Difference between revisions of "APEL/SSM/README08"
Jump to navigation
Jump to search
Line 4: | Line 4: | ||
<code> | <code> | ||
Installing and running the SSM | Installing and running the SSM | ||
============================== | ============================== | ||
The Secure Stomp Messenger (SSM) is designed to give a reliable message | The Secure Stomp Messenger (SSM) is designed to give a reliable message | ||
transfer mechanism using the STOMP protocol. Messages are encrypted | transfer mechanism using the STOMP protocol. Messages are encrypted | ||
during transit, and are sent sequentially, the next message being sent | during transit, and are sent sequentially, the next message being sent | ||
only when the previous one has been acknowledged. | only when the previous one has been acknowledged. | ||
The SSM is written in python. It is designed and packaged for SL5. | The SSM is written in python. It is designed and packaged for SL5. | ||
For more aboupt the SSM, see https://wiki.egi.eu/wiki/APEL/SSM | For more aboupt the SSM, see https://wiki.egi.eu/wiki/APEL/SSM | ||
Installing the RPM | Installing the RPM | ||
------------------ | ------------------ | ||
Prerequisites | |||
------------- | |||
The EPEL repository must be enabled. This can be done by installing | The EPEL repository must be enabled. This can be done by installing | ||
the RPM for your version of SL, which is available on this page: | the RPM for your version of SL, which is available on this page: | ||
http://fedoraproject.org/wiki/EPEL | http://fedoraproject.org/wiki/EPEL | ||
The python stomp library | The python stomp library | ||
* yum install stomppy | |||
The python daemon library | The python daemon library | ||
* yum install python-daemon | |||
You need a certificate and key in PEM format in the following files: | You need a certificate and key in PEM format in the following files: | ||
* /etc/grid-security/hostcert.pem | |||
* /etc/grid-security/hostkey.pem | |||
If you want to check CRLs when verifying certificates, you need | If you want to check CRLs when verifying certificates, you need | ||
fetch_crl installed: | fetch_crl installed: | ||
* yum install fetch-crl | |||
* service fetch-crl-cron start | |||
* chkconfig fetch-crl-cron on | |||
fetch-crl must have run once for the certificates to be verified | fetch-crl must have run once for the certificates to be verified | ||
successfully. | successfully. | ||
Installation | Installation | ||
Line 49: | Line 49: | ||
* rpm -i ssm-<version>.noarch.rpm | * rpm -i ssm-<version>.noarch.rpm | ||
What the RPM does | What the RPM does | ||
----------------- | ----------------- | ||
The RPM carries out a number of steps to run the SSM in a specific way. | The RPM carries out a number of steps to run the SSM in a specific way. | ||
1. It installs the core files in /opt/apel/ssm | 1. It installs the core files in /opt/apel/ssm | ||
2. It creates a group 'hostcert', which has read access to the hostkey | 2. It creates a group 'hostcert', which has read access to the hostkey | ||
3. It creates a user 'apel' with home directory /opt/apel, in the | 3. It creates a user 'apel' with home directory /opt/apel, in the | ||
hostcert group | |||
4. It installs an init script in /etc/init.d/ssmd | 4. It installs an init script in /etc/init.d/ssmd | ||
5. It creates the log directory /var/log/apel | 5. It creates the log directory /var/log/apel | ||
6. It creates the pidfile directory /var/run/apel | 6. It creates the pidfile directory /var/run/apel | ||
Running the SSM | Running the SSM | ||
--------------- | --------------- | ||
It is recommended to run the SSM only when you need to send messages. | It is recommended to run the SSM only when you need to send messages. | ||
This is so that all SSM clients do not remain connected to the broker | This is so that all SSM clients do not remain connected to the broker | ||
at all times, causing it to slow. | at all times, causing it to slow. | ||
The init script ssmd is designed for the server SSM which must run | The init script ssmd is designed for the server SSM which must run | ||
continuously. | continuously. | ||
To run the SSM once: | To run the SSM once: | ||
* Write all the messages to the /opt/apel/ssm/messages/outgoing directory | |||
* export SSM_HOME=/opt/apel/ssm | |||
* $SSM_HOME/bin/run-ssm | |||
Removing the RPM | Removing the RPM | ||
---------------- | ---------------- | ||
* rpm -e ssm-0.8 | |||
Cleaning the system | Cleaning the system | ||
------------------- | ------------------- | ||
