bash apache
112
cef5be6 Updated documentation...
Mark Somers authored
113 tar -zxf LGI.tar.gz -C /var/www/html
a5bc840 Added a setup doc...
Mark Somers authored
114
733f18e Changed doc, implemented xml comments and BaseName...
Mark Somers authored
115 A better approach is to create a user LGI on the project server and make the
116 user apache also member of the LGI group. In this case all files should be
117 group readable, the repository directory should be 'sticky' and all
118 directories should be group executable. The default settings in the .tar.gz
119 file take care of this. The .rpm installation also takes care of this,
120 uses the LGI username and also implements init scripts.
121
d186361 Removed typos's
Mark Somers authored
122 - Use OpenSSL to create a CA private key and certificate with which you can
4cb6f88 Updated daemon to handle capabilities, updated qstat and beautfied ou…
Mark Somers authored
123 create and sign your project server, resource and client certificates:
a5bc840 Added a setup doc...
Mark Somers authored
124
4cb6f88 Updated daemon to handle capabilities, updated qstat and beautfied ou…
Mark Somers authored
125 Start by creating a private key for your CA:
a5bc840 Added a setup doc...
Mark Somers authored
126
127 openssl genrsa -out /var/www/html/LGI/certificates/exampleCA.key 4096
128
4cb6f88 Updated daemon to handle capabilities, updated qstat and beautfied ou…
Mark Somers authored
129 Then create an X.509 selfsigned certificate for it:
a5bc840 Added a setup doc...
Mark Somers authored
130
131 openssl req -new -x509 -days 365 -set_serial 0 -extensions v3_ca
132 -key /var/www/html/LGI/certificates/exampleCA.key
133 -out /var/www/html/LGI/certificates/exampleCA.crt
134
4cb6f88 Updated daemon to handle capabilities, updated qstat and beautfied ou…
Mark Somers authored
135 and create a CA serial number file:
a5bc840 Added a setup doc...
Mark Somers authored
136
137 echo "0100" > /var/www/html/LGI/certificates/exampleCA.srl
138
4cb6f88 Updated daemon to handle capabilities, updated qstat and beautfied ou…
Mark Somers authored
139 Now create a private key for your server:
a5bc840 Added a setup doc...
Mark Somers authored
140
141 openssl genrsa -out /var/www/html/LGI/certificates/exampleserver.key 4096
142
4cb6f88 Updated daemon to handle capabilities, updated qstat and beautfied ou…
Mark Somers authored
143 Then create a sign request for it:
a5bc840 Added a setup doc...
Mark Somers authored
144
145 openssl req -new -key /var/www/html/LGI/certificates/exampleserver.key
146 -out /var/www/html/LGI/certificates/exampleserver.crs
147
a61b8f1 Updated docs...
Mark Somers authored
148 and in filling in the commonname of the server certificate, be sure to use the
4cb6f88 Updated daemon to handle capabilities, updated qstat and beautfied ou…
Mark Somers authored
149 correct LGI format 'apache@exampleserver.somewhere.org; exampleprojectname'.
733f18e Changed doc, implemented xml comments and BaseName...
Mark Somers authored
150 If you decided to use a special LGI username; make sure you use the correct
151 commonname accordingly.
a5bc840 Added a setup doc...
Mark Somers authored
152
4cb6f88 Updated daemon to handle capabilities, updated qstat and beautfied ou…
Mark Somers authored
153 Now create the CA signed server certificate from this request:
a5bc840 Added a setup doc...
Mark Somers authored
154
155 openssl x509 -req -in /var/www/html/LGI/certificates/exampleserver.crs
156 -days 365 -CA /var/www/html/LGI/certificates/exampleCA.crt
157 -CAkey /var/www/html/LGI/certificates/exampleCA.key
158 -CAserial /var/www/html/LGI/certificates/exampleCA.srl
159 -out /var/www/html/LGI/certificates/exampleserver.crt
160
4cb6f88 Updated daemon to handle capabilities, updated qstat and beautfied ou…
Mark Somers authored
161 You should now safely store the CA private key file somewere not on
162 this server computer that is conected to the internet. Or, at least, if
163 you do not do that, encrypt the file using a password protection:
a5bc840 Added a setup doc...
Mark Somers authored
164
92b19c2 Updated tools and documentation...
Mark Somers authored
165 openssl aes-256-cbc -e -in /var/www/html/LGI/certificates/exampleCA.key
a5bc840 Added a setup doc...
Mark Somers authored
166 -out /var/www/html/LGI/certificates/exampleCA.key.aes; rm
167 /var/www/html/LGI/certificates/exampleCA.key
168
4cb6f88 Updated daemon to handle capabilities, updated qstat and beautfied ou…
Mark Somers authored
169 Now copy the public certificates to a place that Apache will serve:
a5bc840 Added a setup doc...
