Introduction
This guide contains information of interest to developers working with the WS RLS. It provides reference information for application developers, including APIs, architecture, procedures for using the APIs and code samples.
Table of Contents
- 1. Before you begin
- 2. Usage scenarios
- 3. Tutorials
- 4. Architecture and design overview
- 5. APIs
- 6. WS-Resources and WSDL
- WS RLS Commands
- globus-replicalocation-createmappings - This tool is used to create mappings between logical names and target names. The create semantic implies that the logical name does not exist at the time of invocation.
- globus-replicalocation-addmappings - This tool is used to add mappings between logical names and target names. The add semantic implies that the logical name does exist at the time of invocation.
- globus-replicalocation-deletemappings - This tool is used to delete mappings between logical names and target names.
- globus-replicalocation-defineattributes - This tool is used to define attributes.
- globus-replicalocation-undefineattributes - This tool is used to undefine attributes.
- globus-replicalocation-addattributes - This tool is used to add attributes.
- globus-replicalocation-modifyattributes - This tool is used to modify attributes.
- globus-replicalocation-removeattributes - This tool is used to remove existing attributes.
- 7. Custom query dialect
- 8. Configuring WS RLS
- 9. Debugging
- 10. Troubleshooting
- 11. Related Documentation
- Index
Table of Contents
Features in GT 4.2.1 WS RLS
- Initial implementation of the WS RLS, which provides a Web services interface to the existing RLS.
- WS-ReplicaLocationCatalog: WSDL-defined interface for performing LRC operations, including creating/adding/deleting mappings, defining/undefining attribute definitions, and creating/modifying/removing attributes. The interface also defines a conceptual set of WS-ResourceProperties based upon which queries may be performed.
- A simple query dialect which may be used to form expressions to be used to query the WS-RLS based on logical/target names and attributes.
- WS-ReplicaLocationIndex: WSDL-defined interface for performing RLI operations. Since the RLI is used as a read-only query interface (querying the index of logical name entries), the WSDL defines domain specific operations. The operation of interest is the standard QueryResourceProperties.
Protocol changes since GT 4.2.0
- None.
API changes since GT 4.2.0
- None.
Exception changes since GT 4.2.0
- None.
Schema changes since GT 4.2.0
- None.
WS RLS depends on the following GT components:
- Java WS Core
- WS Authentication and Authorization
- Replica Location Service (RLS)
WS RLS depends on the following 3rd party software:
- None
Security recommendations include:
The following paragraph describes our INITIAL IMPLEMENTATION in this first look of the WS RLS interface -- THIS IS NOT INTENDED TO BE A FINAL SOLUTION.
Users of the WS RLS authenticate themselves to the WS RLS in the usual manner based on their credential. The WS RLS uses the WSAA and Authorization Framework to make authorization decisions. Then, the WS RLS uses a single certificate and key file to identify itself to the RLS irregardless of the user accessing the WS RLS. Thus users that can access the WS RLS are given the fixed WS RLS identity to access the RLS. Users accustomed to using RLS may not feel comfortable with this approach -- if it may be an issue for your environment, we suggest that you not use it with your production RLS. If you think of WS RLS as the gating interface to the RLS, as you should, then you should apply the appropriate authorization restrictions at the WS RLS level, which can be done using WSAA. This will in effect achieve a level of authorization similar to that of the RLS.
The WS RLS is deployed to the Java WS Core service container. It connects to a RLS service to perform the replica location operations. It serves as an alternative front-end to the current RLS interfaces. See Replica Location Service (RLS) architecture for more information.
Table of Contents
The WS RLS is a WS-RF compliant service implemented using the Globus Java WS Core. It exposes a set of Resource Properties and operations to allow users to create, add and remove mappings from logical names to target names, to define and undefine attribute definitions associated with names, and to create, modify and delete attributes associated with names. A custom query expression dialect is defined by the WS RLS which may be used to query the mapping and attributes represented by the Resource Properties of the service.
The WSDL defines the only public interface to the WS RLS at this time.
