Islandora Microservices
apt-get install php-pear
cd /opt/ git clone https://github.com/harvard-lts/fits
apt-get install libcurl4-openssl-dev pkg-config install libssl-dev libsslcommon2-dev apt-get install build-essential pecl install stomp (SSL support disabled) nano -w /etc/php5/apache2/php.ini extension=stomp.so nano -w /etc/php5/cli/php.ini extension=stomp.so
apt-get install git git clone -b taverna-1.x https://github.com/roblib/php_listeners mv php_listeners /opt/ nano -w /opt/php_listeners/config.xml <?xml version="1.0" encoding="UTF-8"?> <!-- Document : config.xml Created on : June 11, 2012, 7:38 PM Author : rwincewicz Description: Configuration file for php-based listeners. --> <config> <listeners> <!-- Choose the number of child processes you want to spawn. i A rough estimate is you'll get a load average which is 1.5 times the number of child processes (eg. load average of 12 for 8 child processes --> microservice_users.xml <child_processes>2</child_processes> </listeners> <fedora> <!-- These are the details for your Fedora server. You should make sure that the firewall rules allow the listeners to contact the Fedora server and set up any XACML policies to allow write access from the listener IP address --> <protocol>https</protocol> <host>repoURL</host> <port>443</port> <username>fedoraAdmin</username> <password>fedoraadminpassword</password> </fedora> <taverna> <protocol>https</protocol> <context>tavernaserver</context> <host>123.123.123.124</host> <port>8443</port> <username>tavAdmin</username> <password>tavAdminPassword</password> <!--if you use a self signed cert you probably want to leave verify ssl to false--> <verify_ssl>false</verify_ssl> <!-- if you want to limit access to the soap_server this should be true--> <needAuth>true</needAuth> </taverna> <stomp> <!-- These are the details for the JMS broker. Usually the host will be the same as the Fedora server. If the Stomp port on the JMS broker has been set up as in the installation instructions then you'll connect on port 61613 and use the /queue/listener.update channel --> <host>123.123.123.123</host> <port>61613</port> <channel>/queue/listener.update</channel> </stomp> <fits_path>/opt/fits/fits.sh</fits_path> <log> <!-- Specify the file name of the log file. the webserver AND the user used to invoke the listeners both need to have write access to this file --> <file>/var/log/listener.log</file> </log> </config>
nano -w /opt/php_listeners/connect.php private function processT2flowOnTaverna($stream, $pid, $dsID, $count = 0) { if(empty($dsID)){ $dsID = 'empty_stream_id';//in order to share workflows with ingest and other methods //(like addDatastream) we must always send both a PID and DSID otherwise taverna will complain that //the number of inputs don't match what was defined in the workflow. } try { $prot = empty($this->config_xml->taverna->protocol) ? 'http' : $this->config_xml->taverna->protocol; $context = empty($this->config_xml->taverna->context) ? 'http' : $this->config_xml->taverna->context; $taverna_sender = new TavernaSender($prot, $this->config_xml->taverna->host, $this->config_xml->taverna->port, $context, $this->config_xml->taverna->username, $this->config_xml->taverna->password); //Post t2flow $result = $taverna_sender->send_Message($stream); $uuid = $taverna_sender->parse_UUID($result); if (empty($uuid)) { //This message should never be seen, as it should break in send message first $this->log->lwrite('No UUID was found', "TAVERNA_ERROR"); } else { //uuid has a value $this->log->lwrite('uuid = ' . $uuid, "SERVER_INFO"); $taverna_sender->add_input($uuid, "pid", $pid); $taverna_sender->add_input($uuid, "dsid", $dsID); $result = $taverna_sender->run_t2flow($uuid); $this->log->lwrite('pid = ' . $pid, "SERVER_INFO"); $this->log->lwrite('dsid = ' . $dsID, "SERVER_INFO"); $status = $this->pollStatus($uuid, $taverna_sender); if ($status) { $this->log->lwrite("deleting