Mark Somers authored
170
171 cp /var/www/html/LGI/certificates/exampleCA.crt /var/www/html/LGI
172
173 cp /var/www/html/LGI/certificates/exampleserver.crt /var/www/html/LGI
174
733f18e Changed doc, implemented xml comments and BaseName...
Mark Somers authored
175 - Next create a certificate for Apache itself. The previously generated
176 certificate is used by the scheduler running as apache or LGI on the project
177 server. Apache itself also needs a certificate to identify itself to resources
178 and interfacing communicating with the project server. Keep in mind in this
179 Apache certificate (the 'exampleserver_apache' files in this manual below) the
180 commonname should be the fully qualified hostname. It can also be signed
181 by the CA setup in the previous step. If you choose not to use another
182 certificate for your Apache with the correct fully quallified hostname as
183 the commonname, be aware that you need to relax the checkings of resources
184 with their daemons and the command line interface utilities through the '-W'
185 option.
186
a5bc840 Added a setup doc...
Mark Somers authored
187 - Make sure Apache is setup correctly to use client and server certificates
4cb6f88 Updated daemon to handle capabilities, updated qstat and beautfied ou…
Mark Somers authored
188 for https and check that the following options have been set correctly into
82396b8 Updated documentation...
Mark Somers authored
189 the https (virtual host) configuration:
4cb6f88 Updated daemon to handle capabilities, updated qstat and beautfied ou…
Mark Somers authored
190
09116d7 Updated docs a bit...
Mark Somers authored
191 SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
192 SSLSessionCacheTimeout 5
82396b8 Updated documentation...
Mark Somers authored
193
733f18e Changed doc, implemented xml comments and BaseName...
Mark Somers authored
194 SSLCertificateFile /var/www/html/LGI/certificates/exampleserver_apache.crt
195 SSLCertificateKeyFile /var/www/html/LGI/certificates/exampleserver_apache.key
4cb6f88 Updated daemon to handle capabilities, updated qstat and beautfied ou…
Mark Somers authored
196 SSLCertificateChainFile /var/www/html/LGI/certificates/exampleCA.crt
197 SSLCACertificateFile /var/www/html/LGI/certificates/exampleCA.crt
198 SSLVerifyClient require
199 SSLVerifyDepth 5
200 SSLOptions +ExportCertData
a5bc840 Added a setup doc...
Mark Somers authored
201
4cb6f88 Updated daemon to handle capabilities, updated qstat and beautfied ou…
Mark Somers authored
202 <Files ~ "\.(cgi|shtml|phtml|php3?)$">
203 SSLOptions +StdEnvVars
204 </Files>
a5bc840 Added a setup doc...
Mark Somers authored
205
4cb6f88 Updated daemon to handle capabilities, updated qstat and beautfied ou…
Mark Somers authored
206 Also make sure the AccessFileName has been set correctly in the Apache main
5eb0596 Added PUT capabilities into LGI for repositories... updated documenta…
Mark Somers authored
207 configuration so that the LGI document tree can be protected by .htaccess
09116d7 Updated docs a bit...
Mark Somers authored
208 files (if desired), make sure the important directories are carefully
209 protected and for performance reasons, make sure KeepAlive is turned on,
210 KeepAliveTimeOut is set low and MaxKeepAliveRequests set high in the
82396b8 Updated documentation...
Mark Somers authored
211 main server configuration of Apache. Also make sure the Timeout is not to
212 high and no DNS queries are perfomed for each request:
a5bc840 Added a setup doc...
Mark Somers authored
213
4cb6f88 Updated daemon to handle capabilities, updated qstat and beautfied ou…
Mark Somers authored
214 DocumentRoot "/var/www/html"
215 AccessFileName .htaccess
a5bc840 Added a setup doc...
Mark Somers authored
216
82396b8 Updated documentation...
Mark Somers authored
217 HostnameLookups off
218 Timeout 15
09116d7 Updated docs a bit...
Mark Somers authored
219 KeepAlive On
220 KeepAliveTimeout 1
221 MaxKeepAliveRequests 100
82396b8 Updated documentation...
Mark Somers authored
222
223 <Directory />
224 Options FollowSymLinks
225 AllowOverride None
226 </Directory>
09116d7 Updated docs a bit...
Mark Somers authored
227
4cb6f88 Updated daemon to handle capabilities, updated qstat and beautfied ou…
Mark Somers authored
228 <Directory "/var/www/html/LGI">
83677ca Removed some typos...
Mark Somers authored
229 AllowOverride All
4cb6f88 Updated daemon to handle capabilities, updated qstat and beautfied ou…
Mark Somers authored
230 </Directory>
a5bc840 Added a setup doc...
