Difference: NotesAboutInstallationAndConfigurationOfMyproxy (1 vs. 11)

Revision 112012-06-12 - PaoloVeronesi

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Notes about Installation and Configuration of myproxy

  • These notes are provided by site admins on a best effort base as a contribution to the IGI communities and MUST not be considered as a subsitute of the Official IGI documentation.
Line: 17 to 17
 
  1. Troubleshooting Guide for Operational Errors on EGI Sites
  2. Grid Administration FAQs page
Deleted:
<
<
<--/twistyPlugin twikiMakeVisibleInline-->
 

Recommendations

  • The service needs at least:
    • 3 cores
    • 3 GB RAM
    • 10 GB disk space.
A full virtualized machine based on KVM has been used in the following notes.
Deleted:
<
<
<--/twistyPlugin-->
 

Service installation

Deleted:
<
<
<--/twistyPlugin twikiMakeVisibleInline-->
 

O.S. and Repos

  • Starts from a fresh installation of Scientific Linux 5.x (x86_64).
Line: 78 to 59
 epel.repo epel-testing.repo sl-contrib.repo sl-fastbugs.repo sl-security.repo sl-testing.repo sl-debuginfo.repo sl.repo sl-srpms.repo
Deleted:
<
<
<--/twistyPlugin-->
 
Deleted:
<
<
<--/twistyPlugin twikiMakeVisibleInline-->
 

yum install

# yum clean all
Line: 390 to 362
 Complete!

Deleted:
<
<
<--/twistyPlugin-->
 

Service configuration

The configuration file for this service is really basic.
Line: 398 to 369
 
  • DN list of authorized renewals (WMS and nagios)
  • DN list of trusted retrievers (nagios)
Deleted:
<
<
<--/twistyPlugin twikiMakeVisibleInline-->
 

site-info.def

# cp -vr /opt/glite/yaim/examples/siteinfo /root/
Line: 420 to 383
 PX_HOST=`hostname -f` BDII_DELETE_DELAY=0
Deleted:
<
<
<--/twistyPlugin-->
 
Deleted:
<
<
<--/twistyPlugin twikiMakeVisibleInline-->
 

glite-px

# cat siteinfo/services/glite-px 
Line: 572 to 526
 '/C=IT/O=INFN/OU=Host/L=CNAF/CN=sb-serv01.cr.cnaf.infn.it' "
Deleted:
<
<
<--/twistyPlugin-->
 
Deleted:
<
<
<--/twistyPlugin twikiMakeVisibleInline-->
 

host certificate required

# ll /etc/grid-security/host*
-rw-r--r-- 1 root root 1440 Dec 29 09:30 /etc/grid-security/hostcert.pem
-r-------- 1 root root  887 Dec 29 09:30 /etc/grid-security/hostkey.pem
Deleted:
<
<
<--/twistyPlugin-->
 

Service configuration

Changed:
<
<
<--/twistyPlugin twikiMakeVisibleInline-->
>
>
 

yaim check

#  chmod -R 600 /root/siteinfo
Line: 785 to 722
 
# chkconfig myproxy-server on
Deleted:
<
<
<--/twistyPlugin-->
 

Service checks

Changed:
<
<
<--/twistyPlugin twikiMakeVisibleInline-->
>
>
 
myproxy-init
On a user interface:
Line: 829 to 758
 -rw------- 1 myproxy myproxy 132 Dec 29 10:03 veronesi-veronesi-test.data -rw------- 1 myproxy myproxy 5912 Dec 29 10:03 veronesi-veronesi-test.creds
Deleted:
<
<
<--/twistyPlugin-->
 
Deleted:
<
<
<--/twistyPlugin twikiMakeVisibleInline-->
 
myproxy-info
On a user interface:
Line: 858 to 778
 Dec 29 10:42:08 myproxy myproxy-server[9209]: Received INFO request for username veronesi Dec 29 10:42:08 myproxy myproxy-server[9209]: Client /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi disconnected
Deleted:
<
<
<--/twistyPlugin-->
 
Deleted:
<
<
<--/twistyPlugin twikiMakeVisibleInline-->
 
myproxy-get-delegation
On a user interface:
Line: 887 to 798
 Dec 29 11:01:08 myproxy myproxy-server[31270]: Client /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi disconnected
Deleted:
<
<
<--/twistyPlugin-->

<--/twistyPlugin twikiMakeVisibleInline-->
 

Additional notes

In order to make the WMS renewal function it is necessary:
  1. To include the DN of the WMS that process the jobs among the authorized renewers on the MyProxy server, i.e. to add authorized_renewers DN to the configuration and restart the server;
  2. Upload the proxy of the job submitter in the MyProxy server using myproxy-init -s myproxy_server -d -n
  3. Submit the job with the MyProxy server hostname being given in the JDL
Changed:
<
<
<--/twistyPlugin-->
>
>
 

Revision

Date Comment
2012-05-03 myproxy upgraded - EMI 1 Kebnekaise Products - glite-proxyrenewal update v.1.3.25

Revision 102012-05-03 - PaoloVeronesi

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Notes about Installation and Configuration of myproxy

  • These notes are provided by site admins on a best effort base as a contribution to the IGI communities and MUST not be considered as a subsitute of the Official IGI documentation.
Line: 9 to 9
 

References

Added:
>
>
  1. EMI 1 Kebnekaise Products - glite-proxyrenewal update v.1.3.25
  2. YAIM configuration variables
 
  1. About IGI - Italian Grid infrastructure
  2. About IGI Release
  3. IGI Official Installation and Configuration guide
Line: 798 to 800
 
myproxy-init
On a user interface:
Changed:
<
<
# $ myproxy-info -s myproxy.cnaf.infn.it -k veronesi-test
>
>
# $ myproxy-init -s myproxy.cnaf.infn.it -k veronesi-test
 username: veronesi owner: /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi name: veronesi-test
Line: 903 to 905
 
  1. Submit the job with the MyProxy server hostname being given in the JDL
<--/twistyPlugin-->

Revision

Added:
>
>
Date Comment
2012-05-03 myproxy upgraded - EMI 1 Kebnekaise Products - glite-proxyrenewal update v.1.3.25
 

-- PaoloVeronesi - 2011-12-28 \ No newline at end of file

Revision 92012-02-22 - PaoloVeronesi

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Notes about Installation and Configuration of myproxy

  • These notes are provided by site admins on a best effort base as a contribution to the IGI communities and MUST not be considered as a subsitute of the Official IGI documentation.
Line: 416 to 416
 # cat /root/siteinfo/site-info.def SITE_NAME=INFN-CNAF PX_HOST=`hostname -f`
Added:
>
>
BDII_DELETE_DELAY=0
  </>
<--/twistyPlugin-->

Revision 82012-01-19 - PaoloVeronesi

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Notes about Installation and Configuration of myproxy

  • These notes are provided by site admins on a best effort base as a contribution to the IGI communities and MUST not be considered as a subsitute of the Official IGI documentation.
Line: 560 to 560
 '/C=IT/O=INFN/OU=Host/L=CNAF/CN=sb-serv01.cr.cnaf.infn.it' "
Deleted:
<
<
GRID_AUTHORIZED_RETRIEVERS="*"
 GRID_TRUSTED_RETRIEVERS=" '/C=IT/O=INFN/OU=Host/L=CNAF/CN=mon-it.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=mon-cnaf.cnaf.infn.it'

Revision 72012-01-11 - PaoloVeronesi

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Notes about Installation and Configuration of myproxy

  • These notes are provided by site admins on a best effort base as a contribution to the IGI communities and MUST not be considered as a subsitute of the Official IGI documentation.
Line: 8 to 8
 NB: The myproxy service is a CORE service, it should not be installed at Resource Center level. The official endpoint provided by IGI is myproxy.cnaf.infn.it and MUST be used by all Resource Centers and Services part of the IGI infrastructure.
Deleted:
<
<
<--/twistyPlugin twikiMakeVisibleInline-->
 

References

  1. About IGI - Italian Grid infrastructure
  2. About IGI Release
  3. IGI Official Installation and Configuration guide
  4. Troubleshooting Guide for Operational Errors on EGI Sites
  5. Grid Administration FAQs page
Deleted:
<
<
<--/twistyPlugin-->
  %TWISTY{ mode="div"
Line: 41 to 32
 A full virtualized machine based on KVM has been used in the following notes.
<--/twistyPlugin-->
Added:
>
>

Service installation

 %TWISTY{ mode="div" showlink=" O.S. and Repos "
Line: 50 to 43
 hideimgright="/twiki/pub/TWiki/TWikiDocGraphics/toggleclose.gif" }%
Changed:
<
<

O.S. and Repos

>
>

O.S. and Repos

 
  • Starts from a fresh installation of Scientific Linux 5.x (x86_64).
# cat /etc/redhat-release 
Line: 87 to 80
  %TWISTY{ mode="div"
Changed:
<
<
showlink=" Update host and perform the installation of package(s) " hidelink=" Update host and perform the installation of package(s) "
>
>
showlink=" yum install " hidelink=" yum install "
 remember="off" firststart="hide" showimgright="/twiki/pub/TWiki/TWikiDocGraphics/toggleopen.gif" hideimgright="/twiki/pub/TWiki/TWikiDocGraphics/toggleclose.gif" }%
Changed:
<
<

Update host and perform the installation of package(s)