Table of Contents
The WS RLS is comprised of two WS-Resources, the ReplicaLocationCatalog and the ReplicaLocationIndex. Each WS-Resource defines ResourceProperties and a set of operations. The ReplicaLocationCatalog (or "catalog") defines the set of operations for manipulating name mappings and associated attributes along with the standard query resource properties operation. The ReplicaLocationIndex (or "index") specifies only the query resource properties operation since it is a read-only interface to the underlying index. Lifetime operations (set lifetime and destroy) do not apply to the WS RLS, because its WS-Resources live indefinitely. The resources are available so long as the service container is running and the WS RLS is deployed within the service container. Addressing the resources requires only the URL portion of the WS-Address.
For detailed information, please see the schema files.
For the specification of types see Replica Location Types XSD.
For the specification of port types see Catalog Port Type WSDL and Index Port Type WSDL.
The resource properties for the ReplicaLocationCatalog ReplicaLocatoinIndex port types are listed below:
![[Note]](/docbook-images/note.gif) | Note |
|---|---|
As a preview component the current WS-RLS specifies the following RPs but in most cases does not implement them in the current release. The developers of the component are providing the interfaces for review. |
configuration: A listing of the configuration settings for the underlying RLS service.diagnostics: A listing of diagnostics (e.g., status) from the underlying RLS service.catalog: A resource property sytle representation of the catalog contexts (i.e., attribute definitions, attributes, and mappings) of the underlying RLS service.
configuration: A listing of the configuration settings for the underlying RLS service.diagnostics: A listing of diagnostics (e.g., status) from the underlying RLS service.catalog: A resource property sytle representation of the index contexts (i.e., attribute definitions, attributes, and mappings) of the underlying RLS service.
The WS RLS provides a set of command-line tools to create, add, remove mappings between logical names and target names, define and undefine attribute definitions, and create, modify, and delete attributes. These command line tools are available on Unix and Windows platforms and will work in the same way (of course within the platform rules - the path syntax, variable definitions, etc.).
The WS RLS command-line tools make use of the Common Java Client Options. These options are refered to below as [options].
Table of Contents
- globus-replicalocation-createmappings - This tool is used to create mappings between logical names and target names. The create semantic implies that the logical name does not exist at the time of invocation.
- globus-replicalocation-addmappings - This tool is used to add mappings between logical names and target names. The add semantic implies that the logical name does exist at the time of invocation.
- globus-replicalocation-deletemappings - This tool is used to delete mappings between logical names and target names.
- globus-replicalocation-defineattributes - This tool is used to define attributes.
- globus-replicalocation-undefineattributes - This tool is used to undefine attributes.
- globus-replicalocation-addattributes - This tool is used to add attributes.
- globus-replicalocation-modifyattributes - This tool is used to modify attributes.
- globus-replicalocation-removeattributes - This tool is used to remove existing attributes.
Name
globus-replicalocation-createmappings — This tool is used to create mappings between logical names and target names. The create semantic implies that the logical name does not exist at the time of invocation.
Synopsis
globus-replicalocation-createmappings
Tool description
Use this tool to create mappings between logical names and target names in the replica location catalog. The mapping must not exist. In addition, the logical name must not exist.
Command syntax
globus-replicalocation-createmappings [options] \
{ { logical-name target-name }+ | input-file | - }
Name
globus-replicalocation-addmappings — This tool is used to add mappings between logical names and target names. The add semantic implies that the logical name does exist at the time of invocation.
Synopsis
globus-replicalocation-addmappings
Tool description
Use this tool to add mappings between logical names and target names in the replica location catalog. The mapping must not exist. In addition, the logical name must exist.
Command syntax
globus-replicalocation-addmappings [options] \
{ { logical-name target-name }+ | input-file | - }
Name
globus-replicalocation-deletemappings — This tool is used to delete mappings between logical names and target names.
Synopsis
globus-replicalocation-deletemappings
Tool description
Use this tool to delete mappings between logical names and target names in the replica location catalog. The mapping must exist.
