(Click to open topic with navigation)

You are here: RPM Installation > Installation and Configuration > Installing Viewpoint

3.12 Installing Moab Viewpoint

This topic contains instructions on how to install Moab Viewpoint (Viewpoint).

In this topic:

Viewpoint requires a connection to Moab Server and MWS installed on the shared host. Viewpoint may also be installed on that shared host or on a different host. For documentation clarity, the instructions refer to the shared Moab Server and MWS Server host as the Moab Server Host and the host on which you install Viewpoint Server as the Viewpoint Server Host.

3.12.1 Prerequisites

In this section:

3.12.1.A Open Necessary Ports

If your site is running firewall software on its hosts, you will need to configure the firewall to allow connections to the necessary ports.

Location Ports Functions When Needed
Viewpoint Server Host 8081 Viewpoint Web Server Port Always
Moab Server Host 8443 Viewpoint File Manager Port Always
Viewpoint Database Host 5432 Viewpoint PostgreSQL Database Port If you will be installing the Viewpoint Database on a different host from the Viewpoint Server

See 2.11 Opening Ports in a Firewall for general instructions and an example of how to open ports in the firewall.

3.12.1.B Install and Initialize PostgreSQL Server

The Viewpoint PostgreSQL database may be installed on the Viewpoint Server Host or on different host. If you will install on a different host, and your configuration uses firewalls, open the necessary port. See 3.12.1.A Open Necessary Ports for more information.

On the host you have chosen to install the Viewpoint PostgreSQL database, do the following:

  1. Install and initialize PostgreSQL. 
    [root]# zypper install postgresql-server
[root]# service postgresql start
  2. Configure trusted connections.

    Edit or add a "host" line in the pg_hba.conf file for the interface from which the Viewpoint Server will be connecting to the database and ensure that it specifies a secure password-based authentication method (for example, md5).

    [root]# vi /var/lib/pgsql/data/pg_hba.conf
				
# Replace 127.0.0.1 with the IP address of the Viewpoint Server Host if the
# Viewpoint PostgreSQL server is on a separate host from the Viewpoint server.
host    all             all             127.0.0.1/32            md5
host    all             all             ::1/128                 md5
  3. If the Viewpoint PostgreSQL Database Host is installed on a different host from where you will install the Viewpoint Server, configure PostgreSQL to accept connections from the Viewpoint Server Host. 
    [root]# vi /var/lib/pgsql/data/postgresql.conf

# Replace <viewpoint-database-host> with the IP address on which the database server is to listen for connections
# from the Viewpoint server. This will normally be the hostname or IP address of the Viewpoint Database Host.
listen_addresses = '<viewpoint-database-host>'
  4. Start or restart the database. 
    [root]# systemctl enable postgresql.service
[root]# systemctl restart postgresql.service

3.12.1.C Configure the ViewpointQueryHelper Plugin

You will need to configure the MWS ViewpointQueryHelper plugin to allow Viewpoint to query the Insight MongoDB (MongoDB host, database, port, and user information).

Do the following:

  1. Using a web browser, navigate to your MWS instance (http://<server>:8080/mws/) and then log in as the MWS administrative user (moab-admin, by default).
  2. Click Plugins and then from the drop-down click Plugins to display the list of MWS plugins (displays Plugin List page).
  3. Click the viewpoint-query-helper plugin to view this plugin's information (displays Show Plugin page).
  4. Click Edit to modify the Configuration table fields (displays Edit Plugin page). The following is an example of the Edit Plugin page.

    Click to enlarge

  5. Modify the values as needed. The following table describes the required information.
    KeyValue Description
    hostName or IP address of the host on which Insight MongoDB resides.
    databaseName of the MongoDB database to which Insight writes.
    portPort number for Insight MongoDB (typically 27017).
    userUser name with which MWS connects to Insight MongoDB.
    passwordPassword used by the user listed in the value for the "user" key.

    This is the user name and password you specified when installing the Insight MongoDB. See 3.11.2.B Install and Configure MongoDB for the user and password information.

  6. When finished, click Update to save your changes. If you see error messages at the top of the screen (for example: Invalid configuration for plugin viewpoint-query-helper), go back and correct the plugin's configuration values. See Step 4 and Step 5 for more information.
  7. Navigate to Plugins/Plugin Monitoring, and start the plugin using the green start button.
  8. Log out of your MWS instance and close the web browser.

See also About Moab Web Services Plugins in the Moab Web Services Reference Guide for more information.

3.12.2 Install Viewpoint Server

You must complete the prerequisite tasks earlier in this topic before installing the Viewpoint Server. See 3.12.1 Prerequisites.

Do the following:

  1. If you are installing Viewpoint on its own host or on a host that does not have another RPM installation, complete the steps to prepare the host. See 3.3 Preparing for RPM Installs for more information.
  2. Set up PostgreSQL for Viewpoint.

