Catania Science Gateway Framework Documentation¶

About¶

The DB contains the applications deployed on regional Grid infrastructures available outside Europe and developed in the context of projects funded by the European Commission.

Usage¶

Table view

Application Details

Project specific Science Gateways can be accessed by the CHAIN AppDB

Support¶

Please feel free to contact us any time if you have any questions or comments.

About¶

A standard-based solution developed by the INFN Catania for central management of robot credentials and provisioning of digital proxies to get seamless and secure access to computing e-Infrastructures supporting the X.509 standard for Authorisation.

This is a servlet based on the Java™ Cryptographic Token Interface Standard (PKCS#11). For any further information, please visit the official Java™ PKCS#11 Reference Guide [1]. By design, the servlet is compliant with the policies reported in these docs [1][2].

The business logic of the library, deployed on top of an Apache Tomcat Application Server, combines different programming native interfaces and standards.

The high-level architecture of the eToken servlet is shown in the below figure:

The business logic has been conceived to provide “resources” (e.g. complaint VOMS proxies) in a “web-manner” which can be consumed by authorized users, client applications and by portals and Science Gateways. In the current implementation, robot certificates have been safely installed on board of SafeNet [3] eToken PRO [4] 32/64 KBytes USB smart cards directly plugged to a remote server which serve, so far, six different Science Gateways.

The complete list of software, tools and APIs we have used to implement the new crypto library interface are listed below:

• Apache Application Server [5],
• JAX-RS, the Java API for RESTful Web Services (JSR 311 standard) [6],
• Java Technology Standard Edition (Java SE6) [7],
• The Cryptographic Token Interface Standard (PKCS#11) libraries [8],
• The open-source BouncyCastle Java APIs [9],
• The JGlobus-Core Java APIs [10],
• The VOMS-clients Java APIs [11],
• The VOMS-Admin Java APIs [12].

Installation¶

For more details about how to configure and install the servlet, please refer to the installation document.

Usage¶

For more details about how to work with the servlet, please refer to the installation document.

Contributor(s)¶

Please feel free to contact us any time if you have any questions or comments.

HOW TO INSTALL AND CONFIGURE THE ETOKEN & THE MYPROXY SERVLETS¶

About this document¶

This is the official documentation to configure and install the eTokenServer servlet (v2.0.4).

This document provides an in-depth overview of the light-weight crypto library, a standard-based solution developed by INFN Catania for central management of robot credentials and provisioning of digital proxies to get seamless and secure access to computing e-Infrastructures supporting the X.509 standard for Authorisation.

In this solution robot certificates are available 24h per day on board of USB eToken PRO [1] 32/64 KBytes smart cards having the following technical specification:

We appreciate attribution. In case you would like to cite the Java light-weight crypto library in your papers, we recomment that you use the following reference:

V. Ardizzone, R. Barbera, A. Calanducci, M. Fargetta, E. Ingra’, I. Porro, G. La Rocca, S. Monforte, R. Ricceri, R. Rotondo, D. Scardaci and A. Schenone *The DECIDE Science Gateway* Journal of Grid Computing (2012) 10:689-70 DOI 10.1007/s10723-012-9242-3

We also would like to be notified about your publications that involve the use of the Java light-weight crypto libraries, as this will help us to document its usefulness. We like to feature links to these articles, with your permission, on our Web site. Additional reference to the Java light-weight crypto library and other relevant activities can be fould at [2].

Licence¶

Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Conventions used in this document¶

The following typographical conventions are used in this document:

Italic

Indicates new terms, URLs, filenames, and file extentions

Constant width italic

Shows text that should be replaced with user-specific values

This icon indicates a warning or caution.

This icon indicates that there are files to be downloaded.

Chapter I - System and Software Requirements¶

This chapter provide the list of requirements and the basic information that you need to know to install and configure the servlet.

#	Server	OS and Arch.		Host. Cert	Disk Space	CPU and RAM
1	Physical machine with at least 2 USB ports perfectly working	SL release 5.10 (Boron) x86_64 GNU/Linux		Yes	>= 80 GB	>= 4 cores >= 8 GB RAM Swap >=4 GB
Comments: The server must be registered to the DNS with direct adn reverse resolution; Please set a human readable server hostname for your server (e.g. etoken<your-domain>); The OS installation should include the X-server since it is needed to open etProps app; This installation has been successfully tested with eToken PRO 32/64 KBytes USB smart cards; At least 1 USB eToken PRO 75 KBytes must be available before the installation (contact SafeNet Inc. [3] to find a neighbor reseller and get prices).

OS and repos¶

Start with a fresh installation of Scientific Linux 5.X (x86_64).

]# cd /etc/redhat-release
Scientific Linux release 5.10 (Boron)

• Configure the EGI Trust Anchor repository

]# cd /etc/yum.repos.d/
]# cat egi-trustanchors.repo
[EGI-trustanchors]
name=EGI-trustanchors
baseurl=http://repository.egi.eu/sw/production/cas/1/current/
gpgkey=http://repository.egi.eu/sw/production/cas/1/GPG-KEY-EUGridPMA-RPM-3
gpgcheck=1
enabled=1

• Install the latest EUGridPMA CA rpms

]# yum clean all
]# yum install -y ca-policy-egi-core

• Configure the EPEL repository:

]# cd /etc/yum.repos.d/
]# cat /etc/yum.repos.d/epel.repo
[epel]
name=Extra Packages for Enterprise Linux 5 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/5/$basearch
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL

[epel-debuginfo]
name=Extra Packages for Enterprise Linux 5 - $basearch - Debug
#baseurl=http://download.fedoraproject.org/pub/epel/5/$basearch/debug
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-5&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
gpgcheck=1

[epel-source]
name=Extra Packages for Enterprise Linux 5 - $basearch - Source
#baseurl=http://download.fedoraproject.org/pub/epel/5/SRPMS
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-5&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
gpgcheck=1

• Install the latest epel release

]# yum clean all
]# yum install -y epel-release --nogpgcheck

SELinux configuration¶

Be sure that SELinux is disabled (or permissive). Details on how to disable SELinux are here [12]

]# getenforce
Disabled

sendmail¶

Start the sendmail service at boot. Configure access rules to allow connections and open the firewall on port 25.

]# /etc/init.d/sendmail start
]# chkconfig --level 2345 sendmail on

]# cat /etc/hosts.allow
sendmail: localhost

]# cat /etc/sysconfig/iptables
[..]
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 25 -s 127.0.0.1 -j ACCEPT

NTP¶

Use NTP to synchronize the time of the server

]# ntpdate ntp-1.infn.it
]# /etc/init.d/ntpd start
]# chkconfig --level 2345 ntpd on

fetch-crl¶

Install and configure the fetch-crl

]# yum install -y fetch-crl
]# /etc/init.d/fetch-crl-cron start
]# chkconfig --level 2345 fetch-crl-cron on

Host Certificates¶

Navigate the interactive map and search for your closest Certification Authorities [13] or, alternatively, buy a multi-domain COMODO [14] SSL certificate.

Public and Private keys of the host certificate have to be copied in /etc/grid-security/

]# ll /etc/grid-security/host*
-rw-r--r--  1 root root 1627 Mar 10 14:55 /etc/grid-security/hostcert.pem
-rw-------  1 root root 1680 Mar 10 14:55 /etc/grid-security/hostkey.pem

Configure VOMS Trust Anchors¶

The VOMS-clients APIs need local configuration to validate the signature on Attribute Certificates issued by trusted VOMS servers.

The VOMS clients and APIs look for trust information in the /etc/grid-security/vomsdir directory.

The vomsdir directory contains a directory for each trusted VO. Inside each VO two types of files can be found:

• An LSC file contains a description of the certificate chain of the certificate used by a VOMS server to sign VOMS attributes.
• An X509 certificates used by the VOMS server to sign attributes.

These files are commonly named using the following pattern:

<hostname.lsc>
<hostname.pem>

where hostname is the host where the VOMS server is running.

When both .lsc and .pem files are present for a given VO, the .lsc file takes precedence. The .lsc file contains a list of X.509 subject strings, one on each line, encoded in OpenSSL slash-separate syntax, describing the certificate chain (up and including the CA that issued the certificate). For instance, the voms.cnaf.infn.it VOMS server has the following .lsc file:

/C=IT/O=INFN/OU=Host/L=CNAF/CN=voms.cnaf.infn.it
/C=IT/O=INFN/CN=INFN CA

Install in /etc/grid-security/vomsdir/ directory the .lsc for each trusted VO that you want to support.

An example of /etc/grid-security/vomsdir/ directory can be downloaded from here [15].

Configure VOMS server endpoints¶

The list of known VOMS server is maintained in vomses files. A vomses file is a simple text file which contains one or more lines formatted as follows:

"vo_name"       "hostname"      "port"  "dn"    "aliases"

Where:

• vo_name is the name of the VO served by the VOMS server,
• hostname is the hostname where the VOMS server is running,
• port is the port where the VOMS server is listening for incoming requests,
• dn is the subject of certificate of the VOMS server, and the
• aliases is an alias that can be used for this VOMS server (this is typically identical to the vo_name).

System wide VOMSES configuration is maintained in the /etc/vomses file or directory. If the /etc/vomses/ is a directory, all the files contained in such directory are parsed looking fro VOMS contact information.

Install in the /etc/vomses the contact information for each trust VO you want to support!

An example of VOMS contact information can be downloaded from [16]

Chapter II - Installation & Configuration¶

This chapter introduces the manual installation of the SafeNet eToken PKI client library on a Linux system, the software that enables eToken USB operations and the implementation of eToken PKI-based solutions.

Software Requirements¶

The software also includes all the necessary files and drivers to support the eToken management. During the installation, the needed libraries and drivers will be installed in /usr/local/bin, /usr/local/lib and /usr/local/etc.

Before to start, please check if pcsc- packages are already installed on your server.

]# rpm -e pcsc-lite-1.4.4-4.el5_5 \
          pcsc-lite-libs-1.4.4-4.el5_5 \
          pcsc-lite-doc-1.4.4-4.el5_5 \
          pcsc-lite-devel-1.4.4-4.el5_5 \
          ccid-1.3.8-2.el5.i386 \
          ifd-egate-0.05-17.el5.i386 \
          coolkey-1.1.0-16.1.el5.i386 \
          esc-1.1.0-14.el5_9.1.i386

Download the correct software packages:

• pcsc-lite-1.3.3-1.el4.rf.i386.rpm [17]
• pcsc-lite-libs-1.3.3-1.el4.rf.i386.rpm [18]
• pcsc-lite-ccid-1.2.0-1.el4.rf.i386.rpm [19]

]# rpm -ivh pcsc-lite-1.3.3-1.el4.rf.i386.rpm \
            pcsc-lite-ccid-1.2.0-1.el4.rf.i386.rpm \
            pcsc-lite-libs-1.3.3-1.el4.rf.i386.rpm

     Preparing...            ########################################### [100%]
     1:pcsc-lite-libs        ########################################### [ 33%]
     2:pcsc-lite-ccid        ########################################### [ 67%]
     3:pcsc-lite             ########################################### [100%]

Before installing the eToken PKI Client, please check if the PC/SC-Lite pcscd daemon is running:

]# /etc/init.d/pcscd start

Install PKI_Client library¶

Contact the SafeNet Inc. and install the latest eToken PKI Client (ver. 4.55-34) software on your system.

]$ rpm -ivh pkiclient-full-4.55-34.i386.rpm

Preparing...             ########################################### [100%]
Stopping PC/SC smart card daemon (pcscd): [ OK ]
        1:pkiclient-full ########################################### [100%]
Checking installation of pcsc from source... None.
Starting PC/SC smart card daemon (pcscd): [ OK ]
Adding eToken security provider...Done.
PKIClient installation completed.

Configure additional libraries¶

Download the appropriate libraries [20] for your system and save it as Mkproxy-rhel4.tar.gz.

The archive contains all the requires libraries for RHEL4 and RHEL5.

]# tar zxf Mkproxy-rhel4.tar.gz
]# chown -R root.root etoken-pro/
]# tree etoken-pro/
etoken-pro/
|-- bin
| |-- cardos-info
| |-- mkproxy
| |-- openssl
| `-- pkcs11-tool
|-- etc
| |-- hotplug.d
| | `-- usb
| |  `-- etoken.hotplug
| |-- init.d
| | |-- etokend
| | `-- etsrvd
| |-- openssl.cnf
| |-- reader.conf.d
| | `-- etoken.conf
| `-- udev
|    `-- rules.d
|    `-- 20-etoken.rules
`-- lib
     |-- engine_pkcs11.so
     |-- libcrypto.so.0.9.8
     `-- libssl.so.0.9.8

Untar the archive and copy the files to their respective locations.

• Copy binary files

]# cp -rp etoken-pro/bin/cardos-info /usr/local/bin/
]# cp -rp etoken-pro/bin/mkproxy /usr/local/bin/
]# cp -rp etoken-pro/bin/pkcs11-tool /usr/local/bin/
]# cp -rp etoken-pro/bin/openssl /usr/local/bin/

• Copy libraries

]# cp -rp etoken-pro/lib/engine_pkcs11.so /usr/local/lib
]# cp -rp etoken-pro/lib/libssl.so.0.9.8 /usr/local/lib
]# cp -rp etoken-pro/lib/libcrypto.so.0.9.8 /usr/local/lib

• Copy configuration files

]# cp -rp etoken-pro/etc/openssl.cnf /usr/local/etc

• Set the PKCS11_MOD environment variable

Edit the /usr/local/bin/mkproxy script and change the PKCS11_MOD variable settings:

export PKCS11_MOD="/usr/lib/libeTPkcs11.so"

• Create symbolic links

]# cd /usr/lib/
]# ln -s /usr/lib/libpcsclite.so.1.0.0 libpcsclite.so
]# ln -s /usr/lib/libpcsclite.so.1.0.0 libpcsclite.so.0

]# ll libpcsclite.so*
   lrwxrwxrwx 1 root root 29 Feb 17 09:47 libpcsclite.so -> /usr/lib/libpcsclite.so.1.0.0
   lrwxrwxrwx 1 root root 29 Feb 17 09:52 libpcsclite.so.0 -> /usr/lib/libpcsclite.so.1.0.0
   lrwxrwxrwx 1 root root 20 Feb 17 09:04 libpcsclite.so.1 -> libpcsclite.so.1.0.0
   -rwxr-xr-x 1 root root 92047 Jan 26 2007 libpcsclite.so.1.0.0

To administer the USB eToken PRO 64KB and add a new robot certificate, please refer to the Appendix I.

• Testing

]# export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib
]# pkcs11-tool -L --module=/usr/lib/libeTPkcs11.so

Available slots:
**Slot 0** AKS ifdh 00 00
     token label: **eToken**
     token manuf: Aladdin Ltd.
     token model: eToken
     token flags: rng, login required, PIN initialized, token initialized, other flags=0x200
     serial num : 001c3401
**Slot 1** AKS ifdh 01 00
     token label: **eToken1**
     token manuf: Aladdin Ltd. token model: eToken
     token flags: rng, login required, PIN initialized, token initialized, other flags=0x200
     serial num : 001c0c05
[..]

The current version of PKI_Client supports up to 16 different slots! Each slot can host a USB eToken PRO smart card.

• Generating a standard proxy certificate

]# mkproxy
Starting Aladdin eToken PRO proxy generation
Found X.509 certificate on eToken:
  label: (eTCAPI) MrBayes's GILDA ID
  id: 39453945373335312d333545442d343031612d384637302d3238463636393036363042303a30
Your identity: /C=IT/O=GILDA/OU=Robots/L=INFN Catania/CN=MrBayes
Generating a 512 bit RSA private key
.++++++++++++
..++++++++++++
writing new private key to 'proxykey.FM6588'
-----
engine "pkcs11" set. Signature ok
subject=/C=IT/O=GILDA/OU=Robots/L=INFN Catania/CN=MrBayes/CN=proxy Getting CA Private Key
PKCS#11 token PIN: *******
Your proxy is valid until: Wed Jan 16 01:22:01 CET 2012

Chapter III - Installing Apache Tomcat¶

• The instructions below are for installing version Java 7 Update 1 (7u1).

]# rpm -e java-1.4.2-gcj-compat-1.4.2.0-40jpp.115 \
          antlr-2.7.6-4jpp.2.x86_64 gjdoc-0.7.7-12.el5.x86_64

]# rpm -ivh jdk-7u1-linux-i586.rpm

• Download and extract the eTokens-2.0.5 directory with all the needed configuration files in the root’s home directory.

Download an example of configuration files for the eToken from here [21] and save it as eTokens-2.0.5.tar.gz.

]# tar zxf eTokens-2.0.5.tar.gz
]# tree -L 2 eTokens-2.0.5
eTokens-2.0.5
|-- config
| |-- eToken.cfg
  |-- eToken1.cfg
  |-- ..

The config directory MUST contain a configuration file for each USB eToken PRO 32/64KB smart card plugged into the server.

]# cat eTokens-2.0.5/config/eToken.cfg
name = **eToken** *Insert here an unique name for the new etoken*
library = /usr/lib/libeTPkcs11.so
description = **Aladdin eToken PRO 64K 4.2B**
slot = **0** *Insert here an unique slot id for the new token*

attributes(*,CKO_PRIVATE_KEY,*) = { CKA_SIGN = true }
attributes(*,CKO_PRIVATE_KEY,CKK_DH) = { CKA_SIGN = null }
attributes(*,CKO_PRIVATE_KEY,CKK_RSA) = { CKA_DECRYPT = true }

If you are using USB eToken PRO 32KB, please change the description as follows:

description = **Aladdin eToken PRO 32K 4.2B**

Download the latest release of Apache Tomcat. For this wiki we used the following version: apache-tomcat-7.0.34

• Creating a Java Keystore from scratch containing a self-signed certificate

Make a temporary copy of hostcert.pem and hostkey.pem files

]# cp /etc/grid-security/hostcert.pem /root
]# cp /etc/grid-security/hostkey.pem /root

Convert both, the key and the certificate into DER format using openssl command:

]# openssl pkcs8 -topk8 -nocrypt \
                 -in hostkey.pem -inform PEM \
                 -out key.der -outform DER

]# openssl x509 -in hostcert.pem \
                -inform PEM \
                -out cert.der \
                -outform DER

• Import private and certificate into the Java Keystore

Download the following Java source code [22] and save it as ImportKey.java

Edit the ImportKey.java file containing the following settings for the Java JKS

// Change this if you want another password by default
String keypass = "**changeit**"; <== Change it!

