Multiple UNICORE/X sites can share a registry, greatly simplifying the use of your UNICORE Grid. Since such a registry is vital to the functioning of a UNICORE Grid, you can have more than one. This how-to guide shows how to configure such a setting. In a nutshell you have to
A registry is a "normal" UNICORE/X service, however, you should use a dedicated UNICORE/X instance for the registry, making sure no other services are running.
Apart from hostname, port, and other properties, the wsrflite.xml file should contain the following service definitions.
<!-- wsrflite.xml configuration entries for a registry -->
<service name="ServiceGroupEntry" wsrf="true" persistent="true">
<interface class="de.fzj.unicore.wsrflite.xmlbeans.sg.ServiceGroupEntry" />
<implementation class="de.fzj.unicore.uas.impl.registry.RegistryEntryHomeImpl"/>
</service>
<service name="Registry" wsrf="true" persistent="true">
<interface class="de.fzj.unicore.uas.Registry" />
<implementation class="de.fzj.unicore.uas.impl.registry.RegistryHomeImpl"/>
<handler type="in" class="de.fzj.unicore.uas.security.PlainWSAuthZHandler"/>
</service>
Here, you will need to specify some properties, in addition to the usual configuration (XUUDB settings, etc)
#uas.config excerpt for a shared registry #specify a sitename uas.targetsystem.sitename=REGISTRY #deploy the registry on container startup uas.onstartup=de.fzj.unicore.uas.util.RegistryStartup #(optional) switch off UDP multicast advertisement of the registry #uas.registry.global.advertise=false
The registry is started and stopped like any other UNICORE/X container using the scripts in the "bin" folder. If running multiple UNICORE/X servers on the same host, make sure to check the container port, and possibly the JMX port (in the start script).
To enable access control, set in registry/conf/uas.config
uas.security.accesscontrol.Registry=true
This will check the security policy (conf/security_policy.xml) for each request. By default, this policy allows to add entries only for callers with the role "server".
If using an XUUDB, you will need to add the certificates / DNs of all servers wishing to publish into the registry as having the role "server". Please check the XUUDB documentation on how to do that.
Usually, you'll need to add an entry to the gateway's site list file (connections.properties) that points to your registry server. In the following, we assume the Registry VSite is named "REGISTRY".
To use a specific registry, configure the address of the registry in uas.config. The simplest is to use auto-discover the registry in your network using multicast (group 228.5.6.7 port 7700). Then you just have to set a single property in uas.config:
#switch on use of external registry uas.externalregistry.use=true
The entries in the global registry are updated at a specified interval. To control this interval, edit a property in wsrflite.xml:
<!-- default termination time for registry entries in seconds --> <property name="unicore.wsrflite.sg.defaulttermtime" value="1800"/>
In case you cannot or will not use UDP multicast, you can also specify a fixed registry address. This is done in uas.config:
#switch on use of external registry uas.externalregistry.use=true #switch off autodiscovery uas.externalregistry.autodiscover=false # manually provide url and epr of the external registry # url: uas.externalregistry.url=https://localhost:8080/REGISTRY/services/Registry?res=default_registry # optionally you can have more registries uas.externalregistry.url.2=https://localhost:8080/REGISTRY-BACKUP/services/Registry?res=default_registry
Make sure your clients all use the global, shared registry.