    These instructions assume you will install the Viewpoint PostgreSQL database on a host which already has a PostgreSQL database installed (e.g. your Moab Server host). Depending on your system confirmation, this may be on the Moab Database Host or on some other PostgreSQL Database Host.

    If you choose to install the Viewpoint PostgreSQL database on a host that does not already have a PostgreSQL database, you will need to install the Viewpoint PostgreSQL database. See 3.12.1.B Install and Initialize PostgreSQL Server for more information.

    On the host containing the Viewpoint PostgreSQL, do the following: 

    [root]# su - postgres
[postgres]$ psql
CREATE USER moab_viewpoint WITH PASSWORD 'changeme!';
CREATE DATABASE moab_viewpoint WITH OWNER=moab_viewpoint;
\q
[postgres]$ exit

  3. On the Moab Server Host, install the moab-viewpoint-filemanager package.
    1. Update zypper.
      [root]# zypper update zypper
    2. Install the package.
      [root]# zypper install moab-viewpoint-filemanager
    3. Using the instructions in /opt/acfileman/utils/certs-handling/Readme.txt, follow these steps:

      Step 1. Create CA (Certificate Authority).

      Step 2. Create server (WebDav server) certificate and key.

      Step 3. Create client certificate and key.

      Step 4. Configure WebDav server.

      For example: 

      [root]# cd /opt/acfileman/utils/certs-handling
[root]# ./ac-cert-tool.sh create-ca
[root]# ./ac-cert-tool.sh create-server-cert --altnames 127.0.0.1,localhost <moab_host>
[root]# ./ac-cert-tool.sh create-client-cert
[root]# bash certs/servers/<moab_host>/install-server-certs.sh -u root:root -p 600 /opt/acfileman/etc/
[root]# vi /opt/acfileman/etc/uwsgi.ini

      Provided you followed the above steps, your key files will have been installed in /opt/acfileman/etc/server-cert.pem and /opt/acfileman/etc/server-key.pem. To change the location where your certificates are stored, edit the /opt/acfileman/etc/uwsgi.ini file accordingly.

    4. Configure the moab-viewpoint-filemanager package to start up at system boot and start the moab-viewpoint-filemanager.
      [root]# systemctl enable acfileman.service
[root]# systemctl restart acfileman.service
  4. On the Moab Server Host, enable negative job priority and remote visualization features.
    1. Set the ENABLENEGJOBPRIORITY parameter in /opt/moab/etc/moab.cfg. 
      [root]# vi /opt/moab/etc/moab.cfg
      ENABLENEGJOBPRIORITY TRUE

      You must set this Moab parameter to support Viewpoint features that enable users to specify user priorities for their jobs. See Advanced Settings in the Viewpoint Reference Guide for more information on enabling user priorities for jobs.

    2. If using the Remote Visualization features, set the USEMOABJOBID parameter in /opt/moab/etc/moab.cfg. 
      [root]# vi /opt/moab/etc/moab.cfg
USEMOABJOBID TRUE
    3. Restart Moab.
      [root]# systemctl restart moab.service

  5. On the Moab Server Host, register Viewpoint as a client in MWS.

      1. Edit the grails.plugin.springsecurity.oauthProvider.clients array in /opt/mws/etc/mws-config.groovy and specify a client id and a client secret. Leave the authorizedGrantTypes field unchanged.

        The following is a suggested script for generating the client secret: 

        dd if=/dev/urandom count=24 bs=1 2>/dev/null | base64

        [root]# vi /opt/mws/etc/mws-config.groovy
        grails.plugin.springsecurity.oauthProvider.clients = [
                 [
                         clientId: "viewpoint",
                         clientSecret: "<ENTER-CLIENTSECRET-HERE>",
                         authorizedGrantTypes: ["password"]
                 ]
        ]
      2. Restart Tomcat.
        [root]# systemctl restart tomcat.service
  6. On the Viewpoint Server Host, do the following:
    1. Install the moab-viewpoint package.
      [root]# zypper install moab-viewpoint
    2. (Optional) Configure virtual hosts. The moab-viewpoint package installs a file for Apache.

      /etc/apache2/conf.d/viewpoint.conf

      Virtual host configurations should be made within this file. See http://httpd.apache.org/docs/2.2/vhosts/ for more information.