Command syntax
globus-replicalocation-deletemappings [options] \
{ { logical-name target-name }+ | input-file | - }
Name
globus-replicalocation-defineattributes — This tool is used to define attributes.
Synopsis
globus-replicalocation-defineattributes
Tool description
Use this tool to define attributes. Attribute definitions must be given a name unique within the local instance of the replica location catalog. Attribute definitions must be given a value type of dateTime, decimal, integer, or string. And attribute definitions must be associated with an object type of logical or target.
Command syntax
globus-replicalocation-defineattributes [options] \
{ { name object-type value-type }+ | input-file | - }
Table 4. globus-replicalocation-defineattributes Options
| { name object-type value-type }+ | A listing of attribute name, associated object-type, and value-type. |
| input-file | A file containing the listing of attribute name, associated object-type, and value-type. |
| - | Standard input stream containing the listing of attribute name, associated object-type, and value-type. |
Name
globus-replicalocation-undefineattributes — This tool is used to undefine attributes.
Synopsis
globus-replicalocation-undefineattributes
Tool description
Use this tool to undefine attributes. Attribute definitions must be identified by the definition's name and associated object-type. The operation will clear attribute values for existing attributes with the definition's name.
Command syntax
globus-replicalocation-undefineattributes [options] \
{ { name object-type }+ | input-file | - }
Table 5. globus-replicalocation-undefineattributes Options
| { name object-type }+ | A listing of attribute name and associated object-type. |
| input-file | A file containing the listing of attribute name and associated object-type. |
| - | Standard input stream containing the listing of attribute name and associated object-type. |
Name
globus-replicalocation-addattributes — This tool is used to add attributes.
Synopsis
globus-replicalocation-addattributes
Tool description
Use this tool to add attributes associated with logical names or target names. A corresponding attribute definition must exist. The logical name or target name with which to associate the attribute must exist. There must not be an existing attribute of the same type for a given logical name or target name. When adding attributes, the following parameters are required. The logical name or target name, refered to as the key. The name of the attribute as defined by an existing attribute definition. An object-type of logical or target. A value-type corresponding to dateTime, decimal, integer, or string. And finally a value compatible with the value-type.
Command syntax
globus-replicalocation-addattributes [options] \
{ { key name object-type value-type value }+ | input-file | - }
Table 6. globus-replicalocation-addattributes Options
| { key name object-type value-type value }+ | A listing of key, attribute name, associated object-type, value-type, and value. |
| input-file | A file containing the listing of key, attribute name, associated object-type, value-type, and value. |
| - | Standard input stream containing the listing of key, attribute name, associated object-type, value-type, and value. |
Name
globus-replicalocation-modifyattributes — This tool is used to modify attributes.
Synopsis
globus-replicalocation-modifyattributes
Tool description
Use this tool to modify attributes associated with logical names or target names. Mutability of attributes is limited only to the attribute's value. The corresponding attribute must exist.
Command syntax
globus-replicalocation-modifyattributes [options] \
{ { key name object-type value-type value }+ | input-file | - }
Table 7. globus-replicalocation-modifyattributes Options
| { key name object-type value-type value }+ | A listing of key, attribute name, associated object-type, value-type, and value. |
| input-file | A file containing the listing of key, attribute name, associated object-type, value-type, and value. |
| - | Standard input stream containing the listing of key, attribute name, associated object-type, value-type, and value. |
Name
globus-replicalocation-removeattributes — This tool is used to remove existing attributes.
Synopsis
globus-replicalocation-removeattributes
Tool description
Use this tool to remove existing attributes associated with logical names or target names. The corresponding attribute must exist.
