Skip to content

Commit

Permalink
Updating with install instructions from github README.md perfsonar/pr…
Browse files Browse the repository at this point in the history
  • Loading branch information
apertome committed Jun 8, 2018
1 parent 1288a01 commit 536d0ac
Show file tree
Hide file tree
Showing 4 changed files with 383 additions and 166 deletions.
Binary file added images/pwa/pwa_install.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
47 changes: 47 additions & 0 deletions pwa_api.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@

psConfig Web Administrator (PWA) API
====================================

PWA API
-------

PWA allows you to create / update meshconfig via REST API. You can use this to automate various configuration adminsitration.

Before you can start using the API, you need to obtain the access token.

Login to your PWA server, and run something like following..

.. code-block:: bash
$ docker exec -it sca-auth bash
$ /app/bin/auth.js issue --scopes '{"pwa": ["user"]}' -- username 'username'
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL3NjYS5pdS5lZHUvYXV0aCIsImlhdCI6MTQ4NzYyNzE2OS45NjMsInNjb3BlcyI6eyJtY2EiOlsidXNlciJdfSwic3ViIjowfQ.hmKr5GAhabMwSltdyq21__-JSGFXFyhxLB7HxhucXLMOslqVo2yOx4qZoLprBDKcCFnKQ7fQNY0fI9coi9ix40clci--p5iSD-w4gzXaxRm2wvldUDQeA...
$ exit
..
'0' is where you put your user ID


Copy the output from auth.js which is your access token. Store this on your server somewhere and make sure only you can access it (like chmod 600 ``~/.pwa.token.jwt``\ )

You can now use most of the PWA REST APIs as documented here.

..
https://hostname/apidoc/


For example, to query for the hostgroups, you can do something like

.. code-block:: bash
jwt=`cat ~/.pwa.token.jwt`
curl -k \
-H "Authorization: Bearer $jwt" \
-H "Content-Type: application/json" \
-X POST https://<hostname>/api/pwa/hostgroup?limit=1
.. code-block:: json
{"hostgroups":[{"_id":"5884d2c28c5b1e0021328cfa","desc":"New Hostgroup","host_filter":"return false; //select none","name":"Test Bandwidth Group","service_type":"bwctl","update_date":"2017-01-31T01:29:02.949Z","create_date":"2017-01-22T15:41:54.031Z","admins":["1","2","4"],"hosts":["588544c662b49f61a8cd84ab","5886871bd4d83100216d158a","58868aa2d4d83100216d15b3","58869eea4208e70020963856","58868945d4d83100216d159a","5886895ed4d83100216d159e","5886897cd4d83100216d15a2","58868996d4d83100216d15a5","588689afd4d83100216d15a8"],"type":"static","__v":8,"_canedit":false}],"count":11}
168 changes: 2 additions & 166 deletions pwa_install.rst
Original file line number Diff line number Diff line change
@@ -1,171 +1,7 @@
######################################
Installation
######################################

Docker
============

TODO: update the install docs and/or copy from README.md in the pwa project`

Start a postgreSQL container for PWA.

::

docker run --name pwa-postgres \
--restart=always \
-d postgres


After postgreSQL container starts up, start the PWA container with default configuration / self-signed ssl cert.

::

docker run --name pwa \
--restart=always \
--link pwa-postgres:postgres \
-p 80:80 \
-p 443:443 \
-p 9443:9443 \
-d soichih/pwa

You should now be able to access PWA UI at https://<yourhostname>/meshconfig

RHEL6 / CentOS6 (x86)
==============================

PWA requires postgreSQL >9.2 provided by CentOS SCL, and nodejs from epel.

::

yum install epel-release
yum install centos-release-scl

Then, download the latest PWA RHEL6 RPM from `GitRepo <https://github.com/soichih/meshconfig-admin/releases>`_

::

yum install pwa-2.0-X.el6.x86_64.rpm

If this is the first time you have installed PWA, you can run following to initialize DB, generate access token, etc..

