Line: 1 to 1 | ||||||||
---|---|---|---|---|---|---|---|---|
Added: | ||||||||
> > | System Administrator Guide for CEMon for EMI-31 Installation and Configuration1.1 Prerequisites1.1.1 Operating systemThe following operating systems are supported:
1.1.2 Node synchronizationA general requirement for the Grid nodes is that they are synchronized. This requirement may be fulfilled in several ways. One of the most common one is using theNTP protocol with a time server.
1.2 Plan how to deploy CEMon1.2.1 Choose the authorization modelCEMon can be configured to use as authorization system:
USE_ARGUS must be set in the following way:
USE_ARGUS=yesIn this case it is also necessary to set the following yaim variables:
USE_ARGUS must be set in the following way:
USE_ARGUS=no 1.2.2 RepositoriesFor a successful installation, you will need to configure your package manager to reference a number of repositories (in addition to your OS);
1.2.2.1 The EPEL repositoryOn sl5_x86_64, you can install the EPEL repository, issuing:rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpmOn sl6_x86_64 instead issue: rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-5.noarch.rpm 1.2.2.2 The EMI middleware repositoryOn sl5_x86_64 you can install the EMI-2 yum repository, issuing:wget TBD yum install ./TBDTBC 1.2.2.3 The Certification Authority repositoryThe most up-to-date version of the list of trusted Certification Authorities (CA) is needed on your node. The relevant yum repo can be installed issuing:wget http://repository.egi.eu/sw/production/cas/1/current/repo-files/egi-trustanchors.repo -O /etc/yum.repos.d/egi-trustanchors.repo 1.2.2.4 Important note on automatic updatesAn update of an RPM not followed by configuration can cause problems. Therefore WE STRONGLY RECOMMEND NOT TO USE AUTOMATIC UPDATE PROCEDURE OF ANY KIND. Running the script available at http://forge.cnaf.infn.it/frs/download.php/101/disable_yum.sh (implemented by Giuseppe Platania, INFN Catania) yum autoupdate will be disabled1.2.3 Installation of CEMonIn EMI, CEMon is installed as part of the CREAM-CE. So please refer to the installation instructions for the whole CREAM CE available at: https://wiki.italiangrid.it/twiki/bin/view/CREAM/SystemAdministratorGuideForEMI21.2.4 Installation of the CEMon CLIThe CEMon CLI is part of the EMI-UI. To install it please refer to the EMI UI installation documentation.1.3 Configuration1.3.1 Using the YAIM configuration toolFor a detailed description on how to configure the middleware with YAIM, please check the YAIM guide. The necessary YAIM modules needed to configure a certain node type are automatically installed with the middleware.1.3.2 Configuration of CEMon using yaimIn EMI, CEMon is installed and configured as part of the CREAM-CE1.3.2.1 Install host certificateThe CREAM CE node requires the host certificate/key files to be installed. Contact your national Certification Authority (CA) to understand how to obtain a host certificate if you do not have one already. Once you have obtained a valid certificate:
/etc/grid-security directory. Then set the proper mode and ownerships doing:
chown root.root /etc/grid-security/hostcert.pem chown root.root /etc/grid-security/hostkey.pem chmod 600 /etc/grid-security/hostcert.pem chmod 400 /etc/grid-security/hostkey.pem 1.3.2.2 Configure the siteinfo.def fileSet yoursiteinfo.def file, which is the input file used by yaim. Documentation about yaim variables relevant for CREAM CE is available at https://twiki.cern.ch/twiki/bin/view/LCG/Site-info_configuration_variables#cream_CE
Be sure that USE_CEMON is set to true .
1.3.2.3 Run yaimAfter having filled thesiteinfo.def file, run yaim as explained in the CREAM system administrator guide available at: https://wiki.italiangrid.it/twiki/bin/view/CREAM/SystemAdministratorGuideForEMI2
1.3.3 Configuration of the CEMon CLIThe CEMon CLI is part of the EMI-UI. To configure it please refer to the EMI UI documentation.2 Operating the system2.1 How to start the CEMon serviceA site admin can start the CEMon service just starting the tomcat container. On sl5_x86_64:service tomcat5 startOn sl6_x86_64: service tomcat6 startTo stop the CEMon service, it is just necessary to stop the CEMon container. On sl5_x86_64: service tomcat5 stopOn sl6_x86_64: service tomcat6 stop 2.2 Configuration filesInformation about configuration files in the CEMonis available at https://wiki.italiangrid.it/twiki/bin/view/CEMon/ServiceReferenceCardEMI2#Configuration_files_location_wit2.3 Log filesInformation about log files in the CREAM CE is available at https://wiki.italiangrid.it/twiki/bin/view/CEMon/ServiceReferenceCardEMI2#Logfile_locations_and_management2.4 Network portsInformation about ports used in the CREAM CE is available at https://wiki.italiangrid.it/twiki/bin/view/CEMon/ServiceReferenceCardEMI2#Open_ports2.5 Security related operations2.5.1 Security recommendationsSecurity recommendations relevant for CEMon is available at https://wiki.italiangrid.it/twiki/bin/view/CEMon/ServiceReferenceCardEMI2#Security_recommendations2.5.2 How to block/ban a userInformation about how to ban users is available at https://wiki.italiangrid.it/twiki/bin/view/CEMon/ServiceReferenceCardEMI2#How_to_block_ban_a_user2.5.3 How to block/ban a VOTo ban a VO, it is suggested to reconfigure the service via yaim without that VO in thesiteinfo.def
2.6 How to add/remove sensorsCEMon sensors that must be plugged in CEMon are defined in the CEMon configuration file (/etc/glite-ce-monitor/cemonitor-config.xml ).
Each active sensor is identified by a section that has the following format:
<sensor id=xxx ... ... /sensor>To enable/disable a specific sensor, it is just necessary to uncomment/comment the sensor definition in the CEMon configuration file. 2.7 How to add a static subscriptionThere are two types of subscriptions:
/etc/glite-ce-monitor/cemonitor-config.xml .
An example of static subscription settings is this one:
<subscription id="subscription-1" subscriberId="_C_IT_O_INFN_OU_Personal_Certificate_L_Padova_CN_Massimo_Sgaravatto_dteam_Role_NULL_Capability_NULL" subscriberGroup="dteam" monitorConsumerURL="https://cream-47.pd.infn.it:8788" sslprotocol="SSLv3" retryCount="-1"> <topic name="CREAM_JOBS"> <dialect name="CLASSAD" /> </topic> <policy rate="60" /> </subscription> |