Mark Somers authored
231
5eb0596 Added PUT capabilities into LGI for repositories... updated documenta…
Mark Somers authored
232 <Directory "/var/www/html/LGI/repository/JOB_*">
6798c87 Updated docs and secures Apache a bit more...
Mark Somers authored
233 AllowOverride None
234 Options -ExecCGI
5eb0596 Added PUT capabilities into LGI for repositories... updated documenta…
Mark Somers authored
235 php_flag engine off
236 SSLRequireSSL
3b2df45 Updated to more secure Apache config...
Mark Somers authored
237 SSLRequire ( %{SSL_CLIENT_VERIFY} == "SUCCESS" )
527cb8c Relocated put.cgi script into repository dir...
Mark Somers authored
238 Script PUT /LGI/repository/put.cgi
0192795 Added support for DELETE method into config and docs...
Mark Somers authored
239 Script DELETE /LGI/repository/delete.cgi
527cb8c Relocated put.cgi script into repository dir...
Mark Somers authored
240 <Limit GET PUT DELETE>
5eb0596 Added PUT capabilities into LGI for repositories... updated documenta…
Mark Somers authored
241 Allow from all
242 </Limit>
243 </Directory>
244
24447b6 Updated documentation and configuration of Apache for security...
Mark Somers authored
245 <Directory "/var/www/html/LGI/repository">
5eb0596 Added PUT capabilities into LGI for repositories... updated documenta…
Mark Somers authored
246 Deny from all
02544e4 Added repo listing API and updated docs a bit...
Mark Somers authored
247 <Files "repository_content.php">
248 SSLRequireSSL
3b2df45 Updated to more secure Apache config...
Mark Somers authored
249 SSLRequire ( %{SSL_CLIENT_VERIFY} == "SUCCESS" )
02544e4 Added repo listing API and updated docs a bit...
Mark Somers authored
250 Allow from all
251 </Files>
527cb8c Relocated put.cgi script into repository dir...
Mark Somers authored
252 <Files "put.cgi">
253 SSLRequireSSL
3b2df45 Updated to more secure Apache config...
Mark Somers authored
254 SSLRequire ( %{SSL_CLIENT_VERIFY} == "SUCCESS" )
527cb8c Relocated put.cgi script into repository dir...
Mark Somers authored
255 Allow from all
256 Options +ExecCGI
257 AddHandler cgi-script .cgi
258 </Files>
0192795 Added support for DELETE method into config and docs...
Mark Somers authored
259 <Files "delete.cgi">
260 SSLRequireSSL
3b2df45 Updated to more secure Apache config...
Mark Somers authored
261 SSLRequire ( %{SSL_CLIENT_VERIFY} == "SUCCESS" )
0192795 Added support for DELETE method into config and docs...
Mark Somers authored
262 Allow from all
263 Options +ExecCGI
264 AddHandler cgi-script .cgi
265 </Files>
24447b6 Updated documentation and configuration of Apache for security...
Mark Somers authored
266 </Directory>
267
268 <Directory "/var/www/html/LGI/inc">
269 Deny from all
270 </Directory>
271
e6cc32d Updated Apache config and added .htaccess files in subdirectories...
Mark Somers authored
272 <Directory "/var/www/html/LGI/tools">
273 Deny from all
274 </Directory>
275
276 <Directory "/var/www/html/LGI/daemon">
277 Deny from all
278 </Directory>
279
8eb09e1 Added python dir and moved src...
Mark Somers authored
280 <Directory "/var/www/html/LGI/src">
281 Deny from all
282 </Directory>
83677ca Removed some typos...
Mark Somers authored
283
8eb09e1 Added python dir and moved src...
Mark Somers authored
284 <Directory "/var/www/html/LGI/bin">
285 Deny from all
286 </Directory>
83677ca Removed some typos...
Mark Somers authored
287
288 <Directory "/var/www/html/LGI/python">
289 Deny from all
290 </Directory>
42bce3e Added spec files to build RPMs on RHEL systems...
Mark Somers authored
291
292 <Directory "/var/www/html/LGI/specs">
293 Deny from all
294 </Directory>
8eb09e1 Added python dir and moved src...
Mark Somers authored
295
8ede8b5 Updated tools, docs and added pulse check query into scheduler...
Mark Somers authored
296 <Directory "/var/www/html/LGI/scheduler">
297 Deny from all
298 </Directory>
299
24447b6 Updated documentation and configuration of Apache for security...
