Background
This page documents the installation proceedure at SLAC.
Unix accounts
No log in. No password.
[yee@terapaths home]$ sudo /usr/sbin/luseradd terapaths -u 30000 -g terapaths
Java
From: here
[yee@terapaths installation]$ sudo mkdir /usr/java Password: [yee@terapaths installation]$ sudo mv jdk1.5.0_13/ /usr/java/
SJSAS
From here
[terapaths@terapaths installation]$ sh sjsas_pe-8_2-linux.bin sjsas_pe-8_2-linux.bin: sjsas_pe-8_2-linux.bin: cannot execute binary file [terapaths@terapaths installation]$ chmod ugo+x sjsas_pe-8_2-linux.bin
The Sun Java System Application Server Platform Edition components will be
installed in the following directory, which is referred to as the "Installation
Directory".To use this directory, press only the Enter key. To use a different
directory, type in the full path of the directory to use followed by pressing
the Enter key.
Installation Directory [/home/terapaths/SUNWappserver] {"<" goes back, "!"
exits}:
The directory "/home/terapaths/SUNWappserver" does not exist.
Do you want to create it now or choose another directory?
1. Create Directory
2. Choose New
Enter the number corresponding to your choice [1] {"<" goes back, "!"
exits} 1
The Sun Java System Application Server requires a Java 2 SDK.
Please provide the path to a Java 2 SDK 1.4.1 or greater.
Recommended version is 1.4.2 or greater. [/usr/java/jdk1.5.0_13] {"<" goes
back, "!" exits}
Supply the administrator user's password and override any of the other initial
configuration settings as necessary.
Administrator User [admin] {"<" goes back, "!" exits}:
Administrator User's Password (8 chars minimum):
Re-enter Password:
Do you want to store administrator user name and password in user preference
file [yes] {"<" goes back, "!" exits}? yes
Administration Port [4848] {"<" goes back, "!" exits}: 53470
HTTP Port [8080] {"<" goes back, "!" exits}: 40860
HTTPS Port [8181] {"<" goes back, "!" exits}: 48580
Please choose installation options.
Do you want to upgrade from previous Application Server version [no] {"<"
goes back, "!" exits}?
Installation Successful.
Next Steps:
1. Access the About Application Server PE 8 welcome page at:
file:///home/terapaths/SUNWappserver/docs/about.html
2. Start the Application Server by executing:
/home/terapaths/SUNWappserver/bin/asadmin start-domain domain1
3. Start the Admin Console:
http://localhost:53470
Append to configuration file
/home/terapaths/SUNWappserver/domains/domain1/config/server.policy
// TeraPaths-specific permissions
// Permission to NetworkDeviceController to create ClassLoaders for hardware drivers
grant codeBase "file:${com.sun.aas.instanceRoot}/generated/ejb/j2ee-modules/terapathsNetworkDeviceControllers/-" {
permission java.lang.RuntimePermission "createClassLoader";
};
grant codeBase "file:${com.sun.aas.instanceRoot}/applications/j2ee-modules/terapathsNetworkDeviceControllers/-" {
permission java.lang.RuntimePermission "createClassLoader";
};
// Permissions needed by WAN proxy server(s)
grant codeBase "file:${com.sun.aas.instanceRoot}/generated/ejb/j2ee-modules/terapathsESnetOSCARSProxy/-" {
permission java.security.AllPermission;
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "createClassLoader";
permission java.net.SocketPermission "*", "connect,accept,resolve";
permission java.io.FilePermission "<>", "read,write,delete";
};
grant codeBase "file:${com.sun.aas.instanceRoot}/applications/j2ee-modules/terapathsESnetOSCARSProxy/-" {
permission java.security.AllPermission;
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "createClassLoader";
permission java.net.SocketPermission "*", "connect,accept,resolve";
permission java.io.FilePermission "<>", "read,write,delete";
};
Change jvm settings, place within <java-config/> tag at end.
/home/terapaths/SUNWappserver/domains/domain1/config/domain.xml
<!-- this is to prevent the java.lang.OutOfMemoryError: PermGen space during deployment--> <jvm-options>-XX:MaxPermSize=256m</jvm-options> <!-- --> <!-- additional jvm options to fix file descriptor leak due to sockets not being closed (bug#:6321777) --> <jvm-options>-server</jvm-options> <jvm-options>-Dcom.sun.enterprise.web.connector.grizzly.useKeepAliveAlgorithm=true</jvm-options> <jvm-options>-Dcom.sun.enterprise.web.connector.grizzly.socketSoTimeout=30000</jvm-options> <jvm-options>-Dcom.sun.enterprise.web.connector.grizzly.maxKeepAliveRequests=250</jvm-options> <jvm-options>-Dcom.sun.enterprise.server.ss.ASQuickStartup=false</jvm-options> <!-- end of additional jvm options -->
Security Setup
Need keys etc.
