From EGEE-see WIki

This Wiki page is a part of SEE-GRID Gridification Guide. It is contributed by Belgrade University Computer Centre.

Introduction

Here you can find instructions on how to install and run Work Binder Application Service.

Requirements

• Java 1.5 or newer
• LCG-CA package installed
• VOMS certificates
• PKCS12 bundle containing the certificate & key which will be used to submit jobs to the grid (make sure DN is a member of all required VOs)

Download

Releases are available here

Source code and trac repository is available here

Installation

• Create a new user to run the service with (an existing user can be used as well), for example:

useradd -d /usr/local/binder -s /bin/sh binder

• Switch to this user (su - binder)

• Unpack the downloaded binary release to the desired work binder destination folder, for example /usr/local/binder

• Make sure all the executable files have the executable flag set in the bin dir, for example in /usr/local/binder/bin

chmod +x *.sh

• Create a password protected PKCS12 certificate bundle containing certificate and private key needed to run the service. Host certificate can be used (recommended) or user certificate. Make sure that the certificate is a member of all of the VOs that will be used by the binder!

openssl pkcs12 -export -in hostcert.pem -inkey hostkey.pem -name "hostcert" -out hostcert.p12

• Modify the provided initd_binder.sh (change the user, home dir, etc to reflect the choices you made) service script and copy it to /etc/init.d/binder. More information on Redhat service controlling utility can be found here.

• In case you are planning to use ejb3 binder recovery, copy binder.jar to the deploy dir of your JEE Application Server (Note: you also need to configure your AS to support data source <jta-data-source>java:/MySqlBinder</jta-data-source>, detailed configuration is out of the scope of this article)

• After the configuration of the service, it can be run using:

usage: /etc/init.d/binder (start|stop|restart|help)

• Environment variable $BINDER_CERT_PASS must be set for the service to be able to open the provided PKCS12 certificate bundle BEFORE the service is started using the run_binder.sh script. Make necessary security precautions to protect this password!

Troubleshooting

In case the following (or similar) messages appear in the Work Binder log:

ERROR [yu.ac.bg.rcub.binder.ComputingElement] (Thread-1) java.io.IOException: exception decrypting data - java.security.InvalidKeyException: Illegal key size
java.io.IOException: exception decrypting data - java.security.InvalidKeyException: Illegal key size
        at org.bouncycastle.jce.provider.JDKPKCS12KeyStore.cryptData(Unknown Source)
        at org.bouncycastle.jce.provider.JDKPKCS12KeyStore.engineLoad(Unknown Source)

It is required to install Sun Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files to your JRE. Depending on the JRE used, unlimited policy files can be obtained for:

• Java 1.5 - here, scroll down to Other Downloads and choose Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 5.0
• Java 1.6 - here, scroll down to Other Downloads and choose Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6

And follow the installation instructions. Make sure that you choose version matching JRE on your machine. Also make sure you install the policy files to the appropriate folder in case you have more than one JRE installed on your system!

Contact

Milan Potocnik [milan (d) potocnik (a) rcub (d) bg (d) ac (d) rs]