>
>

yum install

 
# yum clean all
Loaded plugins: downloadonly, kernel-module, priorities, protect-packages, protectbase, security, verify, versionlock
Line: 397 to 390
  </>
<--/twistyPlugin-->
Deleted:
<
<
<--/twistyPlugin twikiMakeVisibleInline-->
 

Service configuration

The configuration file for this service is really basic. For autorization:
  • DN list of authorized renewals (WMS and nagios)
  • DN list of trusted retrievers (nagios)
Added:
>
>
<--/twistyPlugin twikiMakeVisibleInline-->

site-info.def

 
# cp -vr /opt/glite/yaim/examples/siteinfo /root/
`/opt/glite/yaim/examples/siteinfo' -> `/root/siteinfo'
Line: 422 to 416
 # cat /root/siteinfo/site-info.def SITE_NAME=INFN-CNAF PX_HOST=`hostname -f`
Added:
>
>
<--/twistyPlugin-->
 
Added:
>
>
<--/twistyPlugin twikiMakeVisibleInline-->

glite-px

 # cat siteinfo/services/glite-px ############################################################################## # Copyright (c) Members of the EGEE Collaboration. 2004.
Line: 583 to 589
 
<--/twistyPlugin-->
Added:
>
>

Service configuration

 %TWISTY{ mode="div"
Changed:
<
<
showlink=" YAIM check " hidelink=" YAIM check "
>
>
showlink=" yaim check " hidelink=" yaim check "
 remember="off" firststart="hide" showimgright="/twiki/pub/TWiki/TWikiDocGraphics/toggleopen.gif" hideimgright="/twiki/pub/TWiki/TWikiDocGraphics/toggleclose.gif" }%
Changed:
<
<

YAIM check

>
>

yaim check

 
#  chmod -R 600 /root/siteinfo
Line: 640 to 647
  %TWISTY{ mode="div"
Changed:
<
<
showlink=" YAIM config " hidelink=" YAIM config "
>
>
showlink=" yaim config " hidelink=" yaim config "
 remember="off" firststart="hide" showimgright="/twiki/pub/TWiki/TWikiDocGraphics/toggleopen.gif" hideimgright="/twiki/pub/TWiki/TWikiDocGraphics/toggleclose.gif" }%
Changed:
<
<

YAIM config

>
>

yaim config

 Please use the debug flag ( "-d 6") to configure the services in order to have detailed information. For your convenience yo can save all the configuration information in a log file you can look at any time, separated from the yaimlog defulat one.
# /opt/glite/yaim/bin/yaim -c -d 6 -s /root/siteinfo/site-info.def -n glite-PX

Revision 62012-01-05 - PaoloVeronesi

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Notes about Installation and Configuration of myproxy

  • These notes are provided by site admins on a best effort base as a contribution to the IGI communities and MUST not be considered as a subsitute of the Official IGI documentation.
Line: 26 to 26
  %TWISTY{ mode="div"
Changed:
<
<
showlink=" Reccommendations " hidelink=" Reccommendations "
>
>
showlink=" Recommendations " hidelink=" Recommendations "
 remember="off" firststart="hide" showimgright="/twiki/pub/TWiki/TWikiDocGraphics/toggleopen.gif" hideimgright="/twiki/pub/TWiki/TWikiDocGraphics/toggleclose.gif" }%
Changed:
<
<

Reccommendations

>
>

Recommendations

 
  • The service needs at least:
    • 3 cores
    • 3 GB RAM

Revision 52012-01-03 - PaoloVeronesi

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Notes about Installation and Configuration of myproxy

  • These notes are provided by site admins on a best effort base as a contribution to the IGI communities and MUST not be considered as a subsitute of the Official IGI documentation.
Line: 8 to 8
 NB: The myproxy service is a CORE service, it should not be installed at Resource Center level. The official endpoint provided by IGI is myproxy.cnaf.infn.it and MUST be used by all Resource Centers and Services part of the IGI infrastructure.
Added:
>
>
<--/twistyPlugin twikiMakeVisibleInline-->
 

References

  1. About IGI - Italian Grid infrastructure
  2. About IGI Release
  3. IGI Official Installation and Configuration guide
  4. Troubleshooting Guide for Operational Errors on EGI Sites
  5. Grid Administration FAQs page
Added:
>
>
<--/twistyPlugin-->

<--/twistyPlugin twikiMakeVisibleInline-->
 

Reccommendations

  • The service needs at least:
Line: 21 to 39
 
    • 3 GB RAM
    • 10 GB disk space.
A full virtualized machine based on KVM has been used in the following notes.
Added:
>
>
<--/twistyPlugin-->

<--/twistyPlugin twikiMakeVisibleInline-->
 

O.S. and Repos

  • Starts from a fresh installation of Scientific Linux 5.x (x86_64).
Line: 55 to 83
 epel.repo epel-testing.repo sl-contrib.repo sl-fastbugs.repo sl-security.repo sl-testing.repo sl-debuginfo.repo sl.repo sl-srpms.repo
Added:
>
>
<--/twistyPlugin-->
 
Added:
>
>
<--/twistyPlugin twikiMakeVisibleInline-->
 

Update host and perform the installation of package(s)

# yum clean all
Line: 358 to 395
 Complete!

Added:
>
>
<--/twistyPlugin-->
 
Added:
>
>
<--/twistyPlugin twikiMakeVisibleInline-->
 

Service configuration

The configuration file for this service is really basic. For autorization:
Line: 519 to 565
 '/C=IT/O=INFN/OU=Host/L=CNAF/CN=sb-serv01.cr.cnaf.infn.it' "
Added:
>
>
<--/twistyPlugin-->
 
Added:
>
>
<--/twistyPlugin twikiMakeVisibleInline-->
 

host certificate required

# ll /etc/grid-security/host*
-rw-r--r-- 1 root root 1440 Dec 29 09:30 /etc/grid-security/hostcert.pem
-r-------- 1 root root  887 Dec 29 09:30 /etc/grid-security/hostkey.pem
Added:
>
>
<--/twistyPlugin-->
 
Added:
>
>
<--/twistyPlugin twikiMakeVisibleInline-->
 

YAIM check

#  chmod -R 600 /root/siteinfo
Line: 572 to 636
 
INFO
controlled in the _check functions.
INFO
YAIM terminated succesfully.
Added:
>
>
<--/twistyPlugin-->
 
Added:
>
>
<--/twistyPlugin twikiMakeVisibleInline-->
 

YAIM config

Please use the debug flag ( "-d 6") to configure the services in order to have detailed information. For your convenience yo can save all the configuration information in a log file you can look at any time, separated from the yaimlog defulat one.
Line: 704 to 777
 
# chkconfig myproxy-server on
Added:
>
>
<--/twistyPlugin-->
 

Service checks

Added:
>
>
<--/twistyPlugin twikiMakeVisibleInline-->
 
myproxy-init
On a user interface:
Line: 738 to 821
 -rw------- 1 myproxy myproxy 132 Dec 29 10:03 veronesi-veronesi-test.data -rw------- 1 myproxy myproxy 5912 Dec 29 10:03 veronesi-veronesi-test.creds
Added:
>
>
<--/twistyPlugin-->
 
Added:
>
>
<--/twistyPlugin twikiMakeVisibleInline-->
 
myproxy-info
On a user interface:
Line: 758 to 850
 Dec 29 10:42:08 myproxy myproxy-server[9209]: Received INFO request for username veronesi Dec 29 10:42:08 myproxy myproxy-server[9209]: Client /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi disconnected
Added:
>
>
<--/twistyPlugin-->
 
Added:
>
>
<--/twistyPlugin twikiMakeVisibleInline-->
 
myproxy-get-delegation
On a user interface:
Line: 778 to 879
 Dec 29 11:01:08 myproxy myproxy-server[31270]: Client /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi disconnected
Added:
>
>
<--/twistyPlugin-->
 
Added:
>
>
<--/twistyPlugin twikiMakeVisibleInline-->
 

Additional notes

In order to make the WMS renewal function it is necessary:
  1. To include the DN of the WMS that process the jobs among the authorized renewers on the MyProxy server, i.e. to add authorized_renewers DN to the configuration and restart the server;
  2. Upload the proxy of the job submitter in the MyProxy server using myproxy-init -s myproxy_server -d -n
  3. Submit the job with the MyProxy server hostname being given in the JDL
Changed:
<
<
>
>
<--/twistyPlugin-->
 

Revision

Revision 42011-12-29 - PaoloVeronesi

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
Changed:
<
<

Notes about Installation and Configuration of myproxy (DRAFT)

>
>

Notes about Installation and Configuration of myproxy

 
  • These notes are provided by site admins on a best effort base as a contribution to the IGI communities and MUST not be considered as a subsitute of the Official IGI documentation.
  • This document is addressed to site administrators responsible for middleware installation and configuration.
  • The goal of this page is to provide some hints and examples on how to install and configure an IGI myproxy service based on UMD middleware.
Line: 56 to 56
 sl-contrib.repo sl-fastbugs.repo sl-security.repo sl-testing.repo sl-debuginfo.repo sl.repo sl-srpms.repo
Changed:
<
<

Update host and perform the installation of package(s) (DRAFT)

>
>

Update host and perform the installation of package(s)

 
# yum clean all
Loaded plugins: downloadonly, kernel-module, priorities, protect-packages, protectbase, security, verify, versionlock
Line: 366 to 366
 
