You are here: RPM Installation > Installation and Configuration > Installing Moab Accounting Manager

3.9 Installing Moab Accounting Manager

This topic contains instructions on how to install, configure, and start Moab Accounting Manager (MAM).

Perform the following:

  1. Plan Your Installation
  2. Confirm Requirements
  3. Open Necessary Ports
  4. Install Dependencies, Packages, or Clients
  5. Install MAM Server
  6. Configure the MAM GUI
  7. Configure MAM Web Services
  8. Access the MAM GUI
  9. Access MAM Web Services
  10. Configure Moab Workload Manager to use Moab Accounting Manager
  11. Initialize Moab Accounting Manager

3.9.1 Plan Your Installation

The first step is determining the number of different hosts (physical machines) required for your MAM installation.

Your MAM installation includes:

Each of these components can be installed on their own hosts (meaning the actual physical machine) or can be combined on same hosts. For example, the MAM Database can be installed on the same host as the MAM Server. Or the MAM Server may be installed on the same host you installed the Moab Server.

Once you have determined which components are installed on which hosts, complete the rest of the instructions for the MAM installation.

The instructions that follow in this topic will use the term Host after each component to reflect installing on a host (again, meaning the physical machine). For example, MAM Server Host and MAM Database Host. Depending on your configuration, Host may refer to as installed on its own machine or installed on the same machine as another component.

3.9.2 Confirm Requirements

In this section:

3.9.2.A Hardware Requirements

MAM is commonly installed on the same host as Moab; however, in some cases you might obtain better performance by installing them on different hosts.

3.9.2.B Supported Operating Systems

MAM has been tested on the following variants of Linux:

3.9.2.C Supported Databases

MAM uses an RDBMS as a back end. If this is a new installation, use the following database:

3.9.3 Open Necessary Ports

If your site is running firewall software on its hosts, you will need to configure the firewall to allow connections to the necessary ports.

Location Ports Functions When Needed
MAM Server Host 7112 MAM Server Port If you will be installing the MAM Server on a different host from where you installed the Moab Server or you will be installing the MAM Clients on other hosts
MAM GUI Host 443 HTTPS Port If using the MAM GUI
MAM Web Services Host 443 HTTPS Port If using MAM Web Services
MAM Database Host 5432 MAM PostgreSQL Server Port If you will be installing the MAM Database on a different host from the MAM Server

See 2.11 Opening Ports in a Firewall for general instructions and an example of how to open ports in the firewall.

3.9.4 Install Dependencies, Packages, or Clients

In this section:

3.9.4.A Install and Initialize PostgreSQL Server

Moab Accounting Manager uses a database for transactions and data persistence. The PostgreSQL database may be installed on a different host from the MAM Server; however, it is often convenient to install them on the same host.

On the MAM Database Host, do the following:

  1. Install and initialize PostgreSQL.
    [root]# yum install postgresql-server
    [root]# service postgresql initdb
  2. Configure trusted connections.

    Edit or add a "host" line in the pg_hba.conf file for the interface from which the MAM Server will be connecting to the database and ensure that it specifies a secure password-based authentication method (for example, md5).

    [root]# vi /var/lib/pgsql/data/pg_hba.conf
    				
    # Replace 127.0.0.1 with the IP address of the MAM Server Host if the
    # MAM PostgreSQL server is on a separate host from the MAM server.
    host    all             all             127.0.0.1/32            md5
    host    all             all             ::1/128                 md5
    
  3. If the MAM Database Host is installed on a different host from where you will install the MAM Server, configure PostgreSQL to accept connections from the MAM Server Host.
    [root]# vi /var/lib/pgsql/data/postgresql.conf
    				
    # Replace <mam-server-host> with the interface name from which the MAM server
    # will be connecting to the database.
    listen_addresses = '<mam-server-host>'
  4. If your PostgreSQL database version is prior to version 9.1, configure postgresql to avoid interpreting backslashes as escape characters.
    [root]# vi /var/lib/pgsql/data/postgresql.conf
    				
    standard_conforming_strings = on
  5. Start or restart the database.
    [root]# chkconfig postgresql on
    [root]# service postgresql restart

3.9.4.B Install Perl ReadLine (Optional)

Moab Accounting Manager can be optionally configured to provide command history editing functionality in the mam-shell command.

The perl-Term-ReadLine-Gnu package is recommended and is typically included in the standard repositories for the OS.

To install the perl-Term-ReadLine-Gnu package:

[root]# yum install perl-Term-ReadLine-Gnu

If installing on RHEL, this package may not be found in the standard RHEL distribution repositories. You will need to install the missing dependencies from EPEL or other reputable repositories.

[root]# rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
[root]# yum install yum-utils
[root]# yum-config-manager --disable epel
[root]# yum install --enablerepo=epel perl-Term-ReadLine-Gnu

3.9.5 Install MAM Server

You must complete all the previous sections in this topic before installing MAM server. See the list of steps at the beginning of this topic.

