You are here: RPM Installation > Installation and Configuration > Nitro Integration > Installing Nitro Web Services

3.17 Installing Nitro Web Services

This topic contains instructions on how to install Nitro Web Services.

Do the following in the order presented:

Open Necessary Ports
Install MongoDB
Install and Configure Nitro Web Services
Configure Viewpoint for Nitro Web Services
Publish Nitro Events to Nitro Web Services

3.17.1 Open Necessary Ports

If your site is running firewall software on its hosts, you will need to configure the firewall to allow connections to the necessary ports.

Location	Ports	Functions	When Needed
Nitro Web Services Host	9443	Tornado Web Port	Always
Nitro Web Services Host	47100	ZMQ Port	Always
Nitro Web Services Database Host	27017	Nitro Web Services MongoDB Server Port	If you will be installing the Nitro Web Services Database on a different host from Nitro Web Services

See 2.11 Opening Ports in a Firewall for general instructions and an example of how to open ports in the firewall.

3.17.2 Install MongoDB

On the Nitro Web Services MongoDB Database Host, do the following:

Install MongoDB.
```
[root]# yum install -y mongodb-org
```

Enable and start MongoDB.

[root]# chkconfig mongod on
[root]# service mongod start

Add the required MongoDB users.

The passwords used below (secret1 and secret5) are examples. Choose your own passwords for these users.
```
[root]# mongo
> use admin
> db.createUser({"user": "admin_user", "pwd": "secret1", "roles": ["root"]})

> use nitro-db
> db.createUser({"user": "nitro_user", "pwd": "secret5", "roles": ["dbOwner"]})

> exit
```
Because the admin_user has read and write rights to the admin database, it also has read and write rights to all other databases. See Control Access to MongoDB Instances with Authentication for more information.

Set MongoDB Configuration Options.
- The configuration file for MongoDB is /etc/mongod.conf. See https://docs.mongodb.com/manual/reference/configuration-options for information.
- Adaptive Computing recommends that you set security.authorization to enabled. See https://docs.mongodb.com/manual/reference/configuration-options/#security-options for more information.
By default, /etc/mongod.conf sets net.bindIp to 127.0.0.1. You will need to change this setting if the MongoDB server needs to be accessible from other hosts or from other interfaces besides loopback. See https://docs.mongodb.com/manual/reference/configuration-options/#net-options for more information.
```
# Sample /etc/mongod.conf file
net:
  port: 27017
  # bindIp: 127.0.0.1
processManagement:
  fork: true
  pidFilePath: /var/run/mongodb/mongod.pid
security:
  authorization: enabled
storage:
  dbPath: /var/lib/mongo
  journal:
    enabled: true
systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongodb/mongod.log
```
Restart MongoDB.
```
[root]# service mongod restart
```

3.17.3 Install and Configure Nitro Web Services

You must complete the tasks earlier in this topic before installing Nitro Web Services.

On the host where Nitro Web Services will reside, do the following:

If you are installing Nitro Web Services on its own host or on a host that does not have another RPM installation, complete the steps to prepare the host. See 3.3 Preparing for RPM Installs for more information.

Install the Nitro Web Services RPM.

[root]# yum install -y nitro-web-services

Understand and edit the configuration files.
This includes clarifying what each configuration file is for and what to expect the first time the NWS service is started vs. each subsequent start.
The nitro_user with dbOwner permissions was set up earlier in the procedure (see Install MongoDB).
When you first start nitro-web-services, the nitro-db Mongo database (including its collections and indexes) is created. The nitro-db 'user' collection is also populated with the default Nitro Web Services API users/passwords. Several of the options defined in the configuration files influence this process.
Usernames and passwords are created only if they do not yet exist. Changing a password in the configuration file after initial startup will not update the password.
The installation provides two configuration files:
- /opt/nitro-web-services/etc/nitro.cfg
  This is the Nitro Web Services web application configuration file.
  - Before initial startup, set the db_password to be the nitro_user password. It is also recommended that you change all other default passwords before starting Nitro Web Services. If you do not change the passwords at this point, it will be more difficult to change them later.
  - By default, NWS uses an auto-generated self-signed SSL certificate to encrypt the link between the web server and the browser clients. The auto-generated self-signed SSL certificate is created at service start up; not during the installation process.
    However, you can use your own certfile, keyfile, and ca_certs files if you wish.
    If you choose to use your own ssl_certfile and ssl_keyfile, ssl_create_self_signed_cert=true is ignored.
  - By default, NWS does not encrypt network traffic with MongoDB. You set the db_ssl_* properties if you choose to enable TLS/SSL when installing MongoDB earlier in this topic.
- /opt/nitro-web-services/etc/zmq_job_status_adapter.cfg
  This is the Nitro ZMQ Job Status Adapter configuration file.
  - The Nitro ZMQ Job Status Adapter listens to job status updates on the ZMQ bus and publishes them to MongoDB using the Nitro Web Services REST API.
  - The username and password must be set to a Nitro Web Services API user with write permissions. At minimum, set the password for nitro-writeonly-user to the password defined in /opt/nitro-web-services/etc/nitro.cfg and make sure the SSL options are set correctly based on SSL settings in /opt/nitro-web-services/etc/nitro.cfg.
If you did not need to install the Nitro Web Services MongoDB database earlier in this topic, verify that the mongodb_hostlist in /opt/nitro-web-services/etc/nitro.cfg is set correctly (localhost:27017 is the default).

