(Click to open topic with navigation)
You must deploy Moab Web Services on the same host as Moab Server (Moab Server Host). If using Viewpoint, this shared host must have a Red Hat-based OS; regardless of whether Viewpoint is also installed on that host. For documentation clarity, these instructions refer to the shared host for Moab Server and MWS as the MWS Server Host.
This topic contains instructions on how to install Moab Web Services (MWS).
In this topic:
If your site is running firewall software on its hosts, you will need to configure the firewall to allow connections to the necessary ports.
Location | Ports | Functions | When Needed |
---|---|---|---|
MWS Server Host | 8080 | Tomcat Server Port | Always |
MWS Database Host | 27017 | MWS MongoDB Server Port | If you will be installing the MWS Database on a different host from the MWS Server |
See 2.11 Opening Ports in a Firewall for general instructions and an example of how to open ports in the firewall.
2.5.2 Install Dependencies, Packages, or Clients
In this section:
Install the Linux x64 RPM version of Oracle® Java® 8 Runtime Environment.
Oracle Java 8 Runtime Environment is the recommended Java environment, but Oracle Java 7 is also supported. All other versions of Java, including OpenJDK/IcedTea, GNU Compiler for Java, and so on cannot run MWS.
On the MWS Server Host, do the following:
[root]# ln -s /usr/sbin/update-alternatives /usr/sbin/alternatives
[root]# rpm -Uh <URL>
Install Tomcat 7.
Tomcat 7 is required to run MWS 9.0 and after. MWS 9.0 will not run on Tomcat 6.
On the MWS Server Host, do the following:
[root]# zypper install tomcat
On the MWS MongoDB Database Host, do the following:
Add the MongoDB Repository.
[root]# zypper addrepo --refresh --no-gpgcheck https://repo.mongodb.org/zypper/suse/12/mongodb-org/3.2/x86_64 mongodb
Install MongoDB.
[root]# zypper -n install mongodb-org
Enable and start MongoDB.
[root]# systemctl enable mongod.service [root]# systemctl start mongod.service
Add the required MongoDB users.
The passwords used below (secret1, secret2, and secret3) are examples. Choose your own passwords for these users.
[root]# mongo > use admin > db.createUser({"user": "admin_user", "pwd": "secret1", "roles": ["root"]}) > use moab > db.createUser({"user": "moab_user", "pwd": "secret2", "roles": ["dbOwner"]}) > db.createUser({"user": "mws_user", "pwd": "secret3", "roles": ["read"]}) > use mws > db.createUser({"user": "mws_user", "pwd": "secret3", "roles": ["dbOwner"]}) > exit
Because the admin_user has read and write rights to the admin database, it also has read and write rights to all other databases. See Control Access to MongoDB Instances with Authentication for more information.
Set MongoDB Configuration Options.
By default, /etc/mongod.conf sets net.bindIp to 127.0.0.1. You will need to change this setting if the MongoDB server needs to be accessible from other hosts or from other interfaces besides loopback. See https://docs.mongodb.com/manual/reference/configuration-options/#net-options for more information.
# Sample /etc/mongod.conf file net: port: 27017 # bindIp: 127.0.0.1 processManagement: fork: true pidFilePath: /var/run/mongodb/mongod.pid security: authorization: enabled storage: dbPath: /var/lib/mongo journal: enabled: true systemLog: destination: file logAppend: true path: /var/log/mongodb/mongod.log
Restart MongoDB.
[root]# systemctl restart mongod.service
You must complete the tasks to install the dependencies, packages, or clients before installing MWS Server. See 2.5.2 Install Dependencies, Packages, or Clients.
If your configuration uses firewalls, you must also open the necessary ports before installing the MWS Server. See 2.5.1 Open Necessary Ports .
On the MWS Server Host, do the following:
[root]# systemctl start moab.service
Create the MWS home directory and subdirectories.
For more information, see Configuration in the Moab Web Services Reference Guide.
The default location for the MWS home directory is /opt/mws. These instructions assume the default location.
Do the following:
[root]# mkdir -p \ /opt/mws/etc/mws.d \ /opt/mws/hooks \ /opt/mws/log \ /opt/mws/plugins \ /opt/mws/spool/hooks \ /opt/mws/utils [root]# chown -R tomcat:tomcat /opt/mws [root]# chmod -R 555 /opt/mws [root]# chmod u+w \ /opt/mws/log \ /opt/mws/plugins \ /opt/mws/spool \ /opt/mws/spool/hooks \ /opt/mws/utils
[root]# mkdir /tmp/mws-install
[root]# cd /tmp/mws-install
[root]# tar xvzf $HOME/Downloads/mws-9.1.1.1.tar.gz
Copy the extracted utility files to the utility directory created in the previous step and give the tomcat user ownership of the directory.
[root]# cd /tmp/mws-install/mws-9.1.1.1/utils
[root]# cp * /opt/mws/utils
[root]# chown tomcat:tomcat /opt/mws/utils/*
Connect Moab to MongoDB.
The USEDATABASE parameter is unrelated to the MongoDB configuration.
MONGOSERVER <host>[:<port>]
If your MONGOSERVER host is set to anything other than localhost, edit the /etc/mongod.conf file on the MongoDB server host and either comment out any bind_ip parameter or set it to the correct IP address.
net: port: 27017 #bindIp: 127.0.0.1 # Listen to local interface only. Comment out to listen on all interfaces.
