ID #1085

How do I install the JSON cmgui ?


The standalone JSON cmgui, available in Bright 6.0 and upwards, can run on any regular desktop client machine, including on a MacOS desktop. The software requirements in Bright 6.0 are:

  • firefox 10.0 or greater on the client.
  • cmdaemon-6.0-r14750 or greater on the cluster
  • cmgui-json-6.0-r3330 or greater on the client

The latest version can be obtained via:


yum install cmgui-json-dist


This unpacks software into /cm/shared/apps/cmgui/json/ on the head node


The installation procedure is then as follows:


Set up cmdaemon to accept JSON calls


1. Enable the JSON interface in cmdaemon on the head node, by editing:


and setting a directive:

 EnableJSON = true

2. A restart of cmdaemon makes this change live.

[root@head ~]# service cmd restart


3. Verify that cmdaemon now accepts JSON calls:


 [root@head ~]#  wget --no-check-certificate -O json.out  https://master:8081/json

 cat json.out; rm -f json.out; echo


For a working JSON configuration, the output is


 {"json": true}

Setup cmdaemon to allow an AJAX console

The AJAX console in the JSON cmgui allows shell commands to run on the cluster.


1. Enable the AJAX console in cmdaemon, by editing, on the head node, the configuration file:


and setting the directive:

 EnableShellService = true

2. Restart cmdaemon to make the change live:

 [root@head ~]# service cmd restart


Allow the admin user to have cmgui JSON access from a user account

Due to technical reasons, cmgui can no longer use the admin.pfx certificate. Instead JSON cmgui connects with the username, password combination used by normal ssh access to the cluster. A certificate is still required to determine user credentials.

For admin users (admin has the ADMIN profile), the default admin cmsh certificate can be associated with a regular user account used by the admin. The viewability of the certificates must be restricted for security reasons. For example for the regular user account "fred", to associate it with admin privileges, the configuration could be done as follows from a bash prompt on the head node:

 cmsh -c "user add user $user; set password $user; commit"
 if [ -e /etc/SuSE-release ]; then
 mkdir -p /home/$user/.cm
 cp -r /root/.cm/cmsh /home/$user/.cm/cmsh
 chown $user:$group -R /home/$user/.cm
 chmod go= /home/$user/.cm/cmsh/admin.{pem,key}


Create a certificate with an associated profile for a regular user to have cmgui JSON access from a user account


For users who do not have an ADMIN profile, a separate certificate needs to be created. This certificate can be created in cmsh:

cert createcertificate <key-length> <common-name> <organization> <organizational-unit> <locality> <state> <country> <profile> <sys-login> <days> <key-file> <cert-file>

The certificate can also be created using the script:

 ./ <profile> <user> [<user> ... ]


The script attached to this article is not supported, but can be regarded as a basis for anyone who wants to use Python.


A regular user associated with a non-admin certificate can then use cmgui JSON with reduced privileges, as defined by the tokens in the profile of the user certificate (see the Admin Manual, User Management section for details on profiles and tokens with certificates).


Allowing cmgui JSON access for root

By default root cannot use the JSON cmgui.


1. To enable root to use it, edit:


and add the line (or merge the AdvancedConfig definitions)

 AdvancedConfig = { "AllowJSONfromRoot=1" }

2. Restarting cmdaemon makes the change live:

 [root@head ~]# service cmd start


Running JSON cmgui

1. For Linux: Unzip the cmgui-json zip file into a directory of your choice:



2. For MS Windows: run the install.cmgui.json.6.0.r4100.exe (exact version number may be different) executable

from the directory of your choice.


3. Run cmgui. Fill in your user credentials when prompted, and then go ahead and use cmgui.


Warning: the password is saved as plain text, when stored in the cluster settings. Leaving the password blank will cause a prompt every time a connection to the cluster is established and the password will never be saved.

attached files:

Tags: -

Related entries:

You cannot comment on this entry