// Change this if you want another alias by default
String defaultalias = "**giular.trigrid.it**"; <== Change it!

If (keystorename == null)
        Keystorename = System.getProperty("user.home")
        + System.getProperty("file.separator")
        + "**eTokenServerSSL**"; // <== Change it!

Please change “giular.trigrid.it” with the host of the server you want to configure.

• Compile and execute the Java file:

]# javac ImportKey.java
]# java ImportKey key.der cert.der
Using keystore-file : /root/eTokenServerSSL One certificate, no chain.
Key and certificate stored.
Alias: giular.trigrid.it Password: changeit

Now we have a JKS containig:

• the key and the certificate stored in the eTokenServerSSL file,
• using giular.trigrid.it as alias and
• changeit as password.

Move the JKS to the Apache-Tomcat root directory

]# mv /root/eTokenServerSSL apache-tomcat-7.0.34/eTokenServerSSL

• SSL Configuration

Add the new SSL connector on port 8443 in the server.xml file

]# cat apache-tomcat-7.0.34/conf/server.xml
[..]

<Connector port="8082" protocol="HTTP/1.1" connectionTimeout="20000" redirectoPrt="8443">
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
                       SSLEnabled="true"
                       maxThreads="150" scheme="https" secure="true"
                       clientAuth="false" sslProtocol="TLS"
                       useSendfile="false"
                       keystoreFile="/root/apache-tomcat-7.0.34/eTokenServerSSL"
                       keyAlias="giular.trigrid.it" keystorePass="changeit"/>
[..]

Edit the /etc/sysconfig/iptables file in order to accept incoming connections on ports 8082 and 8443.

• How to start, stop and check the Apache Tomcat server

1. Configure the JAVA_HOME env. variable

]# cat ~/.bash_profile
# .bash_profile

# Get the aliases and functions
if [ -f ~/.bashrc ]; then
       . ~/.bashrc
fi

# User specific environment and startup programs

PATH=$PATH:$HOME/bin
JAVA_HOME=/usr/java/latest

export PATH
export JAVA_HOME
unset USERNAME

2. Start and check the application server as follows:

]# cd /root/apache-tomcat-7.0.34/
]# ./bin/startup.sh
Using CATALINA_BASE: /root/apache-tomcat-7.0.34
Using CATALINA_HOME: /root/apache-tomcat-7.0.34
Using CATALINA_TMPDIR: /root/apache-tomcat-7.0.34/temp
Using JRE_HOME: /usr
Using CLASSPATH: /root/apache-tomcat-7.0.34/bin/bootstrap.jar:\
                 /root/apache-tomcat-7.0.34/bin/tomcat-juli.jar

3. Stop the application server as follows:

]# ./bin/shutdown
Using CATALINA_BASE: /root/apache-tomcat-7.0.34
Using CATALINA_HOME: /root/apache-tomcat-7.0.34
Using CATALINA_TMPDIR: /root/apache-tomcat-7.0.34/temp
Using JRE_HOME: /usr
Using CLASSPATH: /root/apache-tomcat-7.0.34/bin/bootstrap.jar:\
                 /root/apache-tomcat-7.0.34/bin/tomcat-juli.jar

• Install external libraries

Download and save the external libraries [23] as lib.tar.gz

]# tar zxf lib.tar.gz
]# cp ./lib/*.jar /root/apache-tomcat-7.0.34/lib

• Deploy the WAR files

]# cd /root/apache-tomcat-7.0.34/

Create the following **eToken.properties** configuration file with the following settings:

# **VOMS Settings**
# Standard location of configuration files
VOMSES_PATH=/etc/vomses
VOMS_PATH=/etc/grid-security/vomsdir
X509_CERT_DIR=/etc/grid-security/certificates
# Default VOMS proxy lifetime (default 12h)
VOMS_LIFETIME=24

# **Token Settings**
ETOKEN_SERVER=giular.trigrid.it            # <== Change here
ETOKEN_PORT=8082
ETOKEN_CONFIG_PATH=/root/eTokens-2.0.5/config
PIN=******                                 # <== Add PIN here

# **Proxy Settings**
# Default proxy lifetime (default 12h) PROXY_LIFETIME=24
# Number of bits in key {512|1024|2048|4096}
PROXY_KEYBIT=1024

# **Administrative Settings**
SMTP_HOST=smtp.gmail.com                   # <== Change here
SENDER_EMAIL=credentials-admin@ct.infn.it  # <== Change here
DEFAULT_EMAIL=credentials-admin@ct.infn.it # <== Change here
EXPIRATION=7

Create the following **Myproxy.properties** configuration file with the following settings:

# **MyProxy Settings**
MYPROXY_SERVER=myproxy.cnaf.infn.it           # <== Change here
MYPROXY_PORT=7512
# Default MyProxy proxy lifetime (default 1 week)
MYPROXY_LIFETIME=604800
# Default temp long-term proxy path
MYPROXY_PATH=/root/apache-tomcat-7.0.53/temp  # <== Change here

Download the servlet for the eTokenServer [24] and save it as eTokenServer.war

Download the servlet for the MyProxyServer [25] and save it as MyProxyServer.war

]# cp eTokenServer.war webapps/
]# cp MyProxyServer.war webapps/
]# ./bin/catalina.sh stop && sleep 5

]# cp -f eToken.properties webapps/eTokenServer/WEB-INF/classes/infn/eToken/
]# cp -f MyProxy.properties webapps/MyProxyServer/WEB-INF/classes/infn/MyProxy/

]# ./bin/catalina.sh start
]# tail -f logs/eToken.out
]# tail -f logs/MyProxy.out

• Configure tomcat to start-up on boot

Create the following script:

]# cat /etc/init.d/tomcat
#!/bin/bash
# chkconfig: 2345 91 91
# description: Start up the Tomcat servlet engine.

. /etc/init.d/functions
RETVAL=$?
CATALINA_HOME="/root/apache-tomcat-7.0.34"

case "$1" in
     start)
             if [ -f $CATALINA_HOME/bin/startup.sh ];
             then
                     echo $"Starting Tomcat"
                     /bin/su root $CATALINA_HOME/bin/startup.sh
             fi
             ;;
     stop)
             if [ -f $CATALINA_HOME/bin/shutdown.sh ];
             then
                     echo $"Stopping Tomcat"
                     /bin/su root $CATALINA_HOME/bin/shutdown.sh
             fi
             ;;
     \*)
             echo $"Usage: $0 {start|stop}"
             exit 1
             ;;
     esac
     exit $RETVAL

 ]# chmod a+x tomcat

• Update the run level for the tomcat service

]# chkconfig --level 2345 --add tomcat
]# chkconfig --list tomcat
   tomcat 0:off 1:off 2:on 3:on 4:on 5:on 6:off

Chapter IV - Usage¶

In this chapter is show the administrator (only restricted access) web interface to interact with the RESTful “ligth-weight” crypto library which is configured for:

1. browsing the digital certificates available on the different smart cards;
2. generating VOMS-proxy for a given X.509 digital certificate.

• Accessing the RESTFul crypto library via WEB

The root resource of the library is deployed at the URL https://<etoken_server>:8443/eTokenServer as shown in the figure below:

The creation of a request to access the generic USB smat card and generates a proxy certificate is performed in few steps.

• First and foremost we have to select a valid digital certificate from the list of available certificates (first accordion).
• Afterwards, depending by the selected certificate, it will be possible to select a list of FQANs attributes which will be taken into account during the proxy creation process.

• If necessary FQANs order can be changed in step 3:

• Before to complete, some additional options can be specified in the 4th. step to customize the proxy requestID:

• At the end, the complete requestID is available in step 5:

Chapter V - Some RESTful APIs¶

REST is an architectural style which defines a set of constraints that, when applied to the architecture of a distributed system, induces desiderable properties like lookse coupling and horizontal scalability. RESTful web services are the result of applying these constraints to services that utilize web standards such as URIs, HTTP, XML, and JSON. Such services become part of the fabric of the web and can take advantage of years of web engineering to satisfy their clients’ needs. The Java API for RESTful web services (JAX-RS) is a new API that aims to make development of RESTful web services in Java simple and intuitive.

In this chapter will be presented some examples of RESTful APIs used to request proxies certificates, list available robot certificates in the server-side and register long-term proxies on the MyProxy server.

Create RFC 3820 complaint proxy (simple use case):¶

https://<etoken_server>:8443/eTokenServer/eToken/332576f78a4fe70a52048043e90cd11f?\
        voms=fedcloud.egi.eu:/fedcloud.egi.eu&\
        proxy-renewal=true&\
        disable-voms-proxy=false&\
        rfc-proxy=true&cn-label=Empty

Create RFC 3820 complaint proxy (with some additional info to account real users):¶

https://<etoken_server>:8443/eTokenServer/eToken/332576f78a4fe70a52048043e90cd11f?\
        voms=fedcloud.egi.eu:/fedcloud.egi.eu&\
        proxy-renewal=true&\
        disable-voms-proxy=false&\
        rfc-proxy=true&\
        cn-label=LAROCCA

Create full-legacy Globus proxy (old fashioned proxy):¶

https://<etoken_server>:8443/eTokenServer/eToken/43ddf806454eb55ea32f729c33cc1f07?\
        voms=eumed:/eumed&\
        proxy-renewal=true&\
        disable-voms-proxy=false&\
        rfc-proxy=false&\
        cn-label=Empty

Create full-legacy proxy (with more FQANs):¶

https://<etoken_server>:8443/eTokenServer/eToken/b970fe11cf219e9c6644da0bc4845010?\
        voms=vo.eu-decide.eu:/vo.eu-decide.eu/Role=Neurologist+vo.eu-decide.eu:/vo.eu-decide.eu&\
        proxy-renewal=true&\
        disable-voms-proxy=false&\
        rfc-proxy=false&\
        cn-label=Empty

Create plain proxy (without VOMS ACs):¶

https://<etoken_server>:8443/eTokenServer/eToken/332576f78a4fe70a52048043e90cd11f?\
        voms=gridit:/gridit&\
        proxy-renewal=true&\
        disable-voms-proxy=true&\
        rfc-proxy=false&\
        cn-label=Empty

Get the list of avilable robot certificates in the server (in JSON format):¶

https://<etoken_server>:8443/eTokenServer/eToken?format=json

Get the MyProxy settings used by the eToken server (in JSON format):¶

https://<etoken_server>:8443/MyProxyServer/proxy?format=json

Register long-term proxy on the MyProxy server (only for expert user):¶

https://<etoken_server>:8443/MyProxyServer/proxy/x509up_6380887419908824.long

Appendix I - Administration of the eToken smart cards¶

This appendix provides a brief explaination of the eToken Properties (etProps) and the various configuration options available to the user.

eToken Properties provides users with a configuration tool to perform basic token management such as password changes, viewing information, and viewing of certificates on the eToken.

This appendix includes the following sections:

• Initializing the eToken PRO 32/64 KBytes USB smart card;
• Importing new certificates;
• Renaming a token.

The eToken Properties application displays all the available tokens connected to the server as show in the below figure:

In the right pane, the user may select any of the following actions which are enabled:

1.) Rename eToken - set a label for the given token;

2.) Change Password - changes the eToken user password;

3.) Unlock eToken - resets the user password via a challenge response mechanism (pnly enabled when an administrator password has been initialized on the eToken);

4.) View eToken Info - provides detailed information about the eToken;

5.) Disconnect eToken Virtual - disconnects the eToken Virtual with an option for deleting it.

The toolbar along the top contains these functions:

1.) Advanced - switches to the Advanced view;

2.) Refresh - refreshes the data for all connected tokens;

3.) About - displayes information about the product version;

4.) Help - launches the online help.

• Renaming the eToken

The token name may be personalized. To rename a token:

1.) In the left pane of the eToken Properties window, select the token to be renamed.

2.) Click Rename eToken in the right pane, and the Rename eToken dialog box is displayed as shown in the below figure:

3.) Enter the new name in the New eToken name field.

4.) Click OK. The new token name is displayed in the eToken Properties window.

• Initializing the eToken

The eToken initialization option restores an eToken to irs initial state. It removes all objects stored on the eToken since manufacture, frees up memory, and resets the eToken password, allowing administrators to initialize the eToken according to specific organizational requirements or security modes.

The following data is initialized:

• eToken name;
• User password;
• Administrator password;
• Maximum number of login failures (for user and administrator passwords);
• Requirement to change the password on the first login;
• Initialization key.

To initialize the eToken:

1.) Click on Advanced from the toolbar to switch to the Advanced view.

2.) Select the eToken you want to initialize.

3.) Click Initialize eToken on the toolbar, or right-click the token name in the left pane and select Initialize eToken from the shortcut menu. The eToken Initialization Parameters dialog box opens.

4.) Enter a name for the eToken in the eToken Name field. If no name is entered, the default name, “eToken”, is applied.

5.) Select Create User Password to initialize the token with an eToken user password. Otherwise, the token is initialized without an eToken password, and it will not be usable for eToken applications.

6.) If Create User Password is selected, enter a new eToken user password in the Create User Password and Confirm fields.

7.) I nthe Set maximum number of logon failures fields, enter a vaule between 1 and 15. This counter specifies the number of times the user or administrator can attempt to log on to the eToken with an incorrect password before the eToken is locked. The default setting for the maximum number of incorrect logon attempts is 15.

8.) To configure advanced settings, click Advanced. The eToken Advanced Settings dialog box opens.

9.) Check Load 2048-bit RSA key support

All eTokens are configured with the following default password 1234567890.

• To import a certificate

1.) Click on Advanced from the toolbar to switch to thre Advanced view.

2.) Select the eToken where you want to upload a new certificate.

3.) Click Import Certificate on the toolbar, or right-click the token name in the left pane and select Import Certificate from the shortcut menu. The Import Certificate dialog box opens.

4.) Select whether the certificate to import is on your personal computer store on the computer, or on a file. If you select the personal certificate store, a list of available certificates is displayed. Only certificates that can be imported on to the eToken are listed. These are:

• Certificates with a private key already on the eToken;
• Certificates that may be imported from the computer together with its private key.

5.) If you select Import a certificate from a file, the Choose a certificate dialog box opens.

6.) Select the certificate to import and click Open.

7.) If the certificate requires a password, a Password dialog box opens.

8.) Enter the certificate password. A dialog box opens asking if you want to store the CA certificate on the eToken.

9.) Select No. The only certificate is imported and a confirmation message is shown.

Appendix II - Increase “Open Files Limit”¶

If you are getting the error “Too many open files (24)” then your application is hitting max open file limit allowed by Linux.

Check limits of the running process:

• Find the process-ID (PID):

]# ps aux | grep -i process-name

• Suppose XXX is the PID, then run the command to check limits:

]# cat /proc/XXX/limits

To increase the limit you have to:

1. Append the following settings to set the user-limit

]# cat /etc/security/limits.conf

*          hard    nofile  50000
*          soft    nofile  50000
root       hard    nofile  50000
root       soft    nofile  50000

Once you have saved the file, you have to logout and login again.

2. Set the higher than user-limit set above.

]# cat /etc/sysctl.conf

fs.file-max = 2097152

Run the command

]# sysctl -p

3. Verify the new limits. Use the following command to see max limit of the file descriptors:

]# cat /proc/sys/fs/file-max

Appendix III - Configure GlassFish settings¶

To set JVM settings, please add the following GLASSFISH_OPTS settings in catalian.sh

CATALINA_OPTS="$CATALINA_OPTS -Xmx2336m -Xms2336m \
               -XX:NewSize=467215m -XX:MaxNewSize=467215m \
               -XX:PermSize=467215m -XX:MaxPerSize=467215m \
               -server"

Troubleshooting¶

• Private key in PKCS#8

  Cannot load end entity credentials from certificate file: /etc/grid-security/hostcert.pem and key file: /etc/grid-security/hostkey.pem

]# cd /etc/grid-security/
]# mv hostkey.pem hostkey-pk8.pem
]# openssl rsa -in hostkey-pk8.pem -out hostkey.pem
]# chmod 400 hostkey.pem

]# cd <apache-tomcat>
]# ./bin/catalina.sh stop
]# ./bin/catalina.sh start

For further information, please read the document [26]

Log Files¶

• The log messages for the eTokenServer are stored in <apache-tomcat>/logs/eToken.out
• The log messages for the MyProxyServer are stored in <apache-tomcat>/logs/MyProxy.out
• In case of errors and debug, please check these additional log files:

]# <apache-tomcat>/logs/catalina.out
]# <apache-tomcat>/logs/localhost.<date>.log

Contributor(s)¶

Please feel free to contact us any time if you have any questions or comments.

Authors:	Roberto BARBERA - Italian National Institute of Nuclear Physics (INFN), Giuseppe LA ROCCA - Italian National Institute of Nuclear Physics (INFN), Salvatore MONFORTE - Italian National Institute of Nuclear Physics (INFN)

About¶

The Federated Login portlet is an extension plugin of Liferay application framework which introduce additional authentication schema to the many already bundled.

