You are here: Manual Installation > Installation > Installing Moab Accounting Manager

2.4 Installing Moab Accounting Manager

This topic contains instructions on how to install and start Moab Accounting Manager (MAM).

Perform the following in order:

Installing Moab Accounting Manager
Open Necessary Ports
Install and Initialize the PostgreSQL Server
Install Dependencies, Packages, or Clients
(Optional) Build a Custom RPM
Install MAM Server
Configure the MAM GUI
Configure MAM Web Services
Access the MAM GUI
Access MAM Web Services
Configure Moab Workload Manager to Use Moab Accounting Manager
Initialize Moab Accounting Manager

2.4.1 Plan Your Installation

The first step is determining the number of different hosts (physical machines) required for your MAM installation.

Your MAM installation includes:

MAM Server
MAM Database
MAM Clients (possibly several hosts)
MAM GUI (optional)
MAM Web Services (optional)

Each of these components can be installed on their own hosts (meaning the actual physical machine) or can be combined on same hosts. For example, the MAM Database can be installed on the same host as the MAM Server. Or the MAM Server may be installed on the same host you installed the Moab Server.

Once you have determined which components are installed on which hosts, complete the rest of the instructions for the MAM installation.

The instructions that follow in this topic will use the term Host after each component to reflect installing on a host (again, meaning the physical machine). For example, MAM Server Host and MAM Database Host. Depending on your configuration, Host may refer to as installed on its own machine or installed on the same machine as another component.

2.4.2 Open Necessary Ports

If your site is running firewall software on its hosts, you will need to configure the firewall to allow connections to the necessary ports.

Location	Ports	Functions	When Needed
MAM Server Host	7112	MAM Server Port	If you will be installing the MAM Server on a different host from where you installed the Moab Server or you will be installing the MAM Clients on other hosts
MAM GUI Host	443	HTTPS Port	If using the MAM GUI
MAM Web Services Host	443	HTTPS Port	If using MAM Web Services
MAM Database Host	5432	MAM PostgreSQL Server Port	If you will be installing the MAM Database on a different host from the MAM Server

See 2.11 Opening Ports in a Firewall for general instructions and an example of how to open ports in the firewall.

2.4.3 Install and Initialize the PostgreSQL Server

Moab Accounting Manager uses a database for transactions and data persistence.

the same host as the MAM Server.
a separate PostgreSQL database host.
a separate shared PostgreSQL database host.

On the host where the MAM PostgreSQL database will reside, do the following:

Install and initialize the PostreSQL Server.

[root]# yum install postgresql-server
[root]# service postgresql initdb

Configure trusted connections.

Edit or add a "host" line in the pg_hba.conf file for the interface from which the MAM Server will be connecting to the database and ensure that it specifies a secure password-based authentication method (for example, md5).

[root]# vi /var/lib/pgsql/data/pg_hba.conf

# Replace 127.0.0.1 with the IP address of the MAM Server Host if the
# MAM PostgreSQL server is on a separate host from the MAM server.
host    all             all             127.0.0.1/32            md5
host    all             all             ::1/128                 md5

---

If the MAM Database Host is installed on a different host from where you will install the MAM Server, configure PostgreSQL to accept connections from the MAM Server Host.

[root]# vi /var/lib/pgsql/data/postgresql.conf

# Replace <mam-server-host> with the interface name from which the MAM server
# will be connecting to the database.
listen_addresses = '<mam-server-host>'

If your PostgreSQL database version is prior to version 9.1, configure postgresql to avoid interpreting backslashes as escape characters.
```
[root]# vi /var/lib/pgsql/data/postgresql.conf
				
standard_conforming_strings = on
```

Start or restart the database.

[root]# chkconfig postgresql on
[root]# service postgresql restart

2.4.4 Install Dependencies, Packages, or Clients

Use the following instructions to install the required Moab Accounting Manager dependencies, packages, or clients.

Depending on your configuration, the MAM Server Host and the MAM GUI Host may be installed on the same host. The MAM Client Host is automatically installed on the same host as the MAM Server Host; however, you can also install the MAM Client Host on any other hosts on which you want to have the MAM client commands available to users or administrators.

