This is note of following the documentation for installation of a MiG-server from the documentation sources in [1][2]. With added information on operating system installation and additional tools used in the process.
512MB ram, bridged network.
Used the latest ubuntu-server-amd64 iso from ubuntu.com and during installation i chose to create the "mig" user, installed a base system with OpenSSH and selected "without automatic updates".
After installation and rebooted then did:
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install postfix mailutils apache2-mpm-prefork openssh-server screen
A default installation will have a user-account on the system named 'mig', the Apache webserver will run under this user account and the homedirectory /home/mig will exist. A default directory layout will look like:
/home/mig/mig - Server code
/home/mig/state - User-files, and other state-files
/home/mig/certs - MiG certificate-files
MiG is state-machine with logic in /home/mig/mig and state represented as the set of files in /home/mig/state. Without the proper set of directories MiG will complain and not behave properly.
/home/mig/state/user_home
/home/mig/state/user_home/.settings
/home/mig/state/user_home/.widgets
/home/mig/state/user_pending
/home/mig/state/user_cache
/home/mig/state/mrsl_files
/home/mig/state/resource_home
/home/mig/state/resource_pending
/home/mig/state/webserver_home
/home/mig/state/gridstat_files
/home/mig/state/vgrid_home
/home/mig/state/vgrid_home/Generic
/home/mig/state/mig_system_files
wget http://migrid.googlecode.com/files/mig-1.3.2.tgz
tar xzf mig-1.3.2.tgz
mv mig-1.3.2/* .
rmdir mig-1.3.2/
rm mig-1.3.2.tgz
chmod -R 700 ~mig
cd mig/install
./generateconfs.py
cd ~
cp mig/install/MiGserver.conf mig/server/
Modified "~/mig/server/MiGserver.conf":
server_fqdn = migserver
admin_email = mig
auto_add_cert_user = True
cd ~
ssh-keygen -t dsa
I attempted using manual creating as can be inspected in the appendix but using the TinyCA gui is just so much faster... for me at least...
Create certificates for users sign it with your CA
Export CA to cacert.pem
When done I had the following files:
~/certs/cacert.pem
~/certs/crl.pem
~/certs/server.crt
~/certs/server.key
sudo /etc/init.d/apache2 stop
sudo mv apache2.conf /etc/apache2/
sudo mv httpd.conf /etc/apache2/
sudo mv ports.conf /etc/apache2/
sudo mv envvars /etc/apache2/
sudo cp mig/install/MiG.conf /etc/apache2/sites-available/MiG
Modified "/etc/apache2/sites-available/MiG":
ServerName localhost -> ServerName migserver
localhost: -> *:
Modified "/etc/apache2/ports.conf":
localhost: -> *:
sudo a2enmod ssl
sudo a2enmod actions
sudo a2enmod rewrite
sudo a2dissite 000-default
sudo a2ensite MiG
sudo /etc/init.d/apache2 start
It is convenient to run MiG in screen, the commands below runs the grid_script and grid_monitor in screen so you can attach to them later on.
cd ~/mig/server && screen -S grid_script -d -m ./grid_script.py
cd ~/mig/server && screen -S grid_monitor -d -m ./grid_monitor.py
Attaching is done by running "screen -x grid_monitor", "screen -x grid_script". When attached the hotkey combination: "Ctrl-a Ctrl-d", detaches the screen.
When debugging the MiG installation these are the places to look for information:
/var/log/apache2 - Apache errors, especially SSL-errors can be determined there.
/home/mig/mig/server/mig.log - Application error messages
[1] http://code.google.com/p/migrid/source/browse/trunk/mig/install/README.Debian
[2] http://code.google.com/p/migrid/source/browse/trunk/README
cd ~/mig/images/lib
ln -s codemirror-0.7 codemirror
ln -s markitup-1.1.7 markitup
mv markitup-html-set markitup/markitup/sets/html
mv markitup-txt2tags-set markitup/markitup/sets/txt2tags
mkdir ~certs
cd ~certs
openssl genrsa -des3 -out cacert.key 4096
openssl req -new -x509 -days 365 -key cacert.key -out cacert.crt
openssl x509 -in cacert.crt -out cacert.der -outform DER
openssl x509 -in cacert.der -inform DER -out cacert.pem -outform PEM
openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -CA cacert.crt -CAkey cacert.key -set_serial 01 -out server.crt
openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key
openssl genrsa -des3 -out client.key 4096
openssl req -new -key client.key -out client.csr
openssl x509 -req -days 365 -in client.csr -CA cacert.crt -CAkey cacert.key -set_serial 01 -out client.crt
openssl rsa -in client.key -out client.key.insecure
mv client.key client.key.secure
mv client.key.insecure client.key
cd ~
svn export http://grid-dk.googlecode.com/svn/trunk/tinyCA certs
make init
make hostcert HOST=migserver
make usercert USER="Simon A. F. Lund" FILE="SimonAFLundCert"
ln -s ca-cert.pem cacert.pem
ln -s host.cert server.crt
ln -s host.key server.key