Personal tools

Pawn:Configure Scheduler

From Adapt

Jump to: navigation, search

This is out of date, for version .5

Introduction

The PAWN scheduler helps determine which receiving server should handle any given package. In addition to scheduling data to receiving servers, the scheduler also holds all configuration options for receiving servers, and acts as a SAML Authority for the configuration client and receiving servers.

Initial Setup

To run the scheduler for the first time, you must setup it's context file. Usually this is located in your tomcat installation / conf/Catalina/localhost/pawn-archive.xml. A sample configuration is listed below (see attachments for a copy of this file):

  <Parameter name="edu.umiacs.pawn.scheduler.config.dir" value="/fs/narahomes/naraapp/naradev04/scheduler-settings"/>

  <!-- SAML Authority config -->
  <Parameter name="edu.umiacs.wssec.keystore.caalias" value="cacert"/>
  <Parameter name="edu.umiacs.wssec.keystore.file" value="/fs/narahomes/naraapp/naradev04/scheduler-settings/server.p12"/>
  <Parameter name="edu.umiacs.wssec.keystore.passwd" value="producer"/>
  <Parameter name="edu.umiacs.wssec.keystore.aliaspasswd" value="producer"/>
  <Parameter name="edu.umiacs.wssec.keystore.privkeyalias" value="producer"/>
  <Parameter name="edu.umiacs.wssec.issuer" value="http://umiacs.umd.edu/scheduler"/>
  <Parameter name="edu.umiacs.wssec.keystore.ca" value="ca" />

edu.umiacs.pawn.scheduler.config.dir
Configuration directory for receiving server config. This directory should exist and be writable by the user running pawn.

All items starting with edu.umiacs.wssec are used to configure the internal SAML Authority.

edu.umiacs.wssec.keystore.caalias
alias containing CA certificate that was used to sign all client certificates
edu.umiacs.wssec.keystore.file
Location of keystore containing ca certificate, and authority keypair used to issue new assertions.
edu.umiacs.wssec.keystore.passwd
password for keystore
edu.umiacs.wssec.keystore.aliaspasswd
password for authority keypair (usually same as keystore password)
edu.umiacs.wssec.keystore.privkeyalias
alias for keypair used to sign assertions
edu.umiacs.wssec.issuer
unique URL identifying this SAML issuer / scheduler, this should be different from the one set in the manager even if all services will run on the same machine.

After configuring this file, place a copy of pawn-scheduler into your tomcat/webapps directory and restart tomcat. The scheduler is now ready to be introduced to other managers, receiving servers and resources.


Administration Interface

The scheduler is configurable from the administration interface. If you have a local copy of the java-ws packages installed, you can start it from there, otherwise http://narapawn.umiacs.umd.edu:8080/java-ws/ has a webstart link to the interface.

When you run the interface, you'll need to have a keystore with keys signed by the same certificate authority as the scheduler's keystore. For the initial setup, the login will be set to username 'admin' and password 'password'. You should change this in the 'Accounts' tab.

When you connect for the first time, you'll have a scheduler-stub under the producers button, and the public certificate that signed the servers public key. You should *not* change this information. To use pawn you will need to configure at least one producer, and one receiving server.

If you make a change in the admin interface, you will need to restart any receiving servers that you have configured. This will probably be fixed in a future release.


Configurable Items

The following configuration items are stored on the PAWN receiving server.

Receiving servers
Each receiving server has a username/servername attached to it, a url where it can be reached, and a set of predefined storage pools
Resources
Since PAWN is not the final storage for data, it needs to know about backend services that can be used to push data into a more persistant form. The scheduler holds any driver files and configurations necessary for all resources
Producers
Each management server that will be pushing data into an archive needs to be registered. A security realm, url, and certificate identifying the producer needs to be registered. In addition, each producer is assigned an endpoint for data published from it's clients.
Certificate Authorities
A list of trusted certificate authorities used to sign client certificates. This should not be the producers certificate.


Adding new managers

To use pawn, you must configure at least one management server. To do this, click on the producers tab.

  • Securiy Namespace
  • Manager URL - A url for where the manager service is running. this is usually of the form http://naradev04.umiacs.umd.edu:8080/pawn/services/Manager with naradev04.umiacs... replaced with your manager server
  • Manager certificate - public key from the manager keystore, this should be in pem format

Adding trusted Certificate Authorities

Adding new receiving servers

To send any data into pawn you must configure at least one receiving server. A receiving server consists of two parts, a username and password that it will use to connect, and a set of storage pools that hold data. To add a receiving server, click on 'Receivers' and fill out the following:

  • Name - hostname that this server will connect from. This should match the receivers configuration, and be resolvable in DNS. This can also be an IP if dns is not configured.
  • URL - location of the receiver service on the server. Usually this is in the form http://naradev02.umiacs.umd.edu:8080/pawn-archive/services/Receiver w/ naradev02... replaced the hostname and port of your service
  • Password - password this host will use to connect to the scheduler. This should match the receivers configuration

After all information is entered, click 'Add'. Now you can configure a storage pool. Select the new host and click 'Add' under the storage pools section.

  • pool name - descriptive name for hte storage pool
  • path - path to the storage pool location

Click 'Add' when you are finished. If you have not already done so, you can now configure the service side of your receiving server. You will need to (re)start the receiving server so that it finds it's the new storage pool


Add Schema

Add new resources

-- Main.MikeSmorul - 27 Oct 2005