Grid Computing

As of this week, gridsphere V 2.1.4 and gridportlets are running. Tomcat version is 5.0.X. Apache version is 2.2.2

• gridportlet as SP must be apache protected ->
  
  
  
  • install and configure mod_jk 4.1.30 (as ajp1.3)
    
    
    • 
      Description of Connector Protocol
      
    • be sure mod_jk.so is installed (via RPM)
      
    • create mod_jk.conf in /etc/apache2 and Include in httpd.conf
      
      NOTE: skipped steps to secure WEB-INF Directory

  • Reconfigure gridsphere so that tomcat connector is used (5/10/06)

IMPORTANT SimpleCA Storage LOCATIONS

The private key of the CA is stored in /root/.globus/simpleCA//private/cakey.pem
The public CA certificate is stored in /root/.globus/simpleCA//cacert.pem

The distribution package built for this CA is stored in

/root/.globus/simpleCA//globus_simple_ca_74f9a25f_setup-0.18.tar.gz

This file must be distributed to any host wishing to request
certificates from this CA.

Need a server cert that has no password. Commands are:

(1) change directory into the grid-security directory: cd /etc/grid-security

(2) Generate the server key (with password): openssl genrsa -des3 -out server.key 1024

(3) Generate certificate *without a password*: openssl rsa -in server.key -out server.pem

(4) Create CSR (Certificate Signing Request) to affirm that the server key is valid. The server.pem is used in place of server.key as we don’t require a password:
openssl req -new -key server.pem -out server.csr

The information you are about to be asked to enter information will be incorporated into your certificate request as the Distinguished Name or a DN of the signed cert. [ If you enter ‘.’, the field will be left blank ]

We're trying to use our existing Pubcookie as authorization for OGCE. We need to bypass the current OGCE login page and new user page so that our users can go to OGCE by clicking a link in UAB grid site without needing to input username and password in OGCE site. I created two test forms which contain user info that will be passed to OGCD's jetspeed (Apache Turbine) servlets. So user will not see the OGCE login and new user pages and go to its main page directly. The next thing we need to do is to integrate these forms and the code changes with UAB grid.

In UAB grid site, user info needs to be filled in the forms. We also need to check if the coming user is a new user or not. If this is a new user, a new account for the user has to be created in OGCE.

This is how the cert process works with our setup:

first we do a cert request using grid-cert-request
That will generate the userkey.pem and usercert-request.pem files.
The usercert_request.pem file is sent to CA.
The CA sends a usercert.pem file.
Then the usercert.pem and userkey.pem files are stored in the .globus directory inside the user's home directory.

After this process is finished and the users name has been added to the /etc/grid-security/grid-mapfile the user can generate proxies using the files in the .globus directory. This is done using grid-proxy-init command. This proxy is stored inside the /tmp directory with a name starting in x509up_u

I did some researches for source code, such as PresenceAction.java etc and found the code has some problems. Please see the code:
-------------------------------------------------------------
...
// get the current presence list (User objects) for this page
usageSession [] sessions = service.getPresence(location);
if (sessions != null) context.put(CONTEXT_USERS, sessions);
...
---------------------------------------------------------------
It gets the "sessions" based on "location". The location is info about a specific user, for example, "/user/cyy", which seems that it tries to show the location of /lhome/portal/portal/jakarta-tomcat-4.1.18/webapps/nmi/WEB-INF/psml/user/cyy/html/default.psml. So it would not show other users on the list at all. I tried to login as "cyy" in Mozilla and in IE. Both browsers showed two "cyy" users. If I logged out and used another user name "ogce" in IE, one "cyy" disappeared in Mozilla and only the "ogce" displayed on the user list in IE. That is why the user only can see his/her own on the list.

When rebuilding, OGCE removes the db folder, creates a new one and copies some xml files there , including the user.xml file with three default users, admin, turbine and postmaster. The new user's username and password are holding in the memory and not written to the user.xml file until OGCE is shut down. In the meantime, content.xml and group.xml under the db folder are updated too. We are not sure how it works for mysql database.

The following set of instructions use the Simple CA to sign requests (for user or host certificates).

Pravin said that the text file is somewhere under the tomcat. I did search for all of subfolders and still didn't find that. I saw one xml file, /lhome/portal/portal/jakarta-tomcat-4.1.18/webapps/nmi/db/user.xml,
which looks like it. It has user id and kind of password, but it doesn't have all of users and isn't updated when adding a new user while the new user folder I mentioned in my previous email is created.

The java class file, edu.indiana.commgrids.newswizard.NewsBean, may help find how/where to store username and password. I only saw the binary file and don't know where the source file is.

I looked at OGCE and tried to understand how the small square box works. The small box is an html file which is an iframe from the browser. It looks that PresenceAction.java and presence.vm control the information. In the presence.vm file, it would show the user names by session.User.DisplayName. The code loops based on "sessions", which info is from PresenceAction.java. As I understand each HTTP session represents one user session. I added a peice of code in the java file to get the "sessions" number in log. I got session number = 1 for myself. The number still was one after Jason logged in. I guess code might have some problems.