Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "APEL/SSM/README08"

From EGIWiki
< APEL‎ | SSM
Jump to navigation Jump to search
Line 4: Line 4:


<code>
<code>
Installing and running the SSM
Installing and running the SSM
==============================
==============================


The Secure Stomp Messenger (SSM) is designed to give a reliable message
The Secure Stomp Messenger (SSM) is designed to give a reliable message
transfer mechanism using the STOMP protocol.  Messages are encrypted
transfer mechanism using the STOMP protocol.  Messages are encrypted
during transit, and are sent sequentially, the next message being sent
during transit, and are sent sequentially, the next message being sent
only when the previous one has been acknowledged.
only when the previous one has been acknowledged.


The SSM is written in python.  It is designed and packaged for SL5.
The SSM is written in python.  It is designed and packaged for SL5.


For more aboupt the SSM, see https://wiki.egi.eu/wiki/APEL/SSM
For more aboupt the SSM, see https://wiki.egi.eu/wiki/APEL/SSM


Installing the RPM
Installing the RPM
------------------
------------------


  Prerequisites
  Prerequisites
  -------------
  -------------


The EPEL repository must be enabled.  This can be done by installing
The EPEL repository must be enabled.  This can be done by installing
the RPM for your version of SL, which is available on this page:
the RPM for your version of SL, which is available on this page:
http://fedoraproject.org/wiki/EPEL
http://fedoraproject.org/wiki/EPEL


The python stomp library
The python stomp library
* yum install stomppy
  * yum install stomppy


The python daemon library
The python daemon library
* yum install python-daemon
  * yum install python-daemon


You need a certificate and key in PEM format in the following files:
You need a certificate and key in PEM format in the following files:
* /etc/grid-security/hostcert.pem
  * /etc/grid-security/hostcert.pem
* /etc/grid-security/hostkey.pem
  * /etc/grid-security/hostkey.pem


If you want to check CRLs when verifying certificates, you need
If you want to check CRLs when verifying certificates, you need
fetch_crl installed:
fetch_crl installed:
* yum install fetch-crl
  * yum install fetch-crl
* service fetch-crl-cron start
  * service fetch-crl-cron start
* chkconfig fetch-crl-cron on
  * chkconfig fetch-crl-cron on
fetch-crl must have run once for the certificates to be verified
fetch-crl must have run once for the certificates to be verified
successfully.
successfully.


   Installation
   Installation
Line 49: Line 49:
  * rpm -i ssm-<version>.noarch.rpm
  * rpm -i ssm-<version>.noarch.rpm


What the RPM does
What the RPM does
-----------------
-----------------


The RPM carries out a number of steps to run the SSM in a specific way.
The RPM carries out a number of steps to run the SSM in a specific way.


1. It installs the core files in /opt/apel/ssm
1. It installs the core files in /opt/apel/ssm
2. It creates a group 'hostcert', which has read access to the hostkey
2. It creates a group 'hostcert', which has read access to the hostkey
3. It creates a user 'apel' with home directory /opt/apel, in the
3. It creates a user 'apel' with home directory /opt/apel, in the
  hostcert group
    hostcert group
4. It installs an init script in /etc/init.d/ssmd
4. It installs an init script in /etc/init.d/ssmd
5. It creates the log directory /var/log/apel
5. It creates the log directory /var/log/apel
6. It creates the pidfile directory /var/run/apel
6. It creates the pidfile directory /var/run/apel


Running the SSM
Running the SSM
---------------
---------------


It is recommended to run the SSM only when you need to send messages.
It is recommended to run the SSM only when you need to send messages.
This is so that all SSM clients do not remain connected to the broker
This is so that all SSM clients do not remain connected to the broker
at all times, causing it to slow.
at all times, causing it to slow.


The init script ssmd is designed for the server SSM which must run
The init script ssmd is designed for the server SSM which must run
continuously.
continuously.




To run the SSM once:
To run the SSM once:
* Write all the messages to the /opt/apel/ssm/messages/outgoing directory
  * Write all the messages to the /opt/apel/ssm/messages/outgoing directory
* export SSM_HOME=/opt/apel/ssm
  * export SSM_HOME=/opt/apel/ssm
* $SSM_HOME/bin/run-ssm
  * $SSM_HOME/bin/run-ssm




Removing the RPM
Removing the RPM
----------------
----------------


* rpm -e ssm-0.8
  * rpm -e ssm-0.8


Cleaning the system
Cleaning the system
-------------------
-------------------


* yum remove stomppy
  * yum remove stomppy
* yum remove python-daemon
  * yum remove python-daemon


* rm -rf /var/log/apel
  * rm -rf /var/log/apel
* rm -rf /var/run/apel
  * rm -rf /var/run/apel
* chown root:root /etc/grid-security/hostkey.pem /etc/grid-security/hostcert.pem
  * chown root:root /etc/grid-security/hostkey.pem /etc/grid-security/hostcert.pem
* chmod 400 /etc/grid-security/hostkey.pem
  * chmod 400 /etc/grid-security/hostkey.pem
* groupdel hostcert
  * groupdel hostcert
* userdel apel
  * userdel apel
* rm -rf /opt/apel
  * rm -rf /opt/apel
* rm -rf /var/spool/mail/apel
  * rm -rf /var/spool/mail/apel




Building the RPM
Building the RPM
----------------
----------------


This is only useful if you want to modify the spec file to build a different RPM,
This is only useful if you want to modify the spec file to build a different RPM,
and you have a zip of the SSM source.
and you have a zip of the SSM source.