On the MAM Server Host, the MAM GUI Host, the MAM Web Services Host, and the MAM Client Hosts, do the following:

[root]# yum install gcc redhat-lsb-core perl rrdtool perl-Config-Tiny perl-Crypt-CBC perl-Crypt-DES perl-Crypt-DES_EDE3 perl-Digest-HMAC perl-Digest-SHA perl-Error perl-JSON perl-Log-Dispatch-FileRotate perl-Log-Log4perl perl-XML-LibXML

If installing on RHEL, some packages may not be found in the standard RHEL distribution repositories.

One way to overcome this problem is to install the missing dependencies from EPEL or other reputable repositories. For example:

[root]# rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
[root]# yum install yum-utils
[root]# yum-config-manager --disable epel
[root]# yum install --enablerepo=epel,rhel-6-server-optional-rpms gcc redhat-lsb-core perl rrdtool perl-Config-Tiny perl-Crypt-CBC perl-Crypt-DES perl-Crypt-DES_EDE3 perl-Digest-HMAC perl-Digest-SHA perl-Error perl-JSON perl-Log-Dispatch-FileRotate perl-Log-Log4perl perl-XML-LibXML

Alternatively, you can install the available packages in the RHEL repository and then install the missing modules from CPAN.

[root]# yum install --skip-broken gcc redhat-lsb-core perl rrdtool perl-Config-Tiny perl-Crypt-CBC perl-Crypt-DES perl-Crypt-DES_EDE3 perl-Digest-HMAC perl-Digest-SHA perl-Error perl-JSON perl-Log-Dispatch-FileRotate perl-Log-Log4perl perl-XML-LibXML perl-CPAN
[root]# cpan YAML Config::Tiny Log::Log4perl Log::Dispatch::FileRotate Compress::Zlib

You may need to run the cpan command more than once for it to complete successfully.

On the MAM Server Host, do the following:

[root]# yum install postgresql postgresql-libs perl-DBD-Pg perl-Date-Manip perl-Time-HiRes perl-DBI

On the MAM GUI Host, do the following:

[root]# yum install httpd mod_ssl perl-CGI perl-CGI-Session

On the MAM Web Services Host, do the following:
```
[root]# yum install httpd mod_perl mod_ssl
```

On each of the MAM Client Hosts (including the MAM Server Host), do the following:

[root]# yum install perl-suidperl perl-Term-ReadLine-Gnu perl-TermReadKey

If installing on RHEL, some packages may not be found in the standard RHEL distribution repositories. One way to overcome this problem is to install the missing dependencies from EPEL or other reputable repositories. For example:

[root]# rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
[root]# yum install yum-utils
[root]# yum-config-manager --disable epel
[root]# yum install --enablerepo=epel perl-suidperl perl-Term-ReadLine-Gnu perl-TermReadKey

If any of the Perl module packages fail to install or are unavailable for your system, you can install it from CPAN by running cpan MODULENAME where MODULENAME is the respective perl module name.

2.4.5 (Optional) Build a Custom RPM

2.4.6 Install MAM Server

On the MAM Server Host, do the following:

Create a user called mam and switch to that user.