[terapaths@terapaths ~]$ export PATH=$PATH:/usr/java/jdk1.5.0_13/bin/
[terapaths@terapaths ~]$ keytool -list -keystore /home/terapaths/SUNWappserver/domains/domain1/config/keystore.jks Enter keystore password: changeit Keystore type: jks Keystore provider: SUN Your keystore contains 1 entry s1as, Nov 8, 2007, keyEntry, Certificate fingerprint (MD5): F1:C4:86:53:BD:35:41:33:CC:3B:41:32:A7:E2:6C:EE
Add DOE Cert and ESnet
[terapaths@terapaths ~]$ keytool -import -noprompt -trustcacerts -alias DOECertAlias -file /home/terapaths/installation/DOE-01.25.13.pem -keystore /home/terapaths/SUNWappserver/domains/domain1/config/cacerts.jks -storepass changeit Certificate was added to keystore [terapaths@terapaths ~]$ keytool -import -noprompt -trustcacerts -alias ESnetAlias -file /home/terapaths/installation/ESnet-10.26.22.pem -keystore /home/terapaths/SUNWappserver/domains/domain1/config/cacerts.jks -storepass changeit Certificate was added to keystore [terapaths@terapaths config]$ pwd /home/terapaths/SUNWappserver/domains/domain1/config [terapaths@terapaths config]$ keytool -list -keystore /home/terapaths/SUNWappserver/domains/domain1/config/cacerts.jks Enter keystore password: changeit Keystore type: jks Keystore provider: SUN Your keystore contains 13 entries verisignc1g3, Apr 8, 2004, trustedCertEntry, Certificate fingerprint (MD5): B1:47:BC:18:57:D1:18:A0:78:2D:EC:71:E8:2A:95:73 verisignc1g2, Apr 8, 2004, trustedCertEntry, Certificate fingerprint (MD5): DB:23:3D:F9:69:FA:4B:B9:95:80:44:73:5E:7D:41:83 esnetalias, Nov 9, 2007, trustedCertEntry, Certificate fingerprint (MD5): 32:AC:21:5D:DE:43:73:E9:3A:EE:90:BC:17:C4:8F:36 verisignc1g1, Apr 8, 2004, trustedCertEntry, Certificate fingerprint (MD5): 97:60:E8:57:5F:D3:50:47:E5:43:0C:94:36:8A:B0:62 verisignc2g3, Apr 8, 2004, trustedCertEntry, Certificate fingerprint (MD5): F8:BE:C4:63:22:C9:A8:46:74:8B:B8:1D:1E:4A:2B:F6 verisignc2g2, Apr 8, 2004, trustedCertEntry, Certificate fingerprint (MD5): 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1 verisignc2g1, Apr 8, 2004, trustedCertEntry, Certificate fingerprint (MD5): B3:9C:25:B1:C3:2E:32:53:80:15:30:9D:4D:02:77:3E doecertalias, Nov 9, 2007, trustedCertEntry, Certificate fingerprint (MD5): F3:76:00:EC:D0:8E:DB:20:BC:2B:E0:06:60:24:C4:9F verisignc3g3, Apr 8, 2004, trustedCertEntry, Certificate fingerprint (MD5): CD:68:B6:A7:C7:C4:CE:75:E0:1D:4F:57:44:61:92:09 verisignc3g2, Apr 8, 2004, trustedCertEntry, Certificate fingerprint (MD5): A2:33:9B:4C:74:78:73:D4:6C:E7:C1:F3:8D:CB:5C:E9 verisignc3g1, Apr 8, 2004, trustedCertEntry, Certificate fingerprint (MD5): 10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67 s1as, Nov 8, 2007, trustedCertEntry, Certificate fingerprint (MD5): F1:C4:86:53:BD:35:41:33:CC:3B:41:32:A7:E2:6C:EE verisignsecureserver, Apr 8, 2004, trustedCertEntry, Certificate fingerprint (MD5): 74:7B:82:03:43:F0:00:9E:6B:B3:EC:47:BF:85:A5:93
Make sure server works properly:
[terapaths@terapaths bin]$ pwd /home/terapaths/SUNWappserver/bin [terapaths@terapaths bin]$ ./asadmin start-domain --debug=true domain1 Nov 9, 2007 5:36:27 PM com.sun.enterprise.util.ASenvPropertyReader setSystemProperties SEVERE: property_reader.unknownHost java.net.UnknownHostException: terapaths: terapaths at java.net.InetAddress.getLocalHost(InetAddress.java:1346) at com.sun.enterprise.util.net.NetUtils.getCanonicalHostName(NetUtils.java:66) at com.sun.enterprise.util.ASenvPropertyReader.setSystemProperties(ASenvPropertyReader.java:161) at com.sun.enterprise.cli.framework.CLIMain.invokeCommand(CLIMain.java:87) at com.sun.enterprise.cli.framework.CLIMain.main(CLIMain.java:46) Starting Domain domain1, please wait. Log redirected to /home/terapaths/SUNWappserver/domains/domain1/logs/server.log. Domain domain1 failed to startup. Please check the server log for more details. CLI156 Could not start the domain domain1.
Add local dns (no dns server is configured on these machines)
/etc/hosts
127.0.0.1 terapaths 192.124.59.130 terapaths
Fixes the startup problem:
[terapaths@terapaths bin]$ ./asadmin start-domain --debug=true domain1 Starting Domain domain1, please wait. Log redirected to /home/terapaths/SUNWappserver/domains/domain1/logs/server.log. Domain domain1 is ready to receive client requests. Additional services are being started in background.
