UNICORE/X is a container for the UNICORE 6 atomic services (UAS) comprising a TargetSystemFactory (TSF), TargetSystemServices (TSS), StorageManagementServices (SMS), JobManagementServices (JMS) and FileTransferServices (FTS). It also includes a Registry service for finding available service instances.
UNICORE/X has several sub-components. For configuring these, there is a variety of properties. These are set in different config files residing in the folder "<inst>/conf".
| config file | usage |
| uas.config | General properties, startup behaviour,registry, file transfer properties |
| wsrflite.xml | Services to be deployed, SSL settings, Web server settings |
| simpleidb | Backend, installed applications, resources |
| xnjs.xml | Back end properties |
| xnjs_legacy.xml | Back end properties preconfigured for the Perl TSI |
| logging.properties | logging levels, logfiles and their properties |
| security_policy.xml | Access control policy for securing the web services |
| xacml.config | Configure the access control component |
The properties for the Java VM are configured in
These properties include settings for maximum memory, and also the properties for configuring JMX, see the admin guide for more on JMX.
UNICORE/X uses two different formats for configuration.
name=value1 \
value2
In this example the value of the "name" property will be "value1 value2".
Various XML dialects being used, so please refer to the example files distributed with UNICORE for more information on the syntax.
All values are parsed as Strings but afterwards many of them are cast to other java types like int or boolean for semantic evaluation.
| config file | property name | range of values | default value | description |
| uas.config | uas.wsrflite.configfile | a filename | "conf/wsrflite.xml" | the location of the xml file containing basic wsrflite-specific settings |
| uas.targetsystemfactory .xnjs.configfile |
a filename | conf/xnjs.xml | config file for XNJS-related settings (e.g. used IDB file, folder for job uspaces) | |
| uas.targetsystem .sitename |
any String | "FZJ-UAS-WSRFLite-XNJS" | site name being published in the "tss:Name" resource property of TSS | |
| uas.filetransfer .protocol.BFT |
a java class name | "de.fzj.unicore.uas.fts .BaselineFileTransferImpl" |
java class implementing the baseline file transfer (BFT) protocol for SMS | |
| uas.filetransfer .protocol.RBYTEIO |
a java class name | "de.fzj.unicore.uas.fts .byteio.RandomByteIOImpl" |
java class implementing the random access ByteIO file transfer protocol | |
| uas.filetransfer .protocol.SBYTEIO |
a java class name | "... .StreamableByteIOImpl" |
java class implementing the streamable ByteIO file transfer protocol | |
| uas.sms.protocols | list of protocol identifiers | "RBYTEIO SBYTEIO BFT" | whitespace separated list of protocols supported by an SMS |
The gateway address is usually hard-coded into conf/wsrflite.xml, and on the gateway side there is an entry VSITE_NAME=address pointing to the UNICORE/X container. In some scenarios it's convenient to auto-register with a gateway. This can be enabled using the following properties.
| config file | property name | range of values | default value | description |
| uas.config | uas.gatewayregistration | true or false | false | whether autoregistration should be enabled |
| uas.gatewayregistration.updateinterval | an integer | 30 | registration refresh interval |
Note that on the gateway side autoregistration needs to be enabled as well!
There is an instance of the Registry service within each UNICORE/X service container.
It is possible to configure the local registry so that it tries to contact one or more external or "global" registries in order to publish its entries there. Most of the following properties deal with the automatic discovery and/or manual setup of the external registries being used.
| config file | property name | range of values | default value | description |
| uas.config | uas.externalregistry.use | "true", "false" | "false" | if set to "true", the local registry tries to publish its entries in an external registry |
| uas.externalregistry.autodiscover | "true", "false" | "true" | if set to "true", try to autodiscover the external registry via udp multicast | |
| uas.externalregistry.url | a valid URL | "" | use this URL for external registry if automatic discovery is switched off or fails | |
| uas.externalregistry.url.* | more valid URLs | "" | additional registry URLs | |
| wsrflite.xml | unicore.wsrflite.sg.defaulttermtime | a long value | "180" | alive-check interval for registry entries; an external registry will dictate its own value to the local registry |
The following property configures UNICORE/X to run as a global registry. See also the registry guide for details.
