sysadmin
@
extreme.indiana.edu


Home
Machines
CSG
    Support
    Packages
Lab
    User's Guide
    Sysadmin's Guide
    Packages
Projects
    Portal
    LEAD
    Grid Info

Portal Related Documentation

XDirectory Service - Secure

The XDirectory Service (XDRS) is currently running on rainier on 2020. It's init script is located at /etc/init.d/xdrs. The XDirectory Service runs as user apadmin, and the /u/apadmin/bin/xdrs_start.sh script is called by the init script to start the service. Note: to change the port number on which this service runs, or any other small changes, one can simply modify xdrs_start.sh as user apadmin.

On rainier, with sudo privileges, one can start XDRS with: sudo /etc/init.d/xdrs start. Similarly, one can stop, restart, and check the status of XDRS. XDRS will also start up automatically whenever rainier boots.

XDRS uses a copy of rainier's grid host certificate and key which are stored in /etc/grid-security/xdrs/host{cert,key}.pem. The host key is unencrypted and is only readable by user apadmin.

XDirectory Service - Non Secure

The XDirectory Service (XDRS) is currently running in non secure mode on rainier on port 8047. It's init script is located at /etc/init.d/xdrs-nosec. The XDirectory Service runs as user apadmin, and the /u/apadmin/bin/xdrs-nosec_start.sh script is called by the init script to start the service. Note: to change the port number on which this service runs, or any other small changes, one can simply modify xdrs-nosec_start.sh as user apadmin.

On rainier, with sudo privileges, one can start XDRS with: sudo /etc/init.d/xdrs-nosec start. Similarly, one can stop, restart, and check the status of XDRS. XDRS will also start up automatically whenever rainier boots.

Proxy Certificate Test Users

We have created a set of test user certificates which have been loaded directly into the myproxy repository. After generating the certificate and key for the test user (be sure to use the password of "temp" for the userkey), issue the following commands as root on rainier (where the MyProxy repository resides):

bash-2.05a# cd /usr/local/globus-3.0.1
bash-2.05a# export GLOBUS_LOCATION=`pwd`
bash-2.05a# source etc/globus-user-env.sh
bash-2.05a# myproxy-admin-load-credential -c \
/scratch/machrist/world/test1-cert.pem -y \
/scratch/machrist/world/test1-key.pem -l extest1
Enter GRID pass phrase:
Enter MyProxy pass phrase:
Verifying password - Enter MyProxy pass phrase:
using storage directory /var/myproxy
Credential stored successfully


For GRID pass phrase enter "temp" or whatever temporary password you used when creating the certificate and key. The -l option specifies the username in the MyProxy repository; set this and the MyProxy pass phrase as you see fit.

Here is a current list of test user proxies with user names and passwords. Note that these are all within the IUCS Certificate Authority and that the username and password apply to their MyProxy username and password.

Common Name username password
Extreme TestUser1 extest1 extest
Extreme TestUser2 extest2 extest
Alliance Deployment

The Alliance Portal is deployed under the home account of apadmin on linbox1. Here is the directory structure of ~/portal:

  • alliance: home of current deployment
  • current: link to Jakarta Tomcat home in current deployment


The current deployment is a modification of the latest OGCE CVS code. The modifications are stored under portal/current/alliance-nmi. The following is a list of some of the files with modifications differing from stock OGCE CVS:

  • nmi_resources.properties
  • nmi_mysql_resources.properties
  • ctng_skins.xreg
  • default.css
  • various image files

If changes are made to any of these files, it will be necessary to redeploy CHEF. Here are the steps:

  1. Shutdown Tomcat
  2. Run ant prepare.config in the portal/current/alliance-nmi directory.
  3. Run ant deploy.mysql in the portal/current/chef-1.0.7 directory.
  4. Run ant deploy in the portal/current/alliance-nmi directory.
  5. Start Tomcat

You can deploy individual components as usual, just remember to shutdown Tomcat first.

This deployment is back-ended by MySQL. See the build.properties file in the chef directory for details.

See the init script /etc/init.d/tomcat. It calls the commands ~apadmin/bin/tcstart.sh and ~apadmin/bin/tcstop.sh when starting and stopping tomcat. See these files for more information. The catalina.out and chef.log file are on a log rotation schedule, see ~apadmin/etc/linbox1.logrotate.conf and ~apadmin/etc/linbox1.crontab.

