Difference: IgiEmi (8 vs. 9)

Revision 92011-11-15 - SergioTraldi

Line: 1 to 1
 
META TOPICPARENT name="IGIGuides"

IGI (based on EMI) Installation and Configuration

Line: 100 to 100
 
  • Before starting the configuration PLEASE TEST that you have defined all the mandatory variables and that all configuration files contain all the site-specific values needed:
 /opt/glite/yaim/bin/yaim -v -s <site-info.def> -n BDII_site 
Changed:
<
<
The mandatory variabiles are:
>
>
The mandatory variables are:
  SITE_DESC
SITE_EMAIL
SITE_NAME
SITE_LOC
SITE_LAT
SITE_LONG
SITE_WEB
SITE_SECURITY_EMAIL
SITE_SUPPORT_EMAIL
SITE_OTHER_GRID
SITE_BDII_HOST
BDII_REGIONS
Changed:
<
<
Most of those are in the file ig-bdii_site in directory services (the better things is to modify it). Remeber in particular to set:
>
>
Most of those are in the file ig-bdii_site in directory services (the better things is to modify it). Remember in particular to set:
 
SITE_OTHER_GRID="WLCG|EGI"
SITE_OTHER_EGI_NGI="NGI_IT"
Line: 151 to 151
 
  • Before starting the configuration PLEASE TEST that you have defined all the mandatory variables and that all configuration files contain all the site-specific values needed:
 /opt/glite/yaim/bin/yaim -v -s <site-info.def> -n BDII_top 
Changed:
<
<
The mandatory variabile is:
>
>
The mandatory variable is:
  BDII_HOST
Line: 175 to 175
 
yum clean all
Changed:
<
<

Host certificate installation:

>
>

StoRM Prerequisites

Host certificate installation:

  Hosts participating to the StoRM-SE (FE, BE and GridFTP hosts) must be configured with X.509 certificates signed by a trusted Certification Authority (CA). Usually the hostcert.pem and hostkey.pem certificates are located in the /etc/grid-security/ directory, and they must have permission 0644 and 0400 respectively:

Check existence


Changed:
<
<
[~]# ls -l /etc/grid-security/hostkey.pem
-r-------- 1 root root 887 Mar 1 17:08 /etc/grid-security/hostkey.pem
[~]# ls -l /etc/grid-security/hostcert.pem
-rw-r--r-- 1 root root 1440 Mar 1 17:08 /etc/grid-security/hostcert.pem
>
>
[~]# ls -l /etc/grid-security/hostkey.pem -r-------- 1 root root 887 Mar 1 17:08 /etc/grid-security/hostkey.pem [~]# ls -l /etc/grid-security/hostcert.pem -rw-r--r-- 1 root root 1440 Mar 1 17:08 /etc/grid-security/hostcert.pem
 

Check expiration

Line: 192 to 194
  Change permission: (if needed)

Changed:
<
<
[~]# chmod 0400 hostkey.pem
[~]# chmod 0644 hostcert.pem
>
>
[~]# chmod 0400 hostkey.pem [~]# chmod 0644 hostcert.pem

ACL SUPPORT

If you are installing a new StoRM this check must be done, if you are updating your install or your storage has ACL you can step out to this issue. StoRM uses the ACLs on files and directories to implement the security model. Doing so, StoRM uses the native access to the file system. Therefore in order to ensure a proper running, ACLs need to be enabled on the underlying file system (sometime they are enabled by default) and work properly.

Check ACL:

[~]# touch test
[~]# setfacl -m u:storm:rw test
Note: the storm user used to set the ACL entry must exist.
[~]# getfacl test
  # file: test
  # owner: root
  # group: root
  user::rw-
  user:storm:rw-
  group::r--
  mask::rw-
  other::r--

[~]# rm -f test

Install ACL (eventually):
If the getfacl and setfacl commands are not available on your host:

[~]# yum install acl

Enable ACL (if needed):
To enable ACL, you must add the acl property to the relevant file system in your /etc/fstab file. For example:

[~]# vi /etc/fstab
  ...
  /dev/hda3             /storage         ext3         defaults, acl           1 2
  ...

 
Added:
>
>
Then you need to remount the affected partitions as follows:
 [~]# mount -o remount /storage
This is valid for different file system types (i.e., ext3, xfs, gpfs and others).