Currently, two new schema are supported

• SAML Federation
• STORK Federation (based on STORK 1 project)

Other protocols will be added in the future

Installation¶

Usage¶

After the installation and configuration, if everything is working properly, a user accessing the portal and trying to sign-in should see the Liferay login portlet with the new protocols, when enabled, shown with an icon and a link, such as when OpenID or Facebook authentication are enabled. The following figures shows the login portlet where both SAML and STORK are enabled and the local account are disabled (username and password fields are not present):

Contributors¶

• Marco Fargetta
• Roberto Barbera

About¶

The Catania Grid & Cloud Engine is a standard based middleware independent JAVA library that provides several APIs to submit and manage jobs on Distributed Computer Infrastructures (DCI). It is compliant with the Open Grid Forum (OGF) Simple API for Grid Applications (SAGA) standard.

The Catania Grid & Cloud Engine provides a standard way to interact with different DCI middlewares, so the developers can develop their applications without worrying about the details of the infrastructures where those applications will be performed.

The Figure 1 shows the Catania Grid & Cloud Engine architecture, that consists of:

• two interfaces:

  • Science GW interface: towards the applications;
  • DCI interface: towards the DCI middlwares based on the SAGA Standard;

• three modules:

  • Job Engine Module: to manage jobs;
  • Data Engine Module: to move data towards/from the DCIs
  • User Track & Monitoring Module: to store information about the users interactions in the usertracking database.

Catania Grid & Cloud Engine Architecture

Installation¶

To install the Catania Grid & Cloud Engine first of all you have to create the Usertracking database where users interactions will be stored.

1. Create the userstracking database using the following commnad:

mysql -u root -p

mysql> CREATE DATABASE userstracking;

2. Download the SQL scripts from here and performs the following command to create the empty schema:

mysql -u root -p < UsersTrackingDB.sql

Then you need to download and configure the Catania Grid & Cloud Engine dependencies.

1. Download the GridEngine_v1.5.10.zip from this link
2. Unzip the GridEngine_v1.5.9.zip

unzip GridEngine_v1.5.9.zip

3. Copy the extracted lib folder under the application server /lib folder:

cp -r lib /opt/glassfish3/glassfish/domains/liferay/lib/

4. Download the attached GridEngineLogConfig.xml (link), and move this file to the Liferay config folder:

mv GridEngineLogConfig.xml \
/opt/glassfish3/glassfish/domains/liferay/config

5. Restart Glassfish server

/opt/glassfish3/bin asadmin-stop liferay
/opt/glassfish3/bin asadmin-start liferay

When the start process ends load the Glassfish Web Administration Console: http://sg-server:4848, fill with username liferayadmin and the password you set for the glassfish administrator and create the required resources.

JNDI Resources¶

Select Resources -> JNDI -> Custom Resources from left panel. Then on the right panel you can create the resources by clicking the New... button.

1. Create GridEngine-CheckStatusPool with the following parameters (Figure 2):

   • JNDI Name: GridEngine-CheckStatusPool;

   • Resource Type: it.infn.ct.ThreadPool.CheckJobStatusThreadPoolExecutor

   • Factory Class: it.infn.ct.ThreadPool.CheckJobStatusThreadPoolExecutorFactory

   • Additional Properties:

     • corePoolSize: 50
     • maximumPoolSize: 100
     • keepAliveTime: 4
     • timeUnit: MINUTES
     • allowCoreThreadTimeOut: true
     • prestartAllCoreThreads: true

GridEngine-CheckStatusPool JNDI Resource

2. Create GridEngine-Pool with the following parameters Figure 3):

   • JNDI Name: GridEngine-Pool;

   • Resource Type: it.infn.ct.ThreadPool.ThreadPoolExecutor

   • Factory Class: it.infn.ct.ThreadPool.ThreadPoolExecutorFactory

   • Additional Properties:

     • corePoolSize: 50
     • maximumPoolSize: 100
     • keepAliveTime: 4
     • timeUnit: MINUTES
     • allowCoreThreadTimeOut: true
     • prestartAllCoreThreads: true

GridEngine-Pooll JNDI Resource

3. Create JobCheckStatusService with the following parameters (Figure 4):

   • JNDI Name: JobCheckStatusService;

   • Resource Type: it.infn.ct.GridEngine.JobService.JobCheckStatusService

   • Factory Class: it.infn.ct.GridEngine.JobService.JobCheckStatusServiceFactory

   • Additional Properties:

     • jobsupdatinginterval: 900

JobCheckStatusService JNDI Resource

4. Create JobServices-Dispatcher with the following parameters:

   • JNDI Name: JobServices-Dispatcher;

   • Resource Type: it.infn.ct.GridEngine.JobService.JobServicesDispatcher

   • Factory Class: it.infn.ct.GridEngine.JobService.JobServicesDispatcherFactory

   • Additional Properties:

     • retrycount: 3;
     • resubnumber: 10;
     • myproxyservers: gridit=myproxy.ct.infn.it; prod.vo.eu-eela.eu=myproxy.ct.infn.it; cometa=myproxy.ct.infn.it; eumed=myproxy.ct.infn.it; vo.eu-decide.eu=myproxy.ct.infn.it; sagrid=myproxy.ct.infn.it; euindia=myproxy.ct.infn.it; see=myproxy.ct.infn.it;

JobServices-Dispatcher JNDI Resource

Now you have to create the required JDBC Connection Pools. Select Resources -> JDBC -> JDBC Connection Pools from left panel. On the right panel you can create the resources by clicking the New... button.

• Create UserTrackingPool with the following parameters:

  • General Settings (Step 1/2) see Figure 6:

    • Pool Name: usertrackingPool
    • Resource Type: select javax.sql.DataSource
    • Database Driver Vendor: select MySql
    • Click Next

  • Advanced Settings (Step 2/2) Figure 7:

    • Edit the default parameters in Pool Settings using the following values:

      • Initial and Minimum Pool Size: 64
      • Maximum Pool Size: 256

    • Select all default Additional properties and delete them

      • Add the following properties:

    Name	Value
    Url	jdbc:mysql://sg-database:3306/userstracking
    User	tracking_user
    False	usertracking

    • Click Save

Please pay attention to the Url property, sg-database should be replaced with the correct Url of your database machine. You can check if you have correctly configured the Connection Pool by clicking on Ping button, you should see the message Ping Succeded, otherwise please check your configuration.

UsersTrackingPool JDBC General settings

UsersTrackingPool JDBC Advanced settings

Finally, you have to create the required JDBC Resources. Select Resources -> JDBC -> JDBC Resources from left panel. On the right panel you can create the resources by clicking the New... button.

• Create jdbc/UserTrackingPool with the following parameter (Figure 8):

  • JNDI Name: jdbc/UserTrackingPool;
  • Pool name: select usertrackingPool.

jdbcUsersTrackingPool JDBC Resource

• Create jdbc/gehibernatepool with the following parameter Figure 9:

  • JNDI Name: jdbc/gehibernatepool;
  • Pool name: select usertrackingPool.

jdbcgehibernatepool JDBC Resource

Now, restart glassfish to save the resources.

Usage¶

Once you have successfully installed and configured the Catania Grid & Cloud Engine, to exploit all its features you could download and deploy one of ours portlets available on the GitHub csgf repository. As an example you could referer to the mi-hostname-portlet to get info in how to install and use this portlet.

Contributors¶

Diego SCARDACI

Mario TORRISI

About¶

The Simple API for Grid Applications (SAGA) is a family of related standards specified by the Open Grid Forum [1] to define an application programming interface (API) for common distributed computing functionality.

These APIs does not strive to replace Globus or similar grid computing middleware systems, and does not target middleware developers, but application developers with no background on grid computing. Such developers typically wish to devote their time to their own goals and minimize the time spent coding infrastructure functionality. The API insulates application developers from middleware.

The specification of services, and the protocols to interact with them, is out of the scope of SAGA. Rather, the API seeks to hide the detail of any service infrastructures that may or may not be used to implement the functionality that the application developer needs. The API aligns, however, with all middleware standards within Open Grid Forum (OGF).

JSAGA [2] is a Java implementation of the Simple API for Grid Applications (SAGA) specification from the Open Grid Forum (OGF) [1]. It permits seamless data and execution management between heterogeneous grid infrastructures.

The current stable release is available at:

• http://software.in2p3.fr/jsaga/

The current development SNAPSHOT is available at:

• http://software.in2p3.fr/jsaga/dev/

In the contest of the CHAIN_REDS project a new JSAGA adaptor for OCCI-complaint [3] cloud middleware has been developed to demonstrate the interoperatibility between different open-source cloud providers.

Using the rOCCI implementation of the OCCI standard, the adaptor takes care of:

1. switching-on the VM pre-installed with the required application,
2. establishing a secure connection to it signed using a digital “robot” certificate,
3. staging the input file(s) in the VM,
4. executing the application,
5. retrieving the output file(s) at the end of the computation and
6. killing the VM.

The high-level architecture of the JSAGA adaptor for OCCI-complaint cloud middleware is shown in the below figure:

Installation¶

• Import this Java application into your preferred IDE (e.g. Netbeans).
• Configure the application with the needed JSAGA jars files.
• Configure the src/test/RunTest.java with your settings:

// Setting the CHAIN-REDS Contextualisation options
OCCI_PROXY_PATH = System.getProperty("user.home") +
                  System.getProperty("file.separator") +
                  "jsaga-adaptor-rocci" +
                  System.getProperty("file.separator") +
                  "x509up_u501";

// === OCCI SETTINGS for the INFN-STACK CLOUD RESOURCE === //
OCCI_ENDPOINT_HOST = "rocci://stack-server-01.ct.infn.it";
OCCI_ENDPOINT_PORT = "8787";
// Possible OCCI_OS values: 'generic_vm', 'octave' and 'r'
// f36b8eb8-8247-4b4f-a101-18c7834009e0 ==> generic_vm
// bb623e1c-e693-4c7d-a90f-4e5bf96b4787 ==> octave
// 91632086-39ef-4e52-a6d1-0e4f1bf95a7b ==> r
// 6ee0e31b-e066-4d39-86fd-059b1de8c52f ==> WRF

OCCI_OS = "f36b8eb8-8247-4b4f-a101-18c7834009e0";
OCCI_FLAVOR = "small";

OCCI_VM_TITLE = "rOCCI";
OCCI_ACTION = "create";

[..]
desc.setVectorAttribute(
     JobDescription.FILETRANSFER,
             new String[]{
                     System.getProperty("user.home") +
                     System.getProperty("file.separator") +
                     "jsaga-adaptor-rocci" +
                     System.getProperty("file.separator") +
                     "job-generic.sh>job-generic.sh",

                     System.getProperty("user.home") +
                     System.getProperty("file.separator") +
                     "jsaga-adaptor-rocci" +
                     System.getProperty("file.separator") +
                     "output.txt<output.txt",

                     System.getProperty("user.home") +
                     System.getProperty("file.separator") +
                     "jsaga-adaptor-rocci" +
                     System.getProperty("file.separator") +
                     "error.txt<error.txt"}
);

• Create a simple bash script:

]$ cat job-generic.sh
#!/bin/sh
sleep 15
echo "General Info ...> This is a CHAIN-REDS test VM. See below server details "
echo "-------------------------------------------------------------------------------"
echo "Running host ...> " `hostname -f`
echo "IP address .....> " `/sbin/ifconfig | grep "inet addr:" \
                           | head -1 | awk '{print $2}' | awk -F':' '{print $2}'`

echo "Kernel .........> " `uname -r`
echo "Distribution ...> " `head -n1 /etc/issue`
echo "Arch ...........> " `uname -a | awk '{print $12}'`
echo "CPU  ...........> " `cat /proc/cpuinfo | grep -i "model name" \
                          | head -1 | awk -F ':' '{print $2}'`

echo "Memory .........> " `cat /proc/meminfo | grep MemTotal | awk {'print $2'}` KB
echo "Partitions .....> " `cat /proc/partitions`
echo "Uptime host ....> " `uptime | sed 's/.*up ([^,]*), .*/1/'`
echo "Timestamp ......> " `date`
echo "-------------------------------------------------------------------------------"
echo "http://www.chain-project.eu/"
echo "Copyright © 2015"

• Compile the application with your IDE.

In case of successful compilation you should get the following output message:

init:
deps-clean:
  Updating property file: /home/larocca/jsaga-adaptor-rocci/build/built-clean.properties
  Deleting directory /home/larocca/jsaga-adaptor-rocci/build
clean:
init:
deps-jar:
  Created dir: /home/larocca/jsaga-adaptor-rocci/build
  Updating property file: /home/larocca/jsaga-adaptor-rocci/build/built-jar.properties
  Created dir: /home/larocca/jsaga-adaptor-rocci/build/classes
  Created dir: /home/larocca/jsaga-adaptor-rocci/build/empty
  Created dir: /home/larocca/jsaga-adaptor-rocci/build/generated-sources/ap-source-output
  Compiling 7 source files to /home/larocca/jsaga-adaptor-rocci/build/classes
  warning: [options] bootstrap class path not set in conjunction with -source 1.6
  1 warning
  Copying 4 files to /home/larocca/jsaga-adaptor-rocci/build/classes
compile:
  Created dir: /home/larocca/jsaga-adaptor-rocci/dist
  Copying 1 file to /home/larocca/jsaga-adaptor-rocci/build
  Copy libraries to /home/larocca/jsaga-adaptor-rocci/dist/lib.
  Building jar: /home/larocca/jsaga-adaptor-rocci/dist/jsaga-adaptor-rocci.jar
  To run this application from the command line without Ant, try:
  java -jar "/home/larocca/jsaga-adaptor-rocci/dist/jsaga-adaptor-rocci.jar"
jar:
  BUILD SUCCESSFUL (total time: 10 seconds)

Usage¶

• Create a RFC proxy certificate for your given VO:

]$ voms-proxy-init --voms vo.chain-project.eu -rfc
Enter GRID pass phrase for this identity:
Contacting voms.ct.infn.it:15011
[/C=IT/O=INFN/OU=Host/L=Catania/CN=voms.ct.infn.it] "vo.chain-project.eu".
Remote VOMS server contacted succesfully.

Created proxy in /tmp/x509up_u501.
Your proxy is valid until Wed Jun 03 22:38:16 CEST 2015

• Check if your RFC proxy certificate is valid:

]$ voms-proxy-info --all
subject   : /C=IT/O=INFN/OU=Personal Certificate/L=Catania/CN=Giuseppe La Rocca/CN=1660223179
issuer    : /C=IT/O=INFN/OU=Personal Certificate/L=Catania/CN=Giuseppe La Rocca
identity  : /C=IT/O=INFN/OU=Personal Certificate/L=Catania/CN=Giuseppe La Rocca
type      : RFC3820 compliant impersonation proxy
strength  : 1024
path      : /tmp/x509up_u501
timeleft  : 11:59:53
key usage : Digital Signature, Key Encipherment, Data Encipherment
=== VO vo.chain-project.eu extension information ===
VO        : vo.chain-project.eu
subject   : /C=IT/O=INFN/OU=Personal Certificate/L=Catania/CN=Giuseppe La Rocca
issuer    : /C=IT/O=INFN/OU=Host/L=Catania/CN=voms.ct.infn.it
attribute : /vo.chain-project.eu/Role=NULL/Capability=NULL
timeleft  : 11:59:53
uri       : voms.ct.infn.it:15011

• To test the JSAGA adaptor for OCCI-complaint cloud middleware without Ant, try:

]$ java -jar "/home/larocca/jsaga-adaptor-rocci/dist/jsaga-adaptor-rocci.jar"

init:
   Deleting: /home/larocca/jsaga-adaptor-rocci/build/built-jar.properties

deps-jar:
   Updating property file: /home/larocca/jsaga-adaptor-rocci/build/built-jar.properties
   Compiling 1 source file to /home/larocca/jsaga-adaptor-rocci/build/classes

warning: [options] bootstrap class path not set in conjunction with -source 1.6
1 warning

compile-single:

run-single:

10:58:02 INFO [RunTest:152]
Initialize the security context for the rOCCI JSAGA adaptor
10:58:02 Failed to load engine properties, using defaults \
             [./etc/jsaga-config.properties (No such file or directory)]

10:58:05
10:58:05 Initializing the security context for the rOCCI JSAGA adaptor [ SUCCESS ]
10:58:05 See below security context details...
10:58:05 User DN  = /C=IT/O=INFN/OU=Personal Certificate/L=Catania/CN=Giuseppe La Rocca
10:58:05 Proxy    = /home/larocca/jsaga-adaptor-rocci/x509up_u501
10:58:05 Lifetime = 11h.
10:58:05 CA Repos = /etc/grid-security/certificates
10:58:05 Type     = rocci
10:58:05 VO name  = vo.chain-project.eu
10:58:05
10:58:05 Initialize the JobService context...
10:58:05 serviceURL = \
 rocci://stack-server-01.ct.infn.it:8787/?prefix=&attributes_title=rOCCI&\
 mixin_os_tpl=f36b8eb8-8247-4b4f-a101-18c7834009e0&\
 mixin_resource_tpl=small&\
 user_data=&\
 proxy_path=/home/larocca/jsaga-adaptor-rocci/x509up_u501

