Difference between revisions of "RCauth Delegation Server & MasterPortal - Building from Source"

From PDP/Grid Wiki
Jump to navigationJump to search
(mp cli)
(deleg server)
Line 63: Line 63:
 
== Master Portal - CLI ==
 
== Master Portal - CLI ==
  
Next to the Master Portal you will also want to build the Master Portal CLI for managing and approving client (Portal) registrations. Without this you won't be able to use any Portals with your Master Portal (unless you approve them manually). The Master Portal CLI is built by applying the '''cli''' profile while building the '''master-portal-server''' module. Before you execute the maven command you will have to change the '''master-portal-server''' pom.xml to produce a .jar file instead of a .war file, since the '''cli''' target is also going to be a jar file which has to include the '''master-portal-server''' code.  
+
Next to the Master Portal you will also want to build the Master Portal CLI for managing and approving client (Portal) registrations. Without this you won't be able to use any Portals with your Master Portal (unless you approve them manually). The CLI is an original [http://grid.ncsa.illinois.edu/myproxy/oauth/server/manuals/cli.xhtml OA4MP tool], but it has to be recompiled together with the Master Portal, because the original CLI does not include all the relevant additional classes implemented and used by the Master Portal. Only the CLI compiled from the Master Portal will work together with a Master Portal!
 +
 
 +
The Master Portal CLI is built by applying the '''cli''' profile while building the '''master-portal-server''' module. Before you execute the maven command you will have to change the '''master-portal-server''' pom.xml to produce a .jar file instead of a .war file, since the '''cli''' target is also going to be a jar file which has to include the '''master-portal-server''' code.  
 
   
 
   
 
  # replace 'war' with 'jar' in the server pom.xml file
 
  # replace 'war' with 'jar' in the server pom.xml file
Line 79: Line 81:
 
After it has finished you should en up with the resulting cli .jar file inside the target directory:  
 
After it has finished you should en up with the resulting cli .jar file inside the target directory:  
  
  /master-portal-server/target/oa2-cli.jar  
+
  master-portal-server/target/oa2-cli.jar  
  
 
Don't forget to change the pom.xml file back to it's original state, producing .war files!  
 
Don't forget to change the pom.xml file back to it's original state, producing .war files!  
Line 86: Line 88:
  
 
= Building the Delegation Server =
 
= Building the Delegation Server =
 +
 +
The Delegation Server is currently hosted on [https://github.com/ttomttom/aarc-delegation-server github]. It's made up of a single module which is built on top of the [http://grid.ncsa.illinois.edu/myproxy/oauth/server/index.xhtml OA4MP Server], just like the [[#Building_the_Master_Portal | master-portal-server]] module. But unlike the [[#Building_the_Master_Portal | master-portal-server]] module, the Delegation Server is built on top of the plain OA4MP Server and not the forked one. The reason being that the Delegation Server doesn't need any of the added features for it to function. This saves us some effort since we don't need to compile the forked OA4MP Server, we can simply rely on the plain OA4MP Server to be pulled in by maven.
 +
 
== Delegation Server ==
 
== Delegation Server ==
 +
 +
Check out the Delegation Server source code from [https://github.com/ttomttom/aarc-delegation-server github] and compile it by executing:
 +
 +
git clone https://github.com/ttomttom/aarc-delegation-server.git
 +
cd aarc-delegation-server/delegation-server
 +
mvn package
 +
 +
After the building has finished you should end up with a single .war file in
 +
 +
aarc-delegation-server/delegation-server/target/oauth2.war
 +
 +
'''Note!''' If you're using [[CILogon_Pre-Pilot_Work_-_Ansible#Delegation_Server | Ansible]] to deploy the Delegation Server, copy this .war file over to the appropriate location in the Ansible scripts!
 +
 
== Delegation Server - CLI ==
 
== Delegation Server - CLI ==
 +
 +
Next to the Delegation Server you will also want to build the Delegation Server CLI for managing and approving client (Master Portal) registrations. Without this you won't be able to use any Master Portals with your Delegation Server (unless you approve them manually). The CLI is an original [http://grid.ncsa.illinois.edu/myproxy/oauth/server/manuals/cli.xhtml OA4MP tool], but it has to be recompiled together with the Delegation Server because the original CLI does not include all the relevant additional classes implemented and used by the Delegation Server. Moreover, the Delegation Server CLI has been extended to support an addition 'description' field for it's registered clients. Only the CLI compiled from the Delegation Server will work together with a Delegation Server!
 +
 +
Just as with the [[#Master_Portal_-_CLI | Master Portal CLI]], you have to apply the '''cli''' profile and build the Delegation Server as a .jar file:
 +
 +
# replace 'war' with 'jar' in the server pom.xml file
 +
cd aarc-delegation-server/delegation-server
 +
sed -i 's#^\(\s*\)<packaging>war</packaging>\(\s*\)$#\1<packaging>jar</packaging>\2#' pom.xml
 +
 +
# build the deleg server and install it to the local maven repository
 +
# without this the 'cli' maven profile cannot find its dependency
 +
mvn clean package install
 +
 +
# build the cli
 +
mvn clean package -P cli
 +
 +
After it has finished you should en up with the resulting cli .jar file inside the target directory:
 +
 +
aarc-delegation-server/delegation-server/target/oa2-cli.jar
 +
 +
Don't forget to change the pom.xml file back to it's original state, producing .war files!
 +
 +
'''Note!''' If you're using [[CILogon_Pre-Pilot_Work_-_Ansible#delegserver | Ansible]] to deploy the Delegation Server, copy this cli jar file over to the appropriate location in the Ansible scripts!

Revision as of 11:19, 18 July 2016

Introduction

Building the Master Portal

The Master Portal source code is currently hosted on github. The main (maven) project is called 'aarc-master-portal', which is just a parent project containing the following (maven) modules:

  • master-portal-client : contains the MP Client component which makes requests to the Delegation Server.
  • master-portal-server : contains the MP Server component which takes requests from registered Portals.
  • master-portal-common : contains a set of common constants and utility classes shared between the MP Client and MP server. Both master-portal-client and master-portal-server include this module as a dependency

Make sure to have the required dependencies ready before compiling the Master Portal.

Dependencies

The master-portal-client module is based on a modified version of the OA4MP Client, while the the master-portal-server module is based on a modified version of the OA4MP Server. The upstream OA4MP implementation is under a project called myproxy with a parent project called ncsa-security-all. These two project also stand at basis of the CILogon project. We forked both the myproxy and the ncsa-security-all projects to complete them with the following features:

  • the /getproxy endpoint
  • an updated set of executable commands from the MyProxy Protocol (GET with VONAME and VOMSES, INFO, PUT, STORE)

The /getproxy endpoint is a new endpoint we are using on the Master Portal Server to serve proxies, while the updated MyProxy commands set is used by the Master Portal to save (INFO, PUT, STORE) user proxies in a MyProxy Credential Store, and retrieve (GET) proxies with voms extensions.

We also considered implementing these modifications into the Master Portal project directly, but we abandoned this approach because it would have meant extensive code duplication from the upstream OA4MP project. The implemented features are generic enough so that it might benefit the upstream OA4MP project as well, and might, some day end up being merged into it.

ncsa-security-all-fork

The ncsa-security-all forked project can be found on github. In order to keep in sync with the upstream code we have two branches. The 'master' branch holds a clean copy of the upstream ncsa-security-all project, while the 'devel' branch holds the actual forked code. Whenever there's an update on the master branch we can merge it into the 'devel' branch to keep our fork up to date.

In order to build the Master Portal you will need to clone the devel branch from ncsa-security-all-fork, compile it, and install it in your local maven repository. You do this by executing the following:

git clone -b devel https://github.com/ttomttom/ncsa-security-all-fork.git
cd ncsa-security-all-fork/ncsa-security-all
mvn package install 

Note! Make sure to do this only BEFORE you compile myproxy-fork!

myproxy-fork

The myproxy forked project can be found on github. Just as with myproxy-fork, in order to keep in sync with the upstream code we have two branches. The 'master' branch holds a clean copy of the upstream myproxy project, while the 'devel' branch holds the actual forked code. Whenever there's an update on the master branch we can merge it into the 'devel' branch to keep our fork up to date.

In order to build the Master Portal you will need to clone the devel branch from myproxy-fork, compile it, and install it in your local maven repository. You do this by executing the following:

git clone -b devel https://github.com/ttomttom/myproxy-fork.git
cd myproxy-fork/myproxy
mvn package install 

Note! Make sure to do this only AFTER you complied and installed ncsa-security-all-fork otherwise it will fail to find the right dependencies!

Master Portal

After you build the required dependencies you can go ahead and build the Master Portal itself. Check out the Master Portal source code from github, and build it as such:

git clone https://github.com/ttomttom/aarc-master-portal.git
cd aarc-master-portal/master-portal
mvn package

After maven has finished you should end up with two separate .war files in your target directory, one for the MP Server and one for the MP Client:

master-portal-server/target/mp-oa2-server.war
master-portal-client/target/mp-oa2-client.war 

Note! If you're using Ansible to deploy the Master Portal, copy these war files over to the appropriate location in the Ansible scripts!

Master Portal - CLI

Next to the Master Portal you will also want to build the Master Portal CLI for managing and approving client (Portal) registrations. Without this you won't be able to use any Portals with your Master Portal (unless you approve them manually). The CLI is an original OA4MP tool, but it has to be recompiled together with the Master Portal, because the original CLI does not include all the relevant additional classes implemented and used by the Master Portal. Only the CLI compiled from the Master Portal will work together with a Master Portal!

The Master Portal CLI is built by applying the cli profile while building the master-portal-server module. Before you execute the maven command you will have to change the master-portal-server pom.xml to produce a .jar file instead of a .war file, since the cli target is also going to be a jar file which has to include the master-portal-server code.

# replace 'war' with 'jar' in the server pom.xml file
cd aarc-master-portal/master-portal
sed -i 's#^\(\s*\)<packaging>war</packaging>\(\s*\)$#\1<packaging>jar</packaging>\2#' master-portal-server/pom.xml

# build the master portal and install it to the local maven repository
# without this the 'cli' maven profile cannot find its dependency
mvn clean package install

# build the cli
cd master-portal-server
mvn clean package -P cli

After it has finished you should en up with the resulting cli .jar file inside the target directory:

master-portal-server/target/oa2-cli.jar 

Don't forget to change the pom.xml file back to it's original state, producing .war files!

Note! If you're using Ansible to deploy the Master Portal, copy this cli jar file over to the appropriate location in the Ansible scripts!

Building the Delegation Server

The Delegation Server is currently hosted on github. It's made up of a single module which is built on top of the OA4MP Server, just like the master-portal-server module. But unlike the master-portal-server module, the Delegation Server is built on top of the plain OA4MP Server and not the forked one. The reason being that the Delegation Server doesn't need any of the added features for it to function. This saves us some effort since we don't need to compile the forked OA4MP Server, we can simply rely on the plain OA4MP Server to be pulled in by maven.

Delegation Server

Check out the Delegation Server source code from github and compile it by executing:

git clone https://github.com/ttomttom/aarc-delegation-server.git
cd aarc-delegation-server/delegation-server
mvn package

After the building has finished you should end up with a single .war file in

aarc-delegation-server/delegation-server/target/oauth2.war

Note! If you're using Ansible to deploy the Delegation Server, copy this .war file over to the appropriate location in the Ansible scripts!

Delegation Server - CLI

Next to the Delegation Server you will also want to build the Delegation Server CLI for managing and approving client (Master Portal) registrations. Without this you won't be able to use any Master Portals with your Delegation Server (unless you approve them manually). The CLI is an original OA4MP tool, but it has to be recompiled together with the Delegation Server because the original CLI does not include all the relevant additional classes implemented and used by the Delegation Server. Moreover, the Delegation Server CLI has been extended to support an addition 'description' field for it's registered clients. Only the CLI compiled from the Delegation Server will work together with a Delegation Server!

Just as with the Master Portal CLI, you have to apply the cli profile and build the Delegation Server as a .jar file:

# replace 'war' with 'jar' in the server pom.xml file
cd aarc-delegation-server/delegation-server
sed -i 's#^\(\s*\)<packaging>war</packaging>\(\s*\)$#\1<packaging>jar</packaging>\2#' pom.xml

# build the deleg server and install it to the local maven repository
# without this the 'cli' maven profile cannot find its dependency
mvn clean package install

# build the cli
mvn clean package -P cli

After it has finished you should en up with the resulting cli .jar file inside the target directory:

aarc-delegation-server/delegation-server/target/oa2-cli.jar 

Don't forget to change the pom.xml file back to it's original state, producing .war files!

Note! If you're using Ansible to deploy the Delegation Server, copy this cli jar file over to the appropriate location in the Ansible scripts!