The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.
Difference between revisions of "APEL/SSM/README08"
Jump to navigation
Jump to search
| (5 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
[[Category:Accounting]] | |||
* Back to [[APEL/SSM]] | * Back to [[APEL/SSM]] | ||
* Back to [[APEL/SSMInstallation]] | |||
This is the README file included in ssm-0.8. | This is the README file included in ssm-0.8. | ||
< | <nowiki> | ||
Installing and running the SSM | Installing and running the SSM | ||
============================== | ============================== | ||
The Secure Stomp Messenger (SSM) is designed to give a reliable message | The Secure Stomp Messenger (SSM) is designed to give a reliable message | ||
transfer mechanism using the STOMP protocol. Messages are encrypted | transfer mechanism using the STOMP protocol. Messages are encrypted | ||
during transit, and are sent sequentially, the next message being sent | during transit, and are sent sequentially, the next message being sent | ||
only when the previous one has been acknowledged. | only when the previous one has been acknowledged. | ||
The SSM is written in python. It is designed and packaged for SL5. | The SSM is written in python. It is designed and packaged for SL5. | ||
For more aboupt the SSM, see | For more aboupt the SSM, see [[APEL/SSM]] | ||
Installing the RPM | Installing the RPM | ||
------------------ | ------------------ | ||
Prerequisites | |||
------------- | |||
The EPEL repository must be enabled. This can be done by installing | The EPEL repository must be enabled. This can be done by installing | ||
the RPM for your version of SL, which is available on this page: | the RPM for your version of SL, which is available on this page: | ||
http://fedoraproject.org/wiki/EPEL | http://fedoraproject.org/wiki/EPEL | ||
The python stomp library | The python stomp library | ||
* yum install stomppy | |||
The python daemon library | The python daemon library | ||
* yum install python-daemon | |||
The python ldap library | |||
* yum install python-ldap | |||
If you want to check CRLs when verifying certificates, you need | You need a certificate and key in PEM format in the following files: | ||
fetch_crl installed: | * /etc/grid-security/hostcert.pem | ||
* /etc/grid-security/hostkey.pem | |||
If you want to check CRLs when verifying certificates, you need | |||
fetch-crl must have run once for the certificates to be verified | fetch_crl installed: | ||
successfully. | * yum install fetch-crl | ||
* service fetch-crl-cron start | |||
* chkconfig fetch-crl-cron on | |||
fetch-crl must have run once for the certificates to be verified | |||
successfully. | |||
Installation | Installation | ||
| Line 49: | Line 54: | ||
* rpm -i ssm-<version>.noarch.rpm | * rpm -i ssm-<version>.noarch.rpm | ||
What the RPM does | What the RPM does | ||
----------------- | ----------------- | ||
The RPM carries out a number of steps to run the SSM in a specific way. | The RPM carries out a number of steps to run the SSM in a specific way. | ||
1. It installs the core files in /opt/apel/ssm | 1. It installs the core files in /opt/apel/ssm | ||
2. It creates a group 'hostcert', which has read access to the hostkey | 2. It creates a group 'hostcert', which has read access to the hostkey | ||
3. It creates a user 'apel' with home directory /opt/apel, in the | 3. It creates a user 'apel' with home directory /opt/apel, in the | ||
hostcert group | |||
4. It installs an init script in /etc/init.d/ssmd | 4. It installs an init script in /etc/init.d/ssmd | ||
5. It creates the log directory /var/log/apel | 5. It creates the log directory /var/log/apel | ||
6. It creates the pidfile directory /var/run/apel | 6. It creates the pidfile directory /var/run/apel | ||
Running the SSM | Running the SSM | ||
--------------- | --------------- | ||
It is recommended to run the SSM only when you need to send messages. | It is recommended to run the SSM only when you need to send messages. | ||
This is so that all SSM clients do not remain connected to the broker | This is so that all SSM clients do not remain connected to the broker | ||
at all times, causing it to slow. | at all times, causing it to slow. | ||
The init script ssmd is designed for the server SSM which must run | The init script ssmd is designed for the server SSM which must run | ||
continuously. | continuously. | ||
To run the SSM once: | To run the SSM once: | ||
* Write all the messages to the /opt/apel/ssm/messages/outgoing directory | |||
* export SSM_HOME=/opt/apel/ssm | |||
* $SSM_HOME/bin/run-ssm | |||
Removing the RPM | Removing the RPM | ||
---------------- | ---------------- | ||
* rpm -e ssm-0.8 | |||