10:58:05
10:58:05 Trying to connect to the cloud host [ stack-server-01.ct.infn.it ]
10:58:05
10:58:05 See below the details:
10:58:05
10:58:05 PREFIX    =
10:58:05 ACTION    = create
10:58:05 RESOURCE  = compute
10:58:05
10:58:05 AUTH       = x509
10:58:05 PROXY_PATH = /home/larocca/jsaga-adaptor-rocci/x509up_u501
10:58:05 CA_PATH    = /etc/grid-security/certificates
10:58:05
10:58:05 HOST        = stack-server-01.ct.infn.it
10:58:05 PORT        = 8787
10:58:05 ENDPOINT    = https://stack-server-01.ct.infn.it:8787/
10:58:05 PUBLIC KEY  = /home/larocca/.ssh/id_rsa.pub
10:58:05 PRIVATE KEY = /home/larocca/.ssh/id_rsa
10:58:05
10:58:05 EGI FedCLoud Contextualisation options:
10:58:05 USER DATA  =
10:58:05
10:58:07 Creating a new OCCI computeID. Please wait!
10:58:07 VM Title     = rOCCI
10:58:07 OS           = f36b8eb8-8247-4b4f-a101-18c7834009e0
10:58:07 Flavour      = small
10:58:07
10:58:07 occi --endpoint https://stack-server-01.ct.infn.it:8787/ \
  --action create --resource compute \
  --attribute occi.core.title=rOCCI \
  --mixin os_tpl#f36b8eb8-8247-4b4f-a101-18c7834009e0 \
  --mixin resource_tpl#small \
  --auth x509 --user-cred /home/larocca/jsaga-adaptor-rocci/x509up_u501 \
  --voms --ca-path /etc/grid-security/certificates

10:58:13 EXIT CODE = 0
10:58:13
10:58:13 A new OCCI computeID has been created:
https://stack-server-01.ct.infn.it:8787/compute/845593b9-2e31-4f6e-9fa0-7386476373f2
10:58:23
10:58:23 See below the details of the VM
10:58:23
[ https://stack-server-01.ct.infn.it:8787/compute/845593b9-2e31-4f6e-9fa0-7386476373f2 ]
10:58:23
10:58:23 occi --endpoint https://stack-server-01.ct.infn.it:8787/ \
--action describe \
--resource compute \
--resource \
 https://stack-server-01.ct.infn.it:8787/compute/845593b9-2e31-4f6e-9fa0-7386476373f2 \
--auth x509 --user-cred /home/larocca/jsaga-adaptor-rocci/x509up_u501 \
--voms --ca-path /etc/grid-security/certificates \
--output-format json_extended_pretty

10:58:28 EXIT CODE = 0
10:58:28
10:58:28 [
10:58:28 {
10:58:28 "kind": "http://schemas.ogf.org/occi/infrastructure#compute",
10:58:28 "mixins": [
10:58:28 "http://schemas.openstack.org/compute/instance#os_vms",
10:58:28 "http://schemas.openstack.org/template/os#f36b8eb8-8247-4b4f-a101-18c7834009e0"
10:58:28 ],
10:58:28 "actions": [
10:58:28 "http://schemas.ogf.org/occi/infrastructure/compute/action#stop",
10:58:28 "http://schemas.ogf.org/occi/infrastructure/compute/action#suspend",
10:58:28 "http://schemas.ogf.org/occi/infrastructure/compute/action#restart",
10:58:28 "http://schemas.openstack.org/instance/action#create_image",
10:58:28 "http://schemas.openstack.org/instance/action#chg_pwd"
10:58:28 ],
10:58:28 "attributes": {
10:58:28 "occi": {
10:58:28 "core": {
10:58:28 "id": "845593b9-2e31-4f6e-9fa0-7386476373f2"
10:58:28 },
10:58:28 "compute": {
10:58:28 "architecture": "x86",
10:58:28 "cores": "1",
10:58:28 "hostname": "rocci",
10:58:28 "memory": "1.0",
10:58:28 "speed": "0.0",
10:58:28 "state": "active"
10:58:28 }
10:58:28 },
10:58:28 "org": {
10:58:28 "openstack": {
10:58:28 "compute": {
10:58:28 "console": {
10:58:28 "vnc": \
 "http://212.189.145.95:6080/vnc_auto.html?token=7cdfb12e-96d3-4e4c-9881-7fd0fe363110"
10:58:28 },
10:58:28 "state": "active"
10:58:28 }
10:58:28 }
10:58:28 }
10:58:28 },
10:58:28 "id": "845593b9-2e31-4f6e-9fa0-7386476373f2",
10:58:28 "links": [
10:58:28 {
10:58:28 "kind": "http://schemas.ogf.org/occi/infrastructure#networkinterface",
10:58:28 "mixins": [
10:58:28 "http://schemas.ogf.org/occi/infrastructure/networkinterface#ipnetworkinterface"
10:58:28 ],
10:58:28 "attributes": {
10:58:28 "occi": {
10:58:28 "networkinterface": {
10:58:28 "gateway": "0.0.0.0",
10:58:28 "mac": "aa:bb:cc:dd:ee:ff",
10:58:28 "interface": "eth0",
10:58:28 "state": "active",
10:58:28 "allocation": "static",
10:58:28 "address": "90.147.16.130"
10:58:28 },
10:58:28 "core": {
10:58:28 "source": "/compute/845593b9-2e31-4f6e-9fa0-7386476373f2",
10:58:28 "target": "/network/public",
10:58:28 "id": "/network/interface/03fc1144-b136-4876-9682-d1f5647aa281"
10:58:28 }
10:58:28 }
10:58:28 },
10:58:28 "id": "/network/interface/03fc1144-b136-4876-9682-d1f5647aa281",
10:58:28 "rel": "http://schemas.ogf.org/occi/infrastructure#network",
10:58:28 "source": "/compute/845593b9-2e31-4f6e-9fa0-7386476373f2",
10:58:28 "target": "/network/public"
10:58:28 },
10:58:28 {
10:58:28 "kind": "http://schemas.ogf.org/occi/infrastructure#networkinterface",
10:58:28 "mixins": [
10:58:28 "http://schemas.ogf.org/occi/infrastructure/networkinterface#ipnetworkinterface"
10:58:28 ],
10:58:28 "attributes": {
10:58:28 "occi": {
10:58:28 "networkinterface": {
10:58:28 "gateway": "192.168.100.1",
10:58:28 "mac": "fa:16:3e:2f:23:35",
10:58:28 "interface": "eth0",
10:58:28 "state": "active",
10:58:28 "allocation": "static",
10:58:28 "address": "192.168.100.4"
10:58:28 },
10:58:28 "core": {
10:58:28 "source": "/compute/845593b9-2e31-4f6e-9fa0-7386476373f2",
10:58:28 "target": "/network/admin",
10:58:28 "id": "/network/interface/c313ca29-0e86-4162-8994-54dfd45756a2"
10:58:28 }
10:58:28 }
10:58:28 },
10:58:28 "id": "/network/interface/c313ca29-0e86-4162-8994-54dfd45756a2",
10:58:28 "rel": "http://schemas.ogf.org/occi/infrastructure#network",
10:58:28 "source": "/compute/845593b9-2e31-4f6e-9fa0-7386476373f2",
10:58:28 "target": "/network/admin"
10:58:28 }
10:58:28 ]
10:58:28 }
10:58:28 }
10:58:28
10:58:28 Starting VM [ 90.147.16.130 ] in progress...
10:58:28
10:58:28 Waiting the remote VM finishes the boot! Sleeping for a while...
10:58:28 Wed 2015.06.03 at 10:58:28 AM CEST
10:59:32 [ SUCCESS ]
10:59:32 Wed 2015.06.03 at 10:59:32 AM CEST
10:59:36
10:59:36 Job instance created:
10:59:36 [rocci://stack-server-01.ct.infn.it:8787/?prefix=&\
  attributes_title=rOCCI&\
  mixin_os_tpl=f36b8eb8-8247-4b4f-a101-18c7834009e0&\
  mixin_resource_tpl=small&\
  user_data=&\
  proxy_path=/home/larocca/jsaga-adaptor-rocci/x509up_u501]-\
  [a991707d-3c4b-4a2f-9427-7bf19ded17b5@90.147.16.130#\
  https://stack-server-01.ct.infn.it:8787/compute/845593b9-2e31-4f6e-9fa0-7386476373f2]

10:59:36
10:59:36 Closing session...
10:59:36
10:59:36 Re-initialize the security context for the rOCCI JSAGA adaptor
10:59:37
10:59:37 Trying to connect to the cloud host [ stack-server-01.ct.infn.it ]
10:59:37
10:59:37 See below the details:
10:59:37
10:59:37 PREFIX    =
10:59:37 ACTION    = create
10:59:37 RESOURCE  = compute
10:59:37
10:59:37 AUTH       = x509
10:59:37 PROXY_PATH = /home/larocca/jsaga-adaptor-rocci/x509up_u501
10:59:37 CA_PATH    = /etc/grid-security/certificates
10:59:37
10:59:37 HOST        = stack-server-01.ct.infn.it
10:59:37 PORT        = 8787
10:59:37 ENDPOINT    = https://stack-server-01.ct.infn.it:8787/
10:59:37 PUBLIC KEY  = /home/larocca/.ssh/id_rsa.pub
10:59:37 PRIVATE KEY = /home/larocca/.ssh/id_rsa
10:59:37
10:59:37 EGI FedCLoud Contextualisation options:
10:59:37 USER DATA  =
10:59:37
10:59:37
10:59:37 Fetching the status of the job
10:59:37 [ a991707d-3c4b-4a2f-9427-7bf19ded17b5@90.147.16.130#\
  https://stack-server-01.ct.infn.it:8787/compute/845593b9-2e31-4f6e-9fa0-7386476373f2 ]
10:59:37
10:59:37 JobID [
 [rocci://stack-server-01.ct.infn.it:8787/?prefix=&\
 attributes_title=rOCCI&\
 mixin_os_tpl=f36b8eb8-8247-4b4f-a101-18c7834009e0&\
 mixin_resource_tpl=small&\
 user_data=&\
 proxy_path=/home/larocca/jsaga-adaptor-rocci/x509up_u501]-\
 [a991707d-3c4b-4a2f-9427-7bf19ded17b5@90.147.16.130#\
 https://stack-server-01.ct.infn.it:8787/compute/845593b9-2e31-4f6e-9fa0-7386476373f2]
 ]
10:59:37
10:59:37 Calling the getStatus() method
10:59:37 Current Status = RUNNING
10:59:37 Execution Host = 90.147.16.130
10:59:37
10:59:37 Unexpected job status: RUNNING
10:59:48
10:59:48 Calling the getStatus() method
10:59:48 Current Status = RUNNING
10:59:48 Execution Host = 90.147.16.130
10:59:48
10:59:48 Unexpected job status: RUNNING
10:59:58
10:59:58 Calling the getStatus() method
10:59:58 Current Status = DONE
10:59:58 Execution Host = 90.147.16.130
10:59:58 Calling the getExitCode() method
10:59:58
10:59:58 Final Job Status = DONE
10:59:58 Exit Code (0) [ SUCCESS ]
10:59:58
10:59:58 Retrieving job results.
10:59:58 This operation may take a few minutes to complete...
11:00:03 Calling the getCreated() method
11:00:04 Calling the getStarted() method
11:00:04 Calling the getFinished() method
11:00:04 Calling the getExitCode() method
11:00:04
11:00:04 Stopping the VM [ 90.147.16.130 ] in progress...
11:00:04 occi --endpoint https://stack-server-01.ct.infn.it:8787/ \
 --action delete \
 --resource compute \
 --resource \
https://stack-server-01.ct.infn.it:8787/compute/845593b9-2e31-4f6e-9fa0-7386476373f2 \
 --auth x509 \
 --user-cred /home/larocca/jsaga-adaptor-rocci/x509up_u501 \
 --voms \
 --ca-path /etc/grid-security/certificates

11:00:08 EXIT CODE = 0
11:00:08

11:00:08 Job outputs retrieved [ SUCCESS ]
11:00:08
11:00:08 Initialize the JobService context [ SUCCESS ]
BUILD SUCCESSFUL (total time: 2 minutes 7 seconds)

• Check results:

]$ cat output.txt
General Info ...> This is a CHAIN-REDS test VM. See below server details
-----------------------------------------------------------------------------------
Running host ...>
IP address .....>  192.168.100.4
Kernel .........>  2.6.32-504.3.3.el6.i686
Distribution ...>  CentOS release 6.6 (Final)
Arch ...........>  i686
CPU  ...........>  AMD Opteron 62xx class CPU
Memory .........>  1030588 KB
Partitions .....>  major minor #blocks name 253 0 10485760 vda 253 1 204800 vda1 ...
Uptime host ....>  11:13:48 up 1 min, 0 users, load average: 0.15, 0.06, 0.02
Timestamp ......>  Wed Jun 3 11:13:48 CEST 2015
-----------------------------------------------------------------------------------
http://www.chain-project.eu/
Copyright © 2015

Contributor(s)¶

Please feel free to contact us any time if you have any questions or comments.

About¶

Portlet for managing jobs.

Installation¶

Deploy MyJobs.war with: cp MyJobs $LIFERAY_HOME/deploy/

Watch the Liferay’ server.log file till: ‘MyJobs successfully deployed’

Click New... to create a new pool with the following settings:

Pool Name: usertrackingPool

ResourceType: javax.sql.DataSource

Database Driver Vendor: select MySql

Click Next and left the default parameters;

Select and remove all the properties from the "Additional Properties" table (buttom page);

Click on "Add" and create the following three properties:

Name: Url, Value: jdbc:mysql://localhost:3306/userstracking

Name: User, Value: tracking_user

Name: Password, Value: usertracking

Click on "Finish" button to save configuration.

Usage¶

Contributors¶

• Rita Ricceri

About¶

OpenId Connect for Liferay is a very rough but effective implementation of the OpenId connect protocol for Liferay. Using this class it is possible to authenticate with any OpenId proider specified in the code.

Installation¶

Before to start you must have a Liferay instance already deployed and executing properly.

Edit the file

src/main/java/it/infn/ct/security/liferay/openidconnect/utils/Authenticator.java

to modify the client-id, the secret and the callback using the information provided by the OpenId Connect server you want to use. The other values reference to the EGI access portal authentication service. If you plan to use a different OpenID Connect provider the urls to the service need to be modified with the values provided by your provider (this version does not use service description so all the urls should be modified).

Create the package with maven executing the command:

$ mvn clean install

Maven will create two jar files Inside the directory target, one including all dependencies (with with-depencies suffix) and the other without. Copy the one with dependencies inside the lib directory of Liferay (locate Liferay inside your application server, this will contain the directory WEB-INF/lib where copy the jar).

Edit the Liferay file portal-ext.properties (if you have not create a new one in WEB-INF/classes) and add the new AutoLogin class:

auto.login.hooks=\
  it.infn.ct.security.liferay.openidconnect.OpenIdConnectAutoLogin,\
  com.liferay.portal.security.auth.CASAutoLogin,\
  com.liferay.portal.security.auth.FacebookAutoLogin,\
  com.liferay.portal.security.auth.NtlmAutoLogin,\
  com.liferay.portal.security.auth.OpenIdAutoLogin,\
  com.liferay.portal.security.auth.OpenSSOAutoLogin,\
  com.liferay.portal.security.auth.RememberMeAutoLogin,\
  com.liferay.portal.security.auth.SiteMinderAutoLogin

Finally, edit the sign-in link in your theme in order to redirect the user to the URL:

/c/portal/login?openIdLogin=true

This allow to authente users using the sign-in link in the page. If you access a protected page or open the login portlet the login form still is available. It is suggested to disable the portlet if you plan to use only OpenId Connect.

Usage¶

Users have to sign-in to the portal using the provided link Sign-in as explained in the section Installation. The only difference is that the other sign-in procedure must be disabled so the user cannot see the login for sh/she is used to.

Contributors¶

• Marco Fargetta

About¶

This document covers installation and configuration of SG-Mon. A brief overview of SG-Mon is also provided.

Introduction to SG-Mon¶

SG-Mon is a collection of python scripts, developed with the purpose of monitoring availability and reliability of web services and portlets running on Catania Science Gateway Framework. SG-Mon scripts are intended as plugin for network monitoring tools : this guide covers Nagios, but with minor modifications they can be adapted to Zabbix. Currently, it is composed by the following modules :

• SGApp : run test instances of a given Scientific Gateway application
• eTokenServer : verify the eTokenserver instance are up and properly working
• Open Access Repository Login : verify login to an Open Access Repository
• Virtuoso : verify that Virtuoso store instances are up and properly responding to queries

Requirements¶

• A working installation of Nagios (v3 or above)
• Java (v 1.7 or above)
• Apache jMeter
• Python v. 2.7 (2.6 should be working as well).

Depending on the checks being actually activated, there could be further dependencies, which are generally mentioned in the preamble of each probe.

Installation¶

The easiest way to install SG-Mon is to clone this repository (or download the ZIP archive). Copy the content of AppChecks folder in a directory able to execute plugins (eg. /usr/local/nagios/myplugins). Create the directory if needed. A part from NagiosCheck.py, which exports some functions imported by other modules, all the other SG-Mon modules are each other indipendent; see Configuration section in order to find out how to setup properly each of the modules.

