Line: 1 to 1 | ||||||||
---|---|---|---|---|---|---|---|---|
Notes about Installation and Configuration of EMI2 VOMS MySQL on SL6 (WORK IN PROGRESS)
| ||||||||
Line: 9 to 9 | ||||||||
References | ||||||||
Changed: | ||||||||
< < | ||||||||
> > | ||||||||
Added: | ||||||||
> > | ||||||||
Service installation%TWISTY{ | ||||||||
Line: 160 to 162 | ||||||||
hideimgright="/twiki/pub/TWiki/TWikiDocGraphics/toggleclose.gif"
}%
OPTIONAL: importing a DB | ||||||||
Added: | ||||||||
> > | Previously: dump the voms databases before schratch your server:
mysqldump -uroot -p --all-databases --flush-privileges > voms2_database_dump.sql | |||||||
Added: | ||||||||
> > | Now: restore the databases:
# mysql -uroot -p < voms2_database_dump.sql | |||||||
</> <--/twistyPlugin-->%TWISTY{ |
Line: 1 to 1 | ||||||||
---|---|---|---|---|---|---|---|---|
Added: | ||||||||
> > |
Notes about Installation and Configuration of EMI2 VOMS MySQL on SL6 (WORK IN PROGRESS)
References
Service installation<--/twistyPlugin twikiMakeVisibleInline--> O.S. and Repos
# cat /etc/redhat-release Scientific Linux release 6.2 (Carbon)* Install the additional repositories: EPEL, Certification Authority, EMI2 # # yum install yum-priorities yum-protectbase epel-release # cd /etc/yum.repos.d/ # wget http://repo-pd.italiangrid.it/mrepo/repos/egi-trustanchors.repo # rpm -ivh http://emisoft.web.cern.ch/emisoft/dist/EMI/2/sl6/x86_64/base/emi-release-2.0.0-1.sl6.noarch.rpm
# getenforce Disabled
# ls /etc/yum.repos.d/ cnaf-local.repo emi2-base.repo emi2-third-party.repo epel.repo lemon.repo sl-other.repo egi-trustanchors.repo emi2-contribs.repo emi2-updates.repo epel-testing.repo puppetlabs.repo sl.repo <--/twistyPlugin--> <--/twistyPlugin twikiMakeVisibleInline--> yum install# yum clean all Loaded plugins: downloadonly, kernel-module, priorities, protect-packages, protectbase, security, verify, versionlock Cleaning up Everything # yum install ca-policy-egi-core # yum install emi-voms-mysql # yum install xml-commons-apissee here for details <--/twistyPlugin--> Service configurationYou have to copy the configuration files in another path, for example root, and set them properly (see later):# cp -r /opt/glite/yaim/examples/siteinfo/* .and rename glite-voms_mysql as glite-voms <--/twistyPlugin twikiMakeVisibleInline--> mysql configuration
# service mysqld start Initializing MySQL database: Installing MySQL system tables... OK Filling help tables... OK To start mysqld at boot time you have to copy support-files/mysql.server to the right place for your system PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER ! To do so, start the server, then issue the following commands: /usr/bin/mysqladmin -u root password 'new-password' /usr/bin/mysqladmin -u root -h vomsmania.cnaf.infn.it password 'new-password' Alternatively you can run: /usr/bin/mysql_secure_installation which will also give you the option of removing the test databases and anonymous user created by default. This is strongly recommended for production servers. See the manual for more instructions. You can start the MySQL daemon with: cd /usr ; /usr/bin/mysqld_safe & You can test the MySQL daemon with mysql-test-run.pl cd mysql-test ; perl mysql-test-run.pl Please report any problems with the /usr/bin/mysqlbug script! The latest information about MySQL is available on the web at http://www.mysql.com Support MySQL by buying support/licenses at http://shop.mysql.com [ OK ] Starting MySQL: [ OK ]
# /usr/bin/mysqladmin -u root password qualcosa;Make sure that the MySQL administrator password that you specify in the YAIM VOMS configuration files matches the password that is set for the root MySQL account <--/twistyPlugin--> <--/twistyPlugin twikiMakeVisibleInline--> <--/twistyPlugin--> <--/twistyPlugin