  • DN list of trusted retrievers (nagios)
Changed:
<
<
cat << EOF > site-info.def SITE_NAME=emitb
>
>
# cp -vr /opt/glite/yaim/examples/siteinfo /root/ `/opt/glite/yaim/examples/siteinfo' -> `/root/siteinfo' `/opt/glite/yaim/examples/siteinfo/site-info.def' -> `/root/siteinfo/site-info.def' `/opt/glite/yaim/examples/siteinfo/services' -> `/root/siteinfo/services' `/opt/glite/yaim/examples/siteinfo/services/glite-px' -> `/root/siteinfo/services/glite-px' `/opt/glite/yaim/examples/siteinfo/services/glite-bdii_site' -> `/root/siteinfo/services/glite-bdii_site'

# cat /root/siteinfo/site-info.def SITE_NAME=INFN-CNAF

 PX_HOST=`hostname -f`
Added:
>
>
# cat siteinfo/services/glite-px ############################################################################## # Copyright (c) Members of the EGEE Collaboration. 2004. # See http://www.eu-egee.org/partners/ for details on the copyright # holders. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS # OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ############################################################################## # # NAME : glite-px # # DESCRIPTION : This configuration file contains the list of variables needed # to configure Myproxy together with site-info.def. # # AUTHORS : yaim-contact@cern.ch # # NOTES : # # YAIM MODULE: glite-yaim-myproxy # ##############################################################################
 GRID_AUTHORIZED_RETRIEVERS="\*"
Added:
>
>
 GRID_AUTHORIZED_RENEWERS="
Changed:
<
<
'/DC=org/DC=terena/DC=tcs/C=CZ/O=Masaryk University/CN=emitb2.ics.muni.cz' '/DC=ch/DC=cern/OU=computers/CN=cvitbrcnagios.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=lxbra2302.cern.ch' '/C=CH/O=CERN/OU=GRID/CN=host/lxbra2302.cern.ch' '/C=CH/O=CERN/OU=GRID/CN=host/cvitbrcnagios.cern.ch'
>
>
'/C=IT/O=INFN/OU=Host/L=CNAF/CN=gridit-wms-01.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee-wms-01.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=Ferrara/CN=gridrb.fe.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee-rb-01.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee-rb-02.cnaf.infn.it' '/C=IT/O=INFN/OU=grid014.ct.infn.it/L=Catania/CN=grid014.ct.infn.it/emailAddress=giuseppe.platania@ct.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=gridit-cert-rb.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=eumed-rb-1.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=euchina-rb-1.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee-rb-03.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee-rb-04.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee-rb-05.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee-rb-06.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=gridit-rb-01.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=Padova/CN=egrid-rb-01.pd.infn.it' '/C=IT/O=INFN/OU=Host/L=Padova/CN=prod-rb-01.pd.infn.it' '/C=IT/O=INFN/OU=Host/L=Padova/CN=prod-rb-02.pd.infn.it' '/C=IT/O=INFN/OU=Host/L=Padova/CN=prod-wms-01.pd.infn.it' '/C=IT/O=INFN/OU=Host/L=Padova/CN=eu-india-02.pd.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=sc2.cr.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=Bari/CN=wms1.ba.infn.it' '/C=IT/O=INFN/OU=Host/L=Bari/CN=wms2.ba.infn.it' '/C=IT/O=INFN/OU=Host/L=Bari/CN=wms3.ba.infn.it' '/C=CH/O=CERN/OU=GRID/CN=host/lxn1185.cern.ch' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee-rb-07.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee-rb-08.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee-rb-09.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=cert-rb-06.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=glite-rb-00.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=glite-rb-01.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=devel07.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=devel09.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=devel10.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=devel11.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=devel12.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=devel14.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=devel18.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=devel19.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=devel20.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=Padova/CN=cream-06.pd.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms001.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms002.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms003.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms004.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms005.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms006.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms007.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms008.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms009.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms011.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms012.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms013.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms014.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms015.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms016.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms017.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=cert-02.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=pps-fts.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=tigerman.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=Milano/CN=egee-rb-01.mi.infn.it' '/C=IT/O=INFN/OU=Host/L=CIRMMP/CN=wms-enmr.cerm.unifi.it' '/DC=ch/DC=cern/OU=computers/CN=wms101.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms102.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms103.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms104.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms105.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms106.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms107.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms108.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms109.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms110.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms111.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms112.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms113.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms114.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms115.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms116.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms117.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms118.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms119.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms121.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms122.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms123.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms124.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms125.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms126.cern.ch' '/O=dutchgrid/O=hosts/OU=nikhef.nl/CN=graszode.nikhef.nl' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=mon-it.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=mon-cnaf.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=bbrbuild01.cr.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=bbr-serv09.cr.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee017.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=sb-serv01.cr.cnaf.infn.it'
 "
Added:
>
>
GRID_AUTHORIZED_RETRIEVERS="*"
 GRID_TRUSTED_RETRIEVERS="
Changed:
<
<
'/DC=ch/DC=cern/OU=computers/CN=cvitbrcnagios.cern.ch' '/C=CH/O=CERN/OU=GRID/CN=host/cvitbrcnagios.cern.ch'
>
>
'/C=IT/O=INFN/OU=Host/L=CNAF/CN=mon-it.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=mon-cnaf.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=bbrbuild01.cr.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=bbr-serv09.cr.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee017.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=sb-serv01.cr.cnaf.infn.it'
 "
Changed:
<
<

host certificate required

>
>

host certificate required

# ll /etc/grid-security/host*
-rw-r--r-- 1 root root 1440 Dec 29 09:30 /etc/grid-security/hostcert.pem
-r-------- 1 root root  887 Dec 29 09:30 /etc/grid-security/hostkey.pem
 

YAIM check

#  chmod -R 600 /root/siteinfo
Changed:
<
<
# /opt/glite/yaim/bin/yaim -v -s /root/siteinfo/site-info.def -n ?????? /opt/glite/yaim/bin/yaim -c -s ./site-info.def -n glite-PX
>
>
# /opt/glite/yaim/bin/yaim -v -s /root/siteinfo/site-info.def -n glite-PX
INFO
Using site configuration file: /root/siteinfo/site-info.def
INFO
Sourcing service specific configuration file: /root/siteinfo/services/glite-px
INFO
###################################################################

. /'.-. ') . yA,-"-,( ,m,:/ ) .oo. oo o ooo o. .oo . / .-Y a a Y-. 8. .8' 8'8. 8 8b d'8 . / ~ ~ / 8' .8oo88. 8 8 8' 8 . (_/ '====' 8 .8' 8. 8 8 Y 8 . Y,-''-,Yy,-.,/ o8o o8o o88o o8o o8o o8o . I_))_) I_))_)

current working directory: /root site-info.def date: Dec 29 09:36 /root/siteinfo/site-info.def yaim command: -v -s /root/siteinfo/site-info.def -n glite-PX log file: /opt/glite/yaim/bin/../log/yaimlog Thu Dec 29 09:44:38 CET 2011 : /opt/glite/yaim/bin/yaim

Installed YAIM versions: glite-px-myproxy-yaim - glite-yaim-bdii 4.3.4-1 glite-yaim-core 5.0.2-1

####################################################################

INFO
The default location of the grid-env.(c)sh files will be: /usr/libexec
INFO
Sourcing the utilities in /opt/glite/yaim/functions/utils
INFO
Detecting environment
INFO
Executing function: config_host_certs_check
INFO
Executing function: config_edgusers_check
INFO
Executing function: config_proxy_server_check
INFO
Executing function: config_bdii_5.2_check
INFO
Executing function: config_info_service_px_check
INFO
Checking is done.
INFO
All the necessary variables to configure PX are defined in your configuration files.
INFO
Please, bear in mind that YAIM only guarantees the definition of variables
INFO
controlled in the _check functions.
INFO
YAIM terminated succesfully.
 
Deleted:
<
<

Know Issue and Workaround

 

YAIM config

Please use the debug flag ( "-d 6") to configure the services in order to have detailed information. For your convenience yo can save all the configuration information in a log file you can look at any time, separated from the yaimlog defulat one.
Changed:
<
<
# /opt/glite/yaim/bin/yaim -c -d 6 -s /root/siteinfo/site-info.def -n ?????? /opt/glite/yaim/bin/yaim -c -s ./site-info.def -n glite-PX
>
>
# /opt/glite/yaim/bin/yaim -c -d 6 -s /root/siteinfo/site-info.def -n glite-PX
DEBUG
Checking siteinfo dir is not world readable
DEBUG
Checking site-info.def is syntactically correct
DEBUG
Sourcing /opt/glite/yaim/bin/../defaults/site-info.pre
DEBUG
Sourcing /opt/glite/yaim/bin/../defaults/glite-px.pre
INFO
Using site configuration file: /root/siteinfo/site-info.def
DEBUG
Sourcing site-info.def file: /root/siteinfo/site-info.def
INFO
Sourcing service specific configuration file: /root/siteinfo/services/glite-px
DEBUG
Sourcing /opt/glite/yaim/bin/../defaults/site-info.post
DEBUG
Sourcing /opt/glite/yaim/bin/../defaults/mapping
INFO
###################################################################