Configuration¶

Conforming with Nagios good practices, all SG-Mon modules return 0 if the service status is OK, 1 if WARNING and 2 if CRITICAL. In any case, the module returns a message with the output of the metric used for the probe.

define command {

command_name check_sg-hostname-seq
command_line $USER2$/NagiosCheckSGApp.py --critical 75 --warning 25
--outfile $_SERVICEWEBLOG$ --jmx $_SERVICEJMX$
--jmx-log $_SERVICEJMXLOG$ --number-of-jobs 1 --utdb-param $_SERVICEDBCONNPARAMS$
--utdb-classes-prefix $_SERVICELIBRARYPATH$
}

define service{

use         generic-service
host_name   recasgateway.cloud.ba.infn.it
service_description     Hostname Sequential
check_interval          120
notification_interval   240
check_command           check_sg-hostname-seq
servicegroups           Science Gateway Applications
_WEBLOG         /usr/local/nagios/share/results/SG-RECAS-BA-hostname-seq.txt
_JMX            /usr/local/nagios/myplugins/SG-App-Checks/jmx/SG-Bari-HostnameSeq.jmx
_LIBRARYPATH    /usr/local/nagios/myplugins/SG-App-Checks/javalibs
_DBCONNPARAMS   /usr/local/nagios/myplugins/SG-App-Checks/etc/SG-Bari-UsersTrackingDBClient.cfg
_JMXLOG         /usr/local/nagios/myplugins/SG-App-Checks/logs/SG-Bari-HostnameSeq.txt
notes_url    https://sg-mon.ct.infn.it/nagios/results/SG-RECAS-BA-hostname-seq.txt
}


define service{

use                     generic-service
host_name               sgw.africa-grid.org
service_description     Hostname Sequential
check_interval          120
notification_interval   240
check_command           check_sg-hostname-seq
servicegroups           Science Gateway Applications
_WEBLOG                 /usr/local/nagios/share/results/SG-AfricaGrid-hostname-seq.txt
_JMX                    /usr/local/nagios/myplugins/SG-App-Checks/jmx/SG-AfricaGrid-HostnameSeq.jmx
_LIBRARYPATH            /usr/local/nagios/myplugins/SG-App-Checks/javalibs
_DBCONNPARAMS           /usr/local/nagios/myplugins/SG-App-Checks/etc/SG-AfricaGrid-UsersTrackingDBClient.cfg
_JMXLOG                 /usr/local/nagios/myplugins/SG-App-Checks/logs/SG-AfricaGrid-HostnameSeq.txt
notes_url               https://sg-mon.ct.infn.it/nagios/results/SG-AfricaGrid-hostname-seq.txt
}

define command {

command_name  check_etokenserver
command_line  $USER2$/NagiosCheckeTokenServer.py
--urlsfile /usr/local/nagios/var/check_sandbox/check_etokenserver/etokenserverurls.txt
--outputfile /usr/local/nagios/share/results/etokenserver.txt
--warning 10 --critical 20

}

define command {

command_name check_oar-login
command_line $USER2$/NagiosCheckOARLogin.py
--critical 50 --warning 25
--outfile $_SERVICEWEBLOG$
--jmx $_SERVICEJMX$
--jmx-log $_SERVICEJMXLOG$
--number-of-users 2
}

define service{

    use generic-service
    host_name  www.openaccessrepository.it
    service_description     Login
    check_interval          15
    notification_interval   240
    check_command        check_oar-login
    servicegroups           Semantic and Open Data
    _WEBLOG           /usr/local/nagios/share/results/openaccessrepository-login.txt
    _JMX              /usr/local/nagios/myplugins/OpenAccessRepo/jmx/openaccessrepo-login.jmx
    _JMXLOG           /usr/local/nagios/myplugins/OpenAccessRepo/logs/openaccessrepo-login.log
    notes_url         https://sg-mon.ct.infn.it/nagios/results/openaccessrepository-login.txt
}

define command {

command_name  check_virtuoso_db
command_line  $USER2$/NagiosCheckVirtuoso.py
--query      $_SERVICEQUERYCOUNT$
--endpoint   $_SERVICEENDPOINT$
--outputfile $_SERVICEWEBLOG$
--warning 0 --critical 15000000

}

define command {

command_name  check_virtuoso_apiREST
command_line  $USER2$/NagiosCheckVirtuosoREST.py
--keyword $_SERVICEKEYWORD$
--endpoint $_SERVICEENDPOINT$
--outputfile $_SERVICEWEBLOG$
--limit 10
--warning 5
--critical 0
}

define service{

use   generic-service
host_name  virtuoso
service_description   Number of records in the semantic DB
check_interval        10
notification_interval 720
check_command  check_virtuoso_db
_QUERYCOUNT    "select count(?s) where  {?s rdf:type <http://semanticweb.org/ontologies/2013/2/7/RepositoryOntology.owl#Resource>}"
_ENDPOINT      "http://virtuoso.ct.infn.it:8896/chain-reds-kb/sparql"
_WEBLOG        "/usr/local/nagios/share/results/virtuosoDB.txt"
servicegroups  Semantic and Open Data
}


define service{

use   generic-service
host_name virtuoso
service_description    API REST functionality
check_interval         10
notification_interval  720
check_command check_virtuoso_apiREST
_KEYWORD      "eye"
_ENDPOINT     "http://www.chain-project.eu/virtuoso/api/simpleResources"
_WEBLOG       /usr/local/nagios/share/results/virtuosoAPI.txt
notes_url     https://sg-mon.ct.infn.it/nagios/results/virtuosoAPI.txt
servicegroups Semantic and Open Data
}

About¶

ABINIT is a package whose main program allows one to find the total energy, charge density and electronic structure of systems made of electrons and nuclei (molecules and periodic solids) within Density Functional Theory (DFT), using pseudopotentials and a planewave or wavelet basis.

ABINIT also includes options to optimize the geometry according to the DFT forces and stresses, or to perform molecular dynamics simulations using these forces, or to generate dynamical matrices, Born effective charges, and dielectric tensors, based on Density-Functional Perturbation Theory, and many more properties.

Excited states can be computed within the Many-Body Perturbation Theory (the GW approximation and the Bethe-Salpeter equation), and Time-Dependent Density Functional Theory (for molecules). In addition to the main ABINIT code, different utility programs are provided.

ABINIT is a project that favours development and collaboration (short presentation of the ABINIT project).

Installation¶

To install the abinitDM portlet the WAR file has to be deployed into the application server.

As soon as the portlet has been successfully deployed on the Science Gateway the administrator has to configure:

• the list of e-Infrastructures where the application can be executed;
• some additional application settings.

1.) To configure a generic e-Infrastructure, the following settings have to be provided:

Enabled: A true/false flag which enables or disable the generic e-Infrastructure;

Infrastructure: The acronym to reference the e-Infrastructure;

VOName: The VO for this e-Infrastructure;

TopBDII: The Top BDII for this e-Infrastructure;

WMS Endpoint: A list of WMS endpoint for this e-Infrastructure (max. 10);

MyProxyServer: The MyProxyServer for this e-Infrastructure;

eTokenServer: The eTokenServer for this e-Infrastructure;

Port: The eTokenServer port for this e-Infrastructure;

Serial Number: The MD5SUM of the robot certificate to be used for this e-Infrastructure;

WebDAV: The EMI-3 DPM Grid Storage Element, with WebDAV interface, to be used for this e-Infrastructure;

In the following figure is shown how the portlet has been configured to run simulation on the EUMEDGRID-Support e-Infrastructure.

2.) To configure the application, the following settings have to be provided:

AppID: The ApplicationID as registered in the UserTracking MySQL database (GridOperations table);

Log Level: The log level for the application (e.g.: INFO or VERBOSE);

Metadata Host: The Metadata hostname where download/upload digital-assets (e.g. glibrary.ct.infn.it);

Software TAG: The list of software tags requested by the application;

SMTP Host: The SMTP server used to send notification to users;

Sender: The FROM e-mail address to send notification messages about the jobs execution to users;

In the figure below is shown how the application settings have been configured to run on the CHAIN-REDS Science Gateway.

Usage¶

The run abinit simulation the user has to click on the third accordion, select the type of job to run (e.g. ‘Sequential’ or ‘Parallel’) and upload the input files.

The ABINIT input files consist of:

• An input file (.in);
• A list of Pseudo Potential files;
• A file of files (.files).

For demonstrative use cases, the user can also click on ‘Run demo’ check-box and execute ABINIT with some pre-configured inputs.

Each run will produce:

• std.txt: the standard output file;
• std.err: the standard error file;
• abinit.log: the application log file;
• some additional log files. By default, only the std OUT/ERR files will be provided;
• .tar.gz: the application results available through the gLibrary Metadata Server.

A typical simulation produces, at the end, the following files:

]$ tree ABINITSimulationStarted_147780/
ABINITSimulationStarted_147780/
├── abinit.log
├── curl.log
├── env.log
├── std.err
└── std.txt

To inspect ABINIT log files:

• navigate the digital repository for the application clicking [ here ];
• select the digital assets of any interest for downloading as shown in the figure below:

References¶

• e-AGE 2014 - “International Connectivity of the Pan Arab Network” - December 10-11, 2014 – Muscat, Oman [1];
• CHAIN-REDS Conference: “Open Science at the Global Scale: Sharing e-Infrastructures, Sharing Knowledge, Sharing Progress” – March 31, 2015 – Brussels, Belgium [2];

Contributor(s)¶

Please feel free to contact us any time if you have any questions or comments.

About¶

ALEPH was a particle physics experiment installed on the Large Electron-Positron collider (LEP) at the CERN laboratory in Geneva/Switzerland. It was designed to explore the physics predicted by the Standard Model and to search for physics beyond it. ALEPH first measured events in LEP in July 1989. LEP operated at around 91 GeV – the predicted optimum energy for the formation of the Z particle. From 1995 to 2000 the accelerator operated at energies up to 200 GeV, above the threshold for producing pairs of W particles. The data taken, consisted of millions of events recorded by the ALEPH detector,allowed precision tests of the electro-weak Standard Model (SM) to be undertaken. The group here concentrated our analysis efforts mainly in Heavy Flavour (beauty and charm) physics, in searches for the the Higgs boson, the particles postulated to generate particle mass, and for physics beyond the SM, e.g. Supersymmetry, and in W physics. This application perform the search for the production and non-standard decay of a scalar Higgs boson into four tau leptons through the intermediation of the neutral pseudo-scalars Higgs particle. The analysis was conducted by the ALEPH collaboration with the data collected at centre-of-mass energies from 183 to 209 GeV.

Installation¶

Following instructions are meant for science gateway maintainers while generic users can skip this section. To install the portlet it is enough to install the war file into the application server and then configure several settings into the portlet preferences pane. Preferences have the form of a set of couples (key,value). Preferences are also grouped accordingly to the service configured. The meaning of each preference key will be described below, grouping them as well:

cloudProvider¶

cloudProvider is a new GridEngine helper service that maintains the necessary configuration to allocate new services on the cloud

cloudprovider_dbname:
	cloud provider database name
cloudprovider_dbhost:
	cloud provider database host
cloudprovider_dbport:
	cloud provider database port
cloudprovider_dbuser:
	cloudprovider database user
cloudprovider_dbpass:
	cloudprovider database password

The buttons represented by the picture above are representing

Back:	Return to the portlet
Set Preferences:
	Apply changes to the preferences
Reset:	Reset default portlet settings as configured inside the portlet.xml file

Usage¶

The aleph portlet interfaces presents two panes named: Analize and VMLogin

Analize¶

In the Analize section the user can retrieve one of the available experiment file selecting a DOI number, a keyword or listing the whole content. Once obtained the list of the available files, the user can replicate the analysis just selecting the algorithm from a list e pressing the ‘Analyze’ button

VM Login¶

In this section the user can obtain the access to a Virtual Machine hosting the whole environment in order to extend the analysis introducing new algorithms or new analisys files.

Pressing the ‘Start VM’ button, a new virtual machine will be started and associated to the user.

Once available the VM, two image buttons representing a console and the VNC logo inside a monitor, allow respectively to connect the VM to an SSH console or into a VNC session from the portal. In any case the information about how to connect the VM will be sent to the suer via email including the necessary credentials.

Contributor(s)¶

To get support such as reporting a bug, a problem or even request new features, please contact

About¶

ALICE (A Large Ion Collider Experiment) is a heavy-ion detector designed to study the physics of strongly interacting matter at extreme energy densities, where a phase of matter called quark-gluon plasma forms. The ALICE collaboration uses the 10,000-tons ALICE detector – 26 m long, 16 m high, and 16 m wide – to study quark-gluon plasma. The detector sits in a vast cavern 56 m below ground close to the village of St Genis-Pouilly in France, receiving beams from the LHC. As of today, the ALICE Collaboration counts 1,550 members from 151 institutes of 37 countries. In this demonstrative application, you are able to select some ALICE datasets and run some analyses of the transverse momentum of charged particles in Pb-Pb collisions.

Installation¶

To install this portlet the WAR file has to be deployed into the application server. In the application server must be installed Guacamole service to obtain VNC and SSH connections available from the portal.

Usage¶

The alice portlet interfaces presents two panes named: Analize and VMLogin

Analize¶

In the Analize section the user can do or a RAA Experiment or a PT Analysis. In the “RAA2” the user can choose the minimum and maximum centrality and replicate the analysis of the a dataset ALICE pressing the ‘Start Analysis’ Button. In the “PT Analysis” the user can choose the dataset to use (pp or PbPb) and the number of files to be processed, then start the analysis pressing the ‘Start Analysis’ Button.

VM Login¶

In this section the user can obtain the access to an ALICE Virtual Machine hosting the whole environment in order to extend the analysis introducing new algorithms or new analisys files.

Pressing the ‘Start VM’ button, a new virtual machine will be started and associated to the user.

Once available the VM, two image buttons representing a console and the VNC logo inside a monitor, allow respectively to connect the VM to an SSH console or into a VNC session from the portal. In any case the information about how to connect the VM will be sent to the suer via email including the necessary credentials.

Contributor(s)¶

To get support such as reporting a bug, a problem or even request new features, please contact

About¶

The ASTRA project aims to reconstruct the sound or timbre of ancient instruments (not existing anymore) using archaeological data as fragments from excavations, written descriptions, pictures, etc.

The technique used is the Physical Modeling Synthesis (PMS), a complex digital audio rendering technique which allows modeling the time-domain physics of the instrument. In other words the basic idea is to recreate a model of the musical instrument and produce the sound by simulating its behavior as a mechanical system.

The application would produce one or more sounds corresponding to different configurations of the instrument (i.e. the different notes). The project runs since 2006 thanks to the GEANT backbone and to computing resources located in Europe and in other regions of the world, allowing researchers, musicians and historians to collaborate, communicate and share experiencies on lost instruments and sounds ASTRA brings again to life.

Installation¶

To install this portlet the WAR file has to be deployed into the application server.

As soon as the portlet has been successfully deployed on the Science Gateway the administrator has to configure:

• the list of e-Infrastructures where the application can be executed;
• some additional application settings.

1.) To configure a generic e-Infrastructure, the following settings have to be provided:

Enabled: A true/false flag which enables or disable the generic e-Infrastructure;

Infrastructure: The acronym to reference the e-Infrastructure;

VOName: The VO for this e-Infrastructure;

TopBDII: The Top BDII for this e-Infrastructure;

WMS Endpoint: A list of WMS endpoint for this e-Infrastructure (max. 10);

MyProxyServer: The MyProxyServer for this e-Infrastructure;

eTokenServer: The eTokenServer for this e-Infrastructure;

Port: The eTokenServer port for this e-Infrastructure;

Serial Number: The MD5SUM of the robot certificate to be used for this e-Infrastructure;

In the following figure is shown how the portlet has been configured to run simulation on the EUMEDGRID-Support e-Infrastructure.

2.) To configure the application, the following settings have to be provided:

AppID: The ApplicationID as registered in the UserTracking MySQL database (GridOperations table);

Software TAG: The list of software tags requested by the application;

SMTP Host: The SMTP server used to send notification to users;

Sender: The FROM e-mail address to send notification messages about the jobs execution to users;

In the figure below is shown how the application settings have been configured to run on the CHAIN-REDS Science Gateway.

Usage¶

To run a simulation with ASTRA the user has to:

• click on the second accordion of the portlet and,
• select some settings for the generation of the digital libraries as shown in the below figure:

• click on the third accordion of the portlet and,
• select the input file (e.g. .ski or .mid files) OR select a demo from the list as shown in the below figure:

Each simulation will produce:

• std.txt: the standard output file;
• std.err: the standard error file;
• .wav: a MIDI file about an opera played using the Epigonion;
• .tar.gz: containing the sound libraries of each singular string of the Epigonion.

A typical simulation produces, at the end, the following files:

]$ tree ASTRASoundTimbreReconstructionSimulationStarted_148681/
ASTRASoundTimbreReconstructionSimulationStarted_148681/
├── AstraStk.err
├── AstraStk.out
├── bachfugue.wav (8.7M)
├── output.README
└── samples.tar.gz (589M)

References¶

• Final workshop of Grid Projects “Pon Ricerca 2000-2006, Avviso 1575”: “ASTRA Project Achievements: The reconstructed Greek Epigonion with GILDA/ASTRA brings history to life. It takes archaeological findings of extinct musical instruments, and lets us play them again thanks to a virtual digital model running on the GRID.EUMEDGRID on GEANT2/EUMEDCONNECT” – February 10-12, 2009 Catania, Italy [1];
• Conferenza GARR: “ASTRA Project: un ponte fra Arte/Musica e Scienza/Tecnologia - Conferenza GARR” – September 2009, Napoli, Italy [2];
• International Symposium on Grid Computing 2009: “The ASTRA (Ancient instruments Sound/Timbre Reconstruction Application) Project brings history to life” – March 2010, Taipei, Taiwan [3];
• Proceedings of the International Conference on Computational Science, ICCS2010, doi:10.1016/j.procs.2010.04.043: “Data sonification of volcano sesmograms and Sound/Timbre recountruction of ancient musical instruments with Grid infrastructures” – May, 2010 Amsterdam, The Netherlands [4];

Contributors¶

Please feel free to contact us any time if you have any questions or comments.

About¶

With this service it is possible to execute scientific applications on Virtual Machines (VMs) deployed on standard-based federated cloud.

The present service is based on the following standards and software frameworks:

Installation¶

To install this portlet the WAR file has to be deployed into the application server.

As soon as the portlet has been successfully deployed on the Science Gateway the administrator has to configure:

• the list of e-Infrastructures where the application can be executed;
• some additional application settings.

