Version 5 (modified by dee, 11 years ago)

--

Notes for setting up Orca on a remote machine (connecting to SVN via https)

Prerequisites

  • Java = 1.5
  • Ant >= 1.7 (NOT the Debianized version)
  • Maven >= 2.0.6
  • Maven tasks for ant, installed in your ant's lib directory
  • Subversion client with https:// protocol support
  • A login that works against https://geni-orca.renci.org/svn

Check out Modules

The Orca repository at https://geni-orca.renci.org/svn is factored into many sub-projects. Some Examples:

https://geni-orca.renci.org/svn/orca/pom Core orca Maven descriptor
https://geni-orca.renci.org/svn/orca/core/trunk The core (includes mysql schemas)
https://geni-orca.renci.org/svn/orca/webapp/trunk The Orca web portal
https://geni-orca.renci.org/svn/orca/handlers/ec2/trunk EC2/Eucalyptus handler

Most of these SVN projects build Maven artifacts (eg .../orca/core/trunk builds the orca.core POM). This is nice because if you only want to work on one part of the tree (eg handlers/ec2/trunk) you only need check out that part of the tree. When you build with Maven, prebuilt packages for all the other components you need will be downloaded and used. This does present a couple of problems, though:

  1. Maven needs to be able to find the remote repository we use (https://geni-orca.renci.org/maven/)
  2. Maven doesn't like talking to https:// servers with a self-signed certificate

Fixing SSL errors

An easy solution to the first problem requires solving the second one first. In order for Java to trust the CA that signed the SSL certificate used by https://geni-orca.renci.org we need to import this into the Java-local keystore with Keytool

Assuming $JAVA_HOME is defined (eg export JAVA_HOME="/Library/Java/Home" on OS X) the following horrible one-liner will do this:


echo |openssl s_client -connect geni-orca.renci.org:443 2>&1 |sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | sudo keytool -import -trustcacerts -alias geni-orca -keystore  $JAVA_HOME/lib/security/cacerts -storepass changeit -noprompt


This uses openssl to retrieve the CA cert, then tells keytool to add the certificate to its trusted CA list. "changeit" is the default keystore password.

Telling Maven about the repository

You could do this by editing files in ~/.m2/settings.xml (at least I think so). I find it's easier just to

 svn checkout https://geni-orca.renci.org/svn/orca/pom/trunk pom
 cd pom
 mvn install

Once you've done this a local package with information about the Orca project (and its repository at geni-orca.renci.org) will be placed in your ~/.m2 directory.