MONGOUSER moab_user MONGOPASSWORD secret2
[root]# systemctl restart moab.service [root]# mdiag -S | grep Mongo Mongo connection (localhost) is up (credentials are set)
Secure communication using secret keys.
[root]# systemctl stop moab.service [root]# dd if=/dev/urandom count=24 bs=1 2>/dev/null | base64 > /opt/moab/etc/.moab.key [root]# chown root:root /opt/moab/etc/.moab.key [root]# chmod 400 /opt/moab/etc/.moab.key [root]# systemctl start moab.service
[root]# systemctl stop moab.service [root]# echo "MESSAGEQUEUESECRETKEY $(dd if=/dev/urandom count=16 bs=1 2>/dev/null | base64)" >> /opt/moab/etc/moab-private.cfg [root]# systemctl start moab.service
If MWS is configured to encrypt the message queue and Moab is not (or vice versa), then MWS will ignore the messsages from Moab. Furthermore, all attempts to access the MWS service resource will fail.
[root]# mdiag -S|grep 'ZeroMQ MWS' ZeroMQ MWS connection is bound on port 5570 (encryption is on)
Set up the MWS configuration files. In the extracted directory are several configuration files.
Copy the configuration files into place and grant the tomcat user ownership.
[root]# cd /tmp/mws-install/mws-9.1.1.1
[root]# cp mws-config.groovy /opt/mws/etc
[root]# cp mws-config-hpc.groovy /opt/mws/etc/mws.d
[root]# chown tomcat:tomcat /opt/mws/etc/mws-config.groovy /opt/mws/etc/mws.d/mws-config-hpc.groovy
If MWS is configured to encrypt the message queue and Moab is not (or vice versa), then the messages from Moab will be ignored. Furthermore, all attempts to access the MWS service resource will fail.
[root]# vi /opt/mws/etc/mws-config.groovy // Change these to be whatever you like. auth.defaultUser.username = "moab-admin" auth.defaultUser.password = "changeme!" // Replace <ENTER-KEY-HERE> with the contents of /opt/moab/etc/.moab.key. moab.secretKey = "<ENTER-KEY-HERE>" moab.server = "localhost" moab.port = 42559 moab.messageDigestAlgorithm = "SHA-1" ... // Replace <ENTER-KEY-HERE> with the value of MESSAGEQUEUESECRETKEY in /opt/moab/etc/moab-private.cfg. moab.messageQueue.secretKey = "<ENTER-KEY-HERE>"
If you do not change auth.defaultUser.password, your MWS will not be secure (because anyone reading these instructions would be able to log into your MWS). Here are some tips for choosing a good password.
You can configure only one authentication method in /opt/mws/etc/mws-config.groovy—LDAP or PAM, but not both. If you have configured both LDAP and PAM, MWS defaults to using LDAP.
If you need multiple authentication methods, you must add them to your local PAM configuration. See your distribution documentation for details.
ldap.server = "192.168.0.5" ldap.port = 389 ldap.baseDNs = ["dc=acme,dc=com"] ldap.bindUser = "cn=Manager,dc=acme,dc=com" ldap.password = "*****" ldap.directory.type = "OpenLDAP Using InetOrgPerson Schema"
This is just an example LDAP connection. Be sure to use the appropriate domain controllers (dc) and common names (cn) for your environment.
If you followed the Adaptive Computing tutorial, Setting Up OpenLDAP on CentOS 6, your ldap.directory.type should be set to "OpenLDAP Using InetOrgPerson Schema." However, the use of other schemas is supported. For more information see LDAP Configuration Using /opt/mws/etc/mws-config.groovy.
To see how to configure a secure connection to the LDAP server, see Securing the LDAP Connection.
pam.configuration.service = "login"
This is just an example PAM configuration file name. Make sure you specify the name of the configuration file you want MWS to use.
If you configure MWS to authenticate via PAM using local files or NIS, you need to run Tomcat as root. This configuration is highly discouraged and is not supported by Adaptive Computing. The recommended approach is to configure PAM and NSS to authenticate against LDAP.
For more information about PAM configuration with MWS, see PAM (Pluggable Authentication Module) Configuration Using /opt/mws/etc/mws-config.groovy.
... grails.mongo.username = "mws_user" grails.mongo.password = "secret3"
[root]# chmod 400 /opt/mws/etc/mws-config.groovy /opt/mws/etc/mws.d/mws-config-hpc.groovy
Add the following lines to the end of /etc/tomcat/tomcat.conf.
CATALINA_OPTS="-DMWS_HOME=/opt/mws -Xms256m -Xmx3g -XX:MaxPermSize=384m -Dfile.encoding=UTF8" JAVA_HOME="/usr/java/latest"
MaxPermSize is ignored using Java 8; and therefore can be omitted.
[root]# systemctl enable tomcat.service
[root]# systemctl stop tomcat.service
[root]# cp /tmp/mws-install/mws-9.1.1.1/mws.war /usr/share/tomcat/webapps
[root]# systemctl start tomcat.service
Click to enlarge |
If you encounter problems, or if the application does not seem to be running, see the steps in 5.3 Moab Web Services Issues.
Related Topics