Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

APEL/SSM/README08

From EGIWiki
< APEL‎ | SSM
Revision as of 16:14, 29 November 2012 by Krakow (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

This is the README file included in ssm-0.8.

 Installing and running the SSM
 ==============================

 The Secure Stomp Messenger (SSM) is designed to give a reliable message
 transfer mechanism using the STOMP protocol.  Messages are encrypted
 during transit, and are sent sequentially, the next message being sent
 only when the previous one has been acknowledged.

 The SSM is written in python.  It is designed and packaged for SL5.

 For more aboupt the SSM, see [[APEL/SSM]]

 Installing the RPM
 ------------------

   Prerequisites
   -------------

 The EPEL repository must be enabled.  This can be done by installing
 the RPM for your version of SL, which is available on this page:
 http://fedoraproject.org/wiki/EPEL

 The python stomp library
  * yum install stomppy

 The python daemon library
  * yum install python-daemon

 The python ldap library
  * yum install python-ldap

 You need a certificate and key in PEM format in the following files:
  * /etc/grid-security/hostcert.pem
  * /etc/grid-security/hostkey.pem

 If you want to check CRLs when verifying certificates, you need
 fetch_crl installed:
  * yum install fetch-crl
  * service fetch-crl-cron start
  * chkconfig fetch-crl-cron on
 fetch-crl must have run once for the certificates to be verified
 successfully.

  Installation
  ------------

 * rpm -i ssm-<version>.noarch.rpm

 What the RPM does
 -----------------

 The RPM carries out a number of steps to run the SSM in a specific way.

 1. It installs the core files in /opt/apel/ssm
 2. It creates a group 'hostcert', which has read access to the hostkey
 3. It creates a user 'apel' with home directory /opt/apel, in the
    hostcert group
 4. It installs an init script in /etc/init.d/ssmd
 5. It creates the log directory /var/log/apel
 6. It creates the pidfile directory /var/run/apel

 Running the SSM
 ---------------

 It is recommended to run the SSM only when you need to send messages.
 This is so that all SSM clients do not remain connected to the broker
 at all times, causing it to slow.

 The init script ssmd is designed for the server SSM which must run
 continuously.


 To run the SSM once:
  * Write all the messages to the /opt/apel/ssm/messages/outgoing directory
  * export SSM_HOME=/opt/apel/ssm
  * $SSM_HOME/bin/run-ssm


 Removing the RPM
 ----------------

  * rpm -e ssm-0.8

 Cleaning the system
 -------------------

  * yum remove stomppy
  * yum remove python-daemon

  * rm -rf /var/log/apel
  * rm -rf /var/run/apel
  * chown root:root /etc/grid-security/hostkey.pem /etc/grid-security/hostcert.pem
  * chmod 400 /etc/grid-security/hostkey.pem
  * groupdel hostcert
  * userdel apel
  * rm -rf /opt/apel
  * rm -rf /var/spool/mail/apel


 Building the RPM
 ----------------

 This is only useful if you want to modify the spec file to build a different RPM,
 and you have a zip of the SSM source.

 It's recommended to build RPMs as a user other than root.  This user must have
 access to the directory /usr/src/redhat.  Then:

  * the directory containing the SSM files must be named ssm-<version>
  * zip -r ssm-<version>.zip ssm-<version>
  * cp ssm-<version>.zip /usr/src/redhat/SOURCES
  * cp ssm-<version>/ssm.spec /usr/src/redhat/SPECS
  * rpmbuild -ba /usr/src/redhat/SPECS/ssm.spec

 There are of course many variations on this method.