UNICORE and S3 configuration

From Lsdf
Revision as of 16:28, 26 February 2015 by Diana.gudu (talk | contribs) (Created page with "==UNICORE installation== For serving S3 requests through UNICORE, only a small installation of UNICORE is necessary, comprising the UNICORE Gateway and the UNICORE/X componen...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

UNICORE installation

For serving S3 requests through UNICORE, only a small installation of UNICORE is necessary, comprising the UNICORE Gateway and the UNICORE/X components. The setup described here, for integrating the WOS S3 storage with the Human Brain Project's UNICORE infrastructure, is depicted in the picture below. Authentication is done via Unity or OIDC. The UNICORE installation will only accept users authenticated via the HBP Unified Portal. The services should also be available via the UNICORE REST API.

[File:architecture]

The two UNICORE components can be installed from the core server bundle at [1] or the rpm/deb packages found at [2]. On Debian, for example, download the latest packages and install them:

wget http://unicore-dev.zam.kfa-juelich.de/release-candidates/core/7.2.0-packages/deb/unicore-gateway_7.2.0-2_all.deb
wget http://unicore-dev.zam.kfa-juelich.de/release-candidates/core/7.2.0-packages/deb/unicore-unicorex_7.2.0-2_all.deb
dpkg -i unicore-gateway_7.2.0-2_all.deb
dpkg -i unicore-unicorex_7.2.0-2_all.deb

The components need grid server certificates. Our host unicore.data.kit.edu has a server certificate signed by the gridka CA [3].

UNICORE Gateway setup

The following settings are needed:

  • enabling certificate-less user access, in file /etc/unicore/gateway/gateway.properties:
gateway.httpServer.requireClientAuthn=false
  • setting the gateway credential and truststore locations, in file /etc/unicore/gateway/security.properties:
#Set the trust store here
gateway.truststore.type=directory
gateway.truststore.directoryLocations.1=/etc/unicore/gateway/truststore/*.pem
gateway.truststore.crlLocations.1=/etc/unicore/gateway/truststore/*.crl
# and the gateway credential
gateway.credential.path=/etc/unicore/certs/unicore.data.kit.edu.pem
  • configuring the sites in file /etc/unicore/gateway/connections.properties:
DEFAULT-SITE = https://unicore.data.kit.edu:7777

Starting and stopping the service can be done by running the scripts:

unicore-gateway-start.sh
unicore-gateway-stop.sh

The gateway needs to be accessible from the internet.

UNICORE/X setup

Adding S3 as storage backend