. /'.-. ') . yA,-"-,( ,m,:/ ) .oo. oo o ooo o. .oo . / .-Y a a Y-. 8. .8' 8'8. 8 8b d'8 . / ~ ~ / 8' .8oo88. 8 8 8' 8 . (_/ '====' 8 .8' 8. 8 8 Y 8 . Y,-''-,Yy,-.,/ o8o o8o o88o o8o o8o o8o . I_))_) I_))_)

current working directory: /root site-info.def date: Dec 29 09:36 /root/siteinfo/site-info.def yaim command: -c -d 6 -s /root/siteinfo/site-info.def -n glite-PX log file: /opt/glite/yaim/bin/../log/yaimlog Thu Dec 29 09:45:30 CET 2011 : /opt/glite/yaim/bin/yaim

Installed YAIM versions: glite-px-myproxy-yaim - glite-yaim-bdii 4.3.4-1 glite-yaim-core 5.0.2-1

####################################################################

INFO
The default location of the grid-env.(c)sh files will be: /usr/libexec
INFO
Sourcing the utilities in /opt/glite/yaim/functions/utils
INFO
Detecting environment
DEBUG
Detect platform: OS flavour detected is: emi
DEBUG
Detected architecture is 64BIT
DEBUG
Detect platform: OS type detected: sl5
DEBUG
Resulted NODE_TYPE_LIST is : PX
DEBUG
Setting environment variable GRID_ENV_LOCATION, to value "/usr/libexec".
DEBUG
Unset environment variable GRID_ENV_LOCATION.
DEBUG
Setting environment variable LCG_LOCATION, to value "/usr".
DEBUG
Unset environment variable LCG_LOCATION.
DEBUG
Setting environment variable GLITE_LOCATION, to value "/usr".
DEBUG
Unset environment variable GLITE_LOCATION.
DEBUG
Setting environment variable GLITE_LOCATION_VAR, to value "/var".
DEBUG
Unset environment variable GLITE_LOCATION_VAR.
DEBUG
Appending value "/bin" to environment variable PATH.
DEBUG
Deleting value "/bin" from environment variable PATH.
DEBUG
Appending value "/opt/glite/share/man" to environment variable MANPATH.
DEBUG
Deleting value "/opt/glite/share/man" from environment variable MANPATH.
DEBUG
Sourcing node definition file: /opt/glite/yaim/bin/../node-info.d/glite-px
DEBUG
Skipping function: config_crl_check because it is not defined
INFO
Executing function: config_host_certs_check
INFO
Executing function: config_edgusers_check
INFO
Executing function: config_proxy_server_check
INFO
Executing function: config_bdii_5.2_check
INFO
Executing function: config_info_service_px_check
DEBUG
Skipping function: config_crl_setenv because it is not defined
INFO
Executing function: config_crl
INFO
Now updating the CRLs - this may take a few minutes...
Enabling periodic fetch-crl: [ OK ]
DEBUG
fetch-crl cron enabled
DEBUG
Skipping function: config_host_certs_setenv because it is not defined
INFO
Executing function: config_host_certs
DEBUG
Skipping function: config_edgusers_setenv because it is not defined
INFO
Executing function: config_edgusers
DEBUG
Creating user edguser...
DEBUG
User edguser doesn't exist
DEBUG
YAIM is going to add user edguser
DEBUG
HOME directory ${EDG_HOME_DIR} is specified for the user
DEBUG
Checking whether the group edguser infosys for user edguser already exist...
DEBUG
Group edguser added
DEBUG
Group infosys added
DEBUG
User edguser added
DEBUG
Creating user edginfo...
DEBUG
User edginfo doesn't exist
DEBUG
YAIM is going to add user edginfo
DEBUG
HOME directory ${EDGINFO_HOME_DIR} is specified for the user
DEBUG
Checking whether the group edginfo infosys for user edginfo already exist...
DEBUG
Group edginfo added
DEBUG
Group infosys added
DEBUG
User edginfo added
DEBUG
Creating user glite...
DEBUG
User glite doesn't exist
DEBUG
YAIM is going to add user glite
DEBUG
HOME directory ${GLITE_HOME_DIR} is specified for the user
DEBUG
Checking whether the group glite for user glite already exist...
DEBUG
Group glite added
DEBUG
User glite added
DEBUG
Creating user edguser...
DEBUG
Skipping user edguser since it already exists...
INFO
Executing function: config_proxy_server_setenv
DEBUG
Setting environment variable GLITE_PX_LOCATION, to value "/usr".
DEBUG
Unset environment variable GLITE_PX_LOCATION.
DEBUG
Setting environment variable GLITE_PX_LOCATION_ETC, to value "/etc".
DEBUG
Unset environment variable GLITE_PX_LOCATION_ETC.
DEBUG
Setting environment variable GLITE_PX_LOCATION_VAR, to value "/var/glite".
DEBUG
Unset environment variable GLITE_PX_LOCATION_VAR.
INFO
Executing function: config_proxy_server
DEBUG
Creating Minimal myproxy configuration.
INFO
Reloading MyProxy server
INFO
MyProxy server not running so starting
Starting myproxy-server: [ OK ]
DEBUG
Skipping function: config_bdii_5.2_setenv because it is not defined
INFO
Executing function: config_bdii_5.2
Stopping BDII: BDII already stopped Starting BDII slapd: [ OK ] Starting BDII update process: [ OK ]
INFO
Executing function: config_info_service_px_setenv
DEBUG
This function currently doesn't set any environment variables.
INFO
Executing function: config_info_service_px
DEBUG
Delete a previous version of the *.conf if it exists
DEBUG
Create the configuration files out of the template file
DEBUG
Delete a previous version of the glite-info-provider-service-myproxy-wrapper if it exists
DEBUG
Create the /var/lib/bdii/gip/provider in case it doesn't exist
DEBUG
Create the glite-info-provider-service-myproxy-wrapper file
INFO
Configuration Complete. [ OK ]
INFO
YAIM terminated succesfully.
 
Added:
>
>

Know Issue and Workaround

Al momento il servizio non parte al boot (baco di yaim, notificato in GGUS.
# chkconfig myproxy-server on
 

Service checks

Added:
>
>
myproxy-init
On a user interface:
# $ myproxy-info -s myproxy.cnaf.infn.it -k veronesi-test
username: veronesi
owner: /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi
  name: veronesi-test
  timeleft: 167:55:38  (7.0 days)
[veronesi@ui ~]$  myproxy-init -s myproxy.cnaf.infn.it -k veronesi-test
Your identity: /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi
Enter GRID pass phrase for this identity:
Creating proxy ............................................................................................ Done
Proxy Verify OK
Your proxy is valid until: Thu Jan  5 10:03:38 2012
Enter MyProxy pass phrase:
Verifying - Enter MyProxy pass phrase:
A proxy valid for 168 hours (7.0 days) for user veronesi now exists on myproxy.cnaf.infn.it.
On the MyProxy server:

# tail -f /var/log/messages
Dec 29 10:03:40 myproxy myproxy-server[9119]: Connection from 131.154.101.141
Dec 29 10:03:41 myproxy myproxy-server[9119]: Authenticated client /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi
Dec 29 10:03:42 myproxy myproxy-server[9119]: Received PUT request for username veronesi
Dec 29 10:03:43 myproxy myproxy-server[9119]: Client /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi disconnected

# ls -ltr /var/lib/myproxy/
total 36
-rw------- 1 myproxy myproxy   132 Dec 29 10:03 veronesi-veronesi-test.data
-rw------- 1 myproxy myproxy  5912 Dec 29 10:03 veronesi-veronesi-test.creds

myproxy-info
On a user interface:
# myproxy-info -s myproxy.cnaf.infn.it -k veronesi-test
username: veronesi
owner: /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi
  name: veronesi-test
  timeleft: 167:55:38  (7.0 days)

On the MyProxy server:

# tail -f /var/log/messages
Dec 29 10:42:08 myproxy myproxy-server[9209]: Connection from 131.154.101.141
Dec 29 10:42:08 myproxy myproxy-server[9209]: Authenticated client /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi
Dec 29 10:42:08 myproxy myproxy-server[9209]: Received INFO request for username veronesi
Dec 29 10:42:08 myproxy myproxy-server[9209]: Client /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi disconnected

myproxy-get-delegation
On a user interface:
$ myproxy-get-delegation -s myproxy.cnaf.infn.it -k veronesi-test
Enter MyProxy pass phrase:
A credential has been received for user veronesi in /tmp/x509up_u23019.
On the MyProxy server:

# tail -f /var/log/messages
Dec 29 11:01:05 myproxy myproxy-server[31270]: Connection from 131.154.101.141
Dec 29 11:01:05 myproxy myproxy-server[31270]: Authenticated client /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi
Dec 29 11:01:08 myproxy myproxy-server[31270]: Received GET request for username veronesi
Dec 29 11:01:08 myproxy myproxy-server[31270]: credential passphrase matched
Dec 29 11:01:08 myproxy myproxy-server[31270]: Delegating credentials for /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi lifetime=43200
Dec 29 11:01:08 myproxy myproxy-server[31270]: Client /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi disconnected
 

Additional notes

In order to make the WMS renewal function it is necessary:

Revision 32011-12-28 - PaoloVeronesi

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Notes about Installation and Configuration of myproxy (DRAFT)

  • These notes are provided by site admins on a best effort base as a contribution to the IGI communities and MUST not be considered as a subsitute of the Official IGI documentation.
Line: 24 to 24
 

O.S. and Repos

  • Starts from a fresh installation of Scientific Linux 5.x (x86_64).
Changed:
<
<
# cat /etc/redhat-release 
Scientific Linux SL release 5.7 (Boron) 
>
>
# cat /etc/redhat-release 
Scientific Linux SL release 5.7 (Boron) 