On the MAM Server Host do the following:

  1. If you are installing the MAM Server on its own host and not on the same host where you installed another server (such as Moab Server), verify you completed the steps to prepare the host. See 3.3 Preparing for RPM Installs for more information.
  2. Install the MAM Server RPM.
    yum install moab-accounting-manager
  3. As the database user, create a database called mam and grant database privileges to the mam user.

    PostgreSQL was installed and initialized earlier in this topic. See 3.9.4.A Install and Initialize PostgreSQL Server.

    [root]# su - postgres
    [postgres]$ psql
    
    create database mam;
    create user mam with password 'changeme!';
    \q
    
    [postgres]$ exit

    The password you define must be synchronized with the database.password value in /opt/mam/etc/mam-server.conf.

    [root]# vi /opt/mam/etc/mam-server.conf
    
    database.password = changeme!
  4. Run the hpc.sql script to populate the Moab Accounting Manager database with objects, actions, and attributes necessary to function as an Accounting Manager.
    [root]# su - mam
    								
    [mam]$ psql mam < /usr/share/moab-accounting-manager/hpc.sql
    [mam]$ exit
  5. Start the mam service.
    [root]# chkconfig --add mam
    [root]# service mam start

3.9.6 Configure the MAM GUI

If you plan to use the web GUI, then on the MAM GUI Host, do the following:

  1. As root, add or edit the SSL virtual host definition as appropriate for your environment. To do so, configure the cgi-bin directory in ssl.conf. Below the cgi-bin directory element, create an alias for /cgi-bin pointing to your cgi-bin directory. If you chose to install to a cgi-bin sub-directory, you might want to create an alias for that as well. Also, add index.cgi to the DirectoryIndex so you can use the shorter sub-directory name.
    [root]# vi /etc/httpd/conf.d/ssl.conf
    			
    <Directory "/var/www/cgi-bin">
    ## Add these lines
      Options ExecCGI
      AddHandler cgi-script .cgi
      AllowOverride All
      Order allow,deny
      Allow from all
    </Directory>
    			
    # Aliases for /cgi-bin
    Alias /cgi-bin/ /var/www/cgi-bin/
    Alias /mam /var/www/cgi-bin/mam/
    			
    # Make shorter sub-dir name available
    DirectoryIndex index.cgi
  2. For Red Hat-based systems where Security Enhanced Linux (SELinux) is enforced, you may need to customize SELinux to allow the web server to make network connections, use setuid for authentication, and write to the log file.
    1. Determine the current mode of SELinux.
      [root]# getenforce
      
      Enforcing
      • If the command returns a mode of Disabled or Permissive, or if the getenforce command is not found, you can skip the rest of this step.
      • If the command returns a mode of Enforcing, you can choose between options of customizing SELinux to allow the web GUI to perform its required functions or disabling SELinux on your system.
    2. If you choose to customize SELinux, do the following:

      SELinux can vary by version and architecture and that these instructions may not work in all possible environments.

      If you used the --prefix=<prefix> configuration option when you configured Moab Accounting Manager, you must replace references to /opt/mam in the example below with the <prefix> you specified. See 2.15 Moab Accounting Manager Configuration Options.

      [root]# cat > mamgui.te <<EOF
      module mamgui 1.0;
      require {
              type httpd_sys_script_t;
              type port_t;
              class capability setuid;
              class tcp_socket name_connect;
      }
      allow httpd_sys_script_t port_t:tcp_socket name_connect;
      allow httpd_sys_script_t self:capability setuid;
      EOF
      [root]# checkmodule -M -m -o mamgui.mod mamgui.te
      [root]# semodule_package -m mamgui.mod -o mamgui.pp
      [root]# semodule -i mamgui.pp
      [root]# setenforce 0
      [root]# chcon -v -t httpd_sys_content_t /opt/mam/log
      [root]# setenforce 1
  3. For the highest security, it is recommended that you install a public key certificate that has been signed by a certificate authority. The exact steps to do this are specific to your distribution and the chosen certificate authority. An overview of this process for CentOS 7 is documented here.

    Alternatively, if your network domain can be secured from man-in-the-middle attacks, you could use a self-signed certificate. Often this does not require any additional steps since in many distributions, such as Red Hat, the Apache SSL configuration provides self-signed certificates by default.

    If your configuration uses self-signed certificates, no action is required. RedHat 6 ships with ready-made certificates.