twikiMakeVisibleInline--> <--/twistyPlugin--> <--/twistyPlugin twikiMakeVisibleInline--> services/glite-voms# VOMS server hostname VOMS_HOST=vomsmania.cnaf.infn.it # The port on the VOMS server listening for request for each VO # This is used in the vomses configuration file # By convention, port numbers are allocated starting with 15000 VO_ICARUS_EXP_ORG_VOMS_PORT=15000 # Database name to be used to store VOMS information. # Required on oracle installations, refers to the tns alias associated with the db. #VO_<vo_name>_VOMS_DB_NAME=db_name VO_ICARUS_EXP_ORG_VOMS_DB_NAME=voms_icarusexp_org # Name of database user. #VO_<vo_name>_VOMS_DB_USER=user_name VO_ICARUS_EXP_ORG_VOMS_DB_USER=vo_adm # Password of database user account. #VO_<vo_name>_VOMS_DB_USER_PASSWORD=password VO_ICARUS_EXP_ORG_VOMS_DB_PASS=qualcosa # Hostname of the database server. Put 'localhost' # if you run the database on the same machine. # This parameter can be specified per VO in the following way: # VO_<vo_name>_VOMS_DB_HOST VOMS_DB_HOST='localhost' # Host to which voms-admin-service-generated emails should # be submitted. Use 'localhost' if you have an fully configured SMTP # server running on this host. Otherwise specify the hostname of a working # SMTP submission service. # This parameter can be specified per VO in the following way: # VO_<vo_name>_VOMS_ADMIN_SMTP_HOST VOMS_ADMIN_SMTP_HOST=postino.cnaf.infn.it # E-mail address that is used to send notification mails # from the VOMS-admin. # This parameter can be specified per VO in the following way: # VO_<vo_name>_VOMS_ADMIN_MAIL #VOMS_ADMIN_MAIL=mail VO_ICARUS_EXP_ORG_VOMS_ADMIN_MAIL=indirizzo # The path of the certificate file (in pem format) of an initial VO administrator. # The VO will be set up so that this user has full VO administration # privileges. # Uncomment this variable if you want to set up an initial VO administrator. # This parameter can be specified per VO in the following way: # VO_<vo_name>_VOMS_ADMIN_CERT # VOMS_ADMIN_CERT=user_certificate VOMS_ADMIN_CERT=/root/qualcuno.pem # The UNIX group that Tomcat is run under # voms admin default is tomcat 5 # VOMS_ADMIN_TOMCAT_GROUP=new_value # The UNIX group that the VOMS core service is run under # voms admin default is voms # VOMS_ADMIN_VOMS_GROUP=new_value <--/twistyPlugin--> <--/twistyPlugin twikiMakeVisibleInline--> yaim verify# /opt/glite/yaim/bin/yaim -v -s site-info.def -n VOMS INFO: Configuring HOST: voms2.cnaf.infn.it INFO: Using site configuration file: site-info.def INFO: Sourcing service specific configuration file: ./services/glite-voms INFO: ################################################################### . /'.-. ') . yA,-"-,( ,m,:/ ) .oo. oo o ooo o. .oo . / .-Y a a Y-. 8. .8' 8'8. 8 8b d'8 . / ~ ~ / 8' .8oo88. 8 8 8' 8 . (_/ '====' 8 .8' 8. 8 8 Y 8 . Y,-''-,Yy,-.,/ o8o o8o o88o o8o o8o o8o . I_))_) I_))_) current working directory: /root site-info.def date: Dec 21 09:46 site-info.def yaim command: -v -s site-info.def -n VOMS log file: /opt/glite/yaim/bin/../log/yaimlog Wed May 30 12:19:39 CEST 2012 : /opt/glite/yaim/bin/yaim Installed YAIM versions: glite-yaim-bdii 4.3.9-1 glite-yaim-core 5.1.0-1 yaim-voms 1.1.1-1.el6 #################################################################### INFO: The default location of the grid-env.