Listening ports
yee@terapaths ~]$ netstat -nlp (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:9009 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:946 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN - tcp 0 0 :::48580 :::* LISTEN - tcp 0 0 :::3820 :::* LISTEN - tcp 0 0 ::ffff:127.0.0.1:32876 :::* LISTEN - tcp 0 0 :::8686 :::* LISTEN - tcp 0 0 :::3920 :::* LISTEN - tcp 0 0 :::3700 :::* LISTEN - tcp 0 0 :::32884 :::* LISTEN - tcp 0 0 :::32885 :::* LISTEN - tcp 0 0 :::22 :::* LISTEN - tcp 0 0 :::32887 :::* LISTEN - tcp 0 0 :::40860 :::* LISTEN - tcp 0 0 :::7676 :::* LISTEN - tcp 0 0 :::53470 :::* LISTEN - udp 0 0 0.0.0.0:514 0.0.0.0:* - udp 0 0 0.0.0.0:2055 0.0.0.0:* - udp 0 0 0.0.0.0:940 0.0.0.0:* - udp 0 0 0.0.0.0:943 0.0.0.0:* - udp 0 0 0.0.0.0:7001 0.0.0.0:* - udp 0 0 0.0.0.0:111 0.0.0.0:* - udp 0 0 0.0.0.0:631 0.0.0.0:* - udp 0 0 192.124.59.130:123 0.0.0.0:* - udp 0 0 127.0.0.1:123 0.0.0.0:* - udp 0 0 0.0.0.0:123 0.0.0.0:* - udp 0 0 :::123 :::* -
MySQL
[root@terapaths installation]# rpm -Uhv MySQL-* error: Failed dependencies: MySQL conflicts with mysql-4.1.20-2.RHEL4.1.0.1.i386 [root@terapaths installation]# rpm -e mysql-4.1.20 error: Failed dependencies: libmysqlclient.so.14 is needed by (installed) cyrus-sasl-sql-2.1.19-14.i386 libmysqlclient.so.14(libmysqlclient_14) is needed by (installed) cyrus-sasl-sql-2.1.19-14.i386 [root@terapaths installation]# rpm -Uhv MySQL-server-community-5.0.45-0.rhel4.x86_64.rpm error: Failed dependencies: MySQL conflicts with mysql-4.1.20-2.RHEL4.1.0.1.i386 [root@terapaths installation]# rpm -e mysql-4.1.20 error: Failed dependencies: libmysqlclient.so.14 is needed by (installed) cyrus-sasl-sql-2.1.19-14.i386 libmysqlclient.so.14(libmysqlclient_14) is needed by (installed) cyrus-sasl-sql-2.1.19-14.i386 [root@terapaths installation]# rpm -e cyrus-sasl-sql-2.1.19 [root@terapaths installation]# rpm -e mysql-4.1.20
Change users
[root@terapaths installation]# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.0.45-community MySQL Community Edition (GPL)
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> select User,Host from mysql.user
-> ;
+------+-----------+
| User | Host |
+------+-----------+
| root | 127.0.0.1 |
| root | localhost |
| root | terapaths |
+------+-----------+
3 rows in set (0.01 sec)
mysql> create database terapaths;
Query OK, 1 row affected (0.00 sec)
mysql> GRANT ALL PRIVILEGES ON terapaths.* TO 'terapaths'@'localhost' IDENTIFIED BY '********';
Query OK, 0 rows affected (0.00 sec)
mysql> select User,Host from mysql.user
-> ;
+-----------+-----------+
| User | Host |
+-----------+-----------+
| root | 127.0.0.1 |
| root | localhost |
| terapaths | localhost |
| root | terapaths |
+-----------+-----------+
4 rows in set (0.00 sec)
mysql>
Database creation
Create the terapaths MySQL database by running terapaths-create-1.2.0.sql.
[root@terapaths dist]# pwd /home/terapaths/installation/dist [root@terapaths dist]# mysql < terapaths-create-1.2.0.sql [terapaths@terapaths ~]$ mysql -u terapaths -p -D terapaths Enter password: Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 8 Server version: 5.0.45-community MySQL Community Edition (GPL) Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> show tables; +-----------------------+ | Tables_in_terapaths | +-----------------------+ | WANServiceURL | | bandwidthClasses | | diffServClasses | | hosts | | remoteLANServiceURL | | reservations | | routerDrivers | | routerManagers | | routers | | routes | | systemMessages | | terapathsDatabaseInfo | | users | | virtualRouterMembers | | virtualRouters | +-----------------------+ 15 rows in set (0.01 sec)
Edit terapaths-populate-1.2.0.sql to match your network host information and run it to populate the database.
--
-- Populate the TeraPaths database for the TeraPaths UMich-side secure testbed
-- MySQL server on tera01.ultralight.org (192.84.86.25)
-- Database structure version 1.2.0
-- 01/23/07
--
USE terapaths;
--
-- database settings
--
INSERT INTO terapathsDatabaseInfo (
version,
creationTimeStamp,
serverIpAddress,
serverName,
siteName
) VALUES (
"1.2.0",
NOW(),
"192.124.59.130",
"terapaths.slac.stanford.edu",
"SLAC"
);
--
-- drivers for communication between instance and router
INSERT INTO routerDrivers (
name,
driverInfo
) VALUES (
"DUMMY_DRIVER",
"hardware,DUMMY,type,DUMMY,os,DUMMY,comm_protocol,DUMMY"
);
INSERT INTO routerDrivers (
name,
driverInfo
) VALUES (
"CISCO_WS-C6509_IOS_TELNET",
"hardware,CISCO,type,WS-6509,os,IOS,comm_protocol,TELNET"
);
INSERT INTO routerDrivers (
name,
driverInfo
) VALUES (
"CISCO_WS-C6509_IOS_SSH",
"hardware,CISCO,type,WS-6509,os,IOS,comm_protocol,SSH"
);
SELECT @driver := LAST_INSERT_ID();
--
-- terapath instance, and endpoint to communicate to
--
INSERT INTO routerManagers (
ipAddress,
name,
wsdlURL,
interface,
managerDir