| config file | property name | range of values | default value | description |
| uas.config | uas.registry.global | "true", "false" | "false" | if set to "true", the server acts as "global" registry |
| uas.config | uas.onstartup | space-separated list of class names | n/a | add "de.fzj.unicore.uas.util.RegistryStartup" to configure the global registry |
In order to provide a flexible initialization process for the UAS, we introduce a property named "uas.onstartup", which is defined in the file "uas.config". The value string of this property consists of a whitespace separated list of java classes which must be implementing the "Runnable" interface. The java package "de.fzj.unicore.uas.util" contains several predefined scripts with useful startup code. Here is a brief overview:
| class name | description |
| DefaultOnStartup | should usually be run on startup; mainly initializes the local registry and the TSF |
| CreateSMSOnStartup | creates and deploys a single instance of the SMS, named default_storage |
| RegistryStartup | starts a standalone global Registry advertising itself via UDP multicast; no atomic services should be deployed within this service container |
Security configuration includes
The actual security policy or policies are expressed in XACML, see the policy guide.
Here you configure the server identity and the certificates of other services that want to contact this server.
| config file | property name | range of values | default value | description |
| wsrflite.xml | unicore.wsrflite.ssl.keystore | Name of keystore file | The keystore contains at least one private/public keypair | |
| unicore.wsrflite.ssl.keytype | PKCS12, JKS | JKS | ||
| unicore.wsrflite.ssl.keypass | Keystore password | |||
| unicore.wsrflite.ssl.keyalias | Alias of the key to use | |||
| unicore.wsrflite.ssl.clientauth | "true" or "false" | true | Whether to require client-authentication | |
| unicore.wsrflite.ssl.truststore | Name of truststore file | The truststore contains certificates that should be trusted by the server | ||
| unicore.wsrflite.ssl.truststoretype | PKCS12, JKS | JKS | ||
| unicore.wsrflite.ssl.truststorepass | Keystore password |
In the default configuration, UNICORE/X is connecting to a XUUDB authorisation service for making authorisation.
| config file | property name | range of values | default value | description |
| uas.config | uas.security.authoriser | space separated list of class names | Java classes used for retrieving authZ attributes | |
| xuudb_host | http(s)://hostname | Scheme + host of the XUUDB query service | ||
| xuudb_port | Integer | 34463 | Port of the XUUDB query service | |
| xuudb_gcid | String | The ID (Vsite name) of the Unicore/X server |
| config file | property name | range of values | default value | description |
| uas.config | uas.security.accesscontrol | "true", "false" | "true" | if set to "true", access control is enabled |
| uas.security.accesscontrol.pdp.config | config file for the default PDP | |||
| uas.security.accesscontrol.pdp | class name | de.fzj.unicore.uas.security.SimplePDP | Optional, use to customise the access control |
| config file | property name | range of values | default value | description |
| uas.config | uas.security.signatures | "true", "false" | "true" | if set to "true", the server requires digital signatures on certain messages such as job submission |
If you need to further customise security, you can add additional handlers on the web services. To do this, you have to edit the "wsrflite.xml" config file. Each service is defined by a XML element such as
<service name="shop" wsrf="true" persistent="true"> <interface class="example.MyService" /> <implementation class="example.MyServiceHomeImpl"/> <handler type="in" class="my.example.SecurityInHandler"/> <handler type="in" class="my.example.TraceHandler"/> <handler type="out" class="my.example.OutHandler"/> </service>
As you can see, you can add in/out Handlers by specifying their type and the class name. For details on how to implement such a handler, we refer to the source code of UNICORE/X (or send mail to the developers).
Information on the configuration of the XNJS backend can be found here.
