-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Updating with install instructions from github README.md perfsonar/pr…
- Loading branch information
Showing
4 changed files
with
383 additions
and
166 deletions.
There are no files selected for viewing
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
|
||
psConfig Web Administrator (PWA) API | ||
==================================== | ||
|
||
PWA API | ||
------- | ||
|
||
PWA allows you to create / update meshconfig via REST API. You can use this to automate various configuration adminsitration. | ||
|
||
Before you can start using the API, you need to obtain the access token. | ||
|
||
Login to your PWA server, and run something like following.. | ||
|
||
.. code-block:: bash | ||
$ docker exec -it sca-auth bash | ||
$ /app/bin/auth.js issue --scopes '{"pwa": ["user"]}' -- username 'username' | ||
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL3NjYS5pdS5lZHUvYXV0aCIsImlhdCI6MTQ4NzYyNzE2OS45NjMsInNjb3BlcyI6eyJtY2EiOlsidXNlciJdfSwic3ViIjowfQ.hmKr5GAhabMwSltdyq21__-JSGFXFyhxLB7HxhucXLMOslqVo2yOx4qZoLprBDKcCFnKQ7fQNY0fI9coi9ix40clci--p5iSD-w4gzXaxRm2wvldUDQeA... | ||
$ exit | ||
.. | ||
'0' is where you put your user ID | ||
|
||
|
||
Copy the output from auth.js which is your access token. Store this on your server somewhere and make sure only you can access it (like chmod 600 ``~/.pwa.token.jwt``\ ) | ||
|
||
You can now use most of the PWA REST APIs as documented here. | ||
|
||
.. | ||
https://hostname/apidoc/ | ||
|
||
|
||
For example, to query for the hostgroups, you can do something like | ||
|
||
.. code-block:: bash | ||
jwt=`cat ~/.pwa.token.jwt` | ||
curl -k \ | ||
-H "Authorization: Bearer $jwt" \ | ||
-H "Content-Type: application/json" \ | ||
-X POST https://<hostname>/api/pwa/hostgroup?limit=1 | ||
.. code-block:: json | ||
{"hostgroups":[{"_id":"5884d2c28c5b1e0021328cfa","desc":"New Hostgroup","host_filter":"return false; //select none","name":"Test Bandwidth Group","service_type":"bwctl","update_date":"2017-01-31T01:29:02.949Z","create_date":"2017-01-22T15:41:54.031Z","admins":["1","2","4"],"hosts":["588544c662b49f61a8cd84ab","5886871bd4d83100216d158a","58868aa2d4d83100216d15b3","58869eea4208e70020963856","58868945d4d83100216d159a","5886895ed4d83100216d159e","5886897cd4d83100216d15a2","58868996d4d83100216d15a5","588689afd4d83100216d15a8"],"type":"static","__v":8,"_canedit":false}],"count":11} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,171 +1,7 @@ | ||
###################################### | ||
Installation | ||
###################################### | ||
|
||
Docker | ||
============ | ||
|
||
TODO: update the install docs and/or copy from README.md in the pwa project` | ||
|
||
Start a postgreSQL container for PWA. | ||
|
||
:: | ||
|
||
docker run --name pwa-postgres \ | ||
--restart=always \ | ||
-d postgres | ||
|
||
|
||
After postgreSQL container starts up, start the PWA container with default configuration / self-signed ssl cert. | ||
|
||
:: | ||
|
||
docker run --name pwa \ | ||
--restart=always \ | ||
--link pwa-postgres:postgres \ | ||
-p 80:80 \ | ||
-p 443:443 \ | ||
-p 9443:9443 \ | ||
-d soichih/pwa | ||
|
||
You should now be able to access PWA UI at https://<yourhostname>/meshconfig | ||
|
||
RHEL6 / CentOS6 (x86) | ||
============================== | ||
|
||
PWA requires postgreSQL >9.2 provided by CentOS SCL, and nodejs from epel. | ||
|
||
:: | ||
|
||
yum install epel-release | ||
yum install centos-release-scl | ||
|
||
Then, download the latest PWA RHEL6 RPM from `GitRepo <https://github.com/soichih/meshconfig-admin/releases>`_ | ||
|
||
:: | ||
|
||
yum install pwa-2.0-X.el6.x86_64.rpm | ||
|
||
If this is the first time you have installed PWA, you can run following to initialize DB, generate access token, etc.. | ||
|
||
:: | ||
|
||
service pwa setup | ||
|
||
Stacking PWA on existing toolkit instance on RHEL6 | ||
***************************************************** | ||
|
||
.. note:: This instruction is still incomplete.. I need to reconcile with esmond httpd conf | ||
|
||
Since PWA requires postgreSQL>9.2, and RHEL/CentOS6 provides postgreSQL8 which is used by toolkit(esmond), postgreSQL92 for PWA needs to be installed along side the postgreSQL8. To do this, you will need to adjust the port used by postgreSQL92 to something other than the default 5432 (5433 will do). | ||
