(Click to open topic with navigation)

You are here: Installation and Configuration > Manual Installation > Installing > Installing Nitro Web Services

2.7 Installing Nitro Web Services

This topic contains instructions on how to install Nitro Web Services.

Nitro Web Services is not available for SUSE 11-based systems.

Do the following in the order presented:

  1. Open Necessary Ports
  2. Install MongoDB
  3. Install and Configure Nitro Web Services
  4. Configure Viewpoint for Nitro Web Services
  5. Grant Users Nitro Permissions in Viewpoint
  6. Publish Nitro Events to Nitro Web Services

2.7.1 Open Necessary Ports

If your site is running firewall software on its hosts, you will need to configure the firewall to allow connections to the necessary ports.

Location Ports Functions When Needed
Nitro Web Services Host 9443 Tornado Web Port Always
Nitro Web Services Host 47100 ZMQ Port Always
Nitro Web Services Database Host 27017 Nitro Web Services MongoDB Server Port If you will be installing the Nitro Web Services Database on a different host from Nitro Web Services

See 2.22 Opening Ports in a Firewall for general instructions and an example of how to open ports in the firewall.

In this section:

2.7.2 Install MongoDB

On the Nitro Web Services MongoDB Database Host, do the following:

  1. Add the MongoDB Repository.
    • Red Hat 6-based or Red Hat 7-based systems 
      [root]# cat > /etc/yum.repos.d/mongodb-org-3.2.repo <<'EOF'
[mongodb-org-3.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.2.asc
EOF
    • SUSE 12-based systems 
      [root]# zypper addrepo --refresh --no-gpgcheck https://repo.mongodb.org/zypper/suse/12/mongodb-org/3.2/x86_64 mongodb
  2. Install MongoDB.
    • Red Hat 6-based or Red Hat 7-based systems 
      [root]# yum install -y mongodb-org
    • SUSE 12-based systems 
      [root]# zypper -n install mongodb-org
  3. Enable and start MongoDB.
    • Red Hat 6-based systems 
      [root]# chkconfig mongod on
[root]# service mongod start
    • Red Hat 7-based or SUSE 12-based systems 
      [root]# systemctl enable mongod.service
[root]# systemctl start mongod.service

  4. Add the required MongoDB users.

    The passwords used below (secret1 and secret5) are examples. Choose your own passwords for these users.

    [root]# mongo
> use admin
> db.createUser({"user": "admin_user", "pwd": "secret1", "roles": ["root"]})

> use nitro-db
> db.createUser({"user": "nitro_user", "pwd": "secret5", "roles": ["dbOwner"]})

> exit

    Because the admin_user has read and write rights to the admin database, it also has read and write rights to all other databases. See Control Access to MongoDB Instances with Authentication for more information.

  5. Set MongoDB Configuration Options.

    By default, /etc/mongod.conf sets net.bindIp to 127.0.0.1. You will need to change this setting if the MongoDB server needs to be accessible from other hosts or from other interfaces besides loopback. See https://docs.mongodb.com/manual/reference/configuration-options/#net-options for more information.

    # Sample /etc/mongod.conf file
net:
  port: 27017
  # bindIp: 127.0.0.1
processManagement:
  fork: true
  pidFilePath: /var/run/mongodb/mongod.pid
security:
  authorization: enabled
storage:
  dbPath: /var/lib/mongo
  journal:
    enabled: true
systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongodb/mongod.log
  6. Restart MongoDB.
    • Red Hat 6-based systems 
      [root]# service mongod restart
    • Red Hat 7-based or SUSE 12-based systems 
      [root]# systemctl restart mongod.service

2.7.3 Install and Configure Nitro Web Services

You must complete the tasks earlier in this topic before installing Nitro Web Services.

On the host where Nitro Web Services will reside, do the following:

  1. If you have not already done so, complete the steps to prepare the host. See 2.4 Preparing for Manual Installation or Upgrade.
  2. Identify and unpack the Nitro Web Services tarball (nitro-web-services-<version>-<OS>.tar.gz). 
    [root]# tar -xzvpf nitro-web-services-<version>-<OS>.tar.gz

  3. Install Nitro Web Services.

    [root]# cd /opt/nitro-web-services-<version>
[root]# ./install <directory>
# <directory> is optional; defaults to /opt/nitro-web-services when not given

  4. Understand and edit the the Nitro Web Services web application configuration file (/opt/nitro-web-services/etc/nitro.cfg). This includes clarifying what the configuration file is for and what to expect the first time the NWS service is started vs. each subsequent start.

    The nitro_user with dbOwner permissions was set up earlier in the procedure (see 2.7.2 Install MongoDB).

    When you first start nitro-web-services, the nitro-db Mongo database (including its collections and indexes) is created. The nitro-db 'user' collection is also populated with the default Nitro Web Services API users/passwords. Several of the options defined in the configuration files influence this process.

    MongoDB user, table, and index creation is performed at initial startup. Many of the options defined in the Nitro Web Service configuration files influence Mongo user/password and index creation.

    Usernames and passwords are created only if they do not yet exist. Changing a password in the configuration file after initial startup will not update the password.

    The /opt/nitro-web-services/etc/nitro.cfg configuration file includes default password values. If you want to use passwords other than the default value, change the lines in the file as shown below.

    • Before initial startup, set the db_password to be the nitro_user password. It is also recommended that you change all other default passwords before starting Nitro Web Services. If you do not change the passwords at this point, it will be more difficult to change them later. 
      db_password = <password goes here>
ws_admin_password = <ws_admin_password goes here>
ws_readonly_password = <ws_readonly_password goes here>
ws_writeonly_password = <ws_writeonly_password goes here>
    • By default, NWS uses an auto-generated self-signed SSL certificate to encrypt the link between the web server and the browser clients. The auto-generated self-signed SSL certificate is created at service start up; not during the installation process.

