|
|
| (77 intermediate revisions by 3 users not shown) |
| Line 1: |
Line 1: |
| The Secure Stomp Messenger (SSM) is used to transmit arbitrary messages using the STOMP protocol. For a description, see [[APEL/SSMOverview|SSM Overview]].
| | * Back to [[APEL/SSM]]. |
|
| |
|
| '''PLEASE NOTE THIS IS NOT PRODUCTION-LEVEL SOFTWARE''' '''This software is distributed as an example and for testing'''.
| | If you are beginning your testing now please use [[APEL/SSM2Installation|SSM2]] |
|
| |
|
| * For details on the testing process, see this page: [[APEL/APELSSMExternalTesting]]
| | SSM1 downloads are available at https://github.com/apel/ssm/downloads. |
| * Expect bugs, and if you find any please let us know about them: apel-ssm-test@mailtalk.ac.uk.
| |
|
| |
|
| == ssm-0.4 ==
| | '''NOTE:''' Before you can send your messages to the Accounting server you must send your host certificate DN to apel-admins [at] stfc.ac.uk, e.g. output from running |
|
| |
|
| | <code>openssl x509 -subject -noout -in hostcert.pem</code> |
|
| |
|
| === Prerequisites === | | = Installing SSM = |
| * python:
| |
| ** we use 2.4.3, the standard version with SL5
| |
| * stomppy: the python STOMP library
| |
| ** the version in the epel repository (3.0.3) conflicts with python 2.4 - '''don't use this!'''
| |
| ** We have been using 2.0.2 (the version in the EGEE SA1 repository is 2.0.4 and this seems to work as well)
| |
| ** this is how we install stomppy 2.0.2 (as root):
| |
|
| |
|
| <source lang="bash">
| | * For details on the testing process, see this page: [[APEL/APELSSMExternalTesting]] |
| $ wget http://stomppy.googlecode.com/files/stomp.py-2.0.2.tar.gz
| | * If you find any bugs please let us know about them: apel-admins [at] stfc.ac.uk. |
| $ tar -xvzf stomp.py-2.0.2.tar.gz
| |
| $ chown -hR root:root stomp.py-2.0.2
| |
| $ cd stomp.py-2.0.2
| |
| $ python setup.py build
| |
| $ python setup.py install
| |
| </source>
| |
| | |
| * openssl:
| |
| ** we use 0.9.8, the standard version with SL5 | |
| * lcg-CA
| |
| | |
| === Installation ===
| |
| | |
| You can't currently download a version of the code, but if you would like a zip file please email apel-ssm-test@mailtalk.ac.uk and we will send you a version.
| |
| | |
| * Unzip the file into a directory, which is denoted as $SSM_HOME below.
| |
| | |
| === Configuration ===
| |
| The environment variable SSM_HOME must be set appropriately:
| |
| * <code>export SSM_HOME=<directory></code>
| |
| | |
| There are two other configuration files.
| |
| | |
| ==== <code>$SSM_HOME/conf/ssm.cfg</code> ====
| |
| '''The default values should suffice to send messages to the APEL test system''', but there are notes about the file below.
| |
| | |
| This SSM will be a producer, so the consumer section can be left out or given dummy values - it doesn't hurt. The file is well commented, it should be straightforward. In this file configure:
| |
| | |
| * the broker to use (host: dev.msg.cern.ch port: 6163 for testing purposes)
| |
| * the message store (suggest: $SSM_HOME/messages)
| |
| * the certificate/key settings and CA directory | |
| * the topic to send to (/topic/grid.accounting.cpuTest.CENTRAL is being used for testing)
| |
| * The DN of the consumer that messages are sent to(<code>consumerDN: /C=UK/O=eScience/OU=CLRC/L=RAL/CN=raptest.esc.rl.ac.uk/emailAddress=sct-certificates@stfc.ac.uk</code>)
| |
| | |
| * The acknowledgment topic; a sensible default is already used.
