The standalone JSON cmgui, available in Bright 6.0 and upwards, can run on any regular desktop client machine, including on a MacOS desktop. The software requirements in Bright 6.0 are:
- firefox 10.0 or greater on the client.
- cmdaemon-6.0-r14750 or greater on the cluster
- cmgui-json-6.0-r3330 or greater on the client
The latest version can be obtained via:yum install cmgui-json-dist
This unpacks software into /cm/shared/apps/cmgui/json/ on the head node
The installation procedure is then as follows:
Set up cmdaemon to accept JSON calls
1. Enable the JSON interface in cmdaemon on the head node, by editing: /cm/local/apps/cmd/etc/cmd.conf
and setting a directive: EnableJSON = true
2. A restart of cmdaemon makes this change live.[root@head ~]# service cmd restart
3. Verify that cmdaemon now accepts JSON calls:
[root@head ~]# wget --no-check-certificate -O json.out https://master:8081/json cat json.out; rm -f json.out; echo
For a working JSON configuration, the output is {"json": true}
Setup cmdaemon to allow an AJAX console
The AJAX console in the JSON cmgui allows shell commands to run on the cluster.
1. Enable the AJAX console in cmdaemon, by editing, on the head node, the configuration file: /cm/local/apps/cmd/etc/cmd.conf
and setting the directive:
EnableShellService = true
2. Restart cmdaemon to make the change live: [root@head ~]# service cmd restart
Allow the admin user to have cmgui JSON access from a user account
Due to technical reasons, cmgui can no longer use the admin.pfx certificate. Instead JSON cmgui connects with the username, password combination used by normal ssh access to the cluster. A certificate is still required to determine user credentials.
For admin users (admin has the ADMIN profile), the default admin cmsh certificate can be associated with a regular user account used by the admin. The viewability of the certificates must be restricted for security reasons. For example for the regular user account “fred”, to associate it with admin privileges, the configuration could be done as follows from a bash prompt on the head node: user=fred cmsh -c "user add user $user; set password $user; commit" if [ -e /etc/SuSE-release ]; then group=users else group=$user fi mkdir -p /home/$user/.cm cp -r /root/.cm/cmsh /home/$user/.cm/cmsh chown $user:$group -R /home/$user/.cm chmod go= /home/$user/.cm/cmsh/admin.{pem,key}
Create a certificate with an associated profile for a regular user to have cmgui JSON access from a user account
For users who do not have an ADMIN profile, a separate certificate needs to be created. This certificate can be created in cmsh:cert createcertificate <key-length> <common-name> <organization> <organizational-unit> <locality> <state> <country> <profile> <sys-login> <days> <key-file> <cert-file>
The certificate can also be created using the cm-create-certificate.py script: ./cm-create-certificate.py <profile> <user> [<user> ... ]
The cm-create-certificate.py script attached to this article is not supported, but can be regarded as a basis for anyone who wants to use Python.
A regular user associated with a non-admin certificate can then use cmgui JSON with reduced privileges, as defined by the tokens in the profile of the user certificate (see the Admin Manual, User Management section for details on profiles and tokens with certificates).
Allowing cmgui JSON access for root
By default root cannot use the JSON cmgui.
1. To enable root to use it, edit: /cm/local/apps/cmd/etc/cmd.conf
and add the line (or merge the AdvancedConfig definitions) AdvancedConfig = { "AllowJSONfromRoot=1" }
2. Restarting cmdaemon makes the change live: [root@head ~]# service cmd start
Running JSON cmgui
1. For Linux: Unzip the cmgui-json zip file into a directory of your choice: unzip cmgui-json-6.0-r3341.zip
2. For MS Windows: run the install.cmgui.json.6.0.r4100.exe (exact version number may be different) executable
from the directory of your choice.
3. Run cmgui. Fill in your user credentials when prompted, and then go ahead and use cmgui.
Warning: the password is saved as plain text, when stored in the cluster settings. Leaving the password blank will cause a prompt every time a connection to the cluster is established and the password will never be saved.