* yum remove stomppy | |||
* yum remove python-daemon | |||
* rm -rf /var/log/apel | |||
* rm -rf /var/run/apel | |||
* chown root:root /etc/grid-security/hostkey.pem /etc/grid-security/hostcert.pem | |||
* chmod 400 /etc/grid-security/hostkey.pem | |||
* groupdel hostcert | |||
* userdel apel | |||
* rm -rf /opt/apel | |||
* rm -rf /var/spool/mail/apel | |||
Building the RPM | Building the RPM | ||
---------------- | ---------------- | ||
This is only useful if you want to modify the spec file to build a different RPM, | This is only useful if you want to modify the spec file to build a different RPM, | ||
and you have a zip of the SSM source. | and you have a zip of the SSM source. | ||
It's recommended to build RPMs as a user other than root. This user must have | It's recommended to build RPMs as a user other than root. This user must have | ||
access to the directory /usr/src/redhat. Then: | access to the directory /usr/src/redhat. Then: | ||
* the directory containing the SSM files must be named ssm-<version> | |||
* zip -r ssm-<version>.zip ssm-<version> | |||
* cp ssm-<version>.zip /usr/src/redhat/SOURCES | |||
* cp ssm-<version>/ssm.spec /usr/src/redhat/SPECS | |||
* rpmbuild -ba /usr/src/redhat/SPECS/ssm.spec | |||
There are of course many variations on this method. | There are of course many variations on this method. | ||
</code> | </code> |
Revision as of 13:05, 16 February 2012
- Back to APEL/SSM
This is the README file included in ssm-0.8.
Installing and running the SSM
==============================
The Secure Stomp Messenger (SSM) is designed to give a reliable message
transfer mechanism using the STOMP protocol. Messages are encrypted
during transit, and are sent sequentially, the next message being sent
only when the previous one has been acknowledged.
The SSM is written in python. It is designed and packaged for SL5.
For more aboupt the SSM, see https://wiki.egi.eu/wiki/APEL/SSM
Installing the RPM
------------------
Prerequisites
-------------
The EPEL repository must be enabled. This can be done by installing
the RPM for your version of SL, which is available on this page:
http://fedoraproject.org/wiki/EPEL
The python stomp library
* yum install stomppy
The python daemon library
* yum install python-daemon
You need a certificate and key in PEM format in the following files:
* /etc/grid-security/hostcert.pem
* /etc/grid-security/hostkey.pem
If you want to check CRLs when verifying certificates, you need
fetch_crl installed:
* yum install fetch-crl
* service fetch-crl-cron start
* chkconfig fetch-crl-cron on
fetch-crl must have run once for the certificates to be verified
successfully.
Installation
------------
* rpm -i ssm-<version>.noarch.rpm
What the RPM does
-----------------
The RPM carries out a number of steps to run the SSM in a specific way.
1. It installs the core files in /opt/apel/ssm
2. It creates a group 'hostcert', which has read access to the hostkey
3. It creates a user 'apel' with home directory /opt/apel, in the
hostcert group
4. It installs an init script in /etc/init.d/ssmd
5. It creates the log directory /var/log/apel
6. It creates the pidfile directory /var/run/apel
Running the SSM
---------------
It is recommended to run the SSM only when you need to send messages.
This is so that all SSM clients do not remain connected to the broker
at all times, causing it to slow.
The init script ssmd is designed for the server SSM which must run
continuously.
To run the SSM once:
* Write all the messages to the /opt/apel/ssm/messages/outgoing directory
* export SSM_HOME=/opt/apel/ssm
* $SSM_HOME/bin/run-ssm
Removing the RPM
----------------
* rpm -e ssm-0.8
Cleaning the system
-------------------
* yum remove stomppy
* yum remove python-daemon
* rm -rf /var/log/apel
* rm -rf /var/run/apel
* chown root:root /etc/grid-security/hostkey.pem /etc/grid-security/hostcert.pem
* chmod 400 /etc/grid-security/hostkey.pem
* groupdel hostcert
* userdel apel
* rm -rf /opt/apel
* rm -rf /var/spool/mail/apel
Building the RPM
----------------
This is only useful if you want to modify the spec file to build a different RPM,
and you have a zip of the SSM source.
It's recommended to build RPMs as a user other than root. This user must have
access to the directory /usr/src/redhat. Then:
* the directory containing the SSM files must be named ssm-<version>
* zip -r ssm-<version>.zip ssm-<version>
* cp ssm-<version>.zip /usr/src/redhat/SOURCES
* cp ssm-<version>/ssm.spec /usr/src/redhat/SPECS
* rpmbuild -ba /usr/src/redhat/SPECS/ssm.spec
There are of course many variations on this method.