(c)sh files will be: /usr/libexec INFO: Sourcing the utilities in /opt/glite/yaim/functions/utils INFO: Detecting environment INFO: Executing function: config_host_certs_check INFO: Executing function: config_edgusers_check INFO: Executing function: config_add_pool_env_check INFO: Executing function: config_info_service_voms_check INFO: Executing function: config_info_service_voms_admin_check INFO: Executing function: config_glue2_info_service_voms_check INFO: Executing function: config_voms_check INFO: Detecting TOMCAT INFO: Executing function: config_voms_logrotate_check INFO: Executing function: config_bdii_5.2_check INFO: Checking is done. INFO: All the necessary variables to configure VOMS are defined in your configuration files. INFO: Please, bear in mind that YAIM only guarantees the definition of variables INFO: controlled in the _check functions. INFO: YAIM terminated succesfully. <--/twistyPlugin--> <--/twistyPlugin twikiMakeVisibleInline--> yaim config# /opt/glite/yaim/bin/yaim -c -s site-info.def -n VOMS INFO: Using site configuration file: site-info.def INFO: Sourcing service specific configuration file: ./services/glite-voms [...] Stopping vo eumed Starting vo eumed Stopping siblings webapp Starting siblings webapp INFO: User and password for read-only database access for VOMS-CORE not specified. INFO: Using the credentials for read-write access (VOMS-ADMIN). voms-admin-configure, version 2.7.0 Checking installation... Checking local installation... Installation ok. Setting up user credentials... Using host credentials (/etc/grid-security/hostcert.pem) since running as root. Setting defaults for the VOMS AA credentials AA certificates settings: cert:/etc/grid-security/tomcat-cert.pem key:/etc/grid-security/tomcat-key.pem Prefix: //usr Configuration dir: /etc/voms-admin Cheking input parameters Installing vo euchina Skipping voms core configuration creation Will not set read-only access for authenticated clients as the --skip-database option is set VO euchina configured correctly. VO euchina installation finished. You can start the voms services using the following commands: //etc/init.d/voms start euchina //etc/init.d/voms-admin start euchina voms_euchina INFO: Checking VOMS database schema existence and deploying one if missing... Checking database connectivity... Database contacted succesfully Checking database existence... Found existing voms-admin 2.5.x database... Existing voms database found. Will not overwrite the database! INFO: Opening the VO to all authenticated clients. Checking that the database is writable... Database is writable. Granting read-only access to any authenticated user on group '/euchina' Granting read-only access to any authenticated user on role '/euchina/Role=SoftwareManager' Granting read-only access to any authenticated user on role '/euchina/Role=VO-Admin' INFO: Adding default admin from /etc/grid-security/hostcert.pem INFO: Ignoring email from the administrator certificate: /etc/grid-security/hostcert.pem Admin '/C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it,/C=IT/O=INFN/CN=INFN CA' already exists in database... This admin will be granted full privileges on the VOMS database. Adding ALL permissions on '/euchina' for admin '/C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it,/C=IT/O=INFN/CN=INFN CA' Adding ALL permissions on role '/euchina/Role=SoftwareManager' for admin '/C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it,/C=IT/O=INFN/CN=INFN CA' Adding ALL permissions on role '/euchina/Role=VO-Admin' for admin '/C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it,/C=IT/O=INFN/CN=INFN CA' Stopping vo euchina Starting vo euchina Stopping siblings webapp Starting siblings webapp INFO: User and password for read-only database access for VOMS-CORE not specified. INFO: Using the credentials for read-write access (VOMS-ADMIN). voms-admin-configure, version 2.7.0 Checking installation... Checking local installation... Installation ok. Setting up user credentials... Using host credentials (/etc/grid-security/hostcert.pem) since running as root. Setting defaults for the VOMS AA credentials AA certificates settings: cert:/etc/grid-security/tomcat-cert.pem key:/etc/grid-security/tomcat-key.pem Prefix: //usr Configuration dir: /etc/voms-admin Cheking input parameters