1.) To configure a generic e-Infrastructure, the following settings have to be provided:

Enabled: A true/false flag which enables or disable the generic e-Infrastructure;

Infrastructure: The acronym to reference the e-Infrastructure;

VOName: The VO for this e-Infrastructure;

TopBDII: The Top BDII for this e-Infrastructure;

WMS Endpoint: A list of WMS endpoint for this e-Infrastructure (max. 10);

MyProxyServer: The MyProxyServer for this e-Infrastructure;

eTokenServer: The eTokenServer for this e-Infrastructure;

Port: The eTokenServer port for this e-Infrastructure;

Serial Number: The MD5SUM of the robot certificate to be used for this e-Infrastructure;

In the following figure is shown how the portlet has been configured to run simulation on the CHAIN_REDS Cloud Testbed from the project Science Gateway [1].

In the following figure is shown how the portlet has been configured to run simulation on the EGI Federated Cloud Infrastructure [2] from the project Science Gateway [1].

2.) To configure the application, the following settings have to be provided:

AppID: The ApplicationID as registered in the UserTracking MySQL database (GridOperations table);

Software TAG: The list of software tags requested by the application;

SMTP Host: The SMTP server used to send notification to users;

Sender: The FROM e-mail address to send notification messages about the jobs execution to users;

In the figure below is shown how the application settings have been configured to run on the CHAIN_REDS Science Gateway [1].

Usage¶

To run the simulations the user has to:

• click on the third accordion of the portlet,
• select the VM to run on the available Cloud Testbed as shown in the below figure:

Each simulation will produce:

• std.out: the standard output file;
• std.err: the standard error file;
• .tar.gz: the output results.

A typical simulation produces, at the end, the following files:

]$ tree Pleaseinserthereyourdescription_148684/
Pleaseinserthereyourdescription_148684/
├── results.tar.gz
├── std.err
└── std.out

The list of files produced during the run are the following:

]$ tar ztvf results.tar.gz
output.README
Rplots.pdf

Contributor(s)¶

Please feel free to contact us any time if you have any questions or comments.

About¶

ClustalW2 [1] is a widely used multiple program for multiple alignment of nucleic acid and protein sequences. sequence alignment computer program.

The program accepts a wide range on input formats including: NBRF/PIR, FASTA, EMBL/Swissprot, Clustal, GCC/MSF, GCG9 RSF, and GDE, and executes the following workflow:

• Pairwise alignment;
• Creation of a phylogenetic tree (or use a user-defined tree);
• Use of the phylogenetic tree to carry out a multiple alignment

Users can align the sequences using the default setting but occasionally it may be useful to customize one’s own parameters. The main parameters are the gap opening penalty and the gap extension penalty.

For more information:

• Consult the official documentation [2];
• Clustal W and Clustal X version 2.0 [3];
• The MP4 file is a video [4] showing how to use the ClustalW from the Africa Grid Science Gateway [5]

Installation¶

To install this portlet the WAR file has to be deployed into the application server.

As soon as the portlet has been successfully deployed on the Science Gateway the administrator has to configure:

• the list of e-Infrastructures where the application can be executed;
• some additional application settings.

1.) To configure a generic e-Infrastructure, the following settings have to be provided:

Enabled: A true/false flag which enables or disable the generic e-Infrastructure;

Infrastructure: The acronym to reference the e-Infrastructure;

VOName: The VO for this e-Infrastructure;

TopBDII: The Top BDII for this e-Infrastructure;

WMS Endpoint: A list of WMS endpoint for this e-Infrastructure (max. 10);

MyProxyServer: The MyProxyServer for this e-Infrastructure;

eTokenServer: The eTokenServer for this e-Infrastructure;

Port: The eTokenServer port for this e-Infrastructure;

Serial Number: The MD5SUM of the robot certificate to be used for this e-Infrastructure;

In the following figure is shown how the portlet has been configured to run simulation on the EUMEDGRIDSupport e-Infrastructure [6].

2.) To configure the application, the following settings have to be provided:

AppID: The ApplicationID as registered in the UserTracking MySQL database (GridOperations table);

Software TAG: The list of software tags requested by the application;

SMTP Host: The SMTP server used to send notification to users;

Sender: The FROM e-mail address to send notification messages about the jobs execution to users;

In the figure below is shown how the application settings have been configured to run on the Africa Grid Science Gateway [5].

Usage¶

To perform the Multi Sequence Alignment for DNA or protein the user has to:

• click on the third accordion of the portlet,
• choose the sequence type (e.g.: DNA or protein),
• upload the sequence as ASCII file OR use the default one pre-configured clicking in the textarea below,
• configured additional settings if needed as shown in the below figure:

Each simulation will produce:

• std.out: the standard output file;
• std.err: the standard error file;
• .tar.gz: containing the results of the Monte Carlo simulation.

A typical simulation produces, at the end, the following files:

]$ tree SequenceAlignmentSimulationStarted_126163/
SequenceAlignmentSimulationStarted_126163/
├── std.err
├── std.out
├── output.README
└── outputs.tar.gz

]$ tar zxvf outputs.tar.gz
20150601120928_larocca.aln
20150601120928_larocca.dnd

Contributor(s)¶

Please feel free to contact us any time if you have any questions or comments.

About¶

LAGO is an international project from more than 80 scientists of 8 latinamerican countries started in 2005 (complete list of the collaboration members and their institutions). The LAGO project aims at observing Gamma Ray Bursts (GRBs) by the single particle technique using water Cherenkov detectors (WCD). It consists of various sites at high altitude, in order to reach a good sensitivity to the faint signal expected from the high energy photons from GRBs.

CORSIKA (COsmic Ray SImulations for KAscade) is a program for detailed simulation of extensive air showers initiated by high energy cosmic ray particles. Protons, light nuclei up to iron, photons, and many other particles may be treated as primaries.

Installation¶

Following instructions are meant for science gateway maintainers while generic users can skip this section. To install the portlet it is enough to install the war file into the application server and then configure the preference settings into the portlet preferences pane.

Preferences are splitted in three separate parts: Generic, Infrastructures and the application execution setting. The generic part contains the Log level which contains one of following values, sorted by decreasing level: info, debug, warning and error.

The Application Identifier refers to theId field value of the GridEngine ‘UsersTracking’database table: GridInteractions. The infrastructure part consists of different settings related to the destination of users job execution. The fields belonging to this category are:

Enable infrastructure: A true/false flag which enables or disable the current infrastructure;

Infrastructure Name: The infrastructure name for these settings;

Infrastructure Acronym: A short name representing the infrastructure;

BDII host: The Infrastructure information system endpoint (URL). Infrastructure preferences have been thought initially for the elite Grid based infrastructures;

WMS host: It is possible to specify which is the brokering service endpoint (URL);

Robot Proxy values: This is a collection of several values which configures the robot proxy settings (Host, Port, proxyID, VO, Role, proxy renewal);

Job requirements: This field contains the necessary statements to specify a job execution requirement, such as a particular software, a particular number of CPUs/RAM, etc.

Actually, depending on the infrastructure, some of the fields above have an overloaded meaning. Please contact the support for further information or watch existing production portlet settings.

Usage¶

To run the Corsika simulation the user has to:

• Select the type of simulation to perform, corresponding to one of the three Corsika versions: single, array or epos-thining-qsj2.
• Choose whether the input file corresponds to a single simulation or to a group of them. In the later, files must be compressed on tar.gz format.
• Choose whether to receive a confirmation email at the end of the execution-
• Choose what to do with the output files. If a Storage Element is desired, files will be uploaded and remain there for a long time. If not, they will be stored in the Science Gateway, altough their lifetime will probably be shorter.
• Last but not least, choose an input file or insert a PID where the input file is stored.
• The system will automatically create a name for the run. If a different one is desired, it can be freely modified.

Each run will produce:

• std.txt: the standard output file;
• std.err: the standard error file;
• abinit.log: the application log file;
• some additional log files. By default, only the std OUT/ERR files will be provided;
• .tar.gz: the application results available through the gLibrary_ Metadata Server.

A typical simulation produces, at the end, the following files:

]$ tree 26_144903
26_144903
|-- corsika-Error.txt
|-- corsika-Output.txt
`-- results
    |-- DAT030014
    |-- DAT030014-0014-0527176.input
    `-- DAT030014.dbase

To inspect Corsika log files:

• navigate the digital repository for the application clicking [ here ];
• select the digital assets of any interest for downloading as shown in the figure below:

References¶

• CHAIN-REDS Conference: “Open Science at the Global Scale: Sharing e-Infrastructures, Sharing Knowledge, Sharing Progress” – March 31, 2015 – Brussels, Belgium [1];

Contributors¶

Please feel free to contact us any time if you have any questions or comments.

Installation¶

As soon as the portlet has been successfully deployed on the Science Gateway the administrator has to configure some settings:

1.) To configure a generic e-Infrastructure, the following settings have to be provided:

Enabled: A true/false flag which enables or disable the generic e-Infrastructure;

Infrastructure: The acronym to reference the e-Infrastructure;

VOName: The VO for this e-Infrastructure;

eTokenServer: The eTokenServer for this e-Infrastructure;

Port: The eTokenServer port for this e-Infrastructure;

Serial Number: The MD5SUM of the robot certificate to be used for this e-Infrastructure;

In the following figure is shown how the portlet has been configured to navigate EUMEDGrid-Support digital repositories.

2.) To configure the application, the following settings have to be provided:

Proxy: The proxy used to contact gLibrary;

Repository: The digital repository to browse;

LAT: The default latitude of the EMI-3 DPM Storage Element;

LONG: The default longitude of the EMI-3 DPM Storage Element.

In the figure below is shown how the portlet has been configured to browse the ESArep digital repository.

Usage¶

Contributor(s)¶

Please feel free to contact us any time if you have any questions or comments.

About¶

GROMACS is versatile package to perform molecular dynamics, i.e. simulate the Newtonian equations of motion for systems with hundreds to millions of particles.

It is primarily designed for biochemical molecules like proteins, lipids and nucleic acids that have a lot of complicated bonded interactions, but since GROMACS is extremely fast at calculating the non-bonded interactions (that usually dominate simulations) many groups are also using it for research on non-biological systems, e.g. polymers.

Installation¶

To install this portlet the WAR file has to be deployed into the application server.

As soon as the portlet has been successfully deployed on the Science Gateway the administrator has to configure:

• the list of e-Infrastructures where the application can be executed;
• some additional application settings.

1.) To configure a generic e-Infrastructure, the following settings have to be provided:

Enabled: A true/false flag which enables or disable the generic e-Infrastructure;

Infrastructure: The acronym to reference the e-Infrastructure;

VOName: The VO for this e-Infrastructure;

TopBDII: The Top BDII for this e-Infrastructure;

WMS Endpoint: A list of WMS endpoint for this e-Infrastructure (max. 10);

MyProxyServer: The MyProxyServer for this e-Infrastructure;

eTokenServer: The eTokenServer for this e-Infrastructure;

Port: The eTokenServer port for this e-Infrastructure;

Serial Number: The MD5SUM of the robot certificate to be used for this e-Infrastructure;

WebDAV: The EMI-3 DPM Grid Storage Element, with WebDAV interface, to be used for this e-Infrastructure;

In the following figure is shown how the portlet has been configured to run simulation on the EUMEDGRID-Support e-Infrastructure.

2.) To configure the application, the following settings have to be provided:

AppID: The ApplicationID as registered in the UserTracking MySQL database (GridOperations table);

Log Level: The log level for the application (e.g.: INFO or VERBOSE);

Metadata Host: The Metadata hostname where download/upload digital-assets (e.g. glibrary.ct.infn.it);

Software TAG: The list of software tags requested by the application;

SMTP Host: The SMTP server used to send notification to users;

Sender: The FROM e-mail address to send notification messages about the jobs execution to users;

In the figure below is shown how the application settings have been configured to run on the CHAIN-REDS Science Gateway.

Usage¶

To run a molecular dynamic simulation with GROMACS the user has to:

• click on the third accordion of the portlet,
• select the GROMACS release to use (e.g. v4.6.5 or v5.0.4),
• upload the input macro file (.tpr).

For demonstrative use cases, the user can also click on ‘Run demo’ check-box and execute a simulation with some pre-configured inputs.

Each molecular dynamic simulation will produce:

• std.txt: the standard output file;
• std.err: the standard error file;
• gromacs.log: the application log file;
• some additional log files;
• .tar.gz: the application results available through the gLibrary Metadata Server.

A typical simulation produces, at the end, the following files:

]$ tree GROMACSSimulationStarted_147118/
GROMACSSimulationStarted_147118/
├── curl.log
├── env.log
├── gromacs.log
├── output.README
├── std.err
└── std.txt

To inspect GROMACS log files:

• navigate the digital repository for the application clicking [ here ];
• select the digital assets of any interest for downloading as shown in the figure below:

References¶

• CHAIN-REDS Conference: “Open Science at the Global Scale: Sharing e-Infrastructures, Sharing Knowledge, Sharing Progress” – March 31, 2015 – Brussels, Belgium [1];

Contributor(s)¶

Please feel free to contact us any time if you have any questions or comments.

About¶

The infection model is an example of an Agent-Based Simulation Infection Model implemented in the well-known Repast Simphony (repast.sourceforge.net) agent-based simulation toolkit. Agent-based simulation is a highly useful technique that allows individuals and their behaviours to be represented as they interact over time. This means, with appropriate data, agent-based simulation can be used to study various socio-medical phenomena such as the spread of disease and infection in a population.

The aim of this demonstration model is to show how a science gateway could support the study of the spread of disease or infection in a population. As well as having direct healthcare application, it can also be used in the field of health economics to study the cost effectiveness of various infection preventive strategies.

Within the science gateway, the Repast Infection Model has been deployed in a portlet named infectionModel-portlet. This has been developed to enable users to submit experiments with different input parameters and to obtain results. As well as the results output file, the application also has a demonstration graph tool that allows users to see the graphical visualisation of the results.

This shows that science gateways can be developed to support online complex simulations in an extremely easy to use manner. See the Sci-GaIA project web pages and the educational modules to get information on how to implement these applications as well as how science gateways and data repositories can be used to support Open Science.

Installation¶

This section explains how to deploy and configure the infectionModel-portlet into a Science gateway to submit some preconfigures experitments towards Distributed Computing infrastructures.

1. Move into your Liferay plugin SDK portlets folder and clone the infectionModel-portlet source through the following git command:

git clone https://github.com/csgf/infectionModel-portlet.git

2. Now, move into the just created infectionModel-portlet directory and execute the deploy command:

ant deploy

When the previous command has completed, verify that the portlet is “Successfully autodeployed”, look for a string like this in the Liferay log file under $LIFERAY_HOME/glassfish-3.1.2/domains/domain1/logs/server.log.

3. Then, open your browser and point at your Science Gateway instance and form there click Add > More in the Brunel University category, click on Add button to add this new portlet. Following picture shows the correctly result:

As soon as the portlet has been successfully deployed you have to configure:

1. the list of e-Infrastructures where the application can be executed;
2. some additional application settings.

To configure the e-Infrastructure, go to the portlet preferences and provide the the right values for the following parameters:

• Enable infrastructure: A yes/no flag which enables or disable the generic e-Infrastructure;
• Infrastructure name: A label representing the e-Infrastructure;
• Infrastructure acronym: The acronym to reference the e-Infrastructure;
• BDII: The Top BDII for this e-Infrastructure;
• WMS Hosts: A separated ; list of WMS endpoint for this e-Infrastructure;
• Proxy Robot host server: The eTokenServer for this e-Infrastructure;
• Proxy Robot host port: The eTokenServer port for this e-Infrastructure;
• Proxy Robot secure connection: A true/false flag if the eTokenServer require a secure connection;
• Proxy Robot Identifier: The MD5SUM of the robot certificate to be used for this e-Infrastructure;
• Proxy Robot Virtual Organization: The VO for this e-Infrastructure;
• Proxy Robot VO Role: The VO role for this e-Infrastructure;
• Proxy Robot Renewal Flag: A true/false Flag to require proxy renewal before it expires;
• Local Proxy: The path to the proxy if you are using a local proxy;
• Software Tags: The list of software tags requested by the application.

The following figure shown how the portlet has been configured to run simulation on a cloud based system.

Another important step to have infectionModel-portlet ready to be used is: to create a new entry in GridOperations table of the UsersTracking database, as shown below.

INSERT INTO GridOperation VALUES ('<portal name>' ,'Infection Model portlet');

-- portal name: is a label representing the portal name, you can get the
-- right value from your Science Gateway istance.

Usage¶

The infectionModel-portlet, has been developed in the contest of the Sci-GaIA project, and it is curretly available on the Africa Grid Science Gateway. You can read more information on how to use this application, after sign in, on its dedicated run page.

As soon as your submitted interaction complete its execution you can exploit the Visualize infection Model result portlet, to see the simulation outputs in a graphical way, like shown in the picture below.

When an authorised user successfully log on, they are presented with the portlet, i.e the infection model portlet, where they can specify all the necessary input parameters of the infection model. After a user has finished specifying the parameters and clicked on the submit button, the jobs can then be submitted to the different Distributed Computing Infrastructures. However, due to limitation of resources, this portlet presents a verson where a number of experiments have been fixed and users can only choose from within a predefined set of expereiments. After submitting a job, users would be notified that their jobs have been successfully submitted and then advised to check the MyJobs portlet, a dedicated portlet where the status of all running jobs can be found. A done job status would be represented by a small folder icon and users can download the output of the infection model for analysis.

The analysis of the infection model result output file, using the visualize portlet, can be seen below:

Contributor(s)¶

If you have any questions or comments, please feel free to contact us using the Sci-GaIA project dicussion forum (discourse.sci-gaia.eu)

About¶

While the first version of the Infection Model portlet was executed sequentially, this version, the Infection Model parallel portlet, would be executed in parallel. This porlet will be used to investigate how an Agent Based modelling simulation experiments can be executed in parallel by making use of high performance computing facilities.