|
||
"service pwa setup" will fail to create pwa user and pwadmin database since it tries to use the postgreSQL8 instance. Do following to setup the postgreSQL92 for PWA. | ||
|
||
* Step 1 - Start postgresql92 on port 5433 | ||
|
||
Create /opt/rh/postgresql92/root/etc/sysconfig/pgsql/postgresql92-postgresql | ||
|
||
:: | ||
mkdir /opt/rh/postgresql92/root/etc/sysconfig/pgsql | ||
echo "export PGPORT=5433" > /opt/rh/postgresql92/root/etc/sysconfig/pgsql/postgresql92-postgresql | ||
|
||
Then start postgresql92.. | ||
|
||
:: | ||
|
||
service start postgresql92-postgresql | ||
|
||
* Step 2 - create pwa user and pwadmin database | ||
|
||
:: | ||
|
||
su - postgres | ||
scl enable postgresql92 | ||
psql -p 5433 -c "CREATE ROLE pwa PASSWORD 'newpassword' CREATEDB INHERIT LOGIN;" | ||
psql -p 5433 -c "CREATE DATABASE pwadmin OWNER pwa;" | ||
|
||
* Step 3 - update pwa db config | ||
|
||
Edit /opt/pwa/pwa/api/config/db.js | ||
|
||
:: | ||
|
||
module.exports = 'postgres://pwa:hogehoge@localhost:5433/pwadmin' | ||
|
||
|
||
RHEL7 / CentOS7 (x86) | ||
======================= | ||
|
||
Download the latest PWA RHEL7 RPM from `GitRepo <https://github.com/soichih/meshconfig-admin/releases>`_. | ||
|
||
:: | ||
|
||
yum install epel-release | ||
yum install pwa-2.0-X.el7.x86_64.rpm | ||
|
||
If this is the first time you have installed PWA, you can run following to initialize postgres DB, generate access token, start apache, PWA, etc.. | ||
|
||
:: | ||
|
||
/opt/pwa/pwa/deploy/rhel7/setup.sh | ||
|
||
If you are upgrading to a new version of PWA, PWA services should automatically restart. If you want to force restarting it anyway, you can run following. | ||
|
||
:: | ||
|
||
pm2 restart all | ||
|
||
Debian | ||
============ | ||
|
||
Debian packages for PWA are not available yet. Debian users that wish to try the PWA should do it from a CentOS host or from withing a Docker container (see above for details). | ||
|
||
Post Installation Configuration | ||
################################### | ||
|
||
HTTPS Certificate | ||
======================== | ||
|
||
You will need to request and install a new HTTP/SSL certificate. By default, PWA comes with a self-signed certificate installed on /opt/pwa/pwa/deploy/conf/ssl/server/self.cert.pem. How to request the HTTP/SSL certificate is out of scope for this document. Please contact an administrator from your campus / institution to find out more. | ||
|
||
Once you have obtained your HTTP/SSL certificate, you can install it on /etc/grid-security/http, and you will need to adjust the apache configuration (/etc/httpd/conf.d/apache-pwa.conf) to point to your new certificate (for both port 443 and 9443 - if you are using X509 authentication) | ||
|
||
:: | ||
|
||
<VirtualHost _default:443> | ||
SSLCertificateFile /etc/grid-security/http/cert.pem | ||
SSLCertificateKeyFile /etc/grid-security/http/key.pem | ||
SSLCertificateChainFile /etc/grid-security/http/chain.pem | ||
|
||
:: | ||
|
||
<VirtualHost _default:9443> | ||
SSLCertificateFile /etc/grid-security/http/cert.pem | ||
SSLCertificateKeyFile /etc/grid-security/http/key.pem | ||
SSLCertificateChainFile /etc/grid-security/http/chain.pem | ||
|
||
Firewall | ||
======================== | ||
|
||
Open following ports on your firewall | ||
|
||
* 80: Used to expose generated MeshConfig | ||
* 443: Used for admin UI | ||
* 9443: Used by SCA authentication service to allow X509 based login | ||
|
||
For systemd | ||
******************** | ||
|
||
:: | ||
|
||
firewall-cmd --add-service=http --zone=public | ||
firewall-cmd --add-service=http --zone=public --permanent | ||
firewall-cmd --add-service=https --zone=public | ||
firewall-cmd --add-service=https --zone=public --permanent | ||
firewall-cmd --add-port=9443/tcp --zone=public | ||
firewall-cmd --add-port=9443/tcp --zone=public --permanent | ||
|
||
PWA should now be running with the default configuration at https://<yourhostname>/meshconfig | ||
|
||
Please see :doc:`pwa_configure` next. | ||
.. include:: pwa_readme.rst | ||
|
||
|
Oops, something went wrong.