Merge pull request #508 from tcmitchell/centos-wsgi

Update CentOS install for WSGI
GENI-NSF · Jun 7, 2016 · f261fca · f261fca
2 parents 2e3fbab + 898f9b0
commit f261fca
Show file tree

Hide file tree

Showing 9 changed files with 36 additions and 473 deletions.
diff --git a/INSTALL-centos.md b/INSTALL-centos.md
@@ -7,15 +7,12 @@ These instructions are for installing the GENI Clearinghouse.  Information on th
 
 http://groups.geni.net/geni/wiki/GeniClearinghouse
 
-Update the OS and install EPEL
+Update the OS
 ------------------------------
 
 ```Shell
 # update the OS
 sudo yum update -y
-
-# Install the EPEL repository
-sudo yum install -y epel-release
 ```
 
 Ensure SELinux is disabled
@@ -56,7 +53,7 @@ sudo curl "${URL_BASE}"/centos/geni.repo -o /etc/yum.repos.d/geni.repo
 Installing the GENI Clearinghouse package
 -----------------------------------------
 
-Once the server knows about the RPM repository, it is easy to 
+Once the server knows about the RPM repository, it is easy to
 install the geni clearinghouse package:
 
 ```Shell
@@ -212,37 +209,10 @@ cat /usr/share/geni-ch/CA/cacert.pem /usr/share/geni-ch/ma/ma-cert.pem > /tmp/ca
 sudo cp /tmp/ca-ma-cert.pem /usr/share/geni-ch/CA
 ```
 
-Install AMSoil
---------------
+Restart httpd
 
 ```Shell
-# Be sure wget is available
-sudo yum install -y wget
-
-cd $CH_DIR/chapi
-sudo wget https://github.com/GENI-NSF/geni-soil/archive/gpo-0.3.3.tar.gz
-sudo tar zxf gpo-0.3.3.tar.gz 
-sudo rm gpo-0.3.3.tar.gz
-sudo ln -s geni-soil-gpo-0.3.3 AMsoil
-
-sudo chown apache.apache $CH_DIR/chapi/AMsoil/deploy
-sudo touch $CH_DIR/chapi/AMsoil/log/amsoil.log
-sudo chmod a+w $CH_DIR/chapi/AMsoil/log/amsoil.log
-sudo mkdir /var/log/geni-chapi
-sudo touch /var/log/geni-chapi/chapi.log
-sudo chmod a+w /var/log/geni-chapi/chapi.log
-
-# Set up amsoil links to CHAPI plugins
-cd $CH_DIR/chapi/AMsoil/src/plugins
-for pl in chrm chapiv1rpc sarm marm csrm logging opsmon flaskrest
-do
-    sudo ln -s $CH_DIR/chapi/chapi/plugins/$pl .
-done
-
-cd /usr/share/geni-ch/chapi/AMsoil/src
-sudo ln -s main.py main.fcgi
-
-sudo systemctl restart httpd.service
+sudo systemctl start httpd.service
 ```
 
 Install and configure postfix
@@ -307,8 +277,6 @@ python /usr/share/geni-ch/chapi/chapi/tools/client.py \
 
 Test Slice Authority (port 443)
 ```Shell
-cd /usr/share/geni-ch/chapi/chapi/tools
-# export PYTHONPATH=/usr/share/geni-ch/gcf/src
 python /usr/share/geni-ch/chapi/chapi/tools/client.py \
        --cert /usr/share/geni-ch/ma/ma-cert.pem \
        --key /usr/share/geni-ch/ma/ma-key.pem \
@@ -320,7 +288,7 @@ Add portal as a trusted tool
 
 When you have a GENI Portal that you want to test with this Clearinghouse
 you must configure the Clearinghouse to expect communication from the
-portal. Use this command, 
+portal. Use this command,
 
 ```Shell
 AUTHORITY=`geni-install-templates --print_parameter ch_authority`

diff --git a/Makefile.am b/Makefile.am
@@ -3,5 +3,3 @@
 SUBDIRS = plugins tools etc bin man data db templates
 
 .PHONY: $(SUBDIRS)
-
-dist_pkgdata_DATA = apache2.conf fastcgi.conf
diff --git a/apache2.conf b/apache2.conf
diff --git a/fastcgi.conf b/fastcgi.conf
diff --git a/geni-chapi.spec b/geni-chapi.spec
@@ -7,10 +7,9 @@ License:        GENI Public License
 URL:            https://github.com/GENI-NSF/geni-ch
 Source:         %{name}-%{version}.tar.gz
 Group:          Applications/Internet
-Requires:       httpd, mod_ssl, mod_fcgid
-Requires:       python-flask, python-sqlalchemy, python-lxml, python-psycopg2
-Requires:       python-flup, python-flask-xml-rpc, python-blinker
-Requires:       geni-tools, abac, postgresql
+Requires:       httpd, mod_ssl, mod_wsgi
+Requires:       python-sqlalchemy, python-psycopg2
+Requires:       geni-tools, postgresql
 