[root]# useradd -m mam
[root]# su - mam
[mam]$ mkdir src
[mam]$ cd src

Download the latest MAM build from the Adaptive Computing Moab HPC Suite Download Center.
As the mam user, run each of the following commands in order.
```
[mam]$ tar -zxvf mam-9.1.0.tar.gz
[mam]$ cd mam-9.1.0
```
Configure the software. For a list of all the configuration options, see 2.15 Moab Accounting Manager Configuration Options.
```
[mam]$ ./configure
```
Compile the software.
```
[mam]$ make
```
Depending on your configuration, you may need to replace "make" with a make command that includes additional functionality. Specifically:
- If you only need to install the clients on a particular system, use clients-only.
- If you only need to install the web GUI on a particular system, use make gui-only.
- If you only need to install the web services on a particular system, use make ws-only
Install the software.
```
[mam]$ exit
[root]# cd ~mam/src/mam-9.1.0
[root]# make install
```
Depending on your configuration, you may need to replace "make install" with a make command that includes additional functionality. Specifically:
- If you only need to install the clients on a particular system, use make install-clients-only.
- If you only need to install the web GUI on a particular system, use make install-gui-only.
- If you only need to install the web services on a particular system, use make install-ws-only
As the database user, create a database called mam and grant database privileges to the mam user.
PostgreSQL should have previously been installed using the instructions in 2.1 Preparing for Manual Installation.
```
[root]# su - postgres
[postgres]$ psql

create database mam;
create user mam with password 'changeme!';
\q

[postgres]$ exit
```
The password you define must be synchronized with the database.password value in /opt/mam/etc/mam-server.conf
```
[root]# vi /opt/mam/etc/mam-server.conf

database.password = changeme!
```
Run the hpc.sql script to populate the Moab Accounting Manager database with objects, actions, and attributes necessary to function as an Accounting Manager.
```
[root]# su - mam
[mam]$ cd src/mam-9.1.0
[mam]$ psql mam < hpc.sql
[mam]$ exit
```
Configure MAM to automatically start up at system boot; start the mam service.
```
[root]# chkconfig --add mam
[root]# service mam start
```

2.4.7 Configure the MAM GUI

If you plan to use the web GUI, then on the MAM GUI Host, do the following:

As root, add or edit the SSL virtual host definition as appropriate for your environment. To do so, configure the cgi-bin directory in ssl.conf. Below the cgi-bin directory element, create an alias for /cgi-bin pointing to your cgi-bin directory. If you chose to install to a cgi-bin sub-directory, you might want to create an alias for that as well. Also, add index.cgi to the DirectoryIndex so you can use the shorter sub-directory name.
```
[root]# vi /etc/httpd/conf.d/ssl.conf

<Directory "/var/www/cgi-bin">
## Add these lines
  Options ExecCGI
  AddHandler cgi-script .cgi
  AllowOverride All
  Order allow,deny
  Allow from all
</Directory>

# Aliases for /cgi-bin
Alias /cgi-bin/ /var/www/cgi-bin/
Alias /mam /var/www/cgi-bin/mam/

# Make shorter sub-dir name available
DirectoryIndex index.cgi
```
For Red Hat-based systems where Security Enhanced Linux (SELinux) is enforced, you may need to customize SELinux to allow the web server to make network connections, use setuid for authentication, and write to the log file.
1. Determine the current mode of SELinux.
```
[root]# getenforce

Enforcing
```
2. If you choose to customize SELinux, do the following:
  SELinux can vary by version and architecture and that these instructions may not work in all possible environments.
  If you used the --prefix=<prefix> configuration option when you configured Moab Accounting Manager, you must replace references to /opt/mam in the example below with the <prefix> you specified. See 2.15 Moab Accounting Manager Configuration Options for more information.
```
[root]# cat > mamgui.te <<EOF
module mamgui 1.0;
require {
        type httpd_sys_script_t;
        type port_t;
        class capability setuid;
        class tcp_socket name_connect;
}
allow httpd_sys_script_t port_t:tcp_socket name_connect;
allow httpd_sys_script_t self:capability setuid;
EOF
[root]# checkmodule -M -m -o mamgui.mod mamgui.te
[root]# semodule_package -m mamgui.mod -o mamgui.pp
[root]# semodule -i mamgui.pp
[root]# setenforce 0
[root]# chcon -v -t httpd_sys_content_t /opt/mam/log
[root]# setenforce 1
```
For the highest security, it is recommended that you install a public key certificate that has been signed by a certificate authority. The exact steps to do this are specific to your distribution and the chosen certificate authority. An overview of this process for CentOS 7 is documented here.
Alternatively, if your network domain can be secured from man-in-the-middle attacks, you could use a self-signed certificate. Often this does not require any additional steps since in many distributions, such as Red Hat, the Apache SSL configuration provides self-signed certificates by default.
If your configuration uses self-signed certificates, no action is required; Red Hat ships with ready-made certificates.

Start or restart the HTTP server daemon.