Cleaning the system | Cleaning the system | ||
------------------- | ------------------- | ||
* yum remove stomppy | |||
* yum remove python-daemon | |||
* rm -rf /var/log/apel | |||
* rm -rf /var/run/apel | |||
* chown root:root /etc/grid-security/hostkey.pem /etc/grid-security/hostcert.pem | |||
* chmod 400 /etc/grid-security/hostkey.pem | |||
* groupdel hostcert | |||
* userdel apel | |||
* rm -rf /opt/apel | |||
* rm -rf /var/spool/mail/apel | |||
Building the RPM | Building the RPM | ||
---------------- | ---------------- | ||
This is only useful if you want to modify the spec file to build a different RPM, | This is only useful if you want to modify the spec file to build a different RPM, | ||
and you have a zip of the SSM source. | and you have a zip of the SSM source. | ||
It's recommended to build RPMs as a user other than root. This user must have | It's recommended to build RPMs as a user other than root. This user must have | ||
access to the directory /usr/src/redhat. Then: | access to the directory /usr/src/redhat. Then: | ||
* the directory containing the SSM files must be named ssm-<version> | |||
* zip -r ssm-<version>.zip ssm-<version> | |||
* cp ssm-<version>.zip /usr/src/redhat/SOURCES | |||
* cp ssm-<version>/ssm.spec /usr/src/redhat/SPECS | |||
* rpmbuild -ba /usr/src/redhat/SPECS/ssm.spec | |||
There are of course many variations on this method. | There are of course many variations on this method. | ||
</ | </nowiki> | ||
Latest revision as of 17:14, 29 November 2012
- Back to APEL/SSM
- Back to APEL/SSMInstallation
This is the README file included in ssm-0.8.
Installing and running the SSM
==============================
The Secure Stomp Messenger (SSM) is designed to give a reliable message
transfer mechanism using the STOMP protocol. Messages are encrypted
during transit, and are sent sequentially, the next message being sent
only when the previous one has been acknowledged.
The SSM is written in python. It is designed and packaged for SL5.
For more aboupt the SSM, see [[APEL/SSM]]
Installing the RPM
------------------
Prerequisites
-------------
The EPEL repository must be enabled. This can be done by installing
the RPM for your version of SL, which is available on this page:
http://fedoraproject.org/wiki/EPEL
The python stomp library
* yum install stomppy
The python daemon library
* yum install python-daemon
The python ldap library
* yum install python-ldap
You need a certificate and key in PEM format in the following files:
* /etc/grid-security/hostcert.pem
* /etc/grid-security/hostkey.pem
If you want to check CRLs when verifying certificates, you need
fetch_crl installed:
* yum install fetch-crl
* service fetch-crl-cron start
* chkconfig fetch-crl-cron on
fetch-crl must have run once for the certificates to be verified
successfully.
Installation
------------
* rpm -i ssm-<version>.noarch.rpm
What the RPM does
-----------------
The RPM carries out a number of steps to run the SSM in a specific way.
1. It installs the core files in /opt/apel/ssm
2. It creates a group 'hostcert', which has read access to the hostkey
3. It creates a user 'apel' with home directory /opt/apel, in the
hostcert group
4. It installs an init script in /etc/init.d/ssmd
5. It creates the log directory /var/log/apel
6. It creates the pidfile directory /var/run/apel
Running the SSM
---------------
It is recommended to run the SSM only when you need to send messages.
This is so that all SSM clients do not remain connected to the broker
at all times, causing it to slow.
The init script ssmd is designed for the server SSM which must run
continuously.
To run the SSM once:
* Write all the messages to the /opt/apel/ssm/messages/outgoing directory
* export SSM_HOME=/opt/apel/ssm
* $SSM_HOME/bin/run-ssm
Removing the RPM
----------------
* rpm -e ssm-0.8
Cleaning the system
-------------------
* yum remove stomppy
* yum remove python-daemon
* rm -rf /var/log/apel
* rm -rf /var/run/apel
* chown root:root /etc/grid-security/hostkey.pem /etc/grid-security/hostcert.pem
* chmod 400 /etc/grid-security/hostkey.pem
* groupdel hostcert
* userdel apel
* rm -rf /opt/apel
* rm -rf /var/spool/mail/apel
Building the RPM
----------------
This is only useful if you want to modify the spec file to build a different RPM,
and you have a zip of the SSM source.
It's recommended to build RPMs as a user other than root. This user must have
access to the directory /usr/src/redhat. Then:
* the directory containing the SSM files must be named ssm-<version>
* zip -r ssm-<version>.zip ssm-<version>
* cp ssm-<version>.zip /usr/src/redhat/SOURCES
* cp ssm-<version>/ssm.spec /usr/src/redhat/SPECS
* rpmbuild -ba /usr/src/redhat/SPECS/ssm.spec
There are of course many variations on this method.