Changes between Version 30 and Version 31 of InstallDiscoveryBrowse


Ignore:
Timestamp:
04/06/08 13:50:14 (11 years ago)
Author:
pjkersha
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • InstallDiscoveryBrowse

    v30 v31  
    3838sudo python -m easy_install "pylons>=0.9.6" 
    3939}}} 
    40 If easy_install can't find this version, try: 
    41 {{{ 
    42 sudo python -m easy_install -f http://pylonshq.com/download/0.9.5/ Pylons==0.9.5 
    43 }}} 
    4440 
    4541== Step 5: Install Kid templating plugin == 
     
    6157Install CDatLite: 
    6258{{{ 
    63 sudo python -m easy_install cdat_lite 
     59sudo python -m easy_install -f http://ndg.nerc.ac.uk/dist cdat_lite 
    6460}}} 
    6561 
     
    7470{{{ 
    7571-bash-2.05b$ python 
    76 Python 2.4.4 (#6, Jul 10 2007, 09:11:51)  
    77 [GCC 3.2.3 20030502 (Red Hat Linux 3.2.3-52)] on linux2 
     72Python 2.5.2 (r252:60911, Jun  4 2008, 11:30:27) 
     73[GCC 3.2.3 20030502 (Red Hat Linux 3.2.3-59)] on linux2 
    7874Type "help", "copyright", "credits" or "license" for more information. 
    7975>>> import pylons 
    8076>>> import paste 
    8177>>> import numpy 
    82 >>> import cdms 
     78>>> import cdms2 
    8379>>> import csml 
    84 could not import Image 
     80NASAAmes interface not available. CSML will still work, but won't support NASA Ames files 
     81Python Image Library not available. CSML will still work, but won't support image files 
    8582>>>  
    8683}}} 
     
    8885The message about 'Image' means the python imaging library is not installed. This is not mandatory, and is only needed for PML at the moment. 
    8986 
    90 So now all the components are there except for the discovery, browse and CSML services code... 
     87So now all the components are there except for the discovery, browse and security code... 
    9188 
    9289== Step 8: Install the OWS Framework Eggs == 
     
    138135}}} 
    139136 
     137=== Discovery Standalone Interface === 
     138Note that it's possible to run the Discovery/Browse code stack as a Discovery only interface.  In this case, no security is required.  To set in this configuration set the standalone flag in `ndgDiscovery.config` to 'True'. 
     139 
    140140=== Security Configuration === 
    141 Security settings are organised under the `[NDG_SECURITY]` section of the config file.  Set-up includes the following steps:   
     141If Browse is run, then security needs to be configured. 
     142 
     143Security settings are organised under the `[NDG_SECURITY.*]` sections of the `ndgDiscovery.config` file.  Set-up includes the following steps:   
    142144 * certificates are created to secure communication with security web services (WS-Security and SSL Settings) 
    143  * the Discovery service is set up to run over http and https Virtual Hosts and  
    144  * parameters are configured to enable the Gatekeeper to make access control decisions for secure data requests. 
     145 * the Discovery/Browse service is set up to run over http and https Virtual Hosts and  
     146 * parameters are configured to enable access control decisions for secure data requests. 
    145147 
    146148For help contact [mailto:P.J.Kershaw@rl.ac.uk Phil]. 
    147149 
    148150==== Secure Communication with Security Web Services ==== 
    149 Create a Discovery Service certificate and private key.  For the private key: 
     151Create a certificate and private key for the Browse PDP (Policy Decision Point).  For the private key: 
    150152{{{ 
    151153cd /etc/ndg/ows_server/conf/certs 
    152 openssl genrsa -des3 -out discovery.key 2048 
    153 chmod 400 discovery.key 
     154openssl genrsa -des3 -out browse-pdp.key 2048 
     155chmod 400 browse-pdp.key 
    154156}}} 
    155157 
     
    159161 
    160162{{{ 
    161 openssl req -new -key discovery.key -out discovery.csr 
    162 }}} 
    163  
    164 You will be prompted for the fields that will make up the Distinguished Name of the certificate when it is issued.  It is recommended that a Common Name is set to `DiscoveryService`.   Organisation can be `NDG` and Organisation Unit, the name of your organisation.  Other fields can be left blank.   
     163openssl req -new -key browse-pdp.key -out browse-pdp.csr 
     164}}} 
     165 
     166You will be prompted for the fields that will make up the Distinguished Name of the certificate when it is issued.  It is recommended that a Common Name is set to `BrowsePDP`.   Organisation can be `NDG` and Organisation Unit, the name of your organisation.  Other fields can be left blank.   
    165167 
    166168[mailto:P.J.Kershaw@rl.ac.uk E-mail] the request file so that it can signed and sent back to you: 
    167169 
    168170{{{ 
    169 mail p.j.kershaw@rl.ac.uk -s 'Certificate Request' < discovery.csr 
    170 }}} 
    171  
    172 When you receive the signed certificate copy it into `/etc/ndg/ows_server/conf/certs/discovery.crt`. Once you have the certificate, the certificate request file `discovery.csr` can be removed.  You should also receive a copy of the CA certificate.  If not [mailto:P.J.Kershaw@rl.ac.uk request] it.  Copy the CA certificate to `/etc/ndg/ows_server/conf/certs/cacert.crt` 
     171mail p.j.kershaw@rl.ac.uk -s 'Certificate Request' < browse-pdp.csr 
     172}}} 
     173 
     174When you receive the signed certificate copy it into `/etc/ndg/ows_server/conf/certs/browse-pdp.crt`. Once you have the certificate, the certificate request file `browse-pdp.csr` can be removed.  You should also install a copy of your CA certificate and the CA certificates of all the other NDG sites that you trust.  If you don't know how to get this contact [mailto:P.J.Kershaw@rl.ac.uk Phil] for help.  Copy the CA certificates into `/etc/ndg/ows_server/conf/certs/` 
    173175 
    174176Certificate files can be checked with `openssl` e.g. the following command will print out the Distinguished Name for the CA certificate: