UNICORE Server Setup


The installs of SimStack and UNICORE are shown in these two webinars. We recommend following them and setting them up during the webinars.



  • Java 8 with unlimited encryption strength
  • Python 2.7.11 or 3.3 and up with PyOpenSSL 0.14 and up (only during installation).
    • Anaconda 3 meets these demands and can be installed locally prior to the installation of UNICORE: Anaconda
  • A cluster using a support BATCH system, such as
    • Torque, PBSPro
    • SLURM
    • LSF


UNICORE requires a system user to execute the repective service. Please add an appropriate user (the common best-practice choice is unicore)

adduser unicore

Folder hierarchy

SimStack Server requires three different folders.

  1. UNICOREHOME The UNICORE server directory. We choose /home/unicore/unicore for this, as the unicore user will run the UNICORE service.
    • UNICOREHOME --> /home/unicore/unicore
  2. UNICOREFILES A shared network directory, which has to be readable and writable on all cluster nodes. This will be the directory userfiles will be generated in during the job execution.
    • UNICOREFILES --> /net/userfiles
    • Note that this directory can also be changed to a username specific directory, such as /work/$USERNAME/jobs . In that case, please set it to a specific absolute directory at this point and read the remark XXX after finishing the installation.
  3. NANOMATCH All Nanomatch executables are stored in this directory. One of your scientists should have write access here to be able to update the Nanomatch software without interfering with the UNICORE backend. Access is required from all cluster nodes.
    • NANOMATCH --> /home/nanomatch/nanomatch

The UNICOREFILES directory will be generated during the install. Please assign write permissions to the unicore user during install:

chmod u+rwx /net/userfiles
chown unicore.unicore /net/userfiles

Installing the base daemons

Go into the parent directory of UNICOREHOME and untar the installer package:

cd /home/unicore/
tar xf UNICOREInstaller.tar.gz
cd UNICOREInstaller

Inside you will find four directories:

  • unicore-servers-VERSION
  • unicore-workflow-VERSION
  • unity-server-distribution-VERSION
  • UNICOREDaemonCerts

Enter the directory unicore-servers-VERSION and edit configure.properties until the last line shown here

# --- File: unicore-server-VERSION/configure.properties ---
#YOUR TSI (torque for torque and pbs pro)
#Your java8 command
# ->  Everything below this line does not need to be configured in case of a single host. <- #

Call configure.py and install.py:


Edit unicore-workflow-VERSION/configure.properties and call configure.py and install.py afterwards:

# --- File: unicore-workflow-VERSION/configure.properties ---
#Your java8 command
# ->  Everything below this line does not need to be configured in case of a single host. <- #

#Then call:

Finally copy over the unity directory into UNICOREHOME/unity:

cp -r unity-server-distribution-VERSION /home/unicore/unicore/unity

Configuring the base daemons

Go to the parent directory of UNICOREHOME and make sure that the folder hierarchy of unicore is the following:

cd /home/unicore
ls ./unicore
> gateway servorch start-workflow.sh stop-workflow.sh unicorex workflow
> docs registry start.sh stop.sh tsi_selected unity xuudb

We are now going to generate certificates for all server daemons and secure the UNICORE installation: If you call UNICOREDaemonCerts/CreateDaemonCerts.py without arguments an argument list will be printed:


We have to set the correct domain and admin certificate information:

./UNICOREInstaller/UNICOREDaemonCerts/CreateDaemonCerts.py FQDN=int-nanomatchcluster.int.kit.edu \
  cert.email=admin@company.com cert.OrganizationalUnit=IT  cert.Organization=NM cert.Country=DE \
  cert.Locality=Karlsruhe cert.State=BW cert.State=BW GCID=NANO-SITE \ 
  WF-GCID=NANOFLOW directory.userfiles=/net/userfiles

The GCID and WF-GCID are the names of your unicore/x and workflow server. You can choose them freely. The most important options are the FQDN, which has to be the domain name used to access the cluster and the directory.userfiles variable. This has to be a globally writable directory, where UNICORE will store the job files during execution. Three directories will be created in the specified folder. If you require a non-standard port (for example 12346) for the UNICORE server specify it using: Port.GATEWAY=12346 .

Generating a new simpleidb

  • If you already possess a simpleidb file from a previous installation, copy the contents of the folder oldunicore/unicorex/conf/sidbdir into the folder unicore/unicorex/conf/sidbdir and skip to the next section.
  • Otherwise, open simpleidb and configure it according to your cluster's specifications.
  • Include the following section below the initial idb:IDB tag:
    <idb:IDB xmlns:idb="http://www.fz-juelich.de/unicore/xnjs/idb">
    export NANOMATCH="/home/nanomatch/nanomatch"
    echo "" >> stdout
    echo "" >> stderr

Replace the folder /home/nanomatch/nanomatch above with the folder you will install the nanomatch scientific modules to.

User authentication

With the new UNICORE release, UNICORE integrates into the PAM authentication system. Copy over the usually used file for user authentication in /etc/pam.d to /etc/pam.d/unity

#as root
cd /etc/pam.d
cp login unity

If, and only if, your server authenticates users using the local passwd file, unity requires access to /etc/shadow

setfacl -m u:unicore:r /etc/shadow

This is not required if you authenticate via ldap or kerberos.

Starting the server

To start the server, switch to root and enter the unicore/tsi_selected directory. Here invoke ./bin/start.sh

#As user root
cd unicore/tsi_selected
cd -

If this is the first time starting the TSI, briefly check the logs for error messages. Return to the unicore user and

#As user unicore
cd unicore

check all unicore Error logs: grep -v INFO unicore//logs/

No Errors (ERR) should be printed. A single WARN message of the Unity server will be printed, which notes that the admin credential is insecure. This is not correct as the password is randomly generated on install and can be ignored.

Important files generated during the server setup.

The following files are generated during the server setup:

  • supportfiles/urlinfo.txt: This file contains information about the URLs the user's will require to connect to the server.
  • unicore/certs/trusted/cacert.pem: This file is required for secure connection to the UNICORE server. A connection can be established without it, but it will not be secure.

Please distribute these two files to the users of the server.

The results of the search are