) VALUES (
"192.124.59.130",
"terapaths01.slac.stanford.edu",
"http://192.124.59.130:48580/terapathsNetworkDeviceControllers/tpsNDC",
"GigabitEthernet3/33",
"/home/terapaths/routerConfig"
);
SELECT @edgeManager := LAST_INSERT_ID();
SELECT @borderManager := @edgeManager;
--
-- routers
--
INSERT INTO routers (
ipAddress,
name,
routerInfo,
driverParameters,
driverId,
managingNodeId,
position
) VALUES (
"192.124.59.129",
"tera",
"hardware,CISCO,type,WS-6509,os,IOS12.2(18)SXD1",
"system_prompt,tera,terapaths,XXXXXXX,entry_pass,XXXXXXX,enable_pass,XXXXXXX,policy_name_root,QoS_nile",
@driver,
@edgeManager,
"edge"
);
SELECT @edge := LAST_INSERT_ID();
SELECT @border := @edge;
INSERT INTO virtualRouters (
name
) VALUES (
"tera (physical-edge)"
);
SELECT @vedge := LAST_INSERT_ID();
INSERT INTO virtualRouters (
name
) VALUES (
"nile (physical-border)"
);
SELECT @vborder := LAST_INSERT_ID();
INSERT INTO virtualRouterMembers (
virtualRouterId,
routerId
) VALUES
(<at:var at:name="vedge," />edge),
(<at:var at:name="vborder," />border);
INSERT INTO routes (
edge,
border
) VALUES (
@vedge,
@vborder
);
SELECT @route := LAST_INSERT_ID();
--
-- worker nodes
---
INSERT INTO hosts (
ipAddress,
name,
route,
interface
) VALUES
("192.124.59.200", "node00.slac.stanford.edu", @route, "GigabitEthernet3/4"),
("192.124.59.201", "node01.slac.stanford.edu", @route, "GigabitEthernet3/5"),
("192.124.59.202", "node02.slac.stanford.edu", @route, "GigabitEthernet3/6"),
("192.124.59.203", "node03.slac.stanford.edu", @route, "GigabitEthernet3/7"),
("192.124.59.204", "node04.slac.stanford.edu", @route, "GigabitEthernet3/8"),
("192.124.59.205", "node05.slac.stanford.edu", @route, "GigabitEthernet3/9"),
("192.124.59.206", "node06.slac.stanford.edu", @route, "GigabitEthernet3/10"),
("192.124.59.207", "node07.slac.stanford.edu", @route, "GigabitEthernet3/11"),
("192.124.59.208", "node08.slac.stanford.edu", @route, "GigabitEthernet3/12");
INSERT INTO remoteLANServiceURL (
ipAddress,
mask,
maskedIpAddress,
prefix,
wsdlURL,
preference
) VALUES
("198.124.220.0", "255.255.255.0", ipAddr2dec("198.124.220.0")&ipAddr2dec("255.255.255.0"), 24, "http://198.124.220.9:48588/terapathsRemoteTPsListeners/tpsRTPsL"
, 0);
INSERT INTO WANServiceURL (
ipAddress,
mask,
maskedIpAddress,
prefix,
wsdlURL,
preference
) VALUES
("198.124.220.0", "255.255.255.0", ipAddr2dec("198.124.220.0")&ipAddr2dec("255.255.255.0"), 24, "OSCARS,https://oscars.es.net/axis2/services/OSCARS", 0);
INSERT INTO diffServClasses (
name,
dscp,
aggregateBandwidth,
configured,
active
) VALUES
("BE",0,0,0,0),
("CS01",1,0,0,0),
("CS02",2,0,0,0),
("CS03",3,0,0,0),
("CS04",4,0,0,0),
("CS05",5,0,0,0),
("CS06",6,0,0,0),
("CS07",7,0,0,0),
("CS1",8,0,0,0),
("CS11",9,0,0,0),
("AF11",10,0,0,0),
("CS13",11,0,0,0),
("AF12",12,0,0,0),
("CS15",13,0,0,0),
("AF13",14,0,0,0),
("CS17",15,0,0,0),
("CS2",16,0,0,0),
("CS21",17,0,0,0),
("AF21",18,0,0,0),
("CS23",19,0,0,0),
("AF22",20,0,0,0),
("CS25",21,0,0,0),
("AF23",22,0,0,0),
("CS27",23,0,0,0),
("CS3",24,0,0,0),
("CS31",25,0,0,0),
("AF31",26,0,0,0),
("CS33",27,0,0,0),
("AF32",28,0,0,0),
("CS35",29,0,0,0),
("AF33",30,0,0,0),
("CS37",31,0,0,0),
("CS4",32,0,0,0),
("CS41",33,0,0,0),
("AF41",34,0,0,0),
("CS43",35,0,0,0),
("AF42",36,0,0,0),
("CS45",37,0,0,0),
("AF43",38,0,0,0),
("CS47",39,0,0,0),
("CS5",40,0,0,0),
("CS51",41,0,0,0),
("CS52",42,0,0,0),
("CS53",43,0,0,0),
("CS54",44,0,0,0),
("CS55",45,0,0,0),
("EF",46,0,0,0),
("CS57",47,0,0,0),
("CS6",48,0,0,0),
("CS61",49,0,0,0),
("CS62",50,0,0,0),
("CS63",51,0,0,0),
("CS64",52,0,0,0),
("CS65",53,0,0,0),
("CS66",54,0,0,0),
("CS67",55,0,0,0),
("CS7",56,0,0,0),
("CS71",57,0,0,0),
("CS72",58,0,0,0),
("CS73",59,0,0,0),
("CS74",60,0,0,0),
("CS75",61,0,0,0),
("CS76",62,0,0,0),
("CS77",63,0,0,0);
--Simple partitioning of bandwidth for testbed's 1 Gbit connection
UPDATE diffServClasses SET aggregateBandwidth= 15000000, configured=1 WHERE name="CS1";
UPDATE diffServClasses SET aggregateBandwidth= 20000000, configured=1 WHERE name="AF11";
UPDATE diffServClasses SET aggregateBandwidth= 40000000, configured=1 WHERE name="CS2";
UPDATE diffServClasses SET aggregateBandwidth= 50000000, configured=1 WHERE name="AF21";
UPDATE diffServClasses SET aggregateBandwidth= 75000000, configured=1 WHERE name="AF31";
UPDATE diffServClasses SET aggregateBandwidth=100000000, configured=1 WHERE name="AF41";
UPDATE diffServClasses SET aggregateBandwidth=150000000, configured=1 WHERE name="CS47";
UPDATE diffServClasses SET aggregateBandwidth=200000000, configured=1 WHERE name="EF";
UPDATE diffServClasses SET aggregateBandwidth=250000000, configured=1 WHERE name="CS7";
INSERT INTO bandwidthClasses (
name,
diffServClassId,
bandwidth,
type,
configured,
active
) VALUES
("CS1_1",(SELECT id FROM diffServClasses WHERE name="CS1"), 5000000,"shared",1,0),