      However, you can use your own certfile, keyfile, and ca_certs files if you wish.

      If you choose to use your own ssl_certfile and ssl_keyfile, ssl_create_self_signed_cert=true is ignored.

    • By default, NWS does not encrypt network traffic with MongoDB. You should set the db_ssl_* properties if you choose to enable TLS/SSL when installing MongoDB earlier in this topic.
  5. Understand and edit the Nitro ZMQ Job Status Adapter configuration file (/opt/nitro-web-services/etc/zmq_job_status_adapter.cfg). This includes clarifying what the configuration file is for and what to expect the first time the NWS service is started vs. each subsequent start.
    • The Nitro ZMQ Job Status Adapter listens to job status updates on the ZMQ bus and publishes them to MongoDB using the Nitro Web Services REST API.
    • The username and password must be set to a Nitro Web Services API user with write permissions. At minimum, set the password for nitro-writeonly-user to the password defined in /opt/nitro-web-services/etc/nitro.cfg and make sure the SSL options are set correctly based on SSL settings in /opt/nitro-web-services/etc/nitro.cfg.

      password = <ws_writeonly_password goes here>

  6. If you did not need to install the Nitro Web Services MongoDB database earlier in this topic, verify that the mongodb_hostlist in /opt/nitro-web-services/etc/nitro.cfg is set correctly (localhost:27017 is the default).
  7. Start the services and configure Nitro Web Services to start automatically at system boot.
    • Red Hat 6-based systems
      [root]# chkconfig --add nitro-web-services
[root]# chkconfig --add nitro-zmq-job-status-adapter
[root]# service nitro-web-services start
[root]# service nitro-zmq-job-status-adapter start
    • Red Hat 7-based or SUSE 12-based systems 
      [root]# systemctl enable nitro-web-services.service
[root]# systemctl enable nitro-zmq-job-status-adapter.service
[root]# systemctl start nitro-web-services.service
[root]# systemctl start nitro-zmq-job-status-adapter.service

2.7.4 Configure Viewpoint for Nitro Web Services

Do the following:

  1. Using a web browser, navigate to your Viewpoint instance (http://<server>:8081) and then log in as the MWS administrative user (moab-admin, by default).

  2. Click Configuration from the menu and then click Nitro Services from the left pane. The following is an example of the Nitro Services Configuration page.

    Click to enlarge
  3. Enter the configuration information. The following table describes the required information.
    FieldDescription
    Nitro WS URLHostname (or IP address) and port number for the host on which you installed Nitro Web Services. For example, https://<hostname>:9443
    UsernameName of the user. This typically nitro-readonly-user.
    PasswordThe user's password.

    Trust Self Signed

    		Indicates whether Nitro Web Services was set up using self-signed certificates.
  4. Click TEST to confirm the settings are correct. This confirms whether Nitro Web Services is up and receiving connections.
  5. Click SAVE.

  6. (Recommended) Use curl to test Nitro Web Services connectivity.

    [root]# curl --insecure --data '{"username": "nitro-admin", "password": "ChangeMe2!"}' \
 https://<hostname>:9443/auth

    You should see output similar to the following.

    {
  "status": 200,
  "data": {
    "nitro-key": "3e0fb95e9a0e44ae91daef4deb500dcc67a3714880e851d781512a49",
    "user": {
      "username": "nitro-admin",
      "last_updated": "2016-02-26 23:34:55.604000",
      "name": "Nitro Admin",
      "created": "2016-02-26 23:34:55.604000",
      "auth": {
        "job": [
          "read",
          "write",
          "delete"
        ],
        "user": [
          "read",
          "write",
          "delete"
        ]
      }
    }
  }
}

2.7.5 Grant Users Nitro Permissions in Viewpoint

Viewpoint comes packed with base (default) roles for Nitro jobs. Any user who will be working with Nitro Web Services, must have the appropriate role added to the Viewpoint user principal.

These are the Viewpoint roles for Nitro:

See Creating or Editing Principals in the Moab Viewpoint Reference Guide for instructions on setting up principals.

2.7.6 Publish Nitro Events to Nitro Web Services

You need to configure the Nitro coordinators to send job status updates to the Nitro Web Services's ZMQ Job Status Adapter. The ZMQ Job Status Adapter is responsible for reading job status updates off of the ZMQ bus and persisting them to Mongo. Nitro Web Services can then be used to access Nitro job status.

Each Nitro job has a Nitro Coordinator. Nitro Coordinators can be configured to publish job status updates to ZMQ by setting the "nws-connector-address" configuration option in Nitro's nitro.cfg file. Each compute node allocated/scheduled to a Nitro Job can play the role of a Nitro coordinator. Therefore, you must update the "nws-connector-address" in each compute node's nitro.cfg file.

Configuring nws-connector-address is simplified if each node is sharing Nitro's configuration over a shared filesystem. If you are not using a shared filesystem, update the Nitro configuration on each compute node.

Do the following:

  1. If you have not already done so, on the Nitro Web Services Host, locate the msg_port number in the /opt/nitro-web-services/etc/zmq_job_status_adapter.cfg file. This is the port number you need to specify for the nws-connector-address.

  2. On each Nitro compute note (Torque MOM Host), specify the nws-connector-address in the /opt/nitro/etc/nitro.cfg file.

    ...
# Viewpoint connection allows Nitro to communicate job status information
# to viewpoint.  This option indicates name and port of the remote server
# in the form: <host>:<port>
nws-connector-address <nitro-web-services-hostname>:47100
...

© 2017 Adaptive Computing