It's recommended to build RPMs as a user other than root.  This user must have
It's recommended to build RPMs as a user other than root.  This user must have
access to the directory /usr/src/redhat.  Then:
access to the directory /usr/src/redhat.  Then:


* the directory containing the SSM files must be named ssm-<version>
  * the directory containing the SSM files must be named ssm-<version>
* zip -r ssm-<version>.zip ssm-<version>
  * zip -r ssm-<version>.zip ssm-<version>
* cp ssm-<version>.zip /usr/src/redhat/SOURCES
  * cp ssm-<version>.zip /usr/src/redhat/SOURCES
* cp ssm-<version>/ssm.spec /usr/src/redhat/SPECS
  * cp ssm-<version>/ssm.spec /usr/src/redhat/SPECS
* rpmbuild -ba /usr/src/redhat/SPECS/ssm.spec
  * rpmbuild -ba /usr/src/redhat/SPECS/ssm.spec


There are of course many variations on this method.
There are of course many variations on this method.
</code>
</code>

Revision as of 13:05, 16 February 2012

This is the README file included in ssm-0.8.

Installing and running the SSM
==============================
The Secure Stomp Messenger (SSM) is designed to give a reliable message
transfer mechanism using the STOMP protocol.  Messages are encrypted
during transit, and are sent sequentially, the next message being sent
only when the previous one has been acknowledged.
The SSM is written in python.  It is designed and packaged for SL5.
For more aboupt the SSM, see https://wiki.egi.eu/wiki/APEL/SSM
Installing the RPM
------------------
  Prerequisites
  -------------
The EPEL repository must be enabled.  This can be done by installing
the RPM for your version of SL, which is available on this page:
http://fedoraproject.org/wiki/EPEL
The python stomp library
 * yum install stomppy
The python daemon library
 * yum install python-daemon
You need a certificate and key in PEM format in the following files:
 * /etc/grid-security/hostcert.pem
 * /etc/grid-security/hostkey.pem
If you want to check CRLs when verifying certificates, you need
fetch_crl installed:
 * yum install fetch-crl
 * service fetch-crl-cron start
 * chkconfig fetch-crl-cron on
fetch-crl must have run once for the certificates to be verified
successfully.
 Installation
 ------------
* rpm -i ssm-<version>.noarch.rpm
What the RPM does
-----------------
The RPM carries out a number of steps to run the SSM in a specific way.
1. It installs the core files in /opt/apel/ssm
2. It creates a group 'hostcert', which has read access to the hostkey
3. It creates a user 'apel' with home directory /opt/apel, in the
   hostcert group
4. It installs an init script in /etc/init.d/ssmd
5. It creates the log directory /var/log/apel
6. It creates the pidfile directory /var/run/apel
Running the SSM
---------------
It is recommended to run the SSM only when you need to send messages.
This is so that all SSM clients do not remain connected to the broker
at all times, causing it to slow.
The init script ssmd is designed for the server SSM which must run
continuously.


To run the SSM once:
 * Write all the messages to the /opt/apel/ssm/messages/outgoing directory
 * export SSM_HOME=/opt/apel/ssm
 * $SSM_HOME/bin/run-ssm


Removing the RPM
----------------
 * rpm -e ssm-0.8
Cleaning the system
-------------------
 * yum remove stomppy
 * yum remove python-daemon
 * rm -rf /var/log/apel
 * rm -rf /var/run/apel
 * chown root:root /etc/grid-security/hostkey.pem /etc/grid-security/hostcert.pem
 * chmod 400 /etc/grid-security/hostkey.pem
 * groupdel hostcert
 * userdel apel
 * rm -rf /opt/apel
 * rm -rf /var/spool/mail/apel


Building the RPM
----------------
This is only useful if you want to modify the spec file to build a different RPM,
and you have a zip of the SSM source.
It's recommended to build RPMs as a user other than root.  This user must have
access to the directory /usr/src/redhat.  Then:
 * the directory containing the SSM files must be named ssm-<version>
 * zip -r ssm-<version>.zip ssm-<version>
 * cp ssm-<version>.zip /usr/src/redhat/SOURCES
 * cp ssm-<version>/ssm.spec /usr/src/redhat/SPECS
 * rpmbuild -ba /usr/src/redhat/SPECS/ssm.spec
There are of course many variations on this method.