("CS1_2",(SELECT id FROM diffServClasses WHERE name="CS1"), 5000000,"shared",1,0),
("CS1_3" ,(SELECT id FROM diffServClasses WHERE name="CS1"), 5000000,"shared",1,0),
("AF11_1",(SELECT id FROM diffServClasses WHERE name="AF11"),10000000,"shared",1,0),
("AF11_2",(SELECT id FROM diffServClasses WHERE name="AF11"),10000000,"shared",1,0),
("CS2_1",(SELECT id FROM diffServClasses WHERE name="CS2"), 20000000,"shared",1,0),
("CS2_2",(SELECT id FROM diffServClasses WHERE name="CS2"), 20000000,"shared",1,0),
("AF21",(SELECT id FROM diffServClasses WHERE name="AF21"), 50000000,"static",1,0),
("AF31",(SELECT id FROM diffServClasses WHERE name="AF31"), 75000000,"static",1,0),
("AF41",(SELECT id FROM diffServClasses WHERE name="AF41"), 100000000,"static",1,0),
("CS47",(SELECT id FROM diffServClasses WHERE name="CS47"), 150000000,"static",1,0),
("EF",(SELECT id FROM diffServClasses WHERE name="EF"), 200000000,"static",1,0),
("CS7",(SELECT id FROM diffServClasses WHERE name="CS7"), 250000000,"static",1,0);
--Default user
INSERT INTO users (
userName,
passWord,
type
) VALUES
('terapaths',PASSWORD('*******'),'standard');
[terapaths@terapaths dist]$ mysql -u terapaths -D terapaths -p < terapaths-end2end-SLACside-secure-1.2.0.sql Enter password: @driver := LAST_INSERT_ID() 3 @edgeManager := LAST_INSERT_ID() 1 @borderManager := @edgeManager 1 @edge := LAST_INSERT_ID() 1 @border := @edge 1 @vedge := LAST_INSERT_ID() 1 @vborder := LAST_INSERT_ID() 2 @route := LAST_INSERT_ID() 1
Manually edit database entries for passwords etc:
mysql> UPDATE routers SET driverParameters='system_prompt,<prompt>,user_name,<terapaths>,entry_pass,<loginpass>,enable_pass,<enable_pass>,policy_name_root,QoS_slac';
Edit terapaths.properties to contain the database info and service module URLs for each host at which one or more terapaths modules will be deployed.
[yee@terapaths dist]$ cat terapaths.properties ################################################### # Change this file to match your host information # ################################################### # driver.for.host.terapaths = com.mysql.jdbc.Driver db.for.host.terapaths = jdbc:mysql://localhost/terapaths?user=terapaths&password=******** pws.for.host.terapaths = https://localhost:40860/terapathsPublicWebServices/tpsPWS iws.for.host.terapaths = https://localhost:40860/terapathsInternalWebServices/tpsIWS OSCARS.for.host.terapaths = https://localhost:40860/terapathsESnetOSCARSProxy/ESnetOSCARSProxy ################################################ # Add other hosts here by specifying same five # # values as above for each host # ################################################
Edit proxy.properties to match your WAN provider accounts (currently only ESnet/OSCARS is supported)
N/A
Edit terapathsWebInterfaceDefaults to contain the defaults of your choice for the web interface.
Copy the file to the /home/terapaths directory of the host where terapathsWebInterface will be deployed.
The defaults can be changed at any time, even when the service is running.
This file overrides the build-in defaults.
[yee@terapaths dist]$ cat terapathsWebInterfaceDefaults ################################## # Defaults for the web interface # # This file must be in the # # /home/terapaths directory # # ORDER IS IMPORTANT!!! # ################################## # default web interace value # 1. source IP address 192.124.59.200 # 2. destination IP address # 198.124.220.134 192.124.59.204 # 3. source low port # 10000 # 4. source high port # 10000 # 5. destination low port # 10000 # 6. destination high port # 10000 # 7. protocol tcp # 8. reservation direction bidirectional # 9. time span for schedule day
[terapaths@terapaths dist]$ pwd /home/terapaths/installation/dist [terapaths@terapaths dist]$ cp terapathsWebInterfaceDefaults /home/terapaths/
Edit autodeploy-hosts to describe which modules to deploy at which hosts.
[yee@terapaths dist]$ cat autodeploy-hosts ################################################################# # user@host_to_deploy:path_of_autodeploy_dir war1 war2 ... warN # ################################################################# #terapaths@localhost:/home/terapaths/SUNWappserver/domains/domain2/autodeploy/ terapathsWebInterface.war terapaths@localhost:/home/terapaths/SUNWappserver/domains/domain1/autodeploy/ terapathsWebInterface.war terapathsInternalWebServices.war terapathsPublicWebServices.war terapathsESnetOSCARSProxy.war terapathsRemoteTPsListeners.war terapathsNetworkDeviceControllers.war terapaths@localhost:/home/terapaths/SUNWappserver/domains/domain1/autodeploy/ terapathsNetworkDeviceControllers.war
Run the 'terapaths-deploy' script.
Environments
[terapaths@terapaths dist]$ ./terapaths-deploy If ssh keys are not set up for remote deploy hosts, you will be prompted for your password multiple times. Environment variable JAVA_HOME is not set.