Mark Somers authored
300 <Directory "/var/www/html/LGI/certificates">
301 Deny from all
302 </Directory>
303
304 <Directory "/var/www/html/LGI/basic_interface">
305 php_value upload_max_filesize 16M
306 php_value post_max_size 16M
307 </Directory>
308
309 <Directory "/var/www/html/LGI/interfaces">
310 php_value upload_max_filesize 16M
311 php_value post_max_size 16M
312 </Directory>
313
314 <Directory "/var/www/html/LGI/resources">
315 php_value upload_max_filesize 16M
316 php_value post_max_size 16M
317 </Directory>
318
5eb0596 Added PUT capabilities into LGI for repositories... updated documenta…
Mark Somers authored
319 Make sure you have an .htaccess file in the '/var/www/html/LGI/certificates',
8eb09e1 Added python dir and moved src...
Mark Somers authored
320 '/var/www/html/LGI/inc', '/var/www/html/LGI/tools', '/var/www/html/LGI/daemon',
189b0c0 Update doc...
Mark Somers authored
321 '/var/www/html/LGI/scheduler', '/var/www/html/LGI/src', '/var/www/html/LGI/bin',
322 '/var/www/html/LGI/specs' and '/var/www/html/LGI/python' directories with the
323 content:
a5bc840 Added a setup doc...
Mark Somers authored
324
4cb6f88 Updated daemon to handle capabilities, updated qstat and beautfied ou…
Mark Somers authored
325 Deny from all
a5bc840 Added a setup doc...
Mark Somers authored
326
02544e4 Added repo listing API and updated docs a bit...
Mark Somers authored
327 Make sure you have an .htaccess file in the '/var/www/html/LGI/repository'
328 directory with the content:
329
6316bf8 Removed error in docs...
Mark Somers authored
330 Deny from all
331 <Files "repository_content.php">
332 SSLRequireSSL
3b2df45 Updated to more secure Apache config...
Mark Somers authored
333 SSLRequire ( %{SSL_CLIENT_VERIFY} == "SUCCESS" )
6316bf8 Removed error in docs...
Mark Somers authored
334 Allow from all
335 </Files>
527cb8c Relocated put.cgi script into repository dir...
Mark Somers authored
336 <Files "put.cgi">
337 SSLRequireSSL
3b2df45 Updated to more secure Apache config...
Mark Somers authored
338 SSLRequire ( %{SSL_CLIENT_VERIFY} == "SUCCESS" )
527cb8c Relocated put.cgi script into repository dir...
Mark Somers authored
339 Allow from all
340 Options +ExecCGI
341 AddHandler cgi-script .cgi
342 </Files>
0192795 Added support for DELETE method into config and docs...
Mark Somers authored
343 <Files "delete.cgi">
344 SSLRequireSSL
3b2df45 Updated to more secure Apache config...
Mark Somers authored
345 SSLRequire ( %{SSL_CLIENT_VERIFY} == "SUCCESS" )
0192795 Added support for DELETE method into config and docs...
Mark Somers authored
346 Allow from all
347 Options +ExecCGI
348 AddHandler cgi-script .cgi
349 </Files>
02544e4 Added repo listing API and updated docs a bit...
Mark Somers authored
350
5eb0596 Added PUT capabilities into LGI for repositories... updated documenta…
Mark Somers authored
351 Make sure you have an .htaccess file in the directories
24447b6 Updated documentation and configuration of Apache for security...
Mark Somers authored
352 '/var/www/html/LGI/basic_interface', '/var/www/html/LGI/interfaces' and
353 '/var/www/html/LGI/resources' with the following content:
354
355 php_value upload_max_filesize 16M
356 php_value post_max_size 16M
357
ba6131e Added safety 'index.html' files and updated docs...
Mark Somers authored
358 Make sure you have an 'index.html' file in the subdirectories
359 '/var/www/html/LGI/repository', '/var/www/html/LGI/inc',
360 '/var/www/html/LGI/interfaces', '/var/www/html/LGI/servers'
361 '/var/www/html/LGI/resources', '/var/www/html/LGI/daemon',
8eb09e1 Added python dir and moved src...
Mark Somers authored
362 '/var/www/html/LGI/tools', '/var/www/html/LGI/certificates',
83677ca Removed some typos...
Mark Somers authored
363 '/var/www/html/LGI/src', '/var/www/html/LGI/bin',
189b0c0 Update doc...
Mark Somers authored
364 '/var/www/html/LGI/python', '/var/www/html/LGI/specs' and
365 '/var/www/html/LGI/scheduler' with the content:
ba6131e Added safety 'index.html' files and updated docs...
Mark Somers authored
366
367 <html>
368 ! No browsing allowed !
369 </html>
370
82396b8 Updated documentation...