Each TargetSystem instance can have one or more storages attached to it. Usually, only the HOME storage is created, which allows users access their home directory on the target system. You can add storages easily, using configuration entries as follows:
| config file | property name | range of values | default value | description |
| uas.config | uas.targetsystem.storage.N | String | n/a | disambiguates several configuration entry sets |
| uas.targetsystem.storage.N.type | FIXEDPATH, VARIABLE or CUSTOM | n/a | FIXEDPATH: mapped to a fixed directory, VARIABLE: resolved using a lookup, CUSTOM: specified class is used | |
| uas.targetsystem.storage.N.path | String | n/a | Denotes a path or the name of an environment variable (depending on the type) | |
| uas.targetsystem.storage.N.class | Java class name | n/a | Class to use, only used when type is CUSTOM |
Here, "N" stands for an identifier (e.g. 1,2, 3, ...) to distinguish the storages. For example, to configure two storages, one named TEMP pointing to "/tmp" and the other named DEISA_HOME pointing to "$DEISA_HOME", you would add the following configuration entries in uas.config:
uas.targetsystem.storage.1=TEMP uas.targetsystem.storage.1.type=FIXEDPATH uas.targetsystem.storage.1.path=/tmp uas.targetsystem.storage.2=DEISA_HOME uas.targetsystem.storage.2.type=VARIABLE uas.targetsystem.storage.2.path=$DEISA_HOMES # example for a custom SMS implementation (e.g. for Hadoop or iRODS) uas.targetsystem.storage.3=IRODS uas.targetsystem.storage.3.type=CUSTOM uas.targetsystem.storage.3.path=/ uas.targetsystem.storage.3.class=my.custom.sms.ImplementationClass
Note::: the variable resolution only works with the classic Perl TSI, not with the embedded Java TSI.
If you want to disable the default "Home" storage, you can set the following property in uas.config:
uas.targetsystem.home.disable=true
This is configured similar to the target system storages above
uas.storagefactory.type=FIXEDPATH uas.storagefactory.path=/tmp/dynamicStorages uas.storagefactory.cleanup=true
The "path" parameter determines the base directory used for the storage instances (i.e. on the backend), and the unique ID of the storage will be appended automatically.
The "cleanup" parameter controls whether the storage directory will be deleted when the storage is destroyed.
The WSRFlite container has a number of settings related to the Jetty web server and to the HTTPClient library used for outgoing HTTP(s) calls.
The Jetty server can be configured using the following options.
| property name | range of values | default value | description |
| unicore.wsrflite.jetty.maxThreads | Integer | 255 | Maximum number of threads for Jetty |
| unicore.wsrflite.jetty.minThreads | Integer | 1 | Minimum number of threads |
| unicore.wsrflite.jetty.maxIdleTime | Integer | 1000 | Milliseconds before an idle connection will be timed out |
| unicore.wsrflite.jetty.lowThreads | Integer | 50 | If the number of free threads is below this value, idle connections will be timed out quicker |
| unicore.wsrflite.jetty.lowResourceMaxIdleTime | Integer | 100 | under "low resource" condition, milliseconds before an idle connection will be timed out |
| unicore.wsrflite.jetty.maxIdleTime | Integer | 1000 | Milliseconds before an idle connection will be timed out |
| unicore.wsrflite.jetty.gzip.minGzipSize | Integer | 65535 | The size of the largest data chunk that will not be compressed (if the client supports gzip) |
| unicore.wsrflite.jetty.gzip.bufferSize | Integer | 8192 | Buffer size used for gzip compression |
HTTP calls can be configured using the following properties.
| property name | range of values | default value | description |
| http.connection.timeout | Integer | 10000 | Socket connection timeout in millis |
| http.timeout | Integer | 10000 | Socket read timeout in millis |
| http.proxyHost | String | HTTP proxy host | |
| http.proxyPort | Integer | HTTP proxy port | |
| http.proxy.user | String | Proxy server user | |
| http.proxy.password | String | Proxy server password | |
| http.nonProxyHosts | String | Space separated list of host name fragments which are not proxied |