[root@terapaths ~]# cat /etc/profile.d/java.sh export JAVA_HOME=/usr/java/jdk1.5.0_13/ export PATH=$PATH:$JAVA_HOME/bin [terapaths@terapaths yee]$ env | grep JAVA JAVA_HOME=/usr/java/jdk1.5.0_13/
Keys (no password on terapaths local user account)
[terapaths@terapaths dist]$ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/terapaths/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/terapaths/.ssh/id_dsa. Your public key has been saved in /home/terapaths/.ssh/id_dsa.pub. The key fingerprint is: cc:f0:46:d8:55:1d:36:5b:fe:f5:b9:9f:d1:89:3b:50 terapaths@terapaths [terapaths@terapaths dist]$ cp ~/.ssh/id id_dsa id_dsa.pub id_rsa.pub identity.pub [terapaths@terapaths dist]$ cp ~/.ssh/id_dsa.pub ~/.ssh/authorized_keys2 [terapaths@terapaths dist]$ ls -lah ~/.ssh/.public/authorized_keys2 -rw-rw-r-- 1 terapaths terapaths 609 Nov 12 11:42 /home/terapaths/.ssh/.public/authorized_keys2 [terapaths@terapaths dist]$ chmod go-rwx ~/.ssh/authorized_keys2 [terapaths@terapaths dist]$ ls -lah ~/.ssh/.public/authorized_keys2 -rw------- 1 terapaths terapaths 609 Nov 12 11:42 /home/terapaths/.ssh/.public/authorized_keys2
[terapaths@terapaths yee]$ [terapaths@terapaths yee]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/terapaths/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/terapaths/.ssh/id_rsa. Your public key has been saved in /home/terapaths/.ssh/id_rsa.pub. The key fingerprint is: cd:74:d1:37:b0:0c:a5:1a:6f:c7:e4:62:40:ea:12:3b terapaths@terapaths [terapaths@terapaths yee]$ [terapaths@terapaths yee]$ [terapaths@terapaths yee]$ cat /home/terapaths/.ssh/id_rsa.pub > /home/terapaths/.ssh/authorized_keys
Check Service
http://192.124.59.130:53470
Log into the SJSAS server and determine that under the task bar, we have
Applications->Web Applications
and that it shows the terapaths* applications
Application |
Description |
|---|---|
terapathsWebInterface |
Web frontend to terapaths |
terapathsInternalWebServices |
|
terapathsPublicWebServices |
|
terapathsESnetOSCARSProxy |
Interaction with OSCARS |
terapathsRemoteTPsListeners |
Interaction with other terapaths instances |
terapathsNetworkDeviceControllers |
Router interactions |
Web Interface
Located at
http://192.124.59.130:40860/terapathsWebInterface
You can log in using accounts that have been setup in the MySQL table 'users'; if you can't log on, that's because you don't have an account in the database.
mysql> select * from users; +----+-----------+-------------------------------------------+----------+------+ | id | userName | passWord | type | info | +----+-----------+-------------------------------------------+----------+------+ | 1 | terapaths | ***************************************** | standard | NULL | +----+-----------+-------------------------------------------+----------+------+ 1 row in set (0.00 sec)
In the above case, you can see that there is only one terapaths user. The passWord is stored from the function password().
Logging in will show some IP addresses and a table at the bottom of green boxes. This is the reservation table. Click once on a box to select the appropriate time and bandwidth allocation requested. Click again somewhere else to select the end time.
This will then take you to a confirmation page where the details can be finalised.
Schedules
Schedules are created on the web interface and stored in the table reservations:
mysql> select * from reservations; +--------------------+-----------------------+---------------+----------+----------+----------------+--------------------+-----------+---------------+-----------+-----------+----------------+------------+------------+----------------+-------------+-------------+--------+ | id | relatedReservationIds | startTime | duration | protocol | direction | bandwidthClassName | bandwidth | timeout | userName | who | srcIp | srcPortMin | srcPortMax | destIp | destPortMin | destPortMax | status | +--------------------+-----------------------+---------------+----------+----------+----------------+--------------------+-----------+---------------+-----------+-----------+----------------+------------+------------+----------------+-------------+-------------+--------+ | SLAC-1194994094410 | NULL | 1194993900000 | 36000 | tcp | unidirectional | AF41 | 100000000 | 1195029900000 | terapaths | terapaths | 192.124.59.200 | 10000 | 10000 | 192.124.59.204 | 10000 | 10000 | active | +--------------------+-----------------------+---------------+----------+----------+----------------+--------------------+-----------+---------------+-----------+-----------+----------------+------------+------------+----------------+-------------+-------------+--------+ 1 row in set (0.00 sec)
Here we see one active reservation. status=temporary reservations may appear that reflect in transient reservations that are being created.
Router configs
Routers are intrinsically defined in the table under routers:
mysql> select * from routers; +----+----------------+------+------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------+----------+--------------------+----------------+---------------------+----------+ | id | ipAddress | name | routerInfo | driverParameters | driverId | basicConfiguration | managingNodeId | bottleneckBandwidth | position | +----+----------------+------+------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------+----------+--------------------+----------------+---------------------+----------+ | 1 | 192.124.59.129 | tera | hardware,CISCO,type,WS-6509,os,IOS12.2(18)SXD1 | system_prompt,swh-iepm-10g,user_name,********,entry_pass,********,enable_pass,********,policy_name_root,QoS_slac | 3 | NULL | 1 | NULL | edge | +----+----------------+------+------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------+----------+--------------------+----------------+---------------------+----------+ 1 row in set (0.00 sec)
The driverParameters defines the expect script info for logging into the router. the values comes as key-value pairs.
