Updated: Dec. 3, 2010, 7:06 p.m.

Minimum Intrusion Grid - Installation and Configuration

This is note of following the documentation for installation of a MiG-server from the documentation sources in [1][2]. With added information on operating system installation and additional tools used in the process.


Virtual Machine

512MB ram, bridged network.

Basic OS installation

Used the latest ubuntu-server-amd64 iso from ubuntu.com and during installation i chose to create the "mig" user, installed a base system with OpenSSH and selected "without automatic updates".

After installation and rebooted then did:

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install postfix mailutils apache2-mpm-prefork openssh-server screen

Firewall notes

Following the Installation Guide

A default installation will have a user-account on the system named 'mig', the Apache webserver will run under this user account and the homedirectory /home/mig will exist. A default directory layout will look like:

/home/mig/mig           - Server code
/home/mig/state         - User-files, and other state-files
/home/mig/certs         - MiG certificate-files

MiG is state-machine with logic in /home/mig/mig and state represented as the set of files in /home/mig/state. Without the proper set of directories MiG will complain and not behave properly.



wget http://migrid.googlecode.com/files/mig-1.3.2.tgz
tar xzf mig-1.3.2.tgz
mv mig-1.3.2/* .
rmdir mig-1.3.2/
rm mig-1.3.2.tgz
chmod -R 700 ~mig
cd mig/install

cd ~
cp mig/install/MiGserver.conf mig/server/

Modified "~/mig/server/MiGserver.conf":

server_fqdn = migserver
admin_email = mig
auto_add_cert_user = True

SSH keys on MiG server

cd ~
ssh-keygen -t dsa

Certificates - TinyCA-gui

I attempted using manual creating as can be inspected in the appendix but using the TinyCA gui is just so much faster... for me at least...

When done I had the following files:



sudo /etc/init.d/apache2 stop
sudo mv apache2.conf /etc/apache2/
sudo mv httpd.conf   /etc/apache2/
sudo mv ports.conf /etc/apache2/
sudo mv envvars /etc/apache2/
sudo cp mig/install/MiG.conf /etc/apache2/sites-available/MiG

Modified "/etc/apache2/sites-available/MiG":

ServerName localhost -> ServerName migserver
localhost: -> *:

Modified "/etc/apache2/ports.conf":

localhost: -> *:

sudo a2enmod ssl
sudo a2enmod actions
sudo a2enmod rewrite
sudo a2dissite 000-default
sudo a2ensite MiG
sudo /etc/init.d/apache2 start

Invoking MiG

It is convenient to run MiG in screen, the commands below runs the grid_script and grid_monitor in screen so you can attach to them later on.

cd ~/mig/server && screen -S grid_script -d -m ./grid_script.py
cd ~/mig/server && screen -S grid_monitor -d -m ./grid_monitor.py

Attaching is done by running "screen -x grid_monitor", "screen -x grid_script". When attached the hotkey combination: "Ctrl-a Ctrl-d", detaches the screen.

MiG error output

When debugging the MiG installation these are the places to look for information:

/var/log/apache2            - Apache errors, especially SSL-errors can be determined there.
/home/mig/mig/server/mig.log    - Application error messages


[1] http://code.google.com/p/migrid/source/browse/trunk/mig/install/README.Debian
[2] http://code.google.com/p/migrid/source/browse/trunk/README


Fixing some libs

cd ~/mig/images/lib
ln -s codemirror-0.7 codemirror
ln -s markitup-1.1.7 markitup
mv markitup-html-set markitup/markitup/sets/html
mv markitup-txt2tags-set markitup/markitup/sets/txt2tags

Certificates - Manually

mkdir ~certs
cd ~certs

openssl genrsa -des3 -out cacert.key 4096
openssl req -new -x509 -days 365 -key cacert.key -out cacert.crt
openssl x509 -in cacert.crt -out cacert.der -outform DER
openssl x509 -in cacert.der -inform DER -out cacert.pem -outform PEM

openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -CA cacert.crt -CAkey cacert.key -set_serial 01 -out server.crt

openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key

openssl genrsa -des3 -out client.key 4096
openssl req -new -key client.key -out client.csr
openssl x509 -req -days 365 -in client.csr -CA cacert.crt -CAkey cacert.key -set_serial 01 -out client.crt

openssl rsa -in client.key -out client.key.insecure
mv client.key client.key.secure
mv client.key.insecure client.key

Certificates with Script

cd ~
svn export http://grid-dk.googlecode.com/svn/trunk/tinyCA certs
make init
make hostcert HOST=migserver
make usercert USER="Simon A. F. Lund" FILE="SimonAFLundCert"
ln -s ca-cert.pem cacert.pem
ln -s host.cert server.crt
ln -s host.key server.key