workflow $uuid $pid $dsID", "SERVER_INFO"); $taverna_sender->delete_t2flow($uuid); } return TRUE; } } catch (Exception $e) { $this->log->lwrite($e->getMessage() . ' ' . $e->getCode(), 'TAVERNA_ERROR', $pid, $dsID, NULL, 'ERROR'); -// $response = $e->getResponse(); -// $responseString = $response['content']; + $responseString = $e->getMessage(); -// $taverna_sender->delete_t2flow($uuid); //try to delete the failed attempt on the taverna server + $response = $taverna_sender->delete_t2flow($uuid); //try to delete the failed attempt on the taverna server //we rest and retry here as the most common taverna error will probable be a 403 forbidden //due to the server being overloaded. sleep(10); if ($count <= 10) { $this->log->lwrite("Taverna error $responseString, workflow t2flow for $pid $dsID failed, sending agian.", 'SERVER_INFO', $pid, $dsID, NULL, 'INFO'); $this->processT2flowOnTaverna($stream, $pid, $dsID, ++$count); } else { $this->log->lwrite($e->getMessage() . ' ' . $e->getCode() . " $pid $dsID reached the maximum number of tries giving up", "SERVER_INFO", $pid, $dsID, NULL, 'ERROR'); $taverna_sender->delete_t2flow($uuid); } return FALSE; //we return false here so a negative ack will be sent. this probably means (depending on the stomp server configs) that //we will get this message again. This prevents us from losing messages but could cause a loop if Taverna is down, //inaccesible or just not responding } } nano -w /opt/php_listeners/tavernaSender.php function run_t2flow($uuid) { $auth = $this->check_credentials($uuid); if (empty($uuid) || !$auth) { throw new TavernaException("Error running t2flow, missing uuid or auth failure"); } $url = $this->hostname . $uuid . '/status/'; $response = $this->curl_connect->tavernaPutRequest($url, 'string', 'Operating', 'text/plain'); -// if ($response['status'] != 200) { + if (($response['status'] != 200) && ($response['status'] != 202)) { throw new TavernaException($response['headers'] . $response['content'], $response['status'], 'run t2flow'); } return $response['headers'] . $response['content']; }
nano -w /opt/php_listeners/tuque/HttpConnection.php /** * FALSE to stop cURL from verifying the peer's certificate. (Default: TRUE) * @var type boolean */ public $verifyPeer = FALSE;
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/soap.key -out /etc/ssl/certs/soap.crt chmod 400 /etc/ssl/private/soap.key cd /etc/apache2/ cp sites-available/default-ssl sites-available/default-ssl.ORI nano -w sites-available/default-ssl ... SSLEngine on SSLCertificateFile /etc/ssl/certs/soap.crt SSLCertificateKeyFile /etc/ssl/private/soap.key ... a2enmod ssl a2ensite default-ssl a2dissite 000-default nano -w /etc/apache2/ports.conf ##NameVirtualHost *:80 ##Listen 80 service apache2 restart
apt-get install php5-curl service apache2 restart cp -R /opt/php_listeners/soap_server /var/www/ nano -w /var/www/soap_server/config.xml <?xml version="1.0" encoding="UTF-8"?> <config> <path>/opt/php_listeners</path> <services> <service>RoblibServices</service> </services> </config> Add to microservice file user, password and public cert to use with soap service. nano -w /opt/php_listeners/microservice_users.xml <?xml version="1.0" encoding="UTF-8"?> <users> <user username = "soapUser" password="soapPass" serviceUri="http://fc2.to.cnr.it/soap_server/" trustCA=" MIID7zCCAtegAwIBAgIJAP5qgONnCMB+MA0GCSqGSIb3DQEBBQUAMIGNMQswCQYD VQQGEwJJVDERMA8GA1UECAwIUGllbW9udGUxDjAMBgNVBAcMBVR1cmluMQ4wDAYD VQQKDAVDZXJpczEMMAoGA1UECwwDVUlUMRYwFAYDVQQDDA1mYzIudG8uY25yLml0 MSUwIwYJKoZIhvcNAQkBFhZnLmJpcmVsbG9AY2VyaXMuY25yLml0MB4XDTE0MDYw MzEzMjMxNloXDTI0MDUzMTEzMjMxNlowgY0xCzAJBgNVBAYTAklUMREwDwYDVQQI DAhQaWVtb250ZTEOMAwGA1UEBwwFVHVyaW4xDjAMBgNVBAoMBUNlcmlzMQwwCgYD VQQLDANVSVQxFjAUBgNVBAMMDWZjMi50by5jbnIuaXQxJTAjBgkqhkiG9w0BCQEW FmcuYmlyZWxsb0BjZXJpcy5jbnIuaXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQDJikyKhZhs7optKdYv03ByVg7KFdxdPBzeJ/5uUa3IEr3ay6lVxf8x