(Click to open topic with navigation)
This topic contains instructions on how to install Nitro Web Services.
Do the following in the order presented:
If your site is running firewall software on its hosts, you will need to configure the firewall to allow connections to the necessary ports.
Location | Ports | Functions | When Needed |
---|---|---|---|
Nitro Web Services Host | 9443 | Tornado Web Port | Always |
Nitro Web Services Host | 47100 | ZMQ Port | Always |
Nitro Web Services Database Host | 27017 | Nitro Web Services MongoDB Server Port | If you will be installing the Nitro Web Services Database on a different host from Nitro Web Services |
See 2.11 Opening Ports in a Firewall for general instructions and an example of how to open ports in the firewall.
3.16.2 Install and Congure MongoDB
If you have already installed Mongo DB (and created the admin_user), skip to step 3b.
On the Nitro Web Services MongoDB Database Host, do the following:
Install MongoDB.
[root]# zypper -n install mongodb-org
Enable and start MongoDB.
[root]# systemctl enable mongod.service [root]# systemctl start mongod.service
Add the required MongoDB users.
The passwords used below (secret1 and secret5) are examples. Choose your own passwords for these users.
[root]# mongo > use admin > db.createUser({"user": "admin_user", "pwd": "secret1", "roles": ["root"]})
Because the admin_user has read and write rights to the admin database, it also has read and write rights to all other databases. See Control Access to MongoDB Instances with Authentication for more information.
[root]# mongo -u admin_user -p secret1 admin > use nitro-db > db.createUser({"user": "nitro_user", "pwd": "secret5", "roles": ["dbOwner"]}) > exit
Set MongoDB Configuration Options.
By default, /etc/mongod.conf sets net.bindIp to 127.0.0.1. You will need to change this setting if the MongoDB server needs to be accessible from other hosts or from other interfaces besides loopback. See https://docs.mongodb.com/manual/reference/configuration-options/#net-options for more information.
# Sample /etc/mongod.conf file net: port: 27017 # bindIp: 127.0.0.1 processManagement: fork: true pidFilePath: /var/run/mongodb/mongod.pid security: authorization: enabled storage: dbPath: /var/lib/mongo journal: enabled: true systemLog: destination: file logAppend: true path: /var/log/mongodb/mongod.log
Restart MongoDB.
[root]# systemctl restart mongod.service
3.16.3 Install and Configure Nitro Web Services
You must complete the tasks earlier in this topic before installing Nitro Web Services.
On the host where Nitro Web Services will reside, do the following:
[root]# zypper --non-interactive install nitro-web-services
Understand and edit the the Nitro Web Services web application configuration file (/opt/nitro-web-services/etc/nitro.cfg). This includes clarifying what the configuration file is for and what to expect the first time the NWS service is started vs. each subsequent start.
The nitro_user with dbOwner permissions was set up earlier in the procedure (see 3.16.2 Install and Congure MongoDB).
When you first start nitro-web-services, the nitro-db Mongo database (including its collections and indexes) is created. The nitro-db 'user' collection is also populated with the default Nitro Web Services API users/passwords. Several of the options defined in the configuration files influence this process.
MongoDB user, table, and index creation is performed at initial startup. Many of the options defined in the Nitro Web Service configuration files influence Mongo user/password and index creation.
Usernames and passwords are created only if they do not yet exist. Changing a password in the configuration file after initial startup will not update the password.
The /opt/nitro-web-services/etc/nitro.cfg configuration file includes default password values. If you want to use passwords other than the default value, change the lines in the file as shown below.
db_password = <password goes here> admin_password = <admin_password goes here> ws_readonly_password = <ws_readonly_password goes here> ws_writeonly_password = <ws_writeonly_password goes here>
However, you can use your own certfile, keyfile, and ca_certs files if you wish.
If you choose to use your own ssl_certfile and ssl_keyfile, ssl_create_self_signed_cert=true is ignored.
password = <ws_writeonly_password goes here>
[root]# systemctl enable nitro-web-services.service [root]# systemctl enable nitro-zmq-job-status-adapter.service [root]# systemctl start nitro-web-services.service [root]# systemctl start nitro-zmq-job-status-adapter.service
3.16.4 Configure Viewpoint for Nitro Web Services
Do the following:
Click Configuration from the menu and then click Nitro Services from the left pane. The following is an example of the Nitro Services Configuration page.
Click to enlarge |
Field | Description |
---|---|
Nitro WS URL | Hostname (or IP address) and port number for the host on which you installed Nitro Web Services. For example, https://<hostname>:9443 |
Username | Name of the user. This typically nitro-readonly-user. |
Password | The user's password. |
Trust Self Signed | Indicates whether Nitro Web Services was set up using self-signed certificates. |
(Recommended) Use curl to test Nitro Web Services connectivity.
[root]# curl --insecure --data '{"username": "nitro-admin", "password": "ChangeMe2!"}' \ https://<hostname>:9443/auth
You should get something similar to the following in the response:
{ "status": 200, "data": { "nitro-key": "3e0fb95e9a0e44ae91daef4deb500dcc67a3714880e851d781512a49", "user": { "username": "nitro-admin", "last_updated": "2016-02-26 23:34:55.604000", "name": "Nitro Admin", "created": "2016-02-26 23:34:55.604000", "auth": { "job": [ "read", "write", "delete" ], "user": [ "read", "write", "delete" ] } } } }
3.16.5 Grant Users Nitro Permissions in Viewpoint
Viewpoint comes packed with base (default) roles for Nitro jobs. Any user who will be working with Nitro Web Services, must have the appropriate role added to the Viewpoint user principal.
These are the Viewpoint roles for Nitro:
See Creating or Editing Principals in the Moab Viewpoint Reference Guide for instructions on setting up principals.
3.16.6 Publish Nitro Events to Nitro Web Services
You need to configure the Nitro coordinators to send job status updates to the Nitro Web Services's ZMQ Job Status Adapter. The ZMQ Job Status Adapter is responsible for reading job status updates off of the ZMQ bus and persisting them to Mongo. Nitro Web Services can then be used to access Nitro job status.
Each Nitro job has a Nitro Coordinator. Nitro Coordinators can be configured to publish job status updates to ZMQ by setting the "nws-connector-address" configuration option in Nitro's nitro.cfg file. Each compute node allocated/scheduled to a Nitro Job can play the role of a Nitro coordinator. Therefore, you must update the "nws-connector-address" in each compute node's nitro.cfg file.
Configuring nws-connector-address is simplified if each node is sharing nitro's configuration over a shared filesystem. If you are not using a shared filesystem, update the nitro configuration on each compute node.
Do the following:
...
# Nitro Web Services connection allows Nitro to communicate job status information
# to the Nitro Web Services connector. This option indicates name and port of the
# remote server in the form: <host>:<port>
nws-connector-address <nitro-web-services-hostname>:47100
...
You must uncomment the nws-connector-address line, even if it is already correct.
Related Topics