Mark Somers authored
371 For high performance, make sure you scale the Apache MPM settings to your
372 needs taking the amount of RAM your server has into account:
373
374 http://httpd.apache.org/docs/2.2/mod/prefork.html
375 http://www.ibm.com/developerworks/linux/library/l-tune-lamp-2.html
376
377 It is also advised to set the net.ipv4.tcp_fin_timeout to 15s or less with
378 the sysctl command. Make this setting permanent by adding it into the file
379 /etc/sysctl.conf. This setting will make sure that keep-alive connections,
380 when closed by Apache, do not linger to long until the client finaly closes
381 the socket.
382
4cb6f88 Updated daemon to handle capabilities, updated qstat and beautfied ou…
Mark Somers authored
383 Finally check your Apache configuration with the 'apachectl configtest' command.
a5bc840 Added a setup doc...
Mark Somers authored
384
6798c87 Updated docs and secures Apache a bit more...
Mark Somers authored
385 !!!!! WORD OF CAUTION !!!!!
386
387 The above configuration of Apache seems superfluous but ensures a secure
388 environment. Please be very carefull when diverting from the above
389 suggested configuration. Web application security is a complicated matter
390 and a lot of care has been taken to ensure a secure default configuration
82396b8 Updated documentation...
Mark Somers authored
391 that will work out-of-the box mostly tuned for performance.
6798c87 Updated docs and secures Apache a bit more...
Mark Somers authored
392
393 !!!!! WORD OF CAUTION !!!!!
394
a5bc840 Added a setup doc...
Mark Somers authored
395 - Now create a MySQL user and database for your project with the database
4cb6f88 Updated daemon to handle capabilities, updated qstat and beautfied ou…
Mark Somers authored
396 name equal to your project name "exampleprojectname":
a5bc840 Added a setup doc...
Mark Somers authored
397
398 mysqladmin -u root password "yourmysqlrootpassword"
399
400 mysqladmin -u root -p create "exampleprojectname"
401
402 echo 'GRANT ALL PRIVILEGES ON exampleprojectname.* to
403 "examplemysqluser"@"localhost" IDENTIFIED BY "examplemysqluserpasswd"'
404 | mysql -u root -p mysql
405
406 mysql -u examplemysqluser -p exampleprojectname < /var/www/html/LGI/LGI.db
407
b452119 Tweaked MySQL setup and updated stats...
Mark Somers authored
408 For high performance reasons you might want to set the the following options
409 in /etc/my.cnf for MySQL if you have enough resources available:
410
411 table_cache = 512
412 max_connections = 128
413 query_cache_size = 128M
414 key_buffer_size = 128M
415 sort_buffer_size = 128M
f130982 Removed typo...
Mark Somers authored
416 query_cache_type = 1
b452119 Tweaked MySQL setup and updated stats...
Mark Somers authored
417 thread_cache_size = 64
418 innodb_log_buffer_size = 16M
419 innodb_flush_method = O_DIRECT
420 innodb_fast_shutdown = 1
421 innodb_flush_log_at_trx_commit = 0
422 innodb_log_archive = 0
423 innodb_buffer_pool_size = 2048M
424 innodb_additional_mem_pool_size = 8M
210e8ec Removed ORDER BY from queries, updated indices, updated docs and stat…
Mark Somers authored
425 innodb_file_io_threads = 32
b452119 Tweaked MySQL setup and updated stats...
Mark Somers authored
426 innodb_lock_wait_timeout = 50
427 innodb_thread_concurrency = 32
428
429 See the LGI.pdf document for more details on scaling and performance.
8dc87b6 Removed a race-condition and optimized locks for resources...
Mark Somers authored
430
8ede8b5 Updated tools, docs and added pulse check query into scheduler...
Mark Somers authored
431 - Insert your project server entry into the database by using the database
432 management tool:
a5bc840 Added a setup doc...
Mark Somers authored
433
8ede8b5 Updated tools, docs and added pulse check query into scheduler...
Mark Somers authored
434 /var/www/html/LGI/tools/ManageDB add resources allowed exampleprojectname
435 localhost examplemysqluser examplemysqluserpasswd
a5bc840 Added a setup doc...
Mark Somers authored
436
8ede8b5 Updated tools, docs and added pulse check query into scheduler...
Mark Somers authored
437 Enter resource name: apache@exampleserver.somewhere.org
438 Enter resource url: https://exampleserver.somewhere.org/LGI
a61b8f1 Updated docs...
Mark Somers authored
439 Enter certificate file: /var/www/html/LGI/certificates/exampleserver.crt
8ede8b5 Updated tools, docs and added pulse check query into scheduler...
Mark Somers authored
440 Enter project server flag: 1
1cfb158 Updated some pending stuff...
Mark Somers authored
441 Enter servers to update: any
a5bc840 Added a setup doc...
Mark Somers authored
442
1cfb158 Updated some pending stuff...
Mark Somers authored
443 Just make sure you set the servers to be updated to 'any'. This will
444 make sure that this insert is recorded as update nr 1 and when adding
445 slave servers later on, everything will be automatically synchronized.