    3. Edit the /opt/viewpoint/etc/viewpoint.cfg values as needed. The following is an example of the viewpoint.cfg file with the default values.
      [admin]
username = viewpoint-admin
password = pbkdf2_sha256$20000$ZHeToCJgrSUH$+xmzYdhpqZCJokxO9eGzyr2B6jrfCgLlBT+pBgMis4w=

[environment]
VIEWPOINT_DATABASE_NAME = moab_viewpoint
VIEWPOINT_DATABASE_USER = moab_viewpoint
VIEWPOINT_DATABASE_PASSWORD = changeme!
VIEWPOINT_DATABASE_HOST = localhost
VIEWPOINT_DATABASE_PORT = 5432


[settings]
past_hours = 24
future_hours = 4

      Be aware of the following:

      • [admin] username: The admin username must not be the same as the auth.defaultUser.username in mws-config.groovy.
      • [admin] password: For security purposes, the admin password is encrypted. In the example, the default is the encrypted equivalent to "changeme!", which is the default for the Viewpoint instance. Change this default password to a different encrypted password.

        To encrypt the password, do the following (substituting "changeme!" with your password):

        [root]# echo -n 'changeme!' | /opt/viewpoint/bin/viewpoint makehash
Using default hasher
pbkdf2_sha256$20000$ZHeToCJgrSUH$+xmzYdhpqZCJokxO9eGzyr2B6jrfCgLlBT+pBgMis4w=

        The default hashing algorithm is pbkdf2_sha256. To show the other available algorithms, run /opt/viewpoint/bin/viewpoint makehash --help

        bcrypt_sha256 and bcrypt are not supported on Red Hat 7-based systems.

      • [environment]: "changeme!", although unencrypted, is the default for the Viewpoint database password. If you do not change this password, your Viewpoint database will not be secure. For tips on choosing a good password, see https://www.us-cert.gov/ncas/tips/ST04-002.

      • [settings]: These values are used to limit the threshold for the Resource Job Timeline. See Resource Job Timeline Page in the Moab Viewpoint Reference Guide.

      Viewpoint has a number of environment variables used to configure a Viewpoint installation and troubleshoot operating issues. See 5.4.1 General configuration issues for more information about Viewpoint environment variables.

    4. Initialize Viewpoint's PostgreSQL database. 
      [root]# /opt/viewpoint/bin/viewpoint migrate
    5. Start (or restart) the Apache service.
      [root]# systemctl enable apache2.service
[root]# systemctl restart apache2.service

3.12.3 Enable Access to the Viewpoint File Manager

This section finishes the SSL authentication steps you began when you installed moab-viewpoint-filemanager -- that is, Step 5 of /opt/acfileman/utils/certs-handling/Readme.txt that you skipped earlier.

Do the following:

  1. On the Moab Server Host, do the following: 
    [root]# cd /opt/acfileman/utils/certs-handling/certs
[root]# scp ca/ca-cert.pem client/client-cert.pem client/client-key.pem root@<viewpoint_host>:/opt/viewpoint/lib/viewpoint/webdav_client
  2. On the Viewpoint Server Host, set the mode, owner, and group of the files you copied over.
    [root]# cd /opt/viewpoint/lib/viewpoint/webdav_client
[root]# chmod 600 ca-cert.pem client-key.pem client-cert.pem
[root]# chown wwwrun:www ca-cert.pem client-key.pem client-cert.pem
[root]# systemctl restart apache2.service

3.12.4 License Viewpoint

Viewpoint uses an RLM server to validate licensed features. See 1.3 RLM Licensing Model for more information about RLM licensing.

Do the following:

  1. Using a web browser, navigate to your Viewpoint instance. (http://<viewpoint_host>:8081; where <viewpoint_host> is the IP address or name of the Viewpoint Server Host).
  2. Log in as the Viewpoint administrative user (viewpoint-admin, by default) using the password you set in the Viewpoint installation instructions.
  3. Click the Licensed Features link on the left side of the page.

    The Viewpoint administrative user has very limited rights.

    The Licensed Features page displays with the Viewpoint License information. For example:

    Click to enlarge

  4. On the Licensed Features page, locate the Viewpoint Host ID (under the Browse button).
  5. Email [email protected] with that hostid.
  6. Adaptive Computing will generate the license and send you the Viewpoint license (.lic) file in a return email.
  7. Save the Viewpoint license in a safe location.
  8. Return to the Licensed Features page.
  9. Click Browse, navigate to where you saved the Viewpoint License file, and then click Open.
  10. Click Upload.
  11. Once the license file has uploaded, the Viewpoint License information shows green check boxes for your licensed features and displays the path to your uploaded license file under the Viewpoint Host ID information. For example:

    Click to enlarge

    • Click Preview to view the contents of the license file you uploaded
    • You can expand the More Information section to see expiration information.

3.12.5 Configure Viewpoint

Do the following:

  1. While still logged in as the Viewpoint administrative user, click Basic Configuration from the left pane. The Basic Configuration page displays. For example:

    Click to enlarge

  2. In the MWS Configuration area, do the following:
    1. In the Server field, enter the URL for MWS on the Moab Server Host. For example: http://server:8080

      If your configuration uses a secure connection between Viewpoint and MWS, the URL must contain "https" and the secure port.