 
  • Install the additional repositories: EPEL, Certification Authority, UMD
Added:
>
>
 
Deleted:
<
<
# wget http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm # rpm -ivh epel-release-5-4.noarch.rpm # wget http://repository.egi.eu/sw/production/umd/1/sl5/x86_64/updates/umd-release-1.0.2-1.el5.noarch.rpm # rpm -ivh umd-release-1.0.2-1.el5.noarch.rpm
 # cd /etc/yum.repos.d/
Added:
>
>
# rpm -ivh http://mirror.switch.ch/ftp/mirror/epel//5/x86_64/epel-release-5-4.noarch.rpm
 # wget http://repo-pd.italiangrid.it/mrepo/repos/egi-trustanchors.repo
Added:
>
>
# rpm -ivh http://repo-pd.italiangrid.it/mrepo/EMI/1/sl5/x86_64/updates/emi-release-1.0.1-1.sl5.noarch.rpm
 # yum install yum-priorities yum-protectbase
Added:
>
>
 
  • Be sure that SELINUX is disabled (or permissive). Details on how to disable SELINUX are here:
Added:
>
>
 
# getenforce 
Disabled
Line: 41 to 45
 # getenforce Disabled
Added:
>
>
 
  • Check the repos list (sl-*.repo are the repos of the O.S. and they should be present by default).
Added:
>
>
 
# ls /etc/yum.repos.d/
Changed:
<
<
EGI-trustanchors.repo
>
>
egi-trustanchors.repo emi1-third-party.repo emi1-base.repo emi1-updates.repo
 epel.repo epel-testing.repo
Changed:
<
<
sl-contrib.repo sl-debuginfo.repo sl-fastbugs.repo sl.repo sl-security.repo sl-srpms.repo sl-testing.repo UMD-1-base.repo UMD-1-updates.repo
>
>
sl-contrib.repo sl-fastbugs.repo sl-security.repo sl-testing.repo sl-debuginfo.repo sl.repo sl-srpms.repo
 

Update host and perform the installation of package(s) (DRAFT)

Line: 56 to 62
 Loaded plugins: downloadonly, kernel-module, priorities, protect-packages, protectbase, security, verify, versionlock Cleaning up Everything
Changed:
<
<
# yum install ca-policy-egi-core SOMETHING
>
>
# yum install ca-policy-egi-core emi-px Loaded plugins: downloadonly, kernel-module, priorities, protectbase sl-security | 1.9 kB 00:00 sl-security/primary_db | 299 kB 00:01 242 packages excluded due to repository priority protections 0 packages excluded due to repository protections Setting up Install Process Package ca-policy-egi-core-1.43-1.noarch already installed and latest version Resolving Dependencies --> Running transaction check
> Package emi-px.x86_64 0:1.0.0-1.sl5 set to be updated --> Processing Dependency: glite-px-myproxy-yaim for package: emi-px --> Processing Dependency: emi-version for package: emi-px --> Processing Dependency: myproxy-admin for package: emi-px --> Processing Dependency: fetch-crl for package: emi-px --> Processing Dependency: bdii for package: emi-px --> Processing Dependency: myproxy-server for package: emi-px --> Processing Dependency: glue-schema for package: emi-px --> Processing Dependency: glite-info-provider-service for package: emi-px --> Running transaction check
> Package bdii.noarch 0:5.2.5-2.el5 set to be updated --> Processing Dependency: openldap-servers for package: bdii --> Processing Dependency: expect for package: bdii --> Processing Dependency: openldap-clients for package: bdii
> Package emi-version.x86_64 0:1.7.0-1.sl5 set to be updated
> Package fetch-crl.noarch 0:2.8.4-2.el5 set to be updated
> Package glite-info-provider-service.noarch 0:1.7.0-1.el5 set to be updated
> Package glite-px-myproxy-yaim.x86_64 0:4.1.4-2.sl5 set to be updated --> Processing Dependency: glite-yaim-core for package: glite-px-myproxy-yaim --> Processing Dependency: glite-yaim-bdii for package: glite-px-myproxy-yaim
> Package glue-schema.noarch 0:2.0.8-1.el5 set to be updated
> Package myproxy-admin.x86_64 0:5.5-1.el5 set to be updated --> Processing Dependency: myproxy-libs = 5.5-1.el5 for package: myproxy-admin --> Processing Dependency: myproxy = 5.5-1.el5 for package: myproxy-admin --> Processing Dependency: globus-gsi-cert-utils-progs for package: myproxy-admin --> Processing Dependency: libglobus_gsi_credential.so.1()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_gsi_cert_utils.so.0()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_gsi_sysconfig.so.1()(64bit) for package: myproxy-admin --> Processing Dependency: libltdl.so.3()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_openssl.so.0()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_proxy_ssl.so.1()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_gsi_callback.so.0()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_gsi_proxy_core.so.0()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_xio.so.0()(64bit) for package: myproxy-admin --> Processing Dependency: libmyproxy.so.5()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_openssl_error.so.0()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_oldgaa.so.0()(64bit) for package: myproxy-admin --> Processing Dependency: libvomsapi.so.1()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_gssapi_gsi.so.4()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_common.so.0()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_gss_assist.so.3()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_callout.so.0()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_usage.so.0()(64bit) for package: myproxy-admin
> Package myproxy-server.x86_64 0:5.5-1.el5 set to be updated --> Running transaction check
> Package expect.x86_64 0:5.43.0-5.1 set to be updated
> Package glite-yaim-bdii.noarch 0:4.3.4-1.el5 set to be updated
> Package glite-yaim-core.noarch 0:5.0.2-1.sl5 set to be updated
> Package globus-callout.x86_64 0:0.7-8.el5 set to be updated --> Processing Dependency: globus-libtool >= 1 for package: globus-callout
> Package globus-common.x86_64 0:11.6-5.el5 set to be updated
> Package globus-gsi-callback.x86_64 0:2.8-2.el5 set to be updated --> Processing Dependency: globus-openssl >= 1 for package: globus-gsi-callback
> Package globus-gsi-cert-utils.x86_64 0:6.7-2.el5 set to be updated
> Package globus-gsi-cert-utils-progs.x86_64 0:6.7-2.el5 set to be updated --> Processing Dependency: globus-common-setup >= 2 for package: globus-gsi-cert-utils-progs --> Processing Dependency: globus-openssl-progs >= 1 for package: globus-gsi-cert-utils-progs
> Package globus-gsi-credential.x86_64 0:3.5-3.el5 set to be updated
> Package globus-gsi-openssl-error.x86_64 0:0.14-8.el5 set to be updated
> Package globus-gsi-proxy-core.x86_64 0:4.7-2.el5 set to be updated
> Package globus-gsi-proxy-ssl.x86_64 0:2.3-3.el5 set to be updated
> Package globus-gsi-sysconfig.x86_64 0:3.2-1.el5 set to be updated
> Package globus-gss-assist.x86_64 0:5.10-1.el5 set to be updated
> Package globus-gssapi-gsi.x86_64 0:7.8-1.el5 set to be updated
> Package globus-openssl-module.x86_64 0:1.3-3.el5 set to be updated
> Package globus-usage.x86_64 0:1.4-2.el5 set to be updated
> Package globus-xio.x86_64 0:2.8-4.el5 set to be updated
> Package libtool-ltdl.x86_64 0:1.5.22-7.el5_4 set to be updated
> Package myproxy.x86_64 0:5.5-1.el5 set to be updated --> Processing Dependency: globus-proxy-utils for package: myproxy --> Processing Dependency: voms-clients for package: myproxy
> Package myproxy-libs.x86_64 0:5.5-1.el5 set to be updated
> Package openldap-clients.x86_64 0:2.3.43-12.el5_6.7 set to be updated
> Package openldap-servers.x86_64 0:2.3.43-12.el5_6.7 set to be updated EGI-trustanchors/filelists | 14 kB 00:00 EMI-1-base/filelists_db | 181 kB 00:00 EMI-1-third-party/filelists_db | 57 kB 00:00 EMI-1-updates/filelists_db | 113 kB 00:00 epel/filelists_db | 5.5 MB 00:00 sl-base/filelists | 3.3 MB 00:02 sl-security/filelists_db | 1.1 MB 00:01
> Package voms.x86_64 0:2.0.2-1.sl5 set to be updated --> Running transaction check
> Package globus-common-progs.x86_64 0:11.6-5.el5 set to be updated --> Processing Dependency: autoconf for package: globus-common-progs --> Processing Dependency: finger for package: globus-common-progs --> Processing Dependency: cvs for package: globus-common-progs
> Package globus-libtool.x86_64 0:1.2-4.el5 set to be updated
> Package globus-openssl.x86_64 0:5.1-2.el5 set to be updated
> Package globus-openssl-progs.x86_64 0:5.1-2.el5 set to be updated
> Package globus-proxy-utils.x86_64 0:3.10-1.el5 set to be updated
> Package voms-clients.x86_64 0:2.0.0-1.sl5 set to be updated --> Running transaction check
> Package autoconf.noarch 0:2.59-12 set to be updated --> Processing Dependency: imake for package: autoconf
> Package cvs.x86_64 0:1.11.22-7.el5 set to be updated
> Package finger.x86_64 0:0.17-33 set to be updated --> Running transaction check
> Package imake.x86_64 0:1.0.2-3 set to be updated --> Finished Dependency Resolution Beginning Kernel Module Plugin Finished Kernel Module Plugin