::

service pwa setup

Stacking PWA on existing toolkit instance on RHEL6
*****************************************************

.. note:: This instruction is still incomplete.. I need to reconcile with esmond httpd conf

Since PWA requires postgreSQL>9.2, and RHEL/CentOS6 provides postgreSQL8 which is used by toolkit(esmond), postgreSQL92 for PWA needs to be installed along side the postgreSQL8. To do this, you will need to adjust the port used by postgreSQL92 to something other than the default 5432 (5433 will do).

"service pwa setup" will fail to create pwa user and pwadmin database since it tries to use the postgreSQL8 instance. Do following to setup the postgreSQL92 for PWA.

* Step 1 - Start postgresql92 on port 5433

Create /opt/rh/postgresql92/root/etc/sysconfig/pgsql/postgresql92-postgresql

::
mkdir /opt/rh/postgresql92/root/etc/sysconfig/pgsql
echo "export PGPORT=5433" > /opt/rh/postgresql92/root/etc/sysconfig/pgsql/postgresql92-postgresql

Then start postgresql92..

::

service start postgresql92-postgresql

* Step 2 - create pwa user and pwadmin database

::

su - postgres
scl enable postgresql92
psql -p 5433 -c "CREATE ROLE pwa PASSWORD 'newpassword' CREATEDB INHERIT LOGIN;"
psql -p 5433 -c "CREATE DATABASE pwadmin OWNER pwa;"

* Step 3 - update pwa db config

Edit /opt/pwa/pwa/api/config/db.js

::

module.exports = 'postgres://pwa:hogehoge@localhost:5433/pwadmin'


RHEL7 / CentOS7 (x86)
=======================

Download the latest PWA RHEL7 RPM from `GitRepo <https://github.com/soichih/meshconfig-admin/releases>`_.

::

yum install epel-release
yum install pwa-2.0-X.el7.x86_64.rpm

If this is the first time you have installed PWA, you can run following to initialize postgres DB, generate access token, start apache, PWA, etc..

::

/opt/pwa/pwa/deploy/rhel7/setup.sh

If you are upgrading to a new version of PWA, PWA services should automatically restart. If you want to force restarting it anyway, you can run following.

::

pm2 restart all

Debian
============

Debian packages for PWA are not available yet. Debian users that wish to try the PWA should do it from a CentOS host or from withing a Docker container (see above for details).

Post Installation Configuration
###################################

HTTPS Certificate
========================

You will need to request and install a new HTTP/SSL certificate. By default, PWA comes with a self-signed certificate installed on /opt/pwa/pwa/deploy/conf/ssl/server/self.cert.pem. How to request the HTTP/SSL certificate is out of scope for this document. Please contact an administrator from your campus / institution to find out more.

Once you have obtained your HTTP/SSL certificate, you can install it on /etc/grid-security/http, and you will need to adjust the apache configuration (/etc/httpd/conf.d/apache-pwa.conf) to point to your new certificate (for both port 443 and 9443 - if you are using X509 authentication)

::

<VirtualHost _default:443>
SSLCertificateFile /etc/grid-security/http/cert.pem
SSLCertificateKeyFile /etc/grid-security/http/key.pem
SSLCertificateChainFile /etc/grid-security/http/chain.pem

::

<VirtualHost _default:9443>
SSLCertificateFile /etc/grid-security/http/cert.pem
SSLCertificateKeyFile /etc/grid-security/http/key.pem
SSLCertificateChainFile /etc/grid-security/http/chain.pem

Firewall
========================

Open following ports on your firewall

* 80: Used to expose generated MeshConfig
* 443: Used for admin UI
* 9443: Used by SCA authentication service to allow X509 based login

For systemd
********************

::

firewall-cmd --add-service=http --zone=public
firewall-cmd --add-service=http --zone=public --permanent
firewall-cmd --add-service=https --zone=public
firewall-cmd --add-service=https --zone=public --permanent
firewall-cmd --add-port=9443/tcp --zone=public
firewall-cmd --add-port=9443/tcp --zone=public --permanent

PWA should now be running with the default configuration at https://<yourhostname>/meshconfig

Please see :doc:`pwa_configure` next.
.. include:: pwa_readme.rst


Loading

0 comments on commit 536d0ac

Please sign in to comment.