HTTPS SSH
#
# SENSE Resource Manager (SENSE-RM) Copyright (c) 2018, The Regents
# of the University of California, through Lawrence Berkeley National
# Laboratory (subject to receipt of any required approvals from the
# U.S. Dept. of Energy).  All rights reserved.
#
# If you have questions about your rights to use or distribute this
# software, please contact Berkeley Lab's Innovation & Partnerships
# Office at IPO@lbl.gov.
#
# NOTICE.  This Software was developed under funding from the
# U.S. Department of Energy and the U.S. Government consequently retains
# certain rights. As such, the U.S. Government has been granted for
# itself and others acting on its behalf a paid-up, nonexclusive,
# irrevocable, worldwide license in the Software to reproduce,
# distribute copies to the public, prepare derivative works, and perform
# publicly and display publicly, and to permit other to do so.
#
# Fri Sep 14 08:06:59 PDT 2018
# sdmsupport@lbl.gov
#
# instructions

#######################################
Requirements:
    Apache 
        % sudo yum install httpd mod_ssl mod_wsgi
    mod_wsgi 
    Python 2.7 (or Anaconda 2)
    FLASK 
    RDFlib
        % pip install flask_restful
        % pip install rdflib

#############################################################
Bitbucket Git source
https://bitbucket.org/berkeleylab/sensenrm-oscars/

#############################################################
Connection URL
  http://hostname:8080/sense-rm/api/sense/v1/models 
      e.g. http://dev-sense-nrm.es.net:8080/sense-rm/api/sense/v1/models 
  https://hostname:8443/sense-rm/api/sense/v1/models 
      e.g. https://dev-sense-nrm.es.net:8443/sense-rm/api/sense/v1/models 

#############################################################
apachectl with python from anaconda2

Add the following vars to the apachectl

PYTHONHOME="/usr/local/pkg/anaconda2"
export PYTHONHOME
PYTHONPATH="/usr/local/pkg/anaconda2/lib/python2.7/site-packages"
export PYTHONPATH
LD_LIBRARY_PATH="/lib:/usr/lib:/usr/local/lib:/usr/local/pkg/anaconda2/lib"
export LD_LIBRARY_PATH

#############################################################
Modifications required in the following components:

1. sensenrm_service.wsgi
   for the path to the python service files
2. sensenrm_config.py
   especially for oscars_config and ssl_config
3. Apache httpd.conf and httpd-ssl.conf to run WSGI over SSL
   to include WSGI related configuration
   For example in httpd.conf,
    WSGISocketPrefix /usr/local/apache/sense-n-rm
    WSGIDaemonProcess sensenrm user=asim group=users processes=2 threads=15
    WSGIScriptAlias / /usr/local/sense-n-rm/sensenrm_service.wsgi
    WSGIScriptReloading On
    <Directory /usr/local/sense-n-rm>
        WSGIProcessGroup sensenrm
        WSGIApplicationGroup %{GLOBAL}
        Options ExecCGI
        SetHandler wsgi-script
        Require all granted
    </Directory>

   For example in httpd-ssl.conf,
    RequestHeader set X-SSL-Client-S-DN-CN "%{SSL_SERVER_S_DN_CN}s"
    RequestHeader set X-SSL-Client-S-DN "%{SSL_CLIENT_S_DN}s"
    RequestHeader set X-SSL-Client-Verify "%{SSL_CLIENT_VERIFY}s"
    RequestHeader set X-SSL-Client-Cert "%{SSL_CLIENT_CERT}s"
    RequestHeader set X-Real-IP "%{REMOTE_ADDR}s"
    RequestHeader set X-MYHOST "%{HTTP_HOST}s"
    
    SSLCertificateFile "/usr/local/apache/sensenrm-cert.pem"
    SSLCertificateKeyFile "/usr/local/apache/sensenrm-key.pem"
    SSLCACertificatePath "/usr/local/apache/certificates"
    SSLVerifyClient require
    SSLVerifyDepth  10
    <Location /sslonly/>
        SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
                and %{SSL_CLIENT_S_DN_O} eq "Sim" \
                and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
                and %{TIME_HOUR} >= 7 and %{TIME_HOUR} <= 23       ) \
               or %{REMOTE_ADDR} =~ m/^127\.0\.0\.[0-9]+$/
    </Location>

#############################################################

## HTTPS is only supported for most interfaces
% apachectl start -e debug
% curl -i http://hostname:8080/sense-rm

## to restart/stop the server
% apachectl restart -e debug
% apachectl stop

## Client testing
% python ./sensenrm_client_esnet.py
% python ./sensenrm_client_esnet.py -h

## Checking apache log if log dir is customized
% tail /usr/local/apache/logs/error_log

#############################################################

Sample client commands:

python sensenrm_client_esnet.py -h
#--info
#--sslinfo
#--getmodels
#-i /path/nml-delta-sample2.txt
#--postdeltas_addition
#--postdeltas_reduction
#--commit 6bad2441-9b50-5711-9eba-5db41c3c83a9
#--status 6bad2441-9b50-5711-9eba-5db41c3c83a9
#--clear 6bad2441-9b50-5711-9eba-5db41c3c83a9
#--cancel 6bad2441-9b50-5711-9eba-5db41c3c83a9

#############################################################