EXTENDED ATTRIBUTE SUPPORT
StoRM uses the Extended Attributes (EA) on files to store some metadata related to the file (e.g. the checksum value); therefore in order to ensure a proper running, the EA support needs to be enabled on the underlying file system and work properly. Note: Depending on OS kernel distribution, for Reiser3, ext2 and ext3 file systems, the default kernel configuration should not enable the EA. Check Extended Attribute Support :
 
[~]# touch testfile
[~]# setfattr -n user.testea -v test testfile
[~]# getfattr -d testfile
  # file: testfile
  user.testea="test"
[~]# rm -f testfile

Install attr (eventually):
If the getfattr and setfattrl commands are not available on your host:

[~]# yum install attr

Enable EA (if needed):
To set extended attributes, you must add the user_xattr property to the relevant file systems in your /etc/fstab file. For example:

[~]# vi /etc/fstab
   ...
   /dev/hda3         /storage       ext3        defaults,acl,user_xattr     1 2
   ...

Then you need to remount the affected partitions as follows:

[~]# mount -o remount /storage
 

CAa installation:

  • Install CAs on ALL profiles:
Line: 204 to 281
 

Service installation

Changed:
<
<
  • Install the BDII_top metapackage, containing all packages needed by this service:
yum install emi-bdii-top 

>
>
  • Install the StoRM metapackages, containing all packages needed by these four services:
yum install emi-storm-backend-mp
yum install emi-storm-frontend-mp
yum install emi-storm-globus-gridftp-mp
yum install emi-storm-gridhttps-mp

 

Service Configuration

Changed:
<
<
To proper configure the BDII top profile you have to customize this file with you site parameter:
>
>
To proper configure the StoRM BackEnd and FrontEnd profiles you have to customize the ig-site-indo.def file with you site parameter:
 
Changed:
<
<
- ig-site-info.def
>
>
- ig-site-info.def
- ig-users.conf
- ig-groups.conf
 

YAIM Verification

Changed:
<
<
  • Before starting the configuration PLEASE TEST that you have defined all the mandatory variables and that all configuration files contain all the site-specific values needed:
 /opt/glite/yaim/bin/yaim -v -s <site-info.def> -n BDII_top 
>
>
  • Before starting the configuration PLEASE TEST that you have defined all the mandatory variables for all the StoRM profiles.
 
Changed:
<
<
The mandatory variabile is:
>
>
 /opt/glite/yaim/bin/yaim -v -s <site-info.def> -n  se_storm_backend -n se_storm_frontend
 
 
Changed:
<
<
BDII_HOST
>
>
You can find in this documentation: System Administrator Guide all mandatory variables. In the section GENERAL YAIM VARIABLES
 
Changed:
<
<
If no errors are reported you can proceed to the configuration, otherwise correct them before continuing with the configuration.
>
>
If no errors are reported with the verification you can proceed to the configuration, otherwise correct them before continuing with the configuration.
 

YAIM Configuration

Please use the debug flag ( "-d 6") to configure the services in order to have detailed information. For your convenience yo can save all the configuration information in a log file you can look at any time, separated from the yaimlog defulat one.

Changed:
<
<
/opt/glite/yaim/bin/yaim -c -d 6 -s -n BDII_top 2>&1 | tee /root/conf_BDII.`hostname -s`.`date`.log
>
>
/opt/glite/yaim/bin/yaim -c -d 6 -s -n  se_storm_backend -n se_storm_frontend 2>&1 | tee /root/conf_StroRM_BE_FE.`hostname -s`.`date`.log

IMPORTANT NOTE The order of the profile is important and must be : -n se_storm_backend -n se_storm_frontend

 

Service Testing - Reference Card

Changed:
<
<
After service installation to have a look if all were installed in a proper way, you could have a look to Service BDII_top Reference Card. In this page you can found were all the log files are written, what daemons are running after installation and any other useful service information.
>
>
After service installation to have a look if all were installed in a proper way, you could have a look to Service StoRM Reference Card. In this page you can found were all the log files are written, what daemons are running after installation and any other useful service information.
 -- SergioTraldi - 2011-11-10
 
This site is powered by the TWiki collaboration platformCopyright © 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback