UNICORE Server Setup
The installs of SimStack and UNICORE are shown in these two webinars. We recommend following them and setting them up during the webinars.
- Java 8 with unlimited encryption strength
- Python 2.7.11 or 3.3 and up with PyOpenSSL 0.14 and up (only during installation).
- Anaconda 3 meets these demands and can be installed locally prior to the installation of UNICORE: Anaconda
- A cluster using a support BATCH system, such as
- Torque, PBSPro
UNICORE requires a system user to execute the repective service. Please add an appropriate user (the common best-practice choice is unicore)
SimStack Server requires three different folders.
UNICOREHOME The UNICORE server directory. We choose /home/unicore/unicore for this, as the unicore user will run the UNICORE service.
- UNICOREHOME --> /home/unicore/unicore
UNICOREFILES A shared network directory, which has to be readable and writable on all cluster nodes. This will be the directory userfiles will be generated in during the job execution.
- UNICOREFILES --> /net/userfiles
- Note that this directory can also be changed to a username specific directory, such as /work/$USERNAME/jobs . In that case, please set it to a specific absolute directory at this point and read the remark XXX after finishing the installation.
NANOMATCH All Nanomatch executables are stored in this directory. One of your scientists should have write access here to be able to update the Nanomatch software without interfering with the UNICORE backend. Access is required from all cluster nodes.
- NANOMATCH --> /home/nanomatch/nanomatch
The UNICOREFILES directory will be generated during the install. Please assign write permissions to the unicore user during install:
chmod u+rwx /net/userfiles chown unicore.unicore /net/userfiles
Installing the base daemons
Go into the parent directory of UNICOREHOME and untar the installer package:
cd /home/unicore/ tar xf UNICOREInstaller.tar.gz cd UNICOREInstaller
Inside you will find four directories:
Enter the directory unicore-servers-VERSION and edit configure.properties until the last line shown here
# --- File: unicore-server-VERSION/configure.properties --- #UNICOREHOME INSTALL_PATH=/home/unicore/unicore #YOUR TSI (torque for torque and pbs pro) tsiSelected=torque #Your java8 command JAVA_CMD=java # -> Everything below this line does not need to be configured in case of a single host. <- #
Call configure.py and install.py:
Edit unicore-workflow-VERSION/configure.properties and call configure.py and install.py afterwards:
# --- File: unicore-workflow-VERSION/configure.properties --- #UNICOREHOME INSTALL_PATH=/home/unicore/unicore #Your java8 command JAVA_CMD=java # -> Everything below this line does not need to be configured in case of a single host. <- # #Then call: ./configure.py ./install.py
Finally copy over the unity directory into UNICOREHOME/unity:
cp -r unity-server-distribution-VERSION /home/unicore/unicore/unity
Configuring the base daemons
Go to the parent directory of UNICOREHOME and make sure that the folder hierarchy of unicore is the following:
cd /home/unicore ls ./unicore > gateway servorch start-workflow.sh stop-workflow.sh unicorex workflow > docs registry start.sh stop.sh tsi_selected unity xuudb
We are now going to generate certificates for all server daemons and secure the UNICORE installation: If you call UNICOREDaemonCerts/CreateDaemonCerts.py without arguments an argument list will be printed:
We have to set the correct domain and admin certificate information:
./UNICOREInstaller/UNICOREDaemonCerts/CreateDaemonCerts.py FQDN=int-nanomatchcluster.int.kit.edu \ email@example.com cert.OrganizationalUnit=IT cert.Organization=NM cert.Country=DE \ cert.Locality=Karlsruhe cert.State=BW cert.State=BW GCID=NANO-SITE \ WF-GCID=NANOFLOW directory.userfiles=/net/userfiles
The GCID and WF-GCID are the names of your unicore/x and workflow server. You can choose them freely. The most important options are the FQDN, which has to be the domain name used to access the cluster and the directory.userfiles variable. This has to be a globally writable directory, where UNICORE will store the job files during execution. Three directories will be created in the specified folder. If you require a non-standard port (for example 12346) for the UNICORE server specify it using: Port.GATEWAY=12346 .
Generating a new simpleidb
- If you already possess a simpleidb file from a previous installation, copy the contents of the folder oldunicore/unicorex/conf/sidbdir into the folder unicore/unicorex/conf/sidbdir and skip to the next section.
- Otherwise, open simpleidb and configure it according to your cluster's specifications.
- Include the following section below the initial idb:IDB tag:
<idb:IDB xmlns:idb="http://www.fz-juelich.de/unicore/xnjs/idb"> <idb:SubmitScriptTemplate> #!/bin/bash #COMMAND #RESOURCES export NANOMATCH="/home/nanomatch/nanomatch" #SCRIPT echo "" >> stdout echo "" >> stderr </idb:SubmitScriptTemplate> (...)
Replace the folder /home/nanomatch/nanomatch above with the folder you will install the nanomatch scientific modules to.
With the new UNICORE release, UNICORE integrates into the PAM authentication system. Copy over the usually used file for user authentication in /etc/pam.d to /etc/pam.d/unity
#as root cd /etc/pam.d cp login unity
If, and only if, your server authenticates users using the local passwd file, unity requires access to /etc/shadow
setfacl -m u:unicore:r /etc/shadow
This is not required if you authenticate via ldap or kerberos.
Starting the server
To start the server, switch to root and enter the unicore/tsi_selected directory. Here invoke ./bin/start.sh
#As user root cd unicore/tsi_selected ./bin/start.sh cd -
If this is the first time starting the TSI, briefly check the logs for error messages. Return to the unicore user and
#As user unicore cd unicore ./start.sh
check all unicore Error logs: grep -v INFO unicore//logs/
No Errors (ERR) should be printed. A single WARN message of the Unity server will be printed, which notes that the admin credential is insecure. This is not correct as the password is randomly generated on install and can be ignored.
Important files generated during the server setup.
The following files are generated during the server setup:
- supportfiles/urlinfo.txt: This file contains information about the URLs the user's will require to connect to the server.
- unicore/certs/trusted/cacert.pem: This file is required for secure connection to the UNICORE server. A connection can be established without it, but it will not be secure.
Please distribute these two files to the users of the server.
The results of the search are