pcUqXpiRxUa9OWZpmGQ+OqSg9fjv0PNsZR763zb30heU+W8/+9WE/YUigpV6cG6i g1/pZeu+aeZqj4T9ept0NMLPnENKqsaAW6ZRmKfnSq4w20YA9dO1BYjYPB1vM1Xe kewZMPE35F1opweAd07u4Oodrj0gQly/kg+YVafLmCmCDXSMgfnsnlLpYevFLIFt pCJ6ipLiqoVupAPRqUWBSEMhapo6FJHLRsDWrKhLzO6C7SzCWMCYarIPqWNKD02Q wHRt/XBYRr78tuD3PSQq6AjrocjJAQkjAgMBAAGjUDBOMB0GA1UdDgQWBBR/UtHS /LpbyCjmc/7ARgCT4AC+MzAfBgNVHSMEGDAWgBR/UtHS/LpbyCjmc/7ARgCT4AC+ MzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCcZBKap1gGUKCu6Qya kD/hBP9A1QAcPVLE/zJJuxAAVxrRnmiL7CGldKsRISWVVeJilW2hJX0X3+rbvMQQ Z0D67RYQwZn/DoGxEs+xf4dki78obvb2rjng3cuEOJXrl53b9UKBX85vosD34sAg vnicDDc3/iIzry1UlgUP70V69KedVyNKsHLPdnhRmVhOj7bA48DzNwLY/lxTiKti yusPoCCL2iRV26RnanerdS7IrgtC8IQfgQTh8GEfRe4ppvH6QP09Pve4W5JUPkdA q0gaoOrzs93Rpd9PcofXxWe+VqkFDogefxNXkxtsB+EdfgjdhlJZ/ZBaNvO/0CM+ NU61"> </user> </users>
nano -w tavernaSender.php function send_credentials($uuid) { if (empty($uuid)) { throw new TavernaException("no uuid specified when sending credentials ", 'send credentials'); } $microservice_users_file = 'microservice_users.xml'; $microservice_users_xml = simplexml_load_file($microservice_users_file); if ($microservice_users_xml == FALSE) { throw new TavernaException("error reading microservice_users.xml using $location/microserice_users.xml", 404, 'send credentials'); } $users = $microservice_users_xml->xpath("//user"); if ($users == FALSE) { throw new TavernaException("Authentication is required, but no users defined in microservice_users_file.xml ", 'send credentials'); } $host = $this->hostname . $uuid . '/security/credentials'; $hostTrust = $this->hostname . $uuid . '/security/trusts'; foreach ($users as $user) { $data = '<credential xmlns="http://ns.taverna.org.uk/2010/xml/server/rest/"> <userpass xmlns="http://ns.taverna.org.uk/2010/xml/server/"> <serviceURI xmlns="http://ns.taverna.org.uk/2010/xml/server/">' . $user['serviceUri'] . '</serviceURI> <username xmlns="http://ns.taverna.org.uk/2010/xml/server/">' . $user['username'] . '</username> <password xmlns="http://ns.taverna.org.uk/2010/xml/server/">' . $user['password'] . '</password> </userpass> </credential>'; $response = $this->curl_connect->postRequest($host, 'String', $data, 'application/xml'); if ($response['status'] != 201) { throw new TavernaException('Error sending credentials ' . $response['headers'] . $response['content'], $response['status'], 'send credentials'); } if ($user['trustCA'] != ""){ $data = '<trustedIdentity xmlns="http://ns.taverna.org.uk/2010/xml/server/"> <certificateBytes xmlns="http://ns.taverna.org.uk/2010/xml/server/">' . $user['trustCA'] . '</certificateBytes> </trustedIdentity>'; $response = $this->curl_connect->postRequest($hostTrust, 'String', $data, 'application/xml'); if ($response['status'] != 201) { throw new TavernaException('Error sending trusted Identity ' . $response['headers'] . $response['content'], $response['status'], 'send trustedIdentity'); } } } return TRUE; }
nano -w $FEDORA_HOME/server/config/fedora.fcfg <param name="java.naming.provider.url" value="vm:(broker:(tcp://localhost:61616,stomp://IPADDRESS:61613))"/> <param name="datastore3" value="apimListenerMessages"> <comment>A datastore representing a JMS Destination for APIM events used by the JMS listeners</comment> </param> <datastore id="apimListenerMessages"> <comment>Messaging Destination for API-M events which update the repository</comment> <param name="messageTypes" value="apimUpdate"> <comment>A space-separated list of message types that will be delivered to this Destination. Currently, "apimUpdate" and "apimAccess" are the only supported message types.</comment> </param> <param name="name" value="listener.update"/> <param name="type" value="queue"> <comment>Optional, defaults to topic.</comment> </param> </datastore>
Edit XACML and add taverna server IP ADDRESS
cd /opt/php_listeners php listener.php ps -ef | grep php |