UNICORE and S3 configuration: Difference between revisions
Diana.gudu (talk | contribs) (Created page with "==UNICORE installation== For serving S3 requests through UNICORE, only a small installation of UNICORE is necessary, comprising the UNICORE Gateway and the UNICORE/X componen...") |
Diana.gudu (talk | contribs) No edit summary |
||
| Line 31: | Line 31: | ||
==UNICORE/X setup== |
==UNICORE/X setup== |
||
The following two files need to be edited for setting up the UNICORE/X server: |
|||
/etc/unicore/unicorex/uas.config - for general settings, storages |
|||
/etc/unicore/unicorex/wsrflite.xml - for services to be deployed, SSL settings |
|||
First, set the gateway URL and identity, as well as the UNICORE/X hostname, in file wsrflite.xml: |
|||
<property name="container.baseurl" value="https://unicore.data.kit.edu:8080/DEFAULT-SITE/services"/> |
|||
<property name="container.security.gateway.certificate" value="/etc/unicore/certs/unicore.data.kit.edu.pem"/> |
|||
<!-- physical hostname (or IP address) and port --> |
|||
<property name="container.host" value="unicore.data.kit.edu"/> |
|||
<property name="container.port" value="7777"/> |
|||
Then, set the server identity and truststore, in wsrflite.xml: |
|||
<!-- UNICORE/X server identity (keystore definition) --> |
|||
<property name="container.security.credential.path" value="/etc/unicore/certs/unicore.data.kit.edu.pem"/> |
|||
<!-- UNICORE/X truststore (can be the same as the keystore) --> |
|||
<property name="container.security.truststore.directoryLocations.1" value="/etc/unicore/unicorex/truststore/*.pem"/> |
|||
<property name="container.security.truststore.crlLocations.1" value="/etc/unicore/unicorex/truststore/*.crl"/> |
|||
==Adding S3 as storage backend== |
==Adding S3 as storage backend== |
||
==Useful links== |
|||
*[http://unicore.eu/documentation/manuals/unicore6/files/gateway/manual.html UNICORE Gateway manual] |
|||
*[http://unicore.eu/documentation/manuals/unicore6/files/unicorex/unicorex-manual.html UNICORE/X manual] |
|||
*[https://collaboration.humanbrainproject.eu/web/collab/wiki/-/wiki/Main/UNICORE+Configuration+information HBP-related UNICORE config (only for HBP members)] |
|||
Revision as of 17:26, 26 February 2015
UNICORE installation
For serving S3 requests through UNICORE, only a small installation of UNICORE is necessary, comprising the UNICORE Gateway and the UNICORE/X components. The setup described here, for integrating the WOS S3 storage with the Human Brain Project's UNICORE infrastructure, is depicted in the picture below. Authentication is done via Unity or OIDC. The UNICORE installation will only accept users authenticated via the HBP Unified Portal. The services should also be available via the UNICORE REST API.
[File:architecture]
The two UNICORE components can be installed from the core server bundle at [1] or the rpm/deb packages found at [2]. On Debian, for example, download the latest packages and install them:
wget http://unicore-dev.zam.kfa-juelich.de/release-candidates/core/7.2.0-packages/deb/unicore-gateway_7.2.0-2_all.deb wget http://unicore-dev.zam.kfa-juelich.de/release-candidates/core/7.2.0-packages/deb/unicore-unicorex_7.2.0-2_all.deb dpkg -i unicore-gateway_7.2.0-2_all.deb dpkg -i unicore-unicorex_7.2.0-2_all.deb
The components need grid server certificates. Our host unicore.data.kit.edu has a server certificate signed by the gridka CA [3].
UNICORE Gateway setup
The following settings are needed:
- enabling certificate-less user access, in file /etc/unicore/gateway/gateway.properties:
gateway.httpServer.requireClientAuthn=false
- setting the gateway credential and truststore locations, in file /etc/unicore/gateway/security.properties:
#Set the trust store here gateway.truststore.type=directory gateway.truststore.directoryLocations.1=/etc/unicore/gateway/truststore/*.pem gateway.truststore.crlLocations.1=/etc/unicore/gateway/truststore/*.crl # and the gateway credential gateway.credential.path=/etc/unicore/certs/unicore.data.kit.edu.pem
- configuring the sites in file /etc/unicore/gateway/connections.properties:
DEFAULT-SITE = https://unicore.data.kit.edu:7777
Starting and stopping the service can be done by running the scripts:
unicore-gateway-start.sh unicore-gateway-stop.sh
The gateway needs to be accessible from the internet.
UNICORE/X setup
The following two files need to be edited for setting up the UNICORE/X server:
/etc/unicore/unicorex/uas.config - for general settings, storages /etc/unicore/unicorex/wsrflite.xml - for services to be deployed, SSL settings
First, set the gateway URL and identity, as well as the UNICORE/X hostname, in file wsrflite.xml:
<property name="container.baseurl" value="https://unicore.data.kit.edu:8080/DEFAULT-SITE/services"/> <property name="container.security.gateway.certificate" value="/etc/unicore/certs/unicore.data.kit.edu.pem"/> <property name="container.host" value="unicore.data.kit.edu"/> <property name="container.port" value="7777"/>
Then, set the server identity and truststore, in wsrflite.xml:
<property name="container.security.credential.path" value="/etc/unicore/certs/unicore.data.kit.edu.pem"/> <property name="container.security.truststore.directoryLocations.1" value="/etc/unicore/unicorex/truststore/*.pem"/> <property name="container.security.truststore.crlLocations.1" value="/etc/unicore/unicorex/truststore/*.crl"/>