Command syntax
globus-replicalocation-removeattributes [options] \
{ { key name object-type }+ | input-file | - }
Table 8. globus-replicalocation-removeattributes Options
| { key name object-type }+ | A listing of key, attribute name, and associated object-type. |
| input-file | A file containing the listing of key, attribute name, and associated object-type. |
| - | Standard input stream containing the listing of key, attribute name, and associated object-type. |
The WS RLS defines a custom query dialect and provides a custom expression evaluator to support the dialect. The dialect is noticeably rudimentary. We expect to improve the dialect as the WS RLS matures. The following list enumerates the possible expressions when using the custom "http://globus.org/replica/location/06/01/QueryDialect" dialect provided by the WS RLS.
query-target: {logical-name}+
Queries the catalog based on logical names and returns matching target names.
query-logical: {target-name}+
Queries the catalog based on target names and returns matching logical names.
query-index-logical: {logical-name}+
Queries the index based on logical names and returns matching target names.
exists-logical: {logical-name}+
Evaluates existence of logical name in the catalog.
exists-target: {target-name}+
Evaluates existence of target name in the catalog.
query-logical-attributes: {logical-name}+
Queries the catalog for attributes associated with logical names.
query-logical-named-attributes: attribute-name {logical-name}+
Queries the catalog for attributes based on the given attribute-name for the associated logical names.
query-target-attributes: {target-name}+
Queries the catalog for attributes associated with target names.
query-target-named-attributes: attribute-name {target-name}+
Queries the catalog for attributes based on the given attribute-name for the associated target names.
Table of Contents
The WS RLS requires certain WSDD and JNDI settings to be properly configured. The installed JNDI configuration file may be found at $GLOBUS_LOCATION/etc/globus_wsrf_replicalocation_resource/jndi-config.xml. To view the default JNDI file (current snapshot) from the Globus CVS repository click here. The installed WSDD configuration file may be found at $GLOBUS_LOCATION/etc/globus_wsrf_replicalocation_service/server-config.wsdd. To view the default WSDD file (current snapshot) from the Globus CVS repository click here. In most cases, you will not need to alter either of these files.
This information is in addition to the basic configuration instructions in the Installing GT 4.2.1.
The WS RLS's WSDD determines which services will be activated by the GT Java WS Core container. By default, the WS RLS defines two services.
ReplicaLocationCatalogService. The
ReplicaLocationCatalogServiceservice provides the WS interface to the RLS Local Replica Catalog capabilities. If you intend to activate this service, you need not alter the WSDD. If you do not wish to activate this service, simply remove it from the WSDD and restart the container.... <service name="ReplicaLocationCatalogService" provider="Handler". use="literal" style="document"> ... </service> ...ReplicaLocationIndexService. The
ReplicaLocationIndexServiceservice provides the WS interface to the RLS Replica Location Index capabilities. If you intend to activate this service, you need not alter the WSDD. If you do not wish to activate this service, simply remove it from the WSDD and restart the container.... <service name="ReplicaLocationIndexService" provider="Handler". use="literal" style="document"> ... </service> ...
The WS RLS's JNDI configuration determines the resource class to be used for each service defined by the WS RLS WSDD. It also determines other critical settings used by these resources. In this file, you will find settings for the two default services defined in the WSDD.
Each service has a JNDI Resource of name RLSConnectionSource. This JNDI Resource is used by the WS RLS service to open a connection to the backend RLS service. In many cases, you may find that the default settings require no modification for your setup. The url parameter sets the endpoint for the backend RLS. The certfile and keyfile parameters set the certificate and key files to be used by the WS RLS to communicate securely with the backend RLS.
You will notice that the default settings use the container's suggested certificate and key file paths. If you have chosen different paths in which to keep these files, please adjust the settings accordingly. At present, the WS RLS uses a single identity (defined by the certificate and key) to authenticate itself with the RLS in order to perform any user requested operations. When the WS RLS interface is finalized, it will most likely use a different approach to authentication between WS RLS and the back end RLS. At this time, we expect that the interface will change such that the caller's credentials will be used to make calls between the WS RLS and the back end RLS on behalf of the originating caller.
...