Start the services and configure Nitro Web Services to start automatically at system boot.

[root]# chkconfig --add nitro-web-services
[root]# chkconfig --add nitro-zmq-job-status-adapter
[root]# service nitro-web-services start
[root]# service nitro-zmq-job-status-adapter start

3.17.4 Configure Viewpoint for Nitro Web Services

Do the following:

Using a web browser, navigate to your Viewpoint instance (http://<server>:8081) and then log in as the MWS administrative user (moab-admin, by default).

Click Configuration from the menu and then click Nitro Services from the left pane. The following is an example of the Nitro Services Configuration page.

Click to enlarge

Enter the configuration information. The following table describes the required information.

Field	Description
Nitro WS URL	Hostname (or IP address) and port number for the host on which you installed Nitro Web Services. For example, https://<hostname>:9443
Username	Name of the user. This typically nitro-readonly-user.
Password	The user's password.
Trust Self Signed	Indicates whether Nitro Web Services was set up using self-signed certificates.

Click TEST to confirm the settings are correct. This confirms whether Nitro Web Services is up and receiving connections.
Click SAVE to submit your settings.

(Recommended) Use curl to test Nitro Web Services connectivity.

[root]# curl --insecure --data '{"username": "nitro-admin", "password": "ChangeMe2!"}' \
 https://<hostname>:9443/auth

You should get something similar to the following in the response:

{
  "status": 200,
  "data": {
    "nitro-key": "3e0fb95e9a0e44ae91daef4deb500dcc67a3714880e851d781512a49",
    "user": {
      "username": "nitro-admin",
      "last_updated": "2016-02-26 23:34:55.604000",
      "name": "Nitro Admin",
      "created": "2016-02-26 23:34:55.604000",
      "auth": {
        "job": [
          "read",
          "write",
          "delete"
        ],
        "user": [
          "read",
          "write",
          "delete"
        ]
      }
    }
  }
}

3.17.5 Grant Users Nitro Permissions in Viewpoint

Viewpoint comes packed with base (default) roles for Nitro jobs. Any user who will be working with Nitro Web Services, must have the appropriate role added to the Viewpoint user principal.

These are the Viewpoint roles for Nitro:

NitroAdmin – Administrative user, with permission to create Nitro application templates and manage other user's Nitro jobs.
NitroUser – Basic user, with permission to create and manage their own Nitro jobs.

See Creating or Editing Principals in the Moab Viewpoint Reference Guide for instructions on setting up principals.

3.17.6 Publish Nitro Events to Nitro Web Services

You need to configure the Nitro coordinators to send job status updates to the Nitro Web Services's ZMQ Job Status Adapter. The ZMQ Job Status Adapter is responsible for reading job status updates off of the ZMQ bus and persisting them to Mongo. Nitro Web Services can then be used to access Nitro job status.

Each Nitro job has a Nitro Coordinator. Nitro Coordinators can be configured to publish job status updates to ZMQ by setting the "nws-connector-address" configuration option in Nitro's nitro.cfg file. Each compute node allocated/scheduled to a Nitro Job can play the role of a Nitro coordinator. Therefore, you must update the "nws-connector-address" in each compute node's nitro.cfg file.

Configuring nws-connector-address is simplified if each node is sharing nitro's configuration over a shared filesystem. If you are not using a shared filesystem, update the nitro configuration on each compute node.

Do the following:

If you have not already done so, on the Nitro Web Services Host, locate the msg_port number in the /opt/nitro-web-services/etc/zmq_job_status_adapter.cfg file. This is the port number you need to specify for the nws-connector-address.

On each Nitro compute note (Torque MOM Host), specify the nws-connector-address in the /opt/nitro/etc/nitro.cfg file .

...
# Viewpoint connection allows Nitro to communicate job status information
# to viewpoint.  This option indicates name and port of the remote server
# in the form: <host>:<port>
nws-connector-address <nitro-web-services-hostname>:47100
...