 # BuildRequires: gettext
 # Requires(post): info
@@ -310,7 +309,6 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/%{name}/abac_credential.xml
 %{_datadir}/%{name}/amsoil-log-out.txt
 %{_datadir}/%{name}/apache-error-log-out.txt
-%{_datadir}/%{name}/apache2.conf
 %{_datadir}/%{name}/ch-error-log-out.txt
 %{_datadir}/%{name}/chapi-log-out.txt
 %{_datadir}/%{name}/db/cs/postgresql/data.sql
@@ -356,12 +354,10 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/%{name}/db/sr/postgresql/update-3.sql
 %{_datadir}/%{name}/db/sr/postgresql/update-4.sql
 %{_datadir}/%{name}/db/sr/postgresql/update-5.sql
-%{_datadir}/%{name}/fastcgi.conf
 %{_datadir}/%{name}/project_credential.xml
 %{_datadir}/%{name}/templates/apache2.conf.tmpl
 %{_datadir}/%{name}/templates/ch-ssl.conf.tmpl
 %{_datadir}/%{name}/templates/chapi.ini.tmpl
-%{_datadir}/%{name}/templates/httpd.conf.tmpl
 %{_datadir}/%{name}/templates/install_postgresql.sh
 %{_datadir}/%{name}/templates/install_service_registry.sql.tmpl
 %{_datadir}/%{name}/templates/openssl.cnf.tmpl

diff --git a/templates/Makefile.am b/templates/Makefile.am
@@ -5,7 +5,6 @@ dist_templates_DATA = \
 	apache2.conf.tmpl \
 	ch-ssl.conf.tmpl \
 	chapi.ini.tmpl \
-	httpd.conf.tmpl \
 	install_postgresql.sh \
 	install_service_registry.sql.tmpl \
 	openssl.cnf.tmpl \

diff --git a/templates/ch-ssl.conf.tmpl b/templates/ch-ssl.conf.tmpl
@@ -1,11 +1,21 @@
-# This is necessary to allow the FCGI ScriptAliases
-# to run. Otherwise there is a 403 Forbidden error.
-<Directory @pkgdatadir@/chapi/AMsoil/src>
-   AllowOverride None
-   Require all granted
+# ----------------------------------------------------------------------
+# Enable access to the WSGI files. Without this, the client is denied
+# acess to the WSGI entry point.
+# ----------------------------------------------------------------------
+<Directory /usr/share/geni-ch/chapi/chapi>
+  AllowOverride None
+  Require all granted
 </Directory>
 
-NameVirtualHost *:443
+# ----------------------------------------------------------------------
+# Ubuntu uses the WSGIDaemonProcess python-path setting, and CentOS 7
+# uses the path specified in WSGIPythonPath. The WSGI docs indicate
+# that the the WSGIDaemonProcess should not be using WSGIPythonPath.
+# Leave both in place so it works on both platforms.
+# ----------------------------------------------------------------------
+WSGIPythonPath /usr/share/geni-ch/chapi/chapi
+WSGIDaemonProcess ch_server display-name=%{GROUP} python-path=/usr/share/geni-c\
+h/chapi/chapi
 
 <VirtualHost *:443>
     ServerName @ch_host@
@@ -23,18 +33,16 @@ NameVirtualHost *:443
     SSLVerifyClient optional
     SSLVerifyDepth 3
 
-    FcgidInitialEnv PYTHONPATH @pkgdatadir@/gcf/src:@pkgdatadir@/chapi/chapi:@pkgdatadir@/chapi/chapi/tools
-    ScriptAlias /SA @pkgdatadir@/chapi/AMsoil/src/main.fcgi
-    ScriptAlias /MA @pkgdatadir@/chapi/AMsoil/src/main.fcgi
-    ScriptAlias /CS @pkgdatadir@/chapi/AMsoil/src/main.fcgi
-    ScriptAlias /LOG @pkgdatadir@/chapi/AMsoil/src/main.fcgi
-    ScriptAliasMatch /info/*/* @pkgdatadir@/chapi/AMsoil/src/main.fcgi
-
+    WSGIScriptAlias / @pkgdatadir@/chapi/chapi/tools/ch_server.wsgi
+    WSGIScriptAlias /SA @pkgdatadir@/chapi/chapi/tools/ch_server.wsgi
+    WSGIScriptAlias /MA @pkgdatadir@/chapi/chapi/tools/ch_server.wsgi
+    WSGIScriptAlias /CS @pkgdatadir@/chapi/chapi/tools/ch_server.wsgi
+    WSGIScriptAlias /LOG @pkgdatadir@/chapi/chapi/tools/ch_server.wsgi
+    WSGIScriptAliasMatch /info/*/* @pkgdatadir@/chapi/chapi/tools/ch_server.wsgi
 
 </VirtualHost>
 
 Listen 8444
-NameVirtualHost *:8444
 <VirtualHost *:8444>
     ServerName @ch_host@
 
@@ -51,9 +59,7 @@ NameVirtualHost *:8444
     SSLVerifyClient optional_no_ca
     SSLVerifyDepth 3
 
-    FcgidInitialEnv PYTHONPATH @pkgdatadir@/gcf/src:@pkgdatadir@/chapi/chapi:@pkgdatadir@/chapi/chapi/tools
-    ScriptAlias /CH @pkgdatadir@/chapi/AMsoil/src/main.fcgi
-    ScriptAlias /SR @pkgdatadir@/chapi/AMsoil/src/main.fcgi
+    WSGIScriptAlias /CH @pkgdatadir@/chapi/chapi/tools/ch_server.wsgi
+    WSGIScriptAlias /SR @pkgdatadir@/chapi/chapi/tools/ch_server.wsgi
 
 </VirtualHost>
-
Original file line number	Diff line number	Diff line change
Expand Up		@@ -3,5 +3,3 @@
		SUBDIRS = plugins tools etc bin man data db templates

		.PHONY: $(SUBDIRS)

		dist_pkgdata_DATA = apache2.conf fastcgi.conf