Dependencies Resolved

============================================================================================================================================================================== Package Arch Version Repository Size ============================================================================================================================================================================== Installing: emi-px x86_64 1.0.0-1.sl5 EMI-1-base 1.7 k Installing for dependencies: autoconf noarch 2.59-12 sl-base 648 k bdii noarch 5.2.5-2.el5 EMI-1-updates 20 k cvs x86_64 1.11.22-7.el5 sl-base 737 k emi-version x86_64 1.7.0-1.sl5 EMI-1-updates 2.1 k expect x86_64 5.43.0-5.1 sl-base 160 k fetch-crl noarch 2.8.4-2.el5 epel 24 k finger x86_64 0.17-33 sl-base 21 k glite-info-provider-service noarch 1.7.0-1.el5 EMI-1-updates 53 k glite-px-myproxy-yaim x86_64 4.1.4-2.sl5 EMI-1-base 8.1 k glite-yaim-bdii noarch 4.3.4-1.el5 EMI-1-updates 10 k glite-yaim-core noarch 5.0.2-1.sl5 EMI-1-updates 116 k globus-callout x86_64 0.7-8.el5 epel 16 k globus-common x86_64 11.6-5.el5 epel 109 k globus-common-progs x86_64 11.6-5.el5 epel 67 k globus-gsi-callback x86_64 2.8-2.el5 epel 39 k globus-gsi-cert-utils x86_64 6.7-2.el5 epel 18 k globus-gsi-cert-utils-progs x86_64 6.7-2.el5 epel 26 k globus-gsi-credential x86_64 3.5-3.el5 epel 32 k globus-gsi-openssl-error x86_64 0.14-8.el5 epel 15 k globus-gsi-proxy-core x86_64 4.7-2.el5 epel 33 k globus-gsi-proxy-ssl x86_64 2.3-3.el5 epel 17 k globus-gsi-sysconfig x86_64 3.2-1.el5 epel 28 k globus-gss-assist x86_64 5.10-1.el5 epel 31 k globus-gssapi-gsi x86_64 7.8-1.el5 epel 55 k globus-libtool x86_64 1.2-4.el5 epel 4.2 k globus-openssl x86_64 5.1-2.el5 epel 4.6 k globus-openssl-module x86_64 1.3-3.el5 epel 13 k globus-openssl-progs x86_64 5.1-2.el5 epel 4.3 k globus-proxy-utils x86_64 3.10-1.el5 epel 45 k globus-usage x86_64 1.4-2.el5 epel 15 k globus-xio x86_64 2.8-4.el5 epel 123 k glue-schema noarch 2.0.8-1.el5 EMI-1-updates 33 k imake x86_64 1.0.2-3 sl-base 318 k libtool-ltdl x86_64 1.5.22-7.el5_4 sl-base 38 k myproxy x86_64 5.5-1.el5 epel 86 k myproxy-admin x86_64 5.5-1.el5 epel 55 k myproxy-libs x86_64 5.5-1.el5 epel 121 k myproxy-server x86_64 5.5-1.el5 epel 52 k openldap-clients x86_64 2.3.43-12.el5_6.7 sl-base 223 k openldap-servers x86_64 2.3.43-12.el5_6.7 sl-base 2.2 M voms x86_64 2.0.2-1.sl5 EMI-1-base 165 k voms-clients x86_64 2.0.0-1.sl5 EMI-1-base 178 k

Transaction Summary ============================================================================================================================================================================== Install 43 Package(s) Upgrade 0 Package(s)

Total download size: 5.9 M Is this ok [y/N]: Downloading Packages: (1/43): emi-px-1.0.0-1.sl5.x86_64.rpm | 1.7 kB 00:00 (2/43): emi-version-1.7.0-1.sl5.x86_64.rpm | 2.1 kB 00:00 (3/43): globus-libtool-1.2-4.el5.x86_64.rpm | 4.2 kB 00:00 (4/43): globus-openssl-progs-5.1-2.el5.x86_64.rpm | 4.3 kB 00:00 (5/43): globus-openssl-5.1-2.el5.x86_64.rpm | 4.6 kB 00:00 (6/43): glite-px-myproxy-yaim-4.1.4-2.sl5.x86_64.rpm | 8.1 kB 00:00 (7/43): glite-yaim-bdii-4.3.4-1.el5.noarch.rpm | 10 kB 00:00 (8/43): globus-openssl-module-1.3-3.el5.x86_64.rpm | 13 kB 00:00 (9/43): globus-gsi-openssl-error-0.14-8.el5.x86_64.rpm | 15 kB 00:00 (10/43): globus-usage-1.4-2.el5.x86_64.rpm | 15 kB 00:00 (11/43): globus-callout-0.7-8.el5.x86_64.rpm | 16 kB 00:00 (12/43): globus-gsi-proxy-ssl-2.3-3.el5.x86_64.rpm | 17 kB 00:00 (13/43): globus-gsi-cert-utils-6.7-2.el5.x86_64.rpm | 18 kB 00:00 (14/43): bdii-5.2.5-2.el5.noarch.rpm | 20 kB 00:00 (15/43): finger-0.17-33.x86_64.rpm | 21 kB 00:00 (16/43): fetch-crl-2.8.4-2.el5.noarch.rpm | 24 kB 00:00 (17/43): globus-gsi-cert-utils-progs-6.7-2.el5.x86_64.rpm | 26 kB 00:00 (18/43): globus-gsi-sysconfig-3.2-1.el5.x86_64.rpm | 28 kB 00:00 (19/43): globus-gss-assist-5.10-1.el5.x86_64.rpm | 31 kB 00:00 (20/43): globus-gsi-credential-3.5-3.el5.x86_64.rpm | 32 kB 00:00 (21/43): globus-gsi-proxy-core-4.7-2.el5.x86_64.rpm | 33 kB 00:00 (22/43): glue-schema-2.0.8-1.el5.noarch.rpm | 33 kB 00:00 (23/43): libtool-ltdl-1.5.22-7.el5_4.x86_64.rpm | 38 kB 00:00 (24/43): globus-gsi-callback-2.8-2.el5.x86_64.rpm | 39 kB 00:00 (25/43): globus-proxy-utils-3.10-1.el5.x86_64.rpm | 45 kB 00:00 (26/43): myproxy-server-5.5-1.el5.x86_64.rpm | 52 kB 00:00 (27/43): glite-info-provider-service-1.7.0-1.el5.noarch.rpm | 53 kB 00:00 (28/43): globus-gssapi-gsi-7.8-1.el5.x86_64.rpm | 55 kB 00:00 (29/43): myproxy-admin-5.5-1.el5.x86_64.rpm | 55 kB 00:00 (30/43): globus-common-progs-11.6-5.el5.x86_64.rpm | 67 kB 00:00 (31/43): myproxy-5.5-1.el5.x86_64.rpm | 86 kB 00:00 (32/43): globus-common-11.6-5.el5.x86_64.rpm | 109 kB 00:00 (33/43): glite-yaim-core-5.0.2-1.sl5.noarch.rpm | 116 kB 00:00 (34/43): myproxy-libs-5.5-1.el5.x86_64.rpm | 121 kB 00:00 (35/43): globus-xio-2.8-4.el5.x86_64.rpm | 123 kB 00:00 (36/43): expect-5.43.0-5.1.x86_64.rpm | 160 kB 00:00 (37/43): voms-2.0.2-1.sl5.x86_64.rpm | 165 kB 00:00 (38/43): voms-clients-2.0.0-1.sl5.x86_64.rpm | 178 kB 00:00 (39/43): openldap-clients-2.3.43-12.el5_6.7.x86_64.rpm | 223 kB 00:00 (40/43): imake-1.0.2-3.x86_64.rpm | 318 kB 00:00 (41/43): autoconf-2.59-12.noarch.rpm | 648 kB 00:00 (42/43): cvs-1.11.22-7.el5.x86_64.rpm | 737 kB 00:00 (43/43): openldap-servers-2.3.43-12.el5_6.7.x86_64.rpm | 2.2 MB 00:00


Total 727 kB/s | 5.9 MB 00:08 warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 217521f6 epel/gpgkey | 1.7 kB 00:00 Importing GPG key 0x217521F6 "Fedora EPEL <epel@fedoraproject.org>" from /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL Is this ok [y/N]: y warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID df9e12ef EMI-1-updates/gpgkey | 1.7 kB 00:00 Importing GPG key 0xDF9E12EF "Doina Cristina Aiftimiei (EMI Release Manager) <aiftim@pd.infn.it>" from /etc/pki/rpm-gpg/RPM-GPG-KEY-emi Is this ok [y/N]: y Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing : libtool-ltdl 1/43 Installing : voms 2/43 Installing : globus-openssl 3/43 Installing : globus-gsi-proxy-ssl 4/43 Installing : globus-libtool 5/43 Installing : globus-common 6/43 Installing : globus-gsi-openssl-error 7/43 Installing : globus-gsi-sysconfig 8/43 Installing : globus-openssl-module 9/43 Installing : globus-gsi-cert-utils 10/43 Installing : globus-gsi-callback 11/43 Installing : globus-gsi-credential 12/43 Installing : globus-gsi-proxy-core 13/43 Installing : globus-gssapi-gsi 14/43 Installing : globus-callout 15/43 Installing : globus-gss-assist 16/43 Installing : globus-xio 17/43 Installing : globus-usage 18/43 Installing : myproxy-libs 19/43 Installing : myproxy-server 20/43 Installing : glue-schema 21/43 Installing : globus-proxy-utils 22/43 Installing : voms-clients 23/43 Installing : myproxy 24/43 Installing : openldap-servers 25/43 Installing : expect 26/43 Installing : openldap-clients 27/43 Installing : imake 28/43 Installing : cvs 29/43 Installing : finger 30/43 Installing : autoconf 31/43 Installing : globus-common-progs 32/43 Installing : bdii 33/43 Installing : globus-openssl-progs 34/43 Installing : globus-gsi-cert-utils-progs 35/43 Installing : myproxy-admin 36/43 Installing : glite-yaim-bdii 37/43 Installing : glite-yaim-core 38/43 Installing : glite-px-myproxy-yaim 39/43 Installing : emi-version 40/43 Installing : glite-info-provider-service 41/43 Installing : fetch-crl 42/43 Installing : emi-px 43/43

