Installation and Configuration using rpms for platform sl5_x86_64
Requirements
- A clean installation of SL5
- Remove the DAG repository
- Protect OS repositories
- install packages: yum-protectbase yum-priorities
- Valid host certificate and key saved into /etc/grid-security/hostcert.pem and /etc/grid-security/hostkey.pem resp.
Basic setup
- Install PGP keys:
wget http://glite.web.cern.ch/glite/glite_key_gd.asc -O /tmp/glite_key_gd.asc
rpm --import /tmp/glite_key_gd.asc
wget http://emisoft.web.cern.ch/emisoft/dist/EMI/1/RPM-GPG-KEY-emi -O /tmp/emi_key_gd.asc
rpm --import /tmp/emi_key_gd.asc
- Install the EPEL extension:
rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm
- Install EGI trustanchors:
wget http://repository.egi.eu/sw/production/cas/1/current/repo-files/EGI-trustanchors.repo -O /etc/yum.repos.d/EGI-trustanchors.repo
yum install ca-policy-egi-core fetch-crl
service fetch-crl-cron start
chkconfig fetch-crl-cron on
- Disable yum autoupdate:
wget http://forge.cnaf.infn.it/frs/download.php/101/disable_yum.sh
. disable_yum.sh
CREAM installation setup
- Save in /etc/yum.repos.d/emi1-testing-third-party.repo the following definitions:
[EMI-1-testing-third-party]
name=EMI 1 testing third-party
baseurl=http://emisoft.web.cern.ch/emisoft/dist/EMI/testing/1/sl5/$basearch/third-party
protect=0
enabled=1
priority=45
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-emi
- Download the current repository definition for CREAM:
wget http://etics-repository.cern.ch/repository/pm/volatile/repomd/name/test_cream_emi2/etics-volatile-build-by-name-protect.repo -O /etc/yum.repos.d/cream-testing.repo
- Install all the services:
yum install xml-commons-apis glite-ce-cream glite-ce-monitor glite-ce-ce-plugin
Manual setup of the tomcat trustmanager
- Install tomcat5 cert and key:
service tomcat5 stop
cp /etc/grid-security/host*.pem /usr/share/tomcat5
chown tomcat.tomcat /usr/share/tomcat5/host*.pem
- Install the tomcat trustmanager:
rpm -ivh http://emisoft.web.cern.ch/emisoft/dist/EMI/1/sl5/x86_64/base/emi-trustmanager-tomcat-3.0.0-1.sl5.noarch.rpm
- Deploy the classes in tomcat:
ln -s /usr/share/java/trustmanager.jar /var/lib/tomcat5/server/lib
ln -s /usr/share/java/trustmanager-tomcat.jar /var/lib/tomcat5/server/lib
ln -s /usr/share/java/bcprov.jar /var/lib/tomcat5/server/lib
ln -s /usr/share/java/log4j.jar /var/lib/tomcat5/server/lib
- Configure the trustmanager:
cp -f /var/lib/trustmanager-tomcat/server.xml.template /etc/tomcat5/server.xml and then configure the file /etc/tomcat5/server.xml with the following definitions: PORT = 8443
TRUSTDIR = /etc/grid-security/certificates/
SSLCERTFILE = /usr/share/tomcat5/hostcert.pem
SSLKEY = /usr/share/tomcat5/hostkey.pem
CAFILES (not required)
CRLFILES (not required)
LOG4JCONF = /var/lib/trustmanager-tomcat/log4j-trustmanager.properties
CREAM service configuration (with Argus)
CREAM_PEPC_RESOURCEID (according to Argus installation)
ARGUS_PEPD_ENDPOINTS (according to Argus installation)
TOMCAT_HOSTCERT_LOCATION = /usr/share/tomcat5/hostcert.pem
TOMCAT_HOSTKEY_LOCATION = /usr/share/tomcat5/hostkey.pem
- Write the following definitions
log4j.rootLogger=info, fileout
log4j.logger.httpclient.wire.content=off
log4j.logger.org.glite.voms.PKIStore=off
log4j.appender.fileout=org.apache.log4j.RollingFileAppender
log4j.appender.fileout.File=/var/log/cream/glite-ce-cream.log
log4j.appender.fileout.MaxFileSize=1000KB
log4j.appender.fileout.MaxBackupIndex=20
log4j.appender.fileout.layout=org.apache.log4j.PatternLayout
log4j.appender.fileout.layout.ConversionPattern=\%d{dd MMM yyyy HH:mm:ss,SSS} \%c - \%m\%n in /etc/glite-ce-cream/log4j.properties
TBD
- BLAHP setup
- database creation
Out of scope
- BDII setup
- Interlogger setup
|