LEAD Portal

The LEAD Portal is deployed on lead under /home/lead-portal and executed as user apadmin.

The current deployment is a modification of the latest OGCE CVS code. The modifications are stored under /home/lead-portal/lead-nmi (PORTAL_HOME). The following is a list of some of the files with modifications differing from stock OGCE CVS:

  • nmi_mysql_resources.properties
  • ctng_skins.xreg
  • default.css
  • various image files

If changes are made to any of these files, it will be necessary to redeploy CHEF. Here are the steps:

  1. Shutdown Tomcat
  2. Run ant prepare.config in the PORTAL_HOME/lead-nmi directory.
  3. Run ant deploy.mysql in the PORTAL_HOME/chef-1.0.7 directory.
  4. Run ant deploy in the PORTAL_HOME/lead-nmi directory.
  5. Start Tomcat

You can deploy individual components as usual, just remember to shutdown Tomcat first.

This deployment is back-ended by MySQL. See the build.properties file in the chef directory for details.

See the init script /etc/init.d/tomcat. It calls the commands PORTAL_HOME/bin/tcstart.sh and PORTAL_HOME/bin/tcstop.sh when starting and stopping tomcat. See these files for more information.

NOTE: The LEAD Portal is currently restarted each Sunday at 3:30 am to prevent degradation.

Test/Development Portal

The development portal is installed under the ~/portal directory of user apadmin. The symlink ~/portal/dev points to the Jakarta Tomcat home of the current development portal. Use the dev symlink to determine which directory under ~/portal contains the development portal. The development portal is available here http://portal.extreme.indiana.edu:10081/nmi.

Currently, the development portal consists of OGCE CVS snapshots with locally developed portlets added. To update the development portal to a more recent snapshot, as user apadmin do the following:

  1. Create the snapshot (cvs -d username@cvs.ogce.org export -r HEAD portal) and deploy it following the standard procedure.
  2. Stop the development portal. See notes in the next paragraph.
  3. Update the dev symlink to point to the new Jakarta Tomcat home.
  4. Start the development portal. See notes in the next paragraph.

See the init script /etc/init.d/tomcat-dev. It calls the commands PORTAL_HOME/bin/tcdevstart.sh and PORTAL_HOME/bin/tcdevstop.sh when starting and stopping tomcat. See these files for more information. To start/shutdown the development portal, as root do service tomcat-dev [start|stop], or as user apadmin do tcdevstart.sh or tcdevstop.sh to stop it. The catalina.out and chef.log file are on a log rotation schedule, see ~apadmin/etc/linbox1.logrotate.conf and ~apadmin/etc/linbox1.crontab.

Remote Services

The following remote services are running on linbox1:

  • Bio service, port 18084
  • Temp service, port 18085
  • Calc service, port 18086

These run under user apadmin, and are start with the ~apadmin/bin/remote-services-lb1.sh script.

The following remote services are running on rainier:

  • Webster service, port 18080
  • GIS service, port 18085
  • Weather service, port 18090
  • SecureWeather service, port 18091

These run under user apadmin, and are started with the ~apadmin/bin/remote-services-rainier.sh script.

Generating a new SSL certificate for the portal

First thing to do is to remove/rename the old certificate:

ssh -l apadmin linbox1
cd ~
mv .keystore .keystore-`date +%F`

Now we need to generate a new certificate:


[APADMIN@linbox1 apadmin]# keytool -genkey -alias tomcat -keyalg
RSA -validity 365
Enter keystore password:  changeit
What is your first and last name?
  [Unknown]:  portal.extreme.indiana.edu
What is the name of your organizational unit?
  [Unknown]:  Indiana University
What is the name of your organization?
  [Unknown]:  Extreme Lab
What is the name of your City or Locality?
  [Unknown]:  
What is the name of your State or Province?
  [Unknown]:  
What is the two-letter country code for this unit?
  [Unknown]:  
Is CN=portal.extreme.indiana.edu, OU=Indiana University, O=Extreme
Lab, L=Unknown, ST=Unknown, C=Unknown correct?
  [no]:  yes

Enter key password for <tomcat>
        (RETURN if same as keystore password):  

    

Note that we set the validity to 365 days, giving us a certificate good for a year. Also note that for the key password we just hit RETURN so it is the same as the keystore password.



Last updated 31 Mar 2006 by machrist@cs.indiana.edu