8ede8b5 Updated tools, docs and added pulse check query into scheduler...
Mark Somers authored
446
a5bc840 Added a setup doc...
Mark Somers authored
447 - Make sure you edit the project web server configuration file
4cb6f88 Updated daemon to handle capabilities, updated qstat and beautfied ou…
Mark Somers authored
448 '/var/www/html/LGI/inc/Config.inc':
449
450 $Config[ "SERVER_URL" ] = "https://exampleserver.somewhere.org/LGI";
451 $Config[ "SERVER_NAME" ] = "apache@exampleserver.somewhere.org";
452 $Config[ "SERVER_SSL_CERTIFICATE_FILE" ] = "../certificates/exampleserver.crt";
453 $Config[ "SERVER_SSL_KEY" ] = "../certificates/exampleserver.key";
454 $Config[ "SERVER_SSL_CA_CERTIFICATE_URL" ] =
455 "https://exampleserver.somewhere.org/LGI/exampleCA.crt";
456 $Config[ "SERVER_SSL_CA_CERTIFICATE_FILE" ] = "../certificates/exampleCA.crt";
457 $Config[ "MYSQL_URL" ] = "localhost";
458 $Config[ "MYSQL_USER" ] = "examplemysqluser";
459 $Config[ "MYSQL_PASSWD" ] = "examplemusqluserpasswd";
460 $Config[ "MYSQL_DEFAULT_DATABASE" ] = "exampleprojectname";
461 $Config[ "REPOSITORY_DIRECTORY" ] = "/var/www/html/LGI/repository";
462 $Config[ "REPOSITORY_SERVER_NAME" ] = $Config[ "SERVER_NAME" ];
463 $Config[ "REPOSITORY_URL" ] = $Config[ "SERVER_URL" ]."/repository";
464
8ede8b5 Updated tools, docs and added pulse check query into scheduler...
Mark Somers authored
465 - Edit the /var/www/html/LGI/scheduler/scheduler.php file if more than one
466 project is configured. Just uncomment the required array_push lines to
467 add your projects to the list:
a5bc840 Added a setup doc...
Mark Somers authored
468
8ede8b5 Updated tools, docs and added pulse check query into scheduler...
Mark Somers authored
469 array_push( $Projects, "secondprojectname" );
470 array_push( $Projects, "thirdprojectname" );
a5bc840 Added a setup doc...
Mark Somers authored
471
8fd6300 Updated docs...
Mark Somers authored
472 Each project has an independant database on the web server, by creating a
473 second database, as described above, a second project has been setup.
474
53c86f6 Updated doc for scheduler...
Mark Somers authored
475 Edit the /var/www/html/LGI/scheduler/check_running script to use the correct
476 LGI_ROOT directory to run the scheduler. Now you can start the scheduler on
477 the background like:
8ede8b5 Updated tools, docs and added pulse check query into scheduler...
Mark Somers authored
478
53c86f6 Updated doc for scheduler...
Mark Somers authored
479 /var/www/html/LGI/scheduler/check_running
480
481 You can also add a crontab entry to automatically check if the scheduler is
482 running once per hour:
483
a61b8f1 Updated docs...
Mark Somers authored
484 MAILTO=""
53c86f6 Updated doc for scheduler...
Mark Somers authored
485 1 * * * * /var/www/html/LGI/scheduler/check_running
02544e4 Added repo listing API and updated docs a bit...
Mark Somers authored
486
8fd6300 Updated docs...
Mark Somers authored
487 Your project servers has been setup now and can be used!
488
a619be8 Updated code and doc and can now reload config in daemon...
Mark Somers authored
489 NOTE: For RHEL 5 and 6 bases system, .spec files are present in the specs
490 directory to build .rpm files. The rpm automatically installs a working
491 project LGI but the MySQL and python APC optimisations detailed above
492 have not been implemented into the rpm installation yet!
493
a5bc840 Added a setup doc...
Mark Somers authored
494
495
496 Part III : Howto setup a second slave project server
497 ----------------------------------------------------
498
499 After having successfully setup your first LGI master project server yourself,
cef5be6 Updated documentation...
Mark Somers authored
500 adding slave servers is fairly straightforward. Follow the same procedure on
501 the slave server as was described in part II for the master server, but now
502 there is no need to setup a CA. You only have to generate a server key and a
503 certificate request for the slave server, and obviously sign that request with
a61b8f1 Updated docs...
Mark Somers authored
504 your CA certificate. Also keep in mind that for the slave server Apache
733f18e Changed doc, implemented xml comments and BaseName...
Mark Somers authored
505 configuration an extra certificate is needed with the commonname set to the
506 correct fully quallified hostname.
a5bc840 Added a setup doc...