Similar to the Infection model portlet, it makes use of different input parameters to help users submit expereiments and obtain results. These parameters include: input parameters for the model include the simulation period (specifies how many years the simulation will run), recovered count (specifies the initial healthy population), infected count (specifies the initial infected population) and susceptible count (specifies the initial susceptible population). When an infected agent approaches a susceptible agent, it becomes infected and if there are more than one susceptible agent in the cell, only one, randomly selected agent, is infected. Infected agents recover after a period and become healthy with a level of immunity. Recovered agents immunity decreases every time they are approached by an infected agent and when immunity becomes zero, the recovered agent becomes susceptible and can be infected again, thereby, forming a host of infection networks.

However, rather than running jobs sequentially, with single core machines, this version will run jobs with machines that have many cores running at different cloud sites.

Installation¶

This section explains how to deploy and configure the infectionModel-parallel-portlet.

1. Move into your Liferay plugin SDK portlets folder and clone the template-portlet source code through the git clone command:

git clone https://github.com/csgf/infectionModel-parallel.git

2. Now, move into the just created portlet directory and execute the deploy command:

ant deploy

When the previous command has completed, verify that the portlet was “Successfully autodeployed”, look for a string like this in the Liferay log file under $LIFERAY_HOME/glassfish-3.1.2/domains/domain1/logs/server.log.

3. Then, open your browser and point at your Science Gateway instance and form there click Add > More in the BRUNEL category, click on Add button to add this new portlet. Following picture shows the correctly result:

As soon as the portlet has been successfully deployed you have to configure it using the portlet configuration menu. Portlet configuration is splitted in two parts: Generic application preferences, Infrastructures preferences.

Generic application preferences¶

The generic part contains:

• Application Identifier the identifier assigned to tha application in the GridInteractions database table.

• Application label (Required) a short meaningful label for the application.

• Production environment a boolean flag that specify if the portlet will be used in a production or development environment.

  • if true the development environment preferences will be shown

    • UserTrackingDB hostname hostname of the Grid and Cloud Engine Usertracking database. Usually localhost
    • UserTrackingDB username username of the Grid and Cloud Engine Usertracking database user. Usually user_tracking
    • UserTrackingDB password password specified for the Usertracking database user. Usually usertracking
    • UserTrackingDB database Grid and Cloud Engine Usertracking database name. Usually userstracking

• Application requirements the necessary statements to specify a job execution requirement, such as a particular software, a particular number of CPUs/RAM, etc. defined using JDL format.

Note

You can get the Application Idetifier inserting a new entry into the GridOperations table:

INSERT INTO GridOperation VALUES ('<portal name>' ,'Template Portlet');
  -- portal name: is a label representing the portal name, you can get the
  -- right value from your Science Gateway istance.

Infrastructure preferences¶

The infrastructure preferences section shows the e-Infrastructures configured. Using the actions menu on the right side of the table, you can:

• Activate / Deactivate
• Edit
• Delete

an available infrastructure. The Add New button is meant to add a new infrastructure available to the application. When you click this button a new panel, will be shown with several fields where you can specify the Infrastructure details.

The fields belonging to this panel are:

• Enabled A boolean which enable or disable the current infrastructure.
• Infrastructure Name (Required) The infrastructure name for these settings.
• Middleware (Required) The middleware used by the current infrastructure. Here you can specify 3 different values.
  • an acronym for gLite based middleware.
  • ssh for HPC Cluster.
  • rocci for cloud based middleware.

Following fields will be traslated in the relevant infrastructure parameters based on the value specified in this field.

• BDII host: The Infrastructure information system endpoint (URL).
  • If Middleware is ssh here you can specify a ”;” separated string with ssh authentications parameters (username;password or username for key based authentication).
  • If Middleware is rocci here you can specify the name of the compute resource that will be created.
• WMS host: is the service endpoint (URL).
• Robot Proxy host server: the robot proxy server hostname.
• Robot Proxy host port: the robot proxy server port.
• Proxy Robot secure connection: a boolean to specify if robot proxy server needed a SSL connection.
• Robot Proxy identifier: the robot proxy identifier.
• Proxy Robot Virtual Organization: the virtual organization configured.
• Proxy Robot VO Role: the role virtual organization configured.
• Proxy Robot Renewal Flag: a boolean to specify if robot proxy can be renewed before its expiration.
• RFC Proxy Robot: a boolean to specify if robot proxy must be RFC.
  • If Middleware is rocci this field must be checked.
• Local Proxy: the path of a local proxy if you want use this type of authentication.
• Software Tags: infrastructure specific information.
  • If Middleware is rocci here you can specify a ”;” separated string with <image_id>;<flavor>;<link_resource>

Usage¶

Similar to the infection Model portlet, When an authorised user successfully log on, they are presented with the portlet, i.e the infection model-parallel portlet. However, this portlet only present an interface where users can specify the number of expereiments they will like to execute in parallel. This is done by inserting the number of jobs in the “insert number of parallel jobs” field. After specifying the number of jobs, users can then click on the ok button and this will automatically generate and display the input fields for the different parameters of the infection model (i.e the recovered, susceptible and the infected population). Users can then specify their input parameters by using these fields. After a user has finished specifying the parameters and clicked on the submit button, the jobs can then be submitted to the different Distributed Computing Infrastructures. After submitting a job, users would be notified that their jobs have been successfully submitted and then advised to check the MyJobs portlet, a dedicated portlet where the status of all running jobs can be found. A job will be considered to be done when all the running jobs, which have been submitted in parallel, becomes done. A done job status would be represented by a small folder icon and users can download the output of the infection model for analysis.

Contributor(s)¶

If you have any questions or comments, please feel free to contact us using the Sci-GaIA project dicussion forum (discourse.sci-gaia.eu)

About¶

The map below shows cumulative information about users running the Demo Applications on the various Grid, HPC, Cloud and local resources supported by the CHAIN-REDS Science Gateway. The legend on the right shows the correspondence between marker colours and types of sites. Click on the markers which appear on the map to get more information about running and done (i.e., whose output has not yet been retrieved) jobs at a given site. Job statuses are automatically updated every 15 minute.

Contributors¶

• Rita Ricceri

About¶

IntraOperative Electron Radiotherapy (IOERT) [1] is a radiotherapy technique that delivers a single dose of radiation directly to the tumor bed, or to the exposed tumor, during surgery. The objective is to achieve a higher dose in the target volume while dose-limiting structures are surgically displaced. IOERT is used for limited-stage breast tumors treatment and also successfully for prostate, colon and sarcoma cancers. For this purpose, a new generation of mobile linear accelerators has been designed to deliver radiation therapy in the operating theater.

As in conventional radio-therapy techniques, the use of Monte Carlo simulations is mandatory to design the beam collimation system and to study radioprotection charactheristics as the radiation leakages. In the clinical activities the simulations can be used to commissioning of the linac and in the optimization of the therapeutic dose and patient radioprotection.

Installation¶

To install this portlet the WAR file has to be deployed into the application server.

As soon as the portlet has been successfully deployed on the Science Gateway the administrator has to configure:

• the list of e-Infrastructures where the application can be executed;
• some additional application settings.

1.) To configure a generic e-Infrastructure, the following settings have to be provided:

Enabled: A true/false flag which enables or disable the generic e-Infrastructure;

Infrastructure: The acronym to reference the e-Infrastructure;

VOName: The VO for this e-Infrastructure;

TopBDII: The Top BDII for this e-Infrastructure;

WMS Endpoint: A list of WMS endpoint for this e-Infrastructure (max. 10);

MyProxyServer: The MyProxyServer for this e-Infrastructure;

eTokenServer: The eTokenServer for this e-Infrastructure;

Port: The eTokenServer port for this e-Infrastructure;

Serial Number: The MD5SUM of the robot certificate to be used for this e-Infrastructure;

In the following figure is shown how the portlet has been configured to run simulation on the Italian e-Infrastructure.

2.) To configure the application, the following settings have to be provided:

AppID: The ApplicationID as registered in the UserTracking MySQL database (GridOperations table);

Software TAG: The list of software tags requested by the application;

SMTP Host: The SMTP server used to send notification to users;

Sender: The FROM e-mail address to send notification messages about the jobs execution to users;

In the figure below is shown how the application settings have been configured to run on the GARR Science Gateway.

Usage¶

To run the Monte Carlo simulations the user has to:

• click on the third accordion of the portlet,
• upload the macro as ASCII file OR paste its content in the below textarea, and
• select the number of jobs to be executed as shown in the below figure:

Each simulation will produce:

• std.txt: the standard output file;
• std.err: the standard error file;
• .tar.gz: containing the results of the Monte Carlo simulation.

A typical simulation produces, at the end, the following files:

]$ tree IortTherapySimulationStarted_646/
IortTherapySimulationStarted_646/
├── std.err
├── std.txt
├── output.README
└── results.tar.gz

The list of files produced during the run are the following:

]$ tar ztvf results.tar.gz
currentEvent.rndm
currentRun.rndm
Dose.out
Energy_MeV.out

References¶

• Concurrancy and Computation: Practice and Experience (2014). Published online in Wiley Online Library. DOI: 10.1002/cpe.3268: “A GEANT4 web-based application to support Intra-Operative Electron Radiotherapy usign the European grid infrastructure” – 2014 [2];

Contributor(s)¶

Please feel free to contact us any time if you have any questions or comments.

About¶

The CHAIN-REDS Knowledge Base is one of the largest existing e-Infrastructure-related digital information systems. It currently contains information, gathered both from dedicated surveys and other web and documental sources, for largely more than half of the countries in the world. Information is presented to visitors through geographic maps and tables. Users can choose a continent in the map and, for each country where a marker is displayed, get the information about the Regional Research & Education Network(s) and the Grid Regional Operation Centre(s) (ROCs) the country belongs to as well as the National Research & Education Network, the National Grid Initiative, the Certification Authority, and the Identity Federation available in the country, down to the Grid site(s) running in the country and the scientific application(s) developed by researchers of the country and running on those sites.

Besides e-Infrastructure sites, services and applications, the CHAIN-REDS Knowledge Base publishes information about Open Access Document Repositories and Data Repositories.

• Open Access Document Repositories -

• Data Repositories -

Although it is quite useful to have a central access point to thousands of repositories and millions of documents and datasets, with both geographic and tabular information, the OADR and DR part of the CHAIN-REDS Knowledge Base is only a demonstrator with limited impact on scientists’ day-by-day life. In order to find a document or a dataset, users should know beforehand what they are looking for and there is no way to correlate documents and data which would actually be of the most important facilitators of the Scientific Method. In order to overcome these limitations and turn the Knowledge Base into a powerful research tool, the CHAIN-REDS consortium has decided to semantically enrich OADRs and DRs and build a search engine on the related linked data. View Semantich Search Portlet

Installation¶

To install this portlet the WAR file has to be deployed into the application server.

Support¶

Please feel free to contact us any time if you have any questions or comments.

About¶

The MPI Example (mpi-portlet) consists of a portlet example able to submit a paralle MPI job into one or more distributed infrastructures (DCIs). This portlet contains almost all GUI elements to provide a complete input interface together with the necessary code to deal with DCIs settings, portlet preferences etc. The aim of this portlet is to use its code as a template that Science Gateway developers may customize to fit their own specific requirements. To faciciltate the customization process, a customize.sh bash script is included inside the source code package.

Installation¶

Following instructions are meant for science gateway maintainers while generic users can skip this section. To install the portlet it is enough to install the war file into the application server and then configure the preference settings into the portlet preferences pane.

Preferences are splitted in three separate parts: Generic, Infrastructures and the application execution setting. The generic part contains the Log level which contains one of following values, sorted by decreasing level: info, debug, warning and error. The Application Identifier refers to theId field value of the GridEngine ‘UsersTracking’database table: GridInteractions. The infrastructure part consists of different settings related to the destination of users job execution. The fields belonging to this category are:

Enable infrastructure: A true/false flag which enables or disable the current infrastructure;

Infrastructure Name: The infrastructure name for these settings;

Infrastructure Acronym: A short name representing the infrastructure;

BDII host: The Infrastructure information system endpoint (URL). Infrastructure preferences have been thought initially for the elite Grid based infrastructures;

WMS host: It is possible to specify which is the brokering service endpoint (URL);

Robot Proxy values: This is a collection of several values which configures the robot proxy settings (Host, Port, proxyID, VO, Role, proxy renewal);

Job requirements: This field contains the necessary statements to specify a job execution requirement, such as a particular software, a particular number of CPUs/RAM, etc.

Actually, depending on the infrastructure, some of the fields above have an overloaded meaning. Please contact the support for further information or watch existing production portlet settings.

Usage¶

The usage of the portlet is simple; the user can select to upload a file, or insert inside the text field any input text. The job identifier text is a human readable value that users will use to keep track of any job execution on DCIs Following buttons: Demo, Submit, Reset values and About are respectively:

Submit - Executes the given macro on the distributed infrastructure

Reset - Resets the input form

About - Gives an overview of the portlet

Contributor(s)¶

To get support such as reporting a bug, a problem or even request new features, please contact

About¶

This portlet represents a template that allows you to develop your own portlet to submit and run special jobs.

You can choose the kind of parallel job you would like to run from a list containing the following elements:

1. Job Collection: is a simple parallel application that spawns N sub-jobs; when all these are successfully completed the whole collection becomes DONE.
2. Workflow N1: is a parallel application that spawns N sub-jobs, waits until all these are correcly completed and then submits a new job whose input files are the outputs of the N sub-jobs. When also this “final job” is successfully executed, the whole Workflow N1 becomes DONE.
3. Job Parametric: is a parallel application that spawns N sub-jobs with the same executable and with different arguments (i.e., input parametrers); when all these are successfully completed the whole parametric job becomes DONE.

Installation¶

This section explains how to deploy mi-parallel-portlet to submit parallel jobs towards a Distributed Computing infrastructure.

1. Move into your Liferay plugin SDK portlets folder and cloneget the mi-paralle-portlet through the following git command:

git clone https://github.com/csgf/mi-parallel-portlet.git

2. Now, move into the just created mi-parallel-potlet directory and execute the deploy command:

ant deploy

When the previous command has completed, verify that the portlet is “Successfully autodeployed”, look for a string like this in the Liferay log file under $LIFERAY_HOME/glassfish-3.1.2/domains/domain1/logs/server.log.

3. Then, open your browser at http://localhost:8080 click Add > More in the GILDA menu, click on Add button to add this new portlet. following picture shows the correctly result:

As soon as the portlet has been successfully deployed you have to configure:

1. the list of e-Infrastructures where the application can be executed;
2. some additional application settings.

Some e-Infrastructure has been already defined as default, in order to simplify the portlet usage.

1. To configure other e-Infrastructure, from the portlet preferences, you have to be provided the following parameters:

• Enable infrastructure: A yes/no flag which enables or disable the generic e-Infrastructure;
• Infrastructure name: A label representig the e-Infrastructure;
• Infrastructure acronym: The acronym to reference the e-Infrastructure;
• BDII: The Top BDII for this e-Infrastructure;
• WMS Hosts: A separated ; list of WMS endpoint for this e-Infrastructure;
• Proxy Robot host server: The eTokenServer for this e-Infrastructure;
• Proxy Robot host port: The eTokenServer port for this e-Infrastructure;
• Proxy Robot secure connection: A true/false flag if the eTokenServer require a secure connection;
• Proxy Robot Identifier: The MD5SUM of the robot certificate to be used for this e-Infrastructure;
• Proxy Robot Virtual Organization: The VO for this e-Infrastructure;
• Proxy Robot VO Role: The VO role for this e-Infrastructure;
• Proxy Robot Renewal Flag: A true/false Flag to require proxy renewal before it expires;
• Local Proxy: The path to the proxy if you are using a local proxy;
• Software Tags: The list of software tags requested by the application.

The following figure shown how the portlet has been configured to run simulation on the EUMEDGRID-Support e-Infrastructure.

2. To configure the application, the following settings have to be provided:

• Grid operation identifyer: The application identifier as registered in the UserTracking MySQL database (GridOperations table), the default value is 10 and in order to see the submitted special jobs status you should insert a new in usertracking database, if it doesn’t already exist, using the following command:

INSERT INTO GridOperation VALUES (10, '<portal name>' ,'<applcation description>');

--portal name: is a lablel representing the portal name;
--application description: is a lablel representing the application name.

• Log Level: The log level for the application (e.g.: INFO or VERBOSE).

Usage¶

The run special jobs you should:

1. select the kind of special job from the combobox;
2. provide the number of task;
3. the input required;
4. a label to identify yours collections;
5. finally, click on the Submit button to execute this collection.

You can also select the collection type from the combo box, and press the Demo button that submits a demo that consists of 3 tasks.

Now move to the MyJob portlet and if all went well, this is the result that you should see:

When all jobs are successfully completed the whole collection becomes DONE and you can download the output on you PC, as shown below.

Contributors¶

Mario TORRISI

Riccardo BRUNO

About¶

The MI-HOSTNAME (mi-hostname-portlet) consists of a portlet example able to submit a job into one or more distributed infrastructures (DCIs). This portlet contains almost all GUI elements to provide a complete input interface together with the necessary code to deal with DCIs settings, portlet preferences etc. The aim of this portlet is to use its code as a template that Science Gateway developers may customize to fit their own specific requirements. To faciciltate the customization process, a customize.sh bash script is included inside the source code package.

Installation¶

Following instructions are meant for science gateway maintainers while generic users can skip this section. To install the portlet it is enough to install the war file into the application server and then configure the preference settings into the portlet preferences pane.