  4. Start or restart the HTTP server daemon.
    [root]# chkconfig httpd on
    [root]# service httpd restart

3.9.7 Configure MAM Web Services

If you plan to use MAM Web Services, then on the MAM Web Services Host, do the following:

  1. Edit the SSL virtual host definition in ssl.conf to include the mamws location. For example:

    [root]# vi /etc/httpd/conf.d/ssl.conf
    # Place the following within the 443 VirtualHost definition
    PerlOptions +Parent
    PerlSwitches -Mlib=/opt/mam/lib
    PerlModule MAM::WSResponseHandler
    PerlModule MAM::WSAuthenHandler
    <Location /mamws>
        SetHandler perl-script
        PerlResponseHandler MAM::WSResponseHandler
        Options +ExecCGI
    
        AuthName MAM
        PerlAuthenHandler MAM::WSAuthenHandler
        Require valid-user
    
        Order allow,deny
        Allow from all
    </Location>
  2. For Red Hat-based systems where Security Enhanced Linux (SELinux) is enforced, you may need to customize SELinux to allow the web server to make network connections and write to the log file.
    1. Determine the current mode of SELinux.
      [root]# getenforce
      
      Enforcing
      • If the command returns a mode of Disabled or Permissive, or if the getenforce command is not found, you can skip the rest of this step.
      • If the command returns a mode of Enforcing, you can choose between options of customizing SELinux to allow MAM Web Services to perform its required functions or disabling SELinux on your system.
    2. If you choose to customize SELinux, do the following:

      SELinux can vary by version and architecture and that these instructions may not work in all possible environments.

      If you used the --prefix=<prefix> configuration option when you configured Moab Accounting Manager, you must replace references to /opt/mam in the example below with the <prefix> you specified. See 2.15 Moab Accounting Manager Configuration Options for more information.

      [root]# cat > mamws.te <<EOF
      module mamws 1.0;
      require {
              type httpd_t;
              type port_t;
              type usr_t;
              class tcp_socket name_connect;
              class file { create append };
      }
      allow httpd_t port_t:tcp_socket name_connect;
      allow httpd_t usr_t:file { create append };
      EOF
      [root]# checkmodule -M -m -o mamws.mod mamws.te
      [root]# semodule_package -m mamws.mod -o mamws.pp
      [root]# semodule -i mamws.pp
      [root]# setenforce 0
      [root]# chcon -v -t httpd_sys_content_t /opt/mam/log
      [root]# setenforce 1
  3. For the highest security, it is recommended that you install a public key certificate that has been signed by a certificate authority. The exact steps to do this are specific to your distribution and the chosen certificate authority. An overview of this process for CentOS 7 is documented here.

    Alternatively, if your network domain can be secured from man-in-the-middle attacks, you could use a self-signed certificate. Often this does not require any additional steps since in many distributions, such as Red Hat, the Apache SSL configuration provides self-signed certificates by default.

    If your configuration uses self-signed certificates, no action is required; Red Hat ships with ready-made certificates.

  4. Start or restart the HTTP server daemon.
    [root]# chkconfig httpd on
    [root]# service httpd restart

3.9.8 Access the MAM GUI

If you plan to use the web GUI, then on the MAM Server Host, do the following:

  1. Create a password for the mam user to be used with the MAM Web GUI.
    [root]# su - mam
    [mam]$ mam-set-password
    [mam]$ exit
  2. Verify the connection.
    1. Open a web browser and navigate to https://<mam-server-host>/mam.
    2. Log in as the mam user with the password you set in step 1.

3.9.9 Access MAM Web Services

If you plan to use MAM web services, then on a MAM Client Host, do the following:

  1. Create a password for the mam user that you wish to access MAM Web Services.
    [root]# su - mam
    [mam]$ mam-set-password
    [mam]$ exit
  2. Make a call to web services.

    [root]# curl -k -X GET --basic -u mam:changeme! 'https://<mam-web-services-host>/mamws/system'

    Alternatively, for queries, you can use the browser to access the URL. For example: 'https://<mam-web-services-host>/mamws/system'.

3.9.10 Configure Moab Workload Manager to use Moab Accounting Manager

Do the following, where applicable:

  1. On the Moab Server Host, edit the Moab configuration file.
    [root]# vi /opt/moab/etc/moab.cfg
    AMCFG[mam] TYPE=MAM HOST=<mam_server_host>
    1. Uncomment the AMCFG lines and customize as needed. See Accounting, Charging, and Allocation Management in the Moab Workload Manager Administrator Guide.
    2. If the Moab Server and the MAM Server are on the same host, set HOST to 'localhost'; otherwise, set HOST to the host name for the MAM Server (MAM Server Host).
  2. Configure Moab to authenticate with MAM using the MAM secret key.
    1. On the MAM Server Host, copy the auto-generated secret key from the token.value value in the /opt/mam/etc/mam-site.conf file.
    2. On the Moab Server Host, add the secret key to the moab-private.cfg file as the value of the CLIENTCFG KEY attribute.
      [root]# vi /opt/moab/etc/moab-private.cfg
      
      CLIENTCFG[AM:mam] KEY=<MAMSecretKey>
  3. Restart Moab
    [root]# service moab restart

3.9.11 Initialize Moab Accounting Manager

You will need to initialize Moab Accounting Manager to function in the way that is most applicable to the needs of your site. See Initial Setup in the Moab Accounting Manager Administrator Guide to set up Moab Accounting Manager for your desired accounting mode.

Related Topics 

© 2016 Adaptive Computing