Mark Somers authored
507
fec1e2a Updated setup text...
Mark Somers authored
508 However, at the point where you insert the server entry into the fresh database
509 in part II, use that command now to insert the MASTER server data into the
510 slave database:
a5bc840 Added a setup doc...
Mark Somers authored
511
8fd6300 Updated docs...
Mark Somers authored
512 (on the slave server)
a5bc840 Added a setup doc...
Mark Somers authored
513
514 wget https://exampleserver.somewhere.org/exampleCA.crt
515 -O /var/www/html/LGI/certificates/exampleCA.crt
516
517 wget https://exampleserver.somewhere.org/exampleserver.crt
518 -O /var/www/html/LGI/certificates/exampleserver.crt
519
8ede8b5 Updated tools, docs and added pulse check query into scheduler...
Mark Somers authored
520 /var/www/html/LGI/tools/ManageDB add resources allowed exampleprojectname
521 localhost exampleslavemysqluser exampleslavemysqluserpasswd
522
523 Enter resource name: apache@exampleserver.somewhere.org
524 Enter resource url: https://exampleserver.somewhere.org/LGI
525 Enter certificate file: /var/www/html/LGI/certificates/exampleserver.crt
526 Enter project server flag: 1
1cfb158 Updated some pending stuff...
Mark Somers authored
527 Enter servers to update: any
528
529 Again be sure to set the servers to be updated to 'any'. This will make sure
530 that the first update of this slave and of the master server are synchronized.
531 All other updates from the master server (including the addition of this
a61b8f1 Updated docs...
Mark Somers authored
532 slave below) will be automatically picked up by this slave once the scheduler
533 runs.
a5bc840 Added a setup doc...
Mark Somers authored
534
1cfb158 Updated some pending stuff...
Mark Somers authored
535 Now insert the slave server details into the master server database:
a5bc840 Added a setup doc...
Mark Somers authored
536
8fd6300 Updated docs...
Mark Somers authored
537 (on the master server)
a5bc840 Added a setup doc...
Mark Somers authored
538
539 wget https://exampleslaveserver.somewhere.org/exampleslaveserver.crt
540 -O /var/www/html/LGI/certificates/exampleslaveserver.crt
541
8ede8b5 Updated tools, docs and added pulse check query into scheduler...
Mark Somers authored
542 /var/www/html/LGI/tools/ManageDB add resources allowed exampleprojectname
543 localhost examplemysqluser examplemysqluserpasswd
a5bc840 Added a setup doc...
Mark Somers authored
544
8ede8b5 Updated tools, docs and added pulse check query into scheduler...
Mark Somers authored
545 Enter resource name: apache@exampleslaveserver.somewhere.org
546 Enter resource url: https://exampleslaveserver.somewhere.org/LGI
547 Enter certificate file: /var/www/html/LGI/certificates/exampleslaveserver.crt
548 Enter project server flag: 2
549 Enter servers to update: any
a5bc840 Added a setup doc...
Mark Somers authored
550
8ede8b5 Updated tools, docs and added pulse check query into scheduler...
Mark Somers authored
551 Make sure you use the correct server flag value '2' and set the servers to be
8fd6300 Updated docs...
Mark Somers authored
552 updated to 'any'. This will make sure that all other slave servers will also
553 pick up the change and updates from the database. It will also make sure that
554 your slave server currently being setup will load it's certificate into it's
555 database through an update automatically. Just continue with configuring the
556 slave servers config file and scheduler as described in part II. When done, the
557 two servers are linked together and the schedulers ensure that any updates
558 pending in the 'updates' table of the master server database are transfered
559 to the slave server. Users can now use both the slave and the master server
560 independantly to submit jobs. The resource daemon will automatically request
561 work from all servers of the project.
fec1e2a Updated setup text...
Mark Somers authored
562
563
a5bc840 Added a setup doc...
Mark Somers authored
564
fec1e2a Updated setup text...
Mark Somers authored
565 Part IV: Updating and maintaining project servers:
566 --------------------------------------------------
a5bc840 Added a setup doc...
Mark Somers authored
567
cc92c11 Added start of gp2pc paper...
Mark Somers authored
568 By default on each project server, the basic interface is active and
569 any user is allowed to have only two jobs in the database. If you want
570 certain users or groups of users to be able to submit more, you can add
3461e39 Added tool...
Mark Somers authored
571 that user or group with a new limit for a certain application. One
8ede8b5 Updated tools, docs and added pulse check query into scheduler...
Mark Somers authored
572 should do that with the ManageDB tool:
92b19c2 Updated tools and documentation...
Mark Somers authored
573
8ede8b5 Updated tools, docs and added pulse check query into scheduler...