    2. In the Username and Password fields, enter the MWS administrator credentials. You can find these credentials in /opt/mws/etc/mws-config.groovy on the Moab Server Host. Look for auth.defaultUser.username and auth.defaultUser.password.
    3. In the Path field, the default value (/mws/) is already filled in. Leave it as is unless you have installed MWS with a non-default path.
    4. In the Client Id and Client Secret fields, enter the values that you set during the Viewpoint installation. Refer back to the step (On the Moab Server Host, register Viewpoint as a client in MWS.) earlier in this topic.
  3. In the Misc Options area, do the following:

    1. In the Node Names to Ignore field, enter the nodes that you want Viewpoint to ignore. Separate node names with a comma (,).

    2. Choose whether you wish to use Google Analytics to help improve this product.

  4. Click TEST to confirm the settings are correct.
  5. Click SAVE to submit your settings.

3.12.6 Configure File Manager

Do the following:

  1. While still logged in as the Viewpoint administrative user, click File Manager from the left pane. The File Manager Configuration page displays. For example:

    Click to enlarge

  2. Modify the values as needed. The following table describes the required information.
    FieldDescription
    Server URLThe name of the Moab Server host on which you installed the File Manager Service and the port number for the File Manager Service (for example, "https://<host name>:8443").
    Server Verify SSL

    When enabled:

    • The client SSL certificate will be verified.
    • Viewpoint will use the given certificate when connecting to File Manager Service.
    SSL Certificate FileThe location of the SSL certificate file on the Viewpoint Server. Usually, /opt/viewpoint/lib/viewpoint/webdav_client/client-cert.pem.
    SSL Certificate KeyThe location of the SSL certificate key on the Viewpoint Server. Usually, /opt/viewpoint/lib/viewpoint/webdav_client/client-key.pem.
    CA Bundle FileThe location of the CA bundle file on the Viewpoint Server. Usually, /opt/viewpoint/lib/viewpoint/webdav_client/ca-cert.pem.
    Server Root PathThe root URL path where File Manager Service publishes its API (usually it is simply "/").
    Accessible Roots

    The root folders that users can access from the File Manager page. This can be used to limit users' access to certain directories, without giving them access to the "/" folder on the remote file system (RFS). Separate root folders with a colon (for example, /home:/usr/share/groups).

     

    For example, if you define /home and /usr/share/groups as accessible roots, although users will be able to see a tree similar to the following, the users will not be able to see (access) anything inside /usr other than "share" and anything inside "share" other than "groups".

    |
- /home/
     |
      - user1/
      - user2/
      - youruser/
- /usr/
     |
      - share/
          |
           - groups/
    Maximum Upload Size (bytes)Total amount of data that can be uploaded in a single file. A value of '-1' means unlimited.
  3. Click TEST to confirm the settings are correct.
  4. Click SAVE to submit your settings.

3.12.7 Verify Base Roles are Present

Viewpoint comes configured with several default (base) roles. See Differences in version 9.1 of the Moab HPC Suite Release Notes for more information.

As part of the Viewpoint installation, you will need to verify that the base roles are present.

Do the following:

  1. Using a web browser, navigate to your Viewpoint instance. (http://<viewpoint_host>:8081; where <viewpoint_host> is the IP address or name of the Viewpoint Server Host).
  2. Log in as the MWS administrative user (moab-admin, by default).
  3. Click Configuration from the menu. The Basic Configuration page displays with additional options in the left pane. For example:

    Click to enlarge

  4. Click Roles from the left pane. The Role Management page displays.

    Click to enlarge

  5. If all the roles are there, continue with the procedure in 3.12.8 Grant Users Access to Viewpoint.

    However, if one of the base roles is not present, you will need to recreate (restore) the base roles.

  6. If you need to recreate the base roles, the Recreate Base Roles button displays on the Role Management page. For example:

    Click to enlarge

    • Click Recreate Base Roles. Viewpoint will restore the roles.

You can also modify the default roles and create new roles as needed. See About Roles in the Moab ViewpointReference Guide for more information.

3.12.8 Grant Users Access to Viewpoint

For a user to be able to access Viewpoint, he or she must be a member of a principal.

Do the following:

  1. While still logged in as the MWS administrative user, click Configuration from the menu. The Basic Configuration page displays with additional options in the left pane. For example:

    Click to enlarge

  2. Click Principals from the left pane. The Principal Management page displays. For example:

    Click to enlarge

  3. Click the Create button (upper right). The Create Principal page displays. For example:

    Click to enlarge

  4. Create one or more principals. See Creating or Editing Principals in the Moab Viewpoint Reference Guide for instructions on setting up principals.

Related Topics 

© 2017 Adaptive Computing