Installed: emi-px.x86_64 0:1.0.0-1.sl5

Dependency Installed: autoconf.noarch 0:2.59-12 bdii.noarch 0:5.2.5-2.el5 cvs.x86_64 0:1.11.22-7.el5 emi-version.x86_64 0:1.7.0-1.sl5 expect.x86_64 0:5.43.0-5.1 fetch-crl.noarch 0:2.8.4-2.el5 finger.x86_64 0:0.17-33 glite-info-provider-service.noarch 0:1.7.0-1.el5 glite-px-myproxy-yaim.x86_64 0:4.1.4-2.sl5 glite-yaim-bdii.noarch 0:4.3.4-1.el5 glite-yaim-core.noarch 0:5.0.2-1.sl5 globus-callout.x86_64 0:0.7-8.el5 globus-common.x86_64 0:11.6-5.el5 globus-common-progs.x86_64 0:11.6-5.el5 globus-gsi-callback.x86_64 0:2.8-2.el5 globus-gsi-cert-utils.x86_64 0:6.7-2.el5 globus-gsi-cert-utils-progs.x86_64 0:6.7-2.el5 globus-gsi-credential.x86_64 0:3.5-3.el5 globus-gsi-openssl-error.x86_64 0:0.14-8.el5 globus-gsi-proxy-core.x86_64 0:4.7-2.el5 globus-gsi-proxy-ssl.x86_64 0:2.3-3.el5 globus-gsi-sysconfig.x86_64 0:3.2-1.el5 globus-gss-assist.x86_64 0:5.10-1.el5 globus-gssapi-gsi.x86_64 0:7.8-1.el5 globus-libtool.x86_64 0:1.2-4.el5 globus-openssl.x86_64 0:5.1-2.el5 globus-openssl-module.x86_64 0:1.3-3.el5 globus-openssl-progs.x86_64 0:5.1-2.el5 globus-proxy-utils.x86_64 0:3.10-1.el5 globus-usage.x86_64 0:1.4-2.el5 globus-xio.x86_64 0:2.8-4.el5 glue-schema.noarch 0:2.0.8-1.el5 imake.x86_64 0:1.0.2-3 libtool-ltdl.x86_64 0:1.5.22-7.el5_4 myproxy.x86_64 0:5.5-1.el5 myproxy-admin.x86_64 0:5.5-1.el5 myproxy-libs.x86_64 0:5.5-1.el5 myproxy-server.x86_64 0:5.5-1.el5 openldap-clients.x86_64 0:2.3.43-12.el5_6.7 openldap-servers.x86_64 0:2.3.43-12.el5_6.7 voms.x86_64 0:2.0.2-1.sl5 voms-clients.x86_64 0:2.0.0-1.sl5

Complete!

 

Service configuration

Changed:
<
<
The configuration file for this service is really basic:
>
>
The configuration file for this service is really basic. For autorization:
  • DN list of authorized renewals (WMS and nagios)
  • DN list of trusted retrievers (nagios)
 
Changed:
<
<
# cat site-info.def ????
>
>
cat << EOF > site-info.def SITE_NAME=emitb PX_HOST=`hostname -f` GRID_AUTHORIZED_RETRIEVERS="\*" GRID_AUTHORIZED_RENEWERS=" '/DC=org/DC=terena/DC=tcs/C=CZ/O=Masaryk University/CN=emitb2.ics.muni.cz' '/DC=ch/DC=cern/OU=computers/CN=cvitbrcnagios.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=lxbra2302.cern.ch' '/C=CH/O=CERN/OU=GRID/CN=host/lxbra2302.cern.ch' '/C=CH/O=CERN/OU=GRID/CN=host/cvitbrcnagios.cern.ch' " GRID_TRUSTED_RETRIEVERS=" '/DC=ch/DC=cern/OU=computers/CN=cvitbrcnagios.cern.ch' '/C=CH/O=CERN/OU=GRID/CN=host/cvitbrcnagios.cern.ch' "
 
Added:
>
>

host certificate required

 

YAIM check

#  chmod -R 600 /root/siteinfo
Changed:
<
<
# /opt/glite/yaim/bin/yaim -v -s /root/siteinfo/site-info.def -n ??????
>
>
# /opt/glite/yaim/bin/yaim -v -s /root/siteinfo/site-info.def -n ?????? /opt/glite/yaim/bin/yaim -c -s ./site-info.def -n glite-PX
 

Know Issue and Workaround

Line: 78 to 397
 

YAIM config

Please use the debug flag ( "-d 6") to configure the services in order to have detailed information. For your convenience yo can save all the configuration information in a log file you can look at any time, separated from the yaimlog defulat one.
Changed:
<
<
# /opt/glite/yaim/bin/yaim -c -d 6 -s /root/siteinfo/site-info.def -n ??????
>
>
# /opt/glite/yaim/bin/yaim -c -d 6 -s /root/siteinfo/site-info.def -n ?????? /opt/glite/yaim/bin/yaim -c -s ./site-info.def -n glite-PX
 

Service checks

Added:
>
>

Additional notes

In order to make the WMS renewal function it is necessary:
  1. To include the DN of the WMS that process the jobs among the authorized renewers on the MyProxy server, i.e. to add authorized_renewers DN to the configuration and restart the server;
  2. Upload the proxy of the job submitter in the MyProxy server using myproxy-init -s myproxy_server -d -n
  3. Submit the job with the MyProxy server hostname being given in the JDL
 

Revision

Revision 22011-12-28 - PaoloVeronesi

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Notes about Installation and Configuration of myproxy (DRAFT)

Deleted:
<
<
 
  • These notes are provided by site admins on a best effort base as a contribution to the IGI communities and MUST not be considered as a subsitute of the Official IGI documentation.
  • This document is addressed to site administrators responsible for middleware installation and configuration.
Changed:
<
<
  • The goal of this page is to provide some hints and examples on how to install and configure an IGI myproxy service based on EMI/UMD middleware.
>
>
  • The goal of this page is to provide some hints and examples on how to install and configure an IGI myproxy service based on UMD middleware.
  NB: The myproxy service is a CORE service, it should not be installed at Resource Center level. The official endpoint provided by IGI is myproxy.cnaf.infn.it and MUST be used by all Resource Centers and Services part of the IGI infrastructure.
Added:
>
>
 

References

  1. About IGI - Italian Grid infrastructure
Line: 18 to 16
 
  1. Grid Administration FAQs page

Reccommendations

Changed:
<
<
  • The service needs at least two cores, 4 GB RAM, 10 GB disk space. A full virtualized machine based on KVM has been used in the following notes.
>
>
  • The service needs at least:
    • 3 cores
    • 3 GB RAM
    • 10 GB disk space.
A full virtualized machine based on KVM has been used in the following notes.
 
Changed:
<
<

O.S. and Repos (DRAFT)

>
>

O.S. and Repos

 
  • Starts from a fresh installation of Scientific Linux 5.x (x86_64).
# cat /etc/redhat-release 
Scientific Linux SL release 5.7 (Boron) 
Changed:
<
<
  • Install the additional repositories: EPEL, Certification Authority, EMI
>
>
  • Install the additional repositories: EPEL, Certification Authority, UMD
 
Added:
>
>
# wget http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm # rpm -ivh epel-release-5-4.noarch.rpm # wget http://repository.egi.eu/sw/production/umd/1/sl5/x86_64/updates/umd-release-1.0.2-1.el5.noarch.rpm # rpm -ivh umd-release-1.0.2-1.el5.noarch.rpm
 # cd /etc/yum.repos.d/
Deleted:
<
<
# rpm -ivh http://mirror.switch.ch/ftp/mirror/epel//5/x86_64/epel-release-5-4.noarch.rpm
 # wget http://repo-pd.italiangrid.it/mrepo/repos/egi-trustanchors.repo
Deleted:
<
<
# rpm -ivh http://repo-pd.italiangrid.it/mrepo/EMI/1/sl5/x86_64/updates/emi-release-1.0.1-1.sl5.noarch.rpm
 # yum install yum-priorities yum-protectbase
  • Be sure that SELINUX is disabled (or permissive). Details on how to disable SELINUX are here:
Line: 40 to 44
 
  • Check the repos list (sl-*.repo are the repos of the O.S. and they should be present by default).
# ls /etc/yum.repos.d/
Changed:
<
<
emi1-base.repo emi1-updates.repo epel-testing.repo emi1-third-party.repo sl-contrib.repo sl-fastbugs.repo sl-security.repo sl-testing.repo sl-debuginfo.repo sl.repo sl-srpms.repo egi-trustanchors.repo epel.repo
>
>
EGI-trustanchors.repo epel.repo epel-testing.repo sl-contrib.repo sl-debuginfo.repo sl-fastbugs.repo sl.repo sl-security.repo sl-srpms.repo sl-testing.repo UMD-1-base.repo UMD-1-updates.repo
 