Installing vo glast.org Skipping voms core configuration creation Will not set read-only access for authenticated clients as the --skip-database option is set VO glast.org configured correctly. VO glast.org installation finished. You can start the voms services using the following commands: //etc/init.d/voms start glast.org //etc/init.d/voms-admin start glast.org voms_glast_org INFO: Checking VOMS database schema existence and deploying one if missing... Checking database connectivity... Database contacted succesfully Checking database existence... Found existing voms-admin 2.5.x database... Existing voms database found. Will not overwrite the database! INFO: Opening the VO to all authenticated clients. Checking that the database is writable... Database is writable. Granting read-only access to any authenticated user on group '/glast.org' Granting read-only access to any authenticated user on role '/glast.org/Role=prod' Granting read-only access to any authenticated user on role '/glast.org/Role=SoftwareManager' Granting read-only access to any authenticated user on role '/glast.org/Role=VO-Admin' INFO: Adding default admin from /etc/grid-security/hostcert.pem INFO: Ignoring email from the administrator certificate: /etc/grid-security/hostcert.pem Admin '/C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it,/C=IT/O=INFN/CN=INFN CA' already exists in database... This admin will be granted full privileges on the VOMS database. Adding ALL permissions on '/glast.org' for admin '/C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it,/C=IT/O=INFN/CN=INFN CA' Adding ALL permissions on role '/glast.org/Role=prod' for admin '/C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it,/C=IT/O=INFN/CN=INFN CA' Adding ALL permissions on role '/glast.org/Role=SoftwareManager' for admin '/C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it,/C=IT/O=INFN/CN=INFN CA' Adding ALL permissions on role '/glast.org/Role=VO-Admin' for admin '/C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it,/C=IT/O=INFN/CN=INFN CA' Stopping vo glast.org Starting vo glast.org Stopping siblings webapp Starting siblings webapp INFO: User and password for read-only database access for VOMS-CORE not specified. INFO: Using the credentials for read-write access (VOMS-ADMIN). Stopping tomcat6: [ OK ] Starting tomcat6: [ OK ] Stopping voms(ams02.cern.ch): (already stopped) Stopping voms(compassit): (already stopped) Stopping voms(comput-er.it): (already stopped) Stopping voms(cyclops): (already stopped) Stopping voms(enmr.eu): (already stopped) Stopping voms(euchina): (already stopped) Stopping voms(euindia): (already stopped) Stopping voms(eumed): (already stopped) Stopping voms(glast.org): (already stopped) Stopping voms(ipv6.hepix.org): (already stopped) Stopping voms(pacs.infn.it): (already stopped) Stopping voms(superbvo.org): (already stopped) Stopping voms(tps.infn.it): (already stopped) Starting voms(ams02.cern.ch): [ OK ] Starting voms(compassit): [ OK ] Starting voms(comput-er.it): [ OK ] Starting voms(cyclops): [ OK ] Starting voms(enmr.eu): [ OK ] Starting voms(euchina): [ OK ] Starting voms(euindia): [ OK ] Starting voms(eumed): [ OK ] Starting voms(glast.org): [ OK ] Starting voms(ipv6.hepix.org): [ OK ] Starting voms(pacs.infn.it): [ OK ] Starting voms(superbvo.org): [ OK ] Starting voms(tps.infn.it): [ OK ] INFO: Executing function: config_voms_logrotate_setenv INFO: Executing function: config_voms_logrotate INFO: Executing function: config_bdii_5.2 Stopping BDII: BDII already stopped Starting BDII slapd: [ OK ] Starting BDII update process: [ OK ] INFO: Configuration Complete. [ OK ] INFO: YAIM terminated succesfully. <--/twistyPlugin--> <--/twistyPlugin twikiMakeVisibleInline--> <--/twistyPlugin-->-- AlessandroPaolini - 2012-05-30 |