(Click to open topic with navigation)

You are here: RPM Installation > Installation and Configuration > Installing Moab Web Services

3.10 Installing Moab Web Services

You must deploy Moab Web Services on the same host as Moab Server (Moab Server Host). For documentation clarity, these instructions refer to the host for Moab Server and MWS Server as the MWS Server Host.

This topic contains instructions on how to install, configure, and start Moab Web Services (MWS).

In this topic:

3.10.1 Open Necessary Ports

If your site is running firewall software on its hosts, you will need to configure the firewall to allow connections to the necessary ports.

Location Ports Functions When Needed
MWS Server Host 8080 Tomcat Server Port Always
MWS Database Host 27017 MWS MongoDB Server Port If you will be installing the MWS Database on a different host from the MWS Server

See 2.11 Opening Ports in a Firewall for general instructions and an example of how to open ports in the firewall.

3.10.2 Install Dependencies, Packages, or Clients

In this section:

3.10.2.A Install Java

Install the Linux x64 RPM version of Oracle® Java® 8 Runtime Environment.

Oracle Java 8 Runtime Environment is the recommended Java environment, but Oracle Java 7 is also supported. All other versions of Java, including OpenJDK/IcedTea, GNU Compiler for Java, and so on cannot run MWS.

On the MWS Server Host, do the following:

  1. Install the Linux x64 RPM version of Oracle Java SE 8 JRE.
    1. Go to the to the Oracle Java download page.
    2. Copy the URL for the Linux x64 RPM version, and run the following commands:
      [root]# ln -s /usr/sbin/update-alternatives /usr/sbin/alternatives
[root]# rpm -Uh <URL>

3.10.2.B Install MongoDB

On the MWS MongoDB Database Host, do the following:

  1. Install MongoDB.

    [root]# yum install -y mongodb-org

  2. Enable and start MongoDB.

    [root]# chkconfig mongod on
[root]# service mongod start

  1. Add the required MongoDB users.

    The passwords used below (secret1, secret2, and secret3) are examples. Choose your own passwords for these users.

    [root]# mongo
> use admin
> db.createUser({"user": "admin_user", "pwd": "secret1", "roles": ["root"]})

> use moab
> db.createUser({"user": "moab_user", "pwd": "secret2", "roles": ["dbOwner"]})
> db.createUser({"user": "mws_user", "pwd": "secret3", "roles": ["read"]})

> use mws
> db.createUser({"user": "mws_user", "pwd": "secret3", "roles": ["dbOwner"]})
							
> exit

    Because the admin_user has read and write rights to the admin database, it also has read and write rights to all other databases. See Control Access to MongoDB Instances with Authentication for more information.

  1. Set MongoDB Configuration Options.

    By default, /etc/mongod.conf sets net.bindIp to 127.0.0.1. You will need to change this setting if the MongoDB server needs to be accessible from other hosts or from other interfaces besides loopback. See https://docs.mongodb.com/manual/reference/configuration-options/#net-options for more information.

    # Sample /etc/mongod.conf file
net:
  port: 27017
  # bindIp: 127.0.0.1
processManagement:
  fork: true
  pidFilePath: /var/run/mongodb/mongod.pid
security:
  authorization: enabled
storage:
  dbPath: /var/lib/mongo
  journal:
    enabled: true
systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongodb/mongod.log

  2. Restart MongoDB.

    [root]# service mongod restart

3.10.3 Install MWS Server

You must complete the tasks to install the dependencies, packages, or clients before installing MWS Server. See 3.10.2 Install Dependencies, Packages, or Clients.

If your configuration uses firewalls, you must also open the necessary ports before installing MWS Server. See 3.10.1 Open Necessary Ports .

On the MWS Host, do the following:

  1. Install the MWS RPMs.
    [root]# yum install moab-web-services moab-web-services-hpc-configuration
  2. Connect Moab to MongoDB

    The USEDATABASE parameter is unrelated to the MongoDB configuration.

    1. Set the MONGOSERVER parameter in /opt/moab/etc/moab.cfg to the MongoDB server hostname. Use localhost as the hostname if Moab and MongoDB are on the same host.
      MONGOSERVER <host>[:<port>]

      If your MONGOSERVER host is set to anything other than localhost, edit the /etc/mongod.conf file on the MongoDB Server host and either comment out any bind_ip parameter or set it to the correct IP address.

      # Listen to local interface only. Comment out to listen on all interfaces.
#bind_ip=127.0.0.1
    2. In the /opt/moab/etc/moab-private.cfg file, set the MONGOUSER and MONGOPASSWORD parameters to the MongoDB moab_user credentials you set. See 3.10.2.B Install MongoDB earlier in this topic.
      MONGOUSER    moab_user
MONGOPASSWORD secret2
    3. Verify that Moab is able to connect to MongoDB.
      [root]# service moab restart
[root]# mdiag -S | grep Mongo

Mongo connection (localhost [replicaset: not set]) is up (credentials are set and SSL is disabled)

  3. Secure communication using secret keys.

    1. (Required) Moab and MWS use Message Authentication Codes (MAC) to ensure messages have not been altered or corrupted in transit. Generate a key and store the result in /opt/moab/etc/.moab.key.
      [root]# service moab stop
[root]# dd if=/dev/urandom count=24 bs=1 2>/dev/null | base64 > /opt/moab/etc/.moab.key
[root]# chown root:root /opt/moab/etc/.moab.key
[root]# chmod 400 /opt/moab/etc/.moab.key
[root]# service moab start
    2. (Optional) Moab supports message queue security using AES. This feature requires a Base64-encoded 16-byte (128-bit) shared secret.
      1. Generate a key and append the result to /opt/moab/etc/moab-private.cfg.
        [root]# service moab stop
[root]# echo "MESSAGEQUEUESECRETKEY $(dd if=/dev/urandom count=16 bs=1 2>/dev/null | base64)" >> /opt/moab/etc/moab-private.cfg
[root]# service moab start

        If MWS is configured to encrypt the message queue and Moab is not (or vice versa), then MWS will ignore the messsages from Moab. Furthermore, all attempts to access the MWS service resource will fail.