<resource
name="RLSConnectionSource"
type="org.globus.replica.rls.connection.impl.PooledRLSConnectionSource">
<resourceParams>
<parameter>
<name>factory</name>
<value>org.globus.wsrf.jndi.BeanFactory</value>
</parameter>
<parameter>
<name>url</name>
<value>rls://localhost</value>
</parameter>
<parameter>
<name>certfile</name>
<value>/etc/grid-security/containercert.pem</value>
</parameter>
<parameter>
<name>keyfile</name>
<value>/etc/grid-security/containerkey.pem</value>
</parameter>
</resourceParams>
</resource>
...
Table of Contents
Because WS-RLS is built on top of Java WS Core, developer debugging is the same as described in Chapter 10, Debugging. For sys admin debugging information, see Chapter 5, Debugging.
The following information applies to Java WS Core and those services built on it.
Logging in the Java WS Core is based on the Jakarta Commons Logging API. Commons Logging provides a consistent interface for instrumenting source code while at the same time allowing the user to plug-in a different logging implementation. Currently we use Log4j as a logging implementation. Log4j uses a separate configuration file to configure itself. Please see Log4j documentation for details on the configuration file format.
Server side logging can be configured in $GLOBUS_LOCATION/container-log4j.properties, when the container is stand alone container. For tomcat level logging, refer to Logging for Tomcat, . The logger log4j.appender.A1 is used for developer logging and by default writes output to the system output. By default it is set for all warnings in the Globus Toolkit package to be displayed.
Additional logging can be enabled for a package by adding a new line to the configuration file. Example:
#for debug level logging from org.globus.package.FooClass log4j.category.org.globus.package.name.FooClass=DEBUG #for warnings from org.some.warn.package log4j.category.org.some.warn.package=WARN
Client side logging can be configured in $GLOBUS_LOCATION/log4j.properties. The logger log4j.appender.A1 is used for developer logging and by default writes output to the system output. By default it is set for all warnings in the Globus Toolkit package to be displayed.
Generating verbose log output is a critical aid in troubleshooting of the WS RLS and is useful
when communicating problems to Globus support lists. To increase logging detail, add the following
lines to the $GLOBUS_LOCATION/container-log4j.properties file.
... log4j.category.org.globus.replica.location=DEBUG log4j.category.org.globus.replica.rls=DEBUG ...
Table of Contents
For sys admin debugging information, see Chapter 5, Debugging.
For a list of common errors in GT, see Error Codes.
Table 10.1. WS Replica Location Service (WS RLS) Errors
| Error Code | Definition | Possible Solutions |
|---|---|---|
Error: java.lang.NullPointerException | When invoking the WS RLS command-line clients, a system-level exception like the one above may be encountered. | The admin should check the container logs for the exact error. |
Error: A server error occured while processing the request | When invoking the WS RLS command-line clients, a server error like the one above may be encountered. | The admin should check the container logs for the exact error. |
java.lang.UnsatisfiedLinkError | This exception when using the WS RLS may indicate that the native RLS libraries that WS RLS depends on could not be located. |
To correct this problem, ensure that the $GLOBUS_LOCATION/lib directory is in the library search path (on some systems this is the LD_LIBRARY_PATH variable).
|
Unable to connect to localhost:39281 | The WS RLS is an interface layer that depends on the RLS for the replica location functionality. You must install and run RLS and configure WS RLS to use the RLS via its JNDI configuration. | Check that RLS is installed, running, and check that the WS RLS JNDI configuration uses the correct hostname and port to connect to the RLS. |
org.globus.common.ChainedIOException: Failed to initialize security context | If this exception occurs while using WS RLS, it may indicate that the user's proxy is invalid. | To correct the error, the user must properly initialize the user proxy. See grid-proxy-init for more information on proxy initialization. |
Error: org.xml.sax.SAXException: Unregistered type: class xxx | If this exception occurs when using the WS RLS, it may indicate that an Axis generated XML type, defined by the WS RLS XSD, was not properly registered. While all the XML types should get registered upon deployment without intervention by the user, sometimes they do not. |
To remedy the situation add a typeMapping to the server-config.wsdd file under globus_wsrf_replicalocation_service.
Use the format shown here.
|
E
- errors, Troubleshooting, Errors
L
- logging, Debugging