Mark Somers authored
574 /var/www/html/LGI/tools/ManageDB add users allowed exampleprojectname
575 localhost examplemysqluser examplemysqluserpasswd
3461e39 Added tool...
Mark Somers authored
576
8ede8b5 Updated tools, docs and added pulse check query into scheduler...
Mark Somers authored
577 Enter user name: theusername
578 Enter application: hello_world
579 Enter job limit: 10
580 Enter servers to update: any
3461e39 Added tool...
Mark Somers authored
581
8ede8b5 Updated tools, docs and added pulse check query into scheduler...
Mark Somers authored
582 The ManageDB tool can be used to perform most project management tasks. If
583 you want, you can also configure it with default settings (see script itself)
584 to avoid long command with usernames and passwords:
3461e39 Added tool...
Mark Somers authored
585
8ede8b5 Updated tools, docs and added pulse check query into scheduler...
Mark Somers authored
586 # some default settings...
587 MYSQL_HOST="localhost"
588 MYSQL_USER="examplemysqluser"
589 MYSQL_PASSWD="examplemysqluserpasswd"
590 MYSQL_DB="exampleprojectname"
3461e39 Added tool...
Mark Somers authored
591
8ede8b5 Updated tools, docs and added pulse check query into scheduler...
Mark Somers authored
592 To find out what can all be managed; just run the tool without any parameters:
3461e39 Added tool...
Mark Somers authored
593
8ede8b5 Updated tools, docs and added pulse check query into scheduler...
Mark Somers authored
594 /var/www/html/LGI/tools/ManageDB
3461e39 Added tool...
Mark Somers authored
595
8ede8b5 Updated tools, docs and added pulse check query into scheduler...
Mark Somers authored
596 ManageDB {list|add|del} {users|groups|resources} {allowed|denied} [DB [HST
597 [USR [PWD]]]]
3461e39 Added tool...
Mark Somers authored
598
8ede8b5 Updated tools, docs and added pulse check query into scheduler...
Mark Somers authored
599 Also read the LGI documentation in the docs directory to understand what
600 limits can be set and what meaning they have. In general a limit value of 0
601 means there is no limit; a positive limit value means a maximum total number
602 of jobs limit and a negative limit is a maximum number of queued or running
603 jobs in the database. None the less please read the documentation to
604 understand which tables have precedence over what.
3461e39 Added tool...
Mark Somers authored
605
8ede8b5 Updated tools, docs and added pulse check query into scheduler...
Mark Somers authored
606 A new resource is also easily added now:
02544e4 Added repo listing API and updated docs a bit...
Mark Somers authored
607
8ede8b5 Updated tools, docs and added pulse check query into scheduler...
Mark Somers authored
608 /var/www/html/LGI/tools/ManageDB add resources allowed
02544e4 Added repo listing API and updated docs a bit...
Mark Somers authored
609
8ede8b5 Updated tools, docs and added pulse check query into scheduler...
Mark Somers authored
610 Enter resource name: user@resource
611 Enter resource url: user@resource
612 Enter certificate file: resource.crt
613 Enter project server flag: 0
614 Enter servers to update: any
02544e4 Added repo listing API and updated docs a bit...
Mark Somers authored
615
8fd6300 Updated docs...
Mark Somers authored
616 Here a new group is added on the slave server only:
cef5be6 Updated documentation...
Mark Somers authored
617
8ede8b5 Updated tools, docs and added pulse check query into scheduler...
Mark Somers authored
618 /var/www/html/LGI/tools/ManageDB add groups allowed
3461e39 Added tool...
Mark Somers authored
619
8ede8b5 Updated tools, docs and added pulse check query into scheduler...
Mark Somers authored
620 Enter group name: newgroup
621 Enter application: any
622 Enter job limit: -10
623 Enter servers to update: apache@exampleslaveserver.somewhere.org
14e016b Added new DB management tool into tree...
Mark Somers authored
624
8ede8b5 Updated tools, docs and added pulse check query into scheduler...
Mark Somers authored
625 Or a user is denied on the master server only:
14e016b Added new DB management tool into tree...
Mark Somers authored
626
8ede8b5 Updated tools, docs and added pulse check query into scheduler...
Mark Somers authored
627 /var/www/html/LGI/tools/ManageDB add users denied
4cb6f88 Updated daemon to handle capabilities, updated qstat and beautfied ou…
Mark Somers authored
628
8ede8b5 Updated tools, docs and added pulse check query into scheduler...
Mark Somers authored
629 Enter user name: baduser
630 Enter application: any
631 Enter servers to update: apache@exampleserver.somewhere.org
4cb6f88 Updated daemon to handle capabilities, updated qstat and beautfied ou…
Mark Somers authored
632
633
Something went wrong with that request. Please try again.