      2. Verify that encryption is on for the ZeroMQ connection.
        [root]# mdiag -S|grep 'ZeroMQ MWS'

  ZeroMQ MWS connection is bound on port 5570 (encryption is on)

  4. Set up the MWS configuration file.

    1. In the /opt/mws/etc/mws-config.groovy file, change these settings:
      • moab.secretKey: Must match the Moab secret key you generated earlier (contained in /opt/moab/etc/.moab.key).
      • auth.defaultUser.username: Any value you like, or leave as is.
      • auth.defaultUser.password: Any value you like, but choose a strong password.
      • moab.messageQueue.secretKey: If you opted to configure a message queue security key in MWS, this parameter value should match exactly that key specified in /opt/moab/etc/moab-private.cfg for the MESSAGEQUEUESECRETKEY Moab configuration parameter you generated earlier.

        If MWS is configured to encrypt the message queue and Moab is not (or vice versa), then the messages from Moab will be ignored. Furthermore, all attempts to access the MWS service resource will fail.

      [root]# vi /opt/mws/etc/mws-config.groovy							

// Change these to be whatever you like.
auth.defaultUser.username = "moab-admin"
auth.defaultUser.password = "changeme!"


// Replace <ENTER-KEY-HERE> with the contents of /opt/moab/etc/.moab.key.				
moab.secretKey = "<ENTER-KEY-HERE>"
moab.server = "localhost"
moab.port = 42559
moab.messageDigestAlgorithm = "SHA-1"
									

...
						
// Replace <ENTER-KEY-HERE> with the value of MESSAGEQUEUESECRETKEY in /opt/moab/etc/moab-private.cfg.
moab.messageQueue.secretKey = "<ENTER-KEY-HERE>"

      If you do not change auth.defaultUser.password, your MWS will not be secure (because anyone reading these instructions would be able to log into your MWS). Here are some tips for choosing a good password.

    2. Do one of the following:

        3. You can configure only one authentication method in /opt/mws/etc/mws-config.groovy—LDAP or PAM, but not both. If you have configured both LDAP and PAM, MWS defaults to using LDAP.

        If you need multiple authentication methods, you must add them to your local PAM configuration. See your distribution documentation for details.

      • If you are configuring an MWS connection to your LDAP server, add the following parameters to the /opt/mws/etc/mws-config.groovy file:
        • ldap.server  = "192.168.0.5"
ldap.port = 389
ldap.baseDNs = ["dc=acme,dc=com"]
ldap.bindUser = "cn=Manager,dc=acme,dc=com"
ldap.password = "*****"
ldap.directory.type = "OpenLDAP Using InetOrgPerson Schema"

        This is just an example LDAP connection. Be sure to use the appropriate domain controllers (dc) and common names (cn) for your environment.

        If you followed the Adaptive Computing tutorial, Setting Up OpenLDAP on CentOS 6, your ldap.directory.type should be set to "OpenLDAP Using InetOrgPerson Schema." However, the use of other schemas is supported. For more information see LDAP Configuration Using /opt/mws/etc/mws-config.groovy.

        To see how to configure a secure connection to the LDAP server, see Securing the LDAP Connection.

      • If you are configuring MWS to use PAM, add the the pam.configuration.service parameter to the /opt/mws/etc/mws-config.groovy file. For example:
        • pam.configuration.service = "login"

        This is just an example PAM configuration file name. Make sure you specify the name of the configuration file you want MWS to use.

        If you configure MWS to authenticate via PAM using local files or NIS, you need to run Tomcat as root. This configuration is highly discouraged and is not supported by Adaptive Computing. The recommended approach is to configure PAM and NSS to authenticate against LDAP.

        For more information about PAM configuration with MWS, see PAM (Pluggable Authentication Module) Configuration Using /opt/mws/etc/mws-config.groovy.

    3. Add the grails.mongo.username and grails.mongo.password parameters to the /opt/mws/etc/mws-config.groovy file. Use the MWS credentials you added to MongoDB. 
      4. ...
grails.mongo.username = "mws_user"
grails.mongo.password = "secret3"
  5. Start or restart Tomcat.
    [root]# chkconfig tomcat on
[root]# service tomcat restart

3.10.4 Verify the Installation

  1. Open a web browser.
  2. Navigate to http://<server>:8080/mws/. You will see some sample queries and a few other actions.
  3. Log in to MWS to verify that your credentials are working. (Your login credentials are the auth.defaultUser.username and auth.defaultUser.password values you set in the /opt/mws/etc/mws-config.groovy file.)

    4. Click to enlarge

    If you encounter problems, or if the application does not seem to be running, see the steps in 5.3 Moab Web Services Issues.

Related Topics 

© 2016 Adaptive Computing