Dorian Installation and Configuration

[ Dorian: Administrators Guide | Developers Guide | Users Guide | caGrid: Documentation Guides ]

To install and configure Dorian please follow the steps below.

Step 1: Install Prerequisite Software

In order to install and run Dorian, it is required that the following prerequisite software is installed:

• Java 1.5 JDK
• Ant 1.6.5
• Globus WS-Core with WS-Enum Support
• MySQL
• (Optional) If you want to deploy services to tomcat, you will need Tomcat 5.0.28
• (Optional) If you use the Eracom or EracomHybrid certificate authority approaches it is required that you install that the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files (Java 5, Java 6) be installed into your JVM.

Step 2: Building Dorian

Dorian is distributed as standalone project as well as part of other projects such as caGrid. Each of the distributions contains a dorian directory herein referred to as DORIAN_LOCATION. To build Dorian type ant clean all from the DORIAN_LOCATION directory.

Depending on the Dorian distribution it may be required to build the entire project that Dorian is distributed with prior to building Dorian. For example if you have obtained a caGrid distribution this is required, if you received a Dorian standalone distribution this is not required.

Step 3: Configuring Dorian

Dorian is configured through a single configuration file which is located at DORIAN_LOCATION/etc/dorian-conf.xml. For simple deployments only the following configuration elements need to be modified.

1. Database Configuration
2. CA Subject Name

Database Configuration

Dorian uses a MySQL database to persist account information. Dorian must be modified such that it will interact with you MySQL database. To modify the database configuration to interact with you database please set the values of the host, port, username, and password elements.

Certificate Authority Subject Name

Dorian manages an internal certificate authority for signing user and host certificates. The certificate authority is created the first time the service is started. It is important that the subject of the CA certificate is unique and meaningful to your deployment. To set the subject of the certificate authority for you deployment edit the CASubject element. The default value of C=US,O=abc,OU=xyz,OU=caGrid,CN=caGrid Dorian CA is provided as an example.

It is important to note that the configuration changes specified thus far is the minimum configuration required for simple deployments of Dorian. Complete details on configuring Dorian can be accessed by clicking here. These details include configuring some of the more advance features such as using a Hardware Security Module (HSM) for the storage of keys or for details on integrating Dorian with the Grid Trust Service (GTS).

Step 4: Obtaining Host Credentials for Dorian

Dorian requires that it runs as a secure service. In order to run a secure service, the container hosting the service must run with a host credential. A host credential consist of a X.509 certificate and private key. One of the features Dorian provides is the ability to issue and manage host credentials. Although you may a host credential elsewhere, Dorian has a command line utility that can be used to issue a host credential for the container that it will run in. To leverage this command line utility type the following from a command prompt:

%> cd DORIAN_LOCATION
%> ant createDorianHostCredentials

You will immediately be prompted for the name of the host that will be running Dorian, enter the host name and press enter. You will then be prompted to enter a directory where the host certificate and private key should be written to. Enter the directory location and hit enter. The utility will then create a host certificate and private key for Dorian and inform you where on the file system they were written. The entire output of the program is shown below:

$ ant createDorianHostCredentials
Buildfile: build.xml

setGlobus:

checkGlobus:
[echo] Globus: C:\ext\ws-core-4.0.3

createDorianHostCredentials:
[input] Please enter the host:
somehost.example.com
[input] Please enter the directory to write out the host credentials:
c:/certificates
[java] /C=US/O=abc/OU=xyz/OU=caGrid/OU=Dorian IdP/CN=dorian
[java] Successfully created the host certificate:
[java] Subject: C=US,O=abc,OU=xyz,OU=caGrid,OU=Services,CN=host/somehost.ex
ample.com
[java] Created: Thu Jun 21 19:21:45 EDT 2007
[java] Expires: Sat Jun 21 19:21:45 EDT 2008
[java] Succesfully wrote private key to c:\certificates\somehost.example.co
m-key.pem
[java] Succesfully wrote certificate to c:\certificates\somehost.example.co
m-cert.pem

BUILD SUCCESSFUL
Total time: 29 seconds

Now that we have obtained host credentials, we need to configure Globus to trust the Dorian Certificate Authority that issued those credentials. This can be done by typing the following from the command prompt.

%> cd DORIAN_LOCATION
%> ant configureGlobusToTrustDorian

Upon completion you should see similar output to the following:

$ ant configureGlobusToTrustDorian
Buildfile: build.xml

setGlobus:

checkGlobus:
[echo] Globus: C:\ext\ws-core-4.0.3

configureGlobusToTrustDorian:
[java] Succesfully configured Globus to trust the Dorian CA: C=US,O=abc,OU=
xyz,OU=caGrid,CN=caGrid Dorian CA
[java] Succesfully wrote CA certificate to C:\Users\jdoe\.globus\certif
icates\2d45eee5.0
[java] Succesfully wrote CA signing policy to C:\Users\jdoe\.globus\cer
tificates\2d45eee5.signing_policy

BUILD SUCCESSFUL
Total time: 5 seconds

Step 5: Configuring a Secure Container

Now that you have obtained host credentials, you may use them to configure a secure container. Dorian can be run from a secure Globus container or a secure Tomcat container. For directions on how to configure a secure Globus container CLICK HERE. For directions on how to configure a secure Tomcat container CLICK HERE.

Step 6: Deploying Dorian

Once you have configured a secure container (Globus or Tomcat) you need to deploy Dorian to that container. To deploy Dorian to a secure Globus container type the following from a command prompt:

%> cd DORIAN_LOCATION
%> ant deployGlobus

To deploy Dorian to a secure Tomcat container type the following from a command prompt:

%> cd DORIAN_LOCATION
%> ant deployTomcat

No matter which container you choose you should see a significant amount of output to the screen, if the deployment is successful you should see the words "BUILD SUCCESSFUL" outputted to the screen.

Step 7: Verifying the Installation

Once you have deployed Dorian, you have completed the installation and configuration of Dorian. Next we will verify that the installation was successful, however before doing so we must start the Dorian service. This is done by starting the container that Dorian was deployed to. For directions on starting a secure Globus container CLICK HERE. To start a secure Tomcat container run the startup script (startup.sh or startup.bat) located in TOMCAT_INSTALLATION_DIRECTORY/bin. If the container starts up we are ready to verify that the Dorian installation was successful. To do so complete the following:

1. Download the GAARDS UI
2. Unzip the GAARDS UI locally, we will refer to the unzipped directory as GAARDS_UI_LOCATION
3. Complete the following from the command line:

%> cd GAARDS_UI_LOCATION
%> ant ui

This will bring up a the Dorian Administration UI, after the UI opens please complete the following steps:

1. Click the Login button, this will bring up a Login screen.
2. From the Dorian Service drop down select https://localhost:8443/wsrf/services/cagrid/Dorian.
3. From the Authentication Service drop down select https://localhost:8443/wsrf/services/cagrid/Dorian.
4. In the User Id text box enter dorian
5. In the Password text box enter DorianAdmin$1
6. Click the Authenticate button.

After clicking the Authenticate button you will be logged onto Dorian using the default administrator (dorian). If the login is successful another window, similar to the one shown below should pop up containing the details of your credential. Congratulations you have successfully installed and configured Dorian.