Preferences are splitted in three separate parts: Generic, Infrastructures and the application execution setting. The generic part contains the Log level which contains one of following values, sorted by decreasing level: info, debug, warning and error. The Application Identifier refers to theId field value of the GridEngine ‘UsersTracking’database table: GridInteractions. The infrastructure part consists of different settings related to the destination of users job execution. The fields belonging to this category are:

Enable infrastructure: A true/false flag which enables or disable the current infrastructure;

Infrastructure Name: The infrastructure name for these settings;

Infrastructure Acronym: A short name representing the infrastructure;

BDII host: The Infrastructure information system endpoint (URL). Infrastructure preferences have been thought initially for the elite Grid based infrastructures;

WMS host: It is possible to specify which is the brokering service endpoint (URL);

Robot Proxy values: This is a collection of several values which configures the robot proxy settings (Host, Port, proxyID, VO, Role, proxy renewal);

Job requirements: This field contains the necessary statements to specify a job execution requirement, such as a particular software, a particular number of CPUs/RAM, etc.

Actually, depending on the infrastructure, some of the fields above have an overloaded meaning. Please contact the support for further information or watch existing production portlet settings.

Usage¶

The usage of the portlet is simple; the user can select to upload a file, or insert inside the text field any input text. The job identifier text is a human readable value that users will use to keep track of any job execution on DCIs Following buttons: Demo, Submit, Reset values and About are respectively:

Submit - Executes the given macro on the distributed infrastructure

Reset - Resets the input form

About - Gives an overview of the portlet

Contributor(s)¶

To get support such as reporting a bug, a problem or even request new features, please contact

About¶

NUCLEMD is a computer code based on the Constrained Molecular Dynamics model. The peculiarity of the algorithm consists on the isospin dependence of the nucleon-nucleon cross section and on the presence of the Majorana Exchange Operator in the nucleon-nucleon collision term.

The code will be devoted to the study of Single and Double Charge Exchange processes in nuclear reactions at low and intermediate energies.

The aim is to provide theoretical support to the experimental results of the DREAMS collaboration obtained by means of the spectrometer.

Installation¶

To install this portlet the WAR file has to be deployed into the application server.

As soon as the portlet has been successfully deployed on the Science Gateway the administrator has to configure:

• the list of e-Infrastructures where the application can be executed;
• some additional application settings.

1.) To configure a generic e-Infrastructure, the following settings have to be provided:

Enabled: A true/false flag which enables or disable the generic e-Infrastructure;

Infrastructure: The acronym to reference the e-Infrastructure;

VOName: The VO for this e-Infrastructure;

TopBDII: The Top BDII for this e-Infrastructure;

WMS Endpoint: A list of WMS endpoint for this e-Infrastructure (max. 10);

MyProxyServer: The MyProxyServer for this e-Infrastructure;

eTokenServer: The eTokenServer for this e-Infrastructure;

Port: The eTokenServer port for this e-Infrastructure;

Serial Number: The MD5SUM of the robot certificate to be used for this e-Infrastructure;

In the following figure is shown how the portlet has been configured to run simulation on the Italian e-Infrastructure.

2.) To configure the application, the following settings have to be provided:

AppID: The ApplicationID as registered in the UserTracking MySQL database (GridOperations table);

Software TAG: The list of software tags requested by the application;

SMTP Host: The SMTP server used to send notification to users;

Sender: The FROM e-mail address to send notification messages about the jobs execution to users;

In the figure below is shown how the application settings have been configured to run on the CHAIN_REDS Science Gateway [1].

Usage¶

To run the simulations the user has to:

• click on the third accordion of the portlet,
• select the binary release
• upload the input files OR use the pre-configured demo ones, and
• select the Max Wall Clock Time (WCT) requested for the execution as shown in the below figure:

Each simulation will produce:

• std.out: the standard output file;
• std.err: the standard error file;
• nuclemd.log: the NUCLEMD log file;
• .tar.gz: containing the NUCLEMD output results.

A typical simulation produces, at the end, the following files:

]$ tree NUCLEMDSimulationStarted_1826/
NUCLEMDSimulationStarted_1826/
├── std.err
├── std.out
├── output.README
├── nuclemd.log
└── results.tar.gz

The list of files produced during the run are the following:

]$ tar ztvf results.tar.gz
18O40Ca_out
18O40Ca_t_out
fort.6
output.README
POT.DAT
rp_out_runco.conf
seed_dat_runco.conf

Contributor(s)¶

Please feel free to contact us any time if you have any questions or comments.

About¶

GNU Octave is a high-level interpreted language, primarily intended for numerical computations. It provides capabilities for the numerical solution of linear and nonlinear problems, and for performing other numerical experiments. It also provides extensive graphics capabilities for data visualization and manipulation. The Octave language is quite similar to Matlab so that most programs are easily portable.

Installation¶

Following instructions are meant for science gateway maintainers while generic users can skip this section. To install the portlet it is enough to install the war file into the application server and then configure the preference settings into the portlet preferences pane.

Preferences are splitted in three separate parts: Generic, Infrastructures and the application execution setting. The generic part contains the Log level which contains one of following values, sorted by decreasing level: info, debug, warning and error. The Application Identifier refers to theId field value of the GridEngine ‘UsersTracking’database table: GridInteractions. The infrastructure part consists of different settings related to the destination of users job execution. The fields belonging to this category are:

Enable infrastructure: A true/false flag which enables or disable the current infrastructure;

Infrastructure Name: The infrastructure name for these settings;

Infrastructure Acronym: A short name representing the infrastructure;

BDII host: The Infrastructure information system endpoint (URL). Infrastructure preferences have been thought initially for the elite Grid based infrastructures;

WMS host: It is possible to specify which is the brokering service endpoint (URL);

Robot Proxy values: This is a collection of several values which configures the robot proxy settings (Host, Port, proxyID, VO, Role, proxy renewal);

Job requirements: This field contains the necessary statements to specify a job execution requirement, such as a particular software, a particular number of CPUs/RAM, etc.

Actually, depending on the infrastructure, some of the fields above have an overloaded meaning. Please contact the support for further information or watch existing production portlet settings.

Usage¶

The usage of the portlet is simple; the user can select to upload a local Octave macro file selecting the Browse button in the Application input file section, or insert inside the text field the Octave macro text by pasting a text or editing directly on the larger text box below. The job identifier text is a human readable values that users will use to keep track of any job execution. Following buttons: Demo, Submit, Reset values and About are respectively:

Demo - Fills the Macro Text box with an Octave macro example

Submit - Executes the given macro on the distributed infrastructure

Reset - Resets the input form

About - Gives an overview of the portlet

Contributor(s)¶

To get support such as reporting a bug, a problem or even request new features, please contact

About¶

The user can search, in more than 100 languages, in parallel across CHAIN-REDS Knowledge Base and in:

• ENGAGE
• EUROPEANA
• CULTURA ITALIA
• ISIDORE
• OPENAGRIS
• PUBMED

Installation¶

To install this portlet the WAR file has to be deployed into the application server.

Once the portlet is installed, through its preferences page is possible to select which SPARQL endpoints are wanted to be queried and the number of records to display per page, as shown in the following figure.

Usage¶

The search can be performed:

• By typing one or more keywords in the textbox search. After entering the search string, clicking the “Search” button the system submit a SPARQL query that retrieve the results from the CHAIN-REDS repository.
• Using search filters. Inserting in textbox search string, for example, “author: G. Smith” and clicking “Search” will be launched a SPARQL query that will return only the resources of CHAIN-REDS that have at least one author who matches “Smith G.”. The possible filters (according to the Dublin Core Standard) are : dc: author, dc: subject dc: type and dc: publisher. Clicking the “Examples” button are show examples of search filters in 4 of the 110 languages supported by the system.

Clicking on “More Info” link, you can access all the details of the resource.

Clicking on “[Citations]” link (only for CHAIN-REDS tab), if available, are dispayed more information from Google Scholar about the versions and the quotations of the resource.

Clicking on “[Linked Data]” link will be open a new tab that shows a LodLive graph of the resource with all its metadata.

References¶

• ‘A CHAIN-REDS Perspective about Data Access and Metadata Management’. 3rd International Platform on Integrating Arab e-infrastructure in a Global Environment, e-AGE 2013. December 12-13, 2013. Tunisia. [1]
• The CHAIN-REDS Semantic Search Engine.[2]
• Science Gateways for Semantic-Web- Based Life Science Applications. Studies in Health Technology and Informatics, Volume 175: HealthGrid Applications and Technologies Meet Science gateways for Life Sciences, pp 119-130. DOI: 10.3233/978-1-61499-054-3-119 [3]
• The CHAIN-REDS Knowledge Base and Semantic Search Engine. e-Infrastructures for e-Sciences 2013. A CHAIN-REDS Workshop organised under the eagis of the European Commission (eleS2013). October 22, 2013 Beijing, P.R. of China. [4]
• A CHAIN-REDS solution for accessing computational services. Cuarta Conferencia de Directores de Tecnología de Información, TICAL2014 Gestión de las TICs para la Investigación y la Colaboración, Cancún, del 26 al 28 de mayo de 2014.[5]
• CHAIN-REDS application use cases on data management. “4th International Platform on Integrating Arab e-Infrastructure in a Global Environment, e-AGE 2014” to be held in Grant Hyatt Muscat, Oman, 10 – 11 December, 2014.[6]
• CHAIN-REDS DART Challenge. Biredial-ISTEC 2014, At Porto Alegre, Rio Grande du Sul Brazil. DOI: 10.13140/2.1.3532.8961 [7]

Contributors¶

Please feel free to contact us any time if you have any questions or comments.

About¶

The PICALC consists of a portlet example able to submit a paralle MPI job that calculates the PI into one or more distributed infrastructures (DCIs). This portlet contains almost all GUI elements to provide a complete input interface together with the necessary code to deal with DCIs settings, portlet preferences etc. The aim of this portlet is to use its code as a template that Science Gateway developers may customize to fit their own specific requirements. To faciciltate the customization process, a customize.sh bash script is included inside the source code package.

Installation¶

Following instructions are meant for science gateway maintainers while generic users can skip this section. To install the portlet it is enough to install the war file into the application server and then configure the preference settings into the portlet preferences pane.

Preferences are splitted in three separate parts: Generic, Infrastructures and the application execution setting. The generic part contains the Log level which contains one of following values, sorted by decreasing level: info, debug, warning and error. The Application Identifier refers to theId field value of the GridEngine ‘UsersTracking’database table: GridInteractions. The infrastructure part consists of different settings related to the destination of users job execution. The fields belonging to this category are:

Enable infrastructure: A true/false flag which enables or disable the current infrastructure;

Infrastructure Name: The infrastructure name for these settings;

Infrastructure Acronym: A short name representing the infrastructure;

BDII host: The Infrastructure information system endpoint (URL). Infrastructure preferences have been thought initially for the elite Grid based infrastructures;

WMS host: It is possible to specify which is the brokering service endpoint (URL);

Robot Proxy values: This is a collection of several values which configures the robot proxy settings (Host, Port, proxyID, VO, Role, proxy renewal);

Job requirements: This field contains the necessary statements to specify a job execution requirement, such as a particular software, a particular number of CPUs/RAM, etc.

Actually, depending on the infrastructure, some of the fields above have an overloaded meaning. Please contact the support for further information or watch existing production portlet settings.

Usage¶

The usage of the portlet is simple; the user can select to upload a file, or insert inside the text field any input text. The job identifier text is a human readable value that users will use to keep track of any job execution on DCIs Following buttons: Demo, Submit, Reset values and About are respectively:

Submit - Executes the given macro on the distributed infrastructure

Reset - Resets the input form

About - Gives an overview of the portlet

Contributor(s)¶

To get support such as reporting a bug, a problem or even request new features, please contact

About¶

R is a language and environment for statistical computing and graphics. It is a GNU project which is similar to the S language and environment which was developed at Bell Laboratories (formerly AT&amp;T, now Lucent Technologies) by John Chambers and colleagues. R can be considered as a different implementation of S. There are some important differences, but much code written for S runs unaltered under R. R provides a wide variety of statistical (linear and nonlinear modelling, classical statistical tests, time-series analysis, classification, clustering, ...) and graphical techniques, and is highly extensible. The S language is often the vehicle of choice for research in statistical methodology, and R provides an Open Source route to participation in that activity. One of R’s strengths is the ease with which well-designed publication-quality plots can be produced, including mathematical symbols and formulae where needed. Great care has been taken over the defaults for the minor design choices in graphics, but the user retains full control. R is available as Free Software under the terms of the Free Software Foundation’s GNU General Public License in source code form. It compiles and runs on a wide variety of UNIX platforms and similar systems (including FreeBSD and Linux), Windows and MacOS.

Installation¶

Following instructions are meant for science gateway maintainers while generic users can skip this section. To install the portlet it is enough to install the war file into the application server and then configure the infrastructure settings into the portlet preferences pane.

Preferences are splitted in three separate parts: Generic, Infrastructures and the application execution setting. The generic part contains the Log level which contains one of following values, sorted by decreasing level: info, debug, warning and error. The Application Identifier refers to theId field value of the GridEngine ‘UsersTracking’database table: GridInteractions. The infrastructure part consists of different settings related to the destination of users job execution. The fields belonging to this category are:

Enable infrastructure: A true/false flag which enables or disable the current infrastructure;

Infrastructure Name: The infrastructure name for these settings;

Infrastructure Acronym: A short name representing the infrastructure;

BDII host: The Infrastructure information system endpoint (URL). Infrastructure preferences have been thought initially for the elite Grid based infrastructures;

WMS host: It is possible to specify which is the brokering service endpoint (URL);

Robot Proxy values: This is a collection of several values which configures the robot proxy settings (Host, Port, proxyID, VO, Role, proxy renewal);

Job requirements: This field contains the necessary statements to specify a job execution requirement, such as a particular software, a particular number of CPUs/RAM, etc.

Actually, depending on the infrastructure, some of the fields above have an overloaded meaning. Please contact the support for further information or watch existing production portlet settings.

Usage¶

The usage of the portlet is simple; the user can select to upload a local R macro file selecting the Browse button in the Application input file section, or insert inside the text field the R macro text by pasting a text or editing directly on the larger text box below. The job identifier text is a human readable values that users will use to keep track of any job execution. Following buttons: Demo, Submit, Reset values and About are respectively:

Demo - Fills the Macro Text box with an R-Macro example

Submit - Executes the given macro on the distributed infrastructure

Reset - Resets the input form

About - Gives an overview of the portlet

Contributor(s)¶

To get support such as reporting a bug, a problem or even request new features, please contact

About¶

Installation¶

To install this portlet the WAR file has to be deployed into the application server.

Usage¶

The search can be performed:

• By typing one or more keywords in the textbox search. After entering the search string, clicking the “Search” button the system submit a SPARQL query that retrieve the results from the CHAIN-REDS repository.

Example of query to retrieve the resources with the keyword in title.

SELECT distinct ?s WHERE {

?s dc:title ?title. ?title bif:contains ” + keyword + ”. ?s <http://semanticweb.org/ontologies/2013/2/7/RepositoryOntology.owl#isResourceOf> ?rep. ?rep <http://www.semanticweb.org/ontologies/2013/2/7/RepositoryOntology.owl#rank> ?rank. }ORDER BY ASC(?rank) limit 20 offset 0

• Using search filters. Inserting in textbox search string, for example, “author: G. Smith” and clicking “Search” will be launched a SPARQL query that will return only the resources of CHAIN-REDS that have at least one author who matches “Smith G.”. The possible filters (according to the Dublin Core Standard) are : dc: author, dc: subject dc: type and dc: publisher. Clicking the “Examples” button are show examples of search filters in 4 of the 110 languages supported by the system.

In both cases the results of the query will be processed further, to obtain the final results, as shown in Figure

Clicking on “More Info” link you can access all the details of the resource.

Clicking on “[Citations]” link, if available, are dispayed more information from Google Scholar about the versions and the quotations of the resource.

Clicking on “[Linked Data]” link will be open a new tab that shows a LodLive graph of the resource with all its metadata.

References¶

• ‘A CHAIN-REDS Perspective about Data Access and Metadata Management’. 3rd International Platform on Integrating Arab e-infrastructure in a Global Environment, e-AGE 2013. December 12-13, 2013. Tunisia. [1]
• The CHAIN-REDS Semantic Search Engine.[2]
• Science Gateways for Semantic-Web- Based Life Science Applications. Studies in Health Technology and Informatics, Volume 175: HealthGrid Applications and Technologies Meet Science gateways for Life Sciences, pp 119-130. DOI: 10.3233/978-1-61499-054-3-119 [3]
• The CHAIN-REDS Knowledge Base and Semantic Search Engine. e-Infrastructures for e-Sciences 2013. A CHAIN-REDS Workshop organised under the eagis of the European Commission (eleS2013). October 22, 2013 Beijing, P.R. of China. [4]
• A CHAIN-REDS solution for accessing computational services. Cuarta Conferencia de Directores de Tecnología de Información, TICAL2014 Gestión de las TICs para la Investigación y la Colaboración, Cancún, del 26 al 28 de mayo de 2014.[5]
• CHAIN-REDS application use cases on data management. “4th International Platform on Integrating Arab e-Infrastructure in a Global Environment, e-AGE 2014” to be held in Grant Hyatt Muscat, Oman, 10 – 11 December, 2014.[6]
• CHAIN-REDS DART Challenge. Biredial-ISTEC 2014, At Porto Alegre, Rio Grande du Sul Brazil. DOI: 10.13140/2.1.3532.8961 [7]

Contributors¶

Please feel free to contact us any time if you have any questions or comments.

About¶

Data Sonification is the representation of data by means of sound signals, so it is the analog of scientific visualization, where we deal with auditory instead of visual images. Generally speaking any sonification procedure is a mathematical mapping from a certain data set (numbers, strings, images, ...) to a sound string.