Changes between Version 32 and Version 33 of bestPractices

Show
Ignore:
Timestamp:
05/09/11 16:43:26 (8 years ago)
Author:
ibaldin (IP: 152.54.9.21)
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • bestPractices

    v32 v33  
    2121  1. You must decide and document the topology of the ORCA actors in the future deployment - how many Tomcat containers you will have, which hosts they will be located on and which actors will be deployed in which container.  
    2222    * '''BIG FAT NOTE:''' current design prevents a service manager from talking to remote authorities if it is co-located with the broker in the same container. If your service manager is expected to redeem on remote sites, do not put it in the same container as the broker. 
    23   1. Setup tomcat on each of the hosts. The canonical way, in which RENCI sets up ORCA is to have $ORCA_HOME=/opt/orca on each of the deployment hosts. ORCA-modified tomcat is installed under $ORCA_HOME/tomcat and $ORCA_HOME/tomcat/start.sh and $ORCA_HOME/tomcat/stop.sh scripts are modified to reflect the $ORCA_HOME setting by prepending them with  
    24 {{{ 
    25 export ORCA_HOME=/opt/orca 
    26 export CATALINA_HOME=$ORCA_HOME/tomcat 
    27 }}} 
    28   1. MySQL database on each of the hosts must be [wiki:databaseSetup initialized] with the schema and initial data. Loading inventory files is optional. 
     23  1. [wiki:orca-home Setup ORCA Configuration directories] on each host 
     24  1. [wiki:orca-tomcat Setup tomcat] on each of the hosts.  
     25  1. [wiki:databaseSetup Setup MySQL database] on each of the hosts  
    2926  1. Verify that tomcat starts and stops properly without ORCA 
    3027{{{ 
     
    3532 
    3633=== Preparing the configuration === 
    37 The deployment can use a single source tree located on the machine, where you build ORCA, which has Java, Ant and Maven. The hosts with Tomcat containers should have the same version of Java as is used on the build machine.  
     34 
     35You can deploy from a [wiki:orca-binary-release binary release] or from [wiki:buildInstructions source]. If deploying from source the deployment can use a single source tree located on the machine, where you build ORCA, which has Java, Ant and Maven. The hosts with Tomcat containers should have the same version of Java as is used on the build machine.  
     36 
     37 * For Bella 2.2 and prior releases build and deploy from source: 
    3838 
    3939  1. Build ORCA as usual 
     
    7676$ tar -cf - scripts/ | ssh user@hostX tar -xf - -C $ORCA_HOME 
    7777}}} 
    78 '''CAVEAT:''' this method obviously accumulates certificates of all actors across containers. This is '''OK''' for some definition of OK. The important thing is that the container has a version of the keystore that contains the certificates for actors in that container. Any extra certificates will not harm but present a potential security loophole. A more involved method would create separate runtime/ directories for each container. 
    79  
    80 === Deploying  === 
    81  
     78    1. '''CAVEAT:''' this method obviously accumulates certificates of all actors across containers. This is '''OK''' for some definition of OK. The important thing is that the container has a version of the keystore that contains the certificates for actors in that container. Any extra certificates will not harm but present a potential security loophole. A more involved method would create separate runtime/ directories for each container. 
    8279  1. Create the [https://geni-orca.renci.org/orca-doc/current/guides/container-configuration/xml.html actor configuration] for the container by editing $HOME/hostX/actor_configs/config.xml for each host. You will need the GUIDs you have issued to the actors. At the bottom of this page is a working example of a configuration file. 
    8380  1. To lookup certificates for actors in other containers (if they are already running), consult ORCA [http://geni.renci.org:11080/registry/actors.jsp actor registry]. You can extract them from your own keystores as described [https://geni-orca.renci.org/orca-doc/current/guides/getting-started/index.html#How_to_generate_an_actor_certificate here] 
     
    9289 
    9390 
     91 * For Camano 3.0 and later use the binary release  
     92  1. Generate GUIDs and certificates for all actors, copy the contents of $ORCA_SRC/tools/config/runtime to each host's $ORCA_HOME/config/runtime 
     93  1. Create $ORCA_HOME/config/container.properties and $ORCA_HOME/config/config.xml actor configuration file for each host 
     94  1. Add any additional configuration, like e.g. [wiki:deploy-am for an authority actor] 
     95  1. Check that your actors are properly registered by visiting the ORCA [http://geni.renci.org:11080/registry/actors.jsp actor registry]. 
    9496 
     97