The driverId field determines the driver to use to communication to by Terapaths. It references an index value in the routerDrivers table:
mysql> describe routerDrivers; +---------------+---------------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +---------------+---------------------+------+-----+---------+----------------+ | id | bigint(20) unsigned | NO | PRI | NULL | auto_increment | | name | varchar(50) | YES | UNI | NULL | | | driverInfo | text | YES | | NULL | | | javaClassFile | varchar(255) | YES | | NULL | | | javaClassName | varchar(255) | YES | | NULL | | | javaClass | longblob | YES | | NULL | | +---------------+---------------------+------+-----+---------+----------------+ 6 rows in set (0.01 sec)
note that contains the java byte code in the 3 last fields.
mysql> select id,name,driverInfo from routerDrivers; +----+---------------------------+---------------------------------------------------------+ | id | name | driverInfo | +----+---------------------------+---------------------------------------------------------+ | 1 | DUMMY_DRIVER | hardware,DUMMY,type,DUMMY,os,DUMMY,comm_protocol,DUMMY | | 2 | CISCO_WS-C6509_IOS_TELNET | hardware,CISCO,type,WS-6509,os,IOS,comm_protocol,TELNET | | 3 | CISCO_WS-C6509_IOS_SSH | hardware,CISCO,type,WS-6509,os,IOS,comm_protocol,SSH | +----+---------------------------+---------------------------------------------------------+ 3 rows in set (0.00 sec)
show's the info for 3 drivers. Note that in the above router, we had id ref of 3 - which refers to the SSH driver.
Adding in External Services
mysql> select * from routerManagers; +----+----------------+-------------------------------+-----------------------------------------------------------------------+---------------------+------------------------------+ | id | ipAddress | name | wsdlURL | interface | managerDir | +----+----------------+-------------------------------+-----------------------------------------------------------------------+---------------------+------------------------------+ | 1 | 192.124.59.130 | terapaths01.slac.stanford.edu | https://192.124.59.130:48580/terapathsNetworkDeviceControllers/tpsNDC | GigabitEthernet3/33 | /home/terapaths/routerConfig | +----+----------------+-------------------------------+-----------------------------------------------------------------------+---------------------+------------------------------+ 1 row in set (0.00 sec)
mysql> select * from remoteLANServiceURL; +---------------+---------------+-----------------+--------+-----------------------------------------------------------------+------------+ | ipAddress | mask | maskedIpAddress | prefix | wsdlURL | preference | +---------------+---------------+-----------------+--------+-----------------------------------------------------------------+------------+ | 198.124.220.0 | 255.255.255.0 | 3330071552 | 24 | http://198.124.220.9:48588/terapathsRemoteTPsListeners/tpsRTPsL | 0 | +---------------+---------------+-----------------+--------+-----------------------------------------------------------------+------------+ 1 row in set (0.00 sec)
Router Configuration
Certain rules need to be put in place on the router:
swh-iepm-10g(config)#mls qos swh-iepm-10g(config)#$onform-action set-dscp-transmit 26 exceed-action drop swh-iepm-10g(config)#$onform-action set-dscp-transmit 18 exceed-action drop swh-iepm-10g(config)#$onform-action set-dscp-transmit 10 exceed-action drop swh-iepm-10g(config)#$conform-action set-dscp-transmit 46 exceed-action drop swh-iepm-10g(config)#$action set-dscp-transmit 34 exceed-action drop swh-iepm-10g(config)#$action set-dscp-transmit 39 exceed-action drop swh-iepm-10g(config)#$ conform-action set-dscp-transmit 56 exceed-action drop swh-iepm-10g(config)#$nform-action set-dscp-transmit 8 exceed-action drop swh-iepm-10g(config)#$nform-action set-dscp-transmit 16 exceed-action drop swh-iepm-10g(config)# swh-iepm-10g(config)# swh-iepm-10g(config)# swh-iepm-10g(config)#class-map match-all CS1_out swh-iepm-10g(config-cmap)# match access-group name CS1_out swh-iepm-10g(config-cmap)#class-map match-all CS2_out swh-iepm-10g(config-cmap)# match access-group name CS2_out swh-iepm-10g(config-cmap)#class-map match-all CS7_out swh-iepm-10g(config-cmap)# match access-group name CS7_out swh-iepm-10g(config-cmap)#class-map match-all CS47_out swh-iepm-10g(config-cmap)# match access-group name CS47_out swh-iepm-10g(config-cmap)#class-map match-all EF_out swh-iepm-10g(config-cmap)# match access-group name EF_out swh-iepm-10g(config-cmap)#class-map match-all AF41_out swh-iepm-10g(config-cmap)# match access-group name AF41_out swh-iepm-10g(config-cmap)#class-map match-all AF31_out swh-iepm-10g(config-cmap)# match access-group name AF31_out swh-iepm-10g(config-cmap)#class-map match-all AF21_out swh-iepm-10g(config-cmap)# match access-group name AF21_out swh-iepm-10g(config-cmap)#class-map match-all AF11_out swh-iepm-10g(config-cmap)# match access-group name AF11_out swh-iepm-10g(config-cmap)# swh-iepm-10g(config-cmap)#class-map match-all CS47_in swh-iepm-10g(config-cmap)# match access-group name CS47_in swh-iepm-10g(config-cmap)#class-map