[root]# chkconfig httpd on
[root]# service httpd restart

2.4.8 Configure MAM Web Services

If you plan to use MAM Web Services, then on the MAM Web Services Host, do the following:

Edit the SSL virtual host definition in ssl.conf to include the mamws location. For example:

[root]# vi /etc/httpd/conf.d/ssl.conf
# Place the following within the 443 VirtualHost definition
PerlOptions +Parent
PerlSwitches -Mlib=/opt/mam/lib
PerlModule MAM::WSResponseHandler
PerlModule MAM::WSAuthenHandler
<Location /mamws>
    SetHandler perl-script
    PerlResponseHandler MAM::WSResponseHandler
    Options +ExecCGI

    AuthName MAM
    PerlAuthenHandler MAM::WSAuthenHandler
    Require valid-user

    Order allow,deny
    Allow from all
</Location>

For Red Hat-based systems where Security Enhanced Linux (SELinux) is enforced, you may need to customize SELinux to allow the web server to make network connections and write to the log file.
1. Determine the current mode of SELinux.
```
[root]# getenforce

Enforcing
```
2. If you choose to customize SELinux, do the following:
  SELinux can vary by version and architecture and that these instructions may not work in all possible environments.
  If you used the --prefix=<prefix> configuration option when you configured Moab Accounting Manager, you must replace references to /opt/mam in the example below with the <prefix> you specified. See 2.15 Moab Accounting Manager Configuration Options for more information.
```
[root]# cat > mamws.te <<EOF
module mamws 1.0;
require {
        type httpd_t;
        type port_t;
        type usr_t;
        class tcp_socket name_connect;
        class file { create append };
}
allow httpd_t port_t:tcp_socket name_connect;
allow httpd_t usr_t:file { create append };
EOF
[root]# checkmodule -M -m -o mamws.mod mamws.te
[root]# semodule_package -m mamws.mod -o mamws.pp
[root]# semodule -i mamws.pp
[root]# setenforce 0
[root]# chcon -v -t httpd_sys_content_t /opt/mam/log
[root]# setenforce 1
```
For the highest security, it is recommended that you install a public key certificate that has been signed by a certificate authority. The exact steps to do this are specific to your distribution and the chosen certificate authority. An overview of this process for CentOS 7 is documented here.
Alternatively, if your network domain can be secured from man-in-the-middle attacks, you could use a self-signed certificate. Often this does not require any additional steps since in many distributions, such as Red Hat, the Apache SSL configuration provides self-signed certificates by default.
If your configuration uses self-signed certificates, no action is required; Red Hat ships with ready-made certificates.

Start or restart the HTTP server daemon.

[root]# chkconfig httpd on
[root]# service httpd restart

2.4.9 Access the MAM GUI

If you plan to use the web GUI, then on the MAM Server Host, do the following:

Create a password for the mam user to be used with the MAM Web GUI.
```
[root]# su - mam
[mam]$ mam-set-password
[mam]$ exit
```
Verify the connection.
1. Open a web browser and navigate to https://<mam-server-host>/cgi-bin/mam.
2. Log in as the mam user with the password you set in step 1.

2.4.10 Access MAM Web Services

If you plan to use MAM web services, then on a MAM Client Host, do the following:

Create a password for the mam user that you wish to access MAM Web Services.
```
[root]# su - mam
[mam]$ mam-set-password
[mam]$ exit
```
Make a call to web services.
```
[root]# curl -k -X GET --basic -u mam:changeme! 'https://<mam-web-services-host>/mamws/system'
```
Alternatively, for queries, you can use the browser to access the URL. For example: 'https://<mam-web-services-host>/mamws/system'.

2.4.11 Configure Moab Workload Manager to Use Moab Accounting Manager

Do the following:

Configure Moab to talk to MAM
Do one of the following:
- MAM Option. If you are will be using the MAM (direct network) accounting manager interface with Moab Workload Manager (this is the default), do the following:
- Native Option. If you are will be using the Native (custom script) accounting manager interface with Moab Workload Manager, do the following:
On the Moab Server Host, restart Moab.
```
service moab restart
```

2.4.12 Initialize Moab Accounting Manager

You will need to initialize Moab Accounting Manager to function in the way that is most applicable to the needs of your site. See Initial Setup in the Moab Accounting Manager Administrator Guide to set up Moab Accounting Manager for your desired accounting mode.