| |
| ==== <code>$SSM_HOME/conf/ssm.log.cfg</code> ====
| |
| The default values should suffice, '''but you must do one of two things:'''
| |
| # Create the directory <code>/var/log/apel/</code> and give the user running the SSM access to this directory.
| |
| # In the section [handler_fileHander], specify the path to a log file. The directory must exist and the user running the SSM must have permission to write to it. You need a full path - you can't use $SSM_HOME. Example: <code>args=('/home/apel/ssm/ssm.log', 'a')</code>
| |
| | |
| === Certificates ===
| |
| | |
| Your SSM '''encrypts''' using our certificate. Before it does this, it tries to verify it against the CA certificates in <code>/etc/grid-security/certificates</code>. To ensure this works fine, install the lcg-CA package using yum.
| |
|
| |
|
| Your SSM uses your host key to '''sign''' the messages it sends. When our version of the SSM receives a message, it retrieves your certificate and attempts to verify it against the CA certificates in the lcg-CA rpm.
| | == ssm-1.2 == |
|
| |
|
| If your host certificate is not signed by one of these CAs, discuss this with apel-admins@mailtalk.ac.uk.
| | The same package is installed for CPU accounting, StAR and Cloud accounting records. |
|
| |
|
| In order to encrypt and sign successfully, '''the user running the SSM needs read access to both the host certificate and private key'''.
| | Version 1.2 is the current version. |
|
| |
|
| === Running the SSM ===
| | '''It changes the default messages location from the previous version:''' |
| | * OLD: <code>/opt/apel/ssm/messages/</code> |
| | * NEW: <code>/var/opt/apel/messages/</code> |
|
| |
|
| * <code>cd $HOME/bin</code>
| | Installation and removal instructions are now packaged with the SSM in the README file. If you would like to read it before you install the SSM, here is the version included with ssm-1.2: [[APEL/SSM/README12]]. |
| * <code>./run-ssm</code>
| |
|
| |
|
| Once the SSM is running, it will send messages from the directory <code>$SSM_HOME/messages/outgoing</code> automatically. All you need to do is to put the messages in this directory. If they don't disappear, check the log file to see what it says, check your configuration, then send us an email.
| | '''Please note''': the default configuration sends messages to the CPU Accounting test server. See [[APEL/SSMConfiguration]] for how to change the configuration. |
|
| |
|
| === Stopping the SSM ===
| |
|
| |
|
| The easiest way to do this currently is to kill it using its pid. You can do this something like as follows:
| | [[Category:Accounting]] |
| <source lang="bash">
| |
| [apelssm@apel-test messages]$ ps ax | grep python | |
| 25402 pts/0 Sl+ 0:00 python /opt/apelssm/ssm-0.3/src/ssm/ssm_master.py /opt/apelssm/ssm-0.3/conf/ssm.cfg
| |
| 25459 pts/1 S+ 0:00 grep python
| |
| [apelssm@apel-test messages]$ kill 25402
| |
| [apelssm@apel-test messages]$
| |
| </source>
| |
If you are beginning your testing now please use SSM2
SSM1 downloads are available at https://github.com/apel/ssm/downloads.
NOTE: Before you can send your messages to the Accounting server you must send your host certificate DN to apel-admins [at] stfc.ac.uk, e.g. output from running
openssl x509 -subject -noout -in hostcert.pem
Installing SSM
- For details on the testing process, see this page: APEL/APELSSMExternalTesting
- If you find any bugs please let us know about them: apel-admins [at] stfc.ac.uk.
ssm-1.2
The same package is installed for CPU accounting, StAR and Cloud accounting records.
Version 1.2 is the current version.
It changes the default messages location from the previous version:
- OLD:
/opt/apel/ssm/messages/
- NEW:
/var/opt/apel/messages/
Installation and removal instructions are now packaged with the SSM in the README file. If you would like to read it before you install the SSM, here is the version included with ssm-1.2: APEL/SSM/README12.
Please note: the default configuration sends messages to the CPU Accounting test server. See APEL/SSMConfiguration for how to change the configuration.
The wiki is deprecated and due to be decommissioned by the end of September 2022.