match-all AF41_in swh-iepm-10g(config-cmap)# match access-group name AF41_in swh-iepm-10g(config-cmap)#class-map match-all EF_in swh-iepm-10g(config-cmap)# match access-group name EF_in swh-iepm-10g(config-cmap)#class-map match-all AF21_in swh-iepm-10g(config-cmap)# match access-group name AF21_in swh-iepm-10g(config-cmap)#class-map match-all AF31_in swh-iepm-10g(config-cmap)# match access-group name AF31_in swh-iepm-10g(config-cmap)#class-map match-all AF11_in swh-iepm-10g(config-cmap)# match access-group name AF11_in swh-iepm-10g(config-cmap)#class-map match-all CS1_in swh-iepm-10g(config-cmap)# match access-group name CS1_in swh-iepm-10g(config-cmap)#class-map match-all CS2_in swh-iepm-10g(config-cmap)# match access-group name CS2_in swh-iepm-10g(config-cmap)#class-map match-all CS7_in swh-iepm-10g(config-cmap)# match access-group name CS7_in swh-iepm-10g(config-cmap)# swh-iepm-10g(config-cmap)# swh-iepm-10g(config-cmap)# swh-iepm-10g(config-cmap)#policy-map QoS_r2_out swh-iepm-10g(config-pmap)# class EF_out swh-iepm-10g(config-pmap-c)# swh-iepm-10g(config-pmap-c)# class CS2_out swh-iepm-10g(config-pmap-c)# police aggregate CS2_CAP swh-iepm-10g(config-pmap-c)#$action set-dscp-transmit 16 exceed-action drop swh-iepm-10g(config-pmap-c)# class AF11_out swh-iepm-10g(config-pmap-c)# police aggregate AF11_CAP swh-iepm-10g(config-pmap-c)#$action set-dscp-transmit 10 exceed-action drop swh-iepm-10g(config-pmap-c)# class AF21_out swh-iepm-10g(config-pmap-c)# police aggregate AF21_CAP swh-iepm-10g(config-pmap-c)# class AF31_out swh-iepm-10g(config-pmap-c)# police aggregate AF31_CAP swh-iepm-10g(config-pmap-c)# class AF41_out swh-iepm-10g(config-pmap-c)# police aggregate AF41_CAP swh-iepm-10g(config-pmap-c)# class CS1_out swh-iepm-10g(config-pmap-c)# police aggregate CS1_CAP swh-iepm-10g(config-pmap-c)#$tion set-dscp-transmit 8 exceed-action drop swh-iepm-10g(config-pmap-c)# class CS47_out swh-iepm-10g(config-pmap-c)# police aggregate CS47_CAP swh-iepm-10g(config-pmap-c)# class CS7_out swh-iepm-10g(config-pmap-c)# police aggregate CS7_CAP swh-iepm-10g(config-pmap-c)# swh-iepm-10g(config-pmap-c)#policy-map QoS_r2_in swh-iepm-10g(config-pmap)# class EF_in swh-iepm-10g(config-pmap-c)# trust dscp swh-iepm-10g(config-pmap-c)# class CS2_in swh-iepm-10g(config-pmap-c)# trust dscp swh-iepm-10g(config-pmap-c)# class AF11_in swh-iepm-10g(config-pmap-c)# trust dscp swh-iepm-10g(config-pmap-c)# class AF21_in swh-iepm-10g(config-pmap-c)# trust dscp swh-iepm-10g(config-pmap-c)# class AF31_in swh-iepm-10g(config-pmap-c)# trust dscp swh-iepm-10g(config-pmap-c)# class AF41_in swh-iepm-10g(config-pmap-c)# trust dscp swh-iepm-10g(config-pmap-c)# class CS47_in swh-iepm-10g(config-pmap-c)# trust dscp swh-iepm-10g(config-pmap-c)# class CS7_in swh-iepm-10g(config-pmap-c)# trust dscp swh-iepm-10g(config-pmap-c)# class CS1_in swh-iepm-10g(config-pmap-c)# trust dscp swh-iepm-10g(config-pmap-c)#ip access-list extended AF11_in swh-iepm-10g(config-ext-nacl)#ip access-list extended AF11_out swh-iepm-10g(config-ext-nacl)#ip access-list extended AF21_in swh-iepm-10g(config-ext-nacl)#ip access-list extended AF21_out swh-iepm-10g(config-ext-nacl)#ip access-list extended AF31_in swh-iepm-10g(config-ext-nacl)#ip access-list extended AF31_out swh-iepm-10g(config-ext-nacl)#ip access-list extended AF41_in swh-iepm-10g(config-ext-nacl)#ip access-list extended AF41_out swh-iepm-10g(config-ext-nacl)#ip access-list extended CS1_in swh-iepm-10g(config-ext-nacl)#ip access-list extended CS1_out swh-iepm-10g(config-ext-nacl)#ip access-list extended CS2_in swh-iepm-10g(config-ext-nacl)#ip access-list extended CS2_out swh-iepm-10g(config-ext-nacl)#ip access-list extended CS47_in swh-iepm-10g(config-ext-nacl)#ip access-list extended CS47_out swh-iepm-10g(config-ext-nacl)#ip access-list extended CS7_in swh-iepm-10g(config-ext-nacl)#ip access-list extended CS7_out swh-iepm-10g(config-ext-nacl)#ip access-list extended EF_in swh-iepm-10g(config-ext-nacl)#ip access-list extended EF_out swh-iepm-10g(config-ext-nacl)# swh-iepm-10g(config-ext-nacl)# swh-iepm-10g(config-ext-nacl)#int gi5/2 swh-iepm-10g(config-if)# swh-iepm-10g(config-if)# swh-iepm-10g(config-if)# swh-iepm-10g(config-if)#servi swh-iepm-10g(config-if)#service-policy in swh-iepm-10g(config-if)#service-policy input ? WORD policy-map name swh-iepm-10g(config-if)#service-policy ? history Keep history of QoS metrics input Assign policy-map to the input of an interface output Assign policy-map to the output of an interface swh-iepm-10g(config-if)#int vlan59 swh-iepm-10g(config-if)# swh-iepm-10g(config-if)# swh-iepm-10g(config-if)#service-policy input QoS_r2_out swh-iepm-10g(config-if)# swh-iepm-10g(config-if)# swh-iepm-10g(config-if)# swh-iepm-10g(config-if)# swh-iepm-10g(config-if)# swh-iepm-10g(config-if)#mls qo swh-iepm-10g(config-if)#mls qos ? bridged bridged keyword dscp-mutation mutation keyword exp-mutation exp mutation keyword loopback loopback cable between LAN and WAN port mpls mpls keyword swh-iepm-10g(config-if)#mls qos br swh-iepm-10g(config-if)#mls qos bridged ? <cr> swh-iepm-10g(config-if)#mls qos bridged