Changed:
<
<

Update host and perform the installation of package(s)

>
>

Update host and perform the installation of package(s) (DRAFT)

 
# yum clean all
Loaded plugins: downloadonly, kernel-module, priorities, protect-packages, protectbase, security, verify, versionlock
Cleaning up Everything
Changed:
<
<
# yum install ca-policy-egi-core emi-bdii-top Loaded plugins: downloadonly, kernel-module, priorities, protect-packages, protectbase, security, verify, versionlock EGI-trustanchors | 951 B 00:00 EGI-trustanchors/primary | 29 kB 00:00 EGI-trustanchors 203/203 EMI-1-base | 1.9 kB 00:00 EMI-1-base/primary_db | 236 kB 00:00 EMI-1-third-party | 1.9 kB 00:00 EMI-1-third-party/primary_db | 25 kB 00:00 EMI-1-updates | 1.9 kB 00:00 EMI-1-updates/primary_db | 168 kB 00:00 epel | 3.7 kB 00:00 epel/primary_db | 3.9 MB 00:00 sl-base | 1.1 kB 00:00 sl-base/primary | 1.0 MB 00:01 sl-base 3702/3702 sl-security | 1.9 kB 00:00 sl-security/primary_db | 200 kB 00:01 234 packages excluded due to repository priority protections 0 packages excluded due to repository protections Reading version lock configuration Setting up Install Process Package ca-policy-egi-core-1.42-1.noarch already installed and latest version Resolving Dependencies --> Running transaction check
> Package emi-bdii-top.x86_64 0:1.0.0-1.sl5 set to be updated --> Processing Dependency: openldap2.4-servers for package: emi-bdii-top --> Processing Dependency: bdii-config-top for package: emi-bdii-top --> Processing Dependency: glite-yaim-bdii for package: emi-bdii-top --> Processing Dependency: glite-info-update-endpoints for package: emi-bdii-top --> Processing Dependency: bdii for package: emi-bdii-top --> Processing Dependency: glue-schema for package: emi-bdii-top --> Processing Dependency: glite-info-provider-service for package: emi-bdii-top --> Processing Dependency: glite-yaim-core for package: emi-bdii-top --> Processing Dependency: glite-info-provider-ldap for package: emi-bdii-top --> Processing Dependency: glite-info-plugin-fcr for package: emi-bdii-top --> Running transaction check
> Package bdii.noarch 0:5.2.5-2.el5 set to be updated --> Processing Dependency: openldap-servers for package: bdii --> Processing Dependency: expect for package: bdii --> Processing Dependency: openldap-clients for package: bdii
> Package bdii-config-top.noarch 0:1.0.4-1.el5 set to be updated
> Package glite-info-plugin-fcr.noarch 0:2.0.2-1.sl5 set to be updated
> Package glite-info-provider-ldap.noarch 0:1.4.1-1.el5 set to be updated --> Processing Dependency: perl(LWP::Simple) for package: glite-info-provider-ldap
> Package glite-info-provider-service.noarch 0:1.7.0-1.el5 set to be updated
> Package glite-info-update-endpoints.noarch 0:2.0.7-1.el5 set to be updated
> Package glite-yaim-bdii.noarch 0:4.3.4-1.el5 set to be updated
> Package glite-yaim-core.noarch 0:5.0.2-1.sl5 set to be updated
> Package glue-schema.noarch 0:2.0.8-1.el5 set to be updated
> Package openldap2.4-servers.x86_64 0:2.4.22-1.el5 set to be updated --> Processing Dependency: lib64ldap2.4_2 = 2.4.22-1.el5 for package: openldap2.4-servers --> Processing Dependency: cyrus-sasl = 2.1.22 for package: openldap2.4-servers --> Processing Dependency: openldap2.4-extra-schemas >= 1.3-7 for package: openldap2.4-servers --> Processing Dependency: openldap2.4-extra-schemas >= 1.3-7 for package: openldap2.4-servers --> Processing Dependency: libltdl.so.3()(64bit) for package: openldap2.4-servers --> Processing Dependency: libldap_r-2.4.so.2()(64bit) for package: openldap2.4-servers --> Processing Dependency: liblber-2.4.so.2()(64bit) for package: openldap2.4-servers --> Processing Dependency: libodbc.so.1()(64bit) for package: openldap2.4-servers --> Running transaction check
> Package cyrus-sasl.x86_64 0:2.1.22-5.el5_4.3 set to be updated
> Package expect.x86_64 0:5.43.0-5.1 set to be updated
> Package lib64ldap2.4_2.x86_64 0:2.4.22-1.el5 set to be updated --> Processing Dependency: openldap2.4 >= 2.1.25-4mdk for package: lib64ldap2.4_2
> Package libtool-ltdl.x86_64 0:1.5.22-7.el5_4 set to be updated
> Package openldap-clients.x86_64 0:2.3.43-12.el5_6.7 set to be updated
> Package openldap-servers.x86_64 0:2.3.43-12.el5_6.7 set to be updated EGI-trustanchors/filelists | 14 kB 00:00 EMI-1-base/filelists_db | 181 kB 00:00 EMI-1-third-party/filelists_db | 57 kB 00:00 EMI-1-updates/filelists_db | 108 kB 00:00 cnaf-local/filelists | 1.1 kB 00:00 epel/filelists_db | 5.5 MB 00:00 lemon-sl5-i386/filelists | 9.5 kB 00:00 sl-base/filelists | 3.3 MB 00:02 sl-security/filelists_db | 870 kB 00:01
> Package openldap2.4-extra-schemas.noarch 0:1.3-10.el5 set to be updated
> Package perl-libwww-perl.noarch 0:5.805-1.1.1 set to be updated --> Processing Dependency: perl-HTML-Parser >= 3.33 for package: perl-libwww-perl --> Processing Dependency: perl(URI::URL) for package: perl-libwww-perl --> Processing Dependency: perl(URI) for package: perl-libwww-perl --> Processing Dependency: perl(HTML::Entities) for package: perl-libwww-perl --> Processing Dependency: perl(Compress::Zlib) for package: perl-libwww-perl --> Processing Dependency: perl(URI::Escape) for package: perl-libwww-perl --> Processing Dependency: perl(URI::Heuristic) for package: perl-libwww-perl
> Package unixODBC.x86_64 0:2.2.11-7.1 set to be updated --> Running transaction check
> Package openldap2.4.x86_64 0:2.4.22-1.el5 set to be updated
> Package perl-Compress-Zlib.x86_64 0:1.42-1.fc6 set to be updated
> Package perl-HTML-Parser.x86_64 0:3.55-1.fc6 set to be updated --> Processing Dependency: perl-HTML-Tagset >= 3.03 for package: perl-HTML-Parser --> Processing Dependency: perl(HTML::Tagset) for package: perl-HTML-Parser
> Package perl-URI.noarch 0:1.35-3 set to be updated --> Running transaction check
> Package perl-HTML-Tagset.noarch 0:3.10-2.1.1 set to be updated --> Finished Dependency Resolution Beginning Kernel Module Plugin Finished Kernel Module Plugin

Dependencies Resolved

======================================================================================================================================================================================================================================= Package Arch Version Repository Size ======================================================================================================================================================================================================================================= Installing: emi-bdii-top x86_64 1.0.0-1.sl5 EMI-1-base 1.7 k Installing for dependencies: bdii noarch 5.2.5-2.el5 EMI-1-updates 20 k bdii-config-top noarch 1.0.4-1.el5 EMI-1-updates 4.1 k cyrus-sasl x86_64 2.1.22-5.el5_4.3 sl-base 1.2 M expect x86_64 5.43.0-5.1 sl-base 160 k glite-info-plugin-fcr noarch 2.0.2-1.sl5 EMI-1-updates 3.7 k glite-info-provider-ldap noarch 1.4.1-1.el5 EMI-1-updates 7.1 k glite-info-provider-service noarch 1.7.0-1.el5 EMI-1-updates 53 k glite-info-update-endpoints noarch 2.0.7-1.el5 EMI-1-base 5.6 k glite-yaim-bdii noarch 4.3.4-1.el5 EMI-1-updates 10 k glite-yaim-core noarch 5.0.2-1.sl5 EMI-1-updates 116 k glue-schema noarch 2.0.8-1.el5 EMI-1-updates 33 k lib64ldap2.4_2 x86_64 2.4.22-1.el5 EMI-1-third-party 300 k libtool-ltdl x86_64 1.5.22-7.el5_4 sl-base 38 k openldap-clients x86_64 2.3.43-12.el5_6.7 sl-base 223 k openldap-servers x86_64 2.3.43-12.el5_6.7 sl-base 2.2 M openldap2.4 x86_64 2.4.22-1.el5 EMI-1-third-party 40 k openldap2.4-extra-schemas noarch 1.3-10.el5 EMI-1-third-party 46 k openldap2.4-servers x86_64 2.4.22-1.el5 EMI-1-third-party 2.1 M perl-Compress-Zlib x86_64 1.42-1.fc6 sl-base 52 k perl-HTML-Parser x86_64 3.55-1.fc6 sl-base 91 k perl-HTML-Tagset noarch 3.10-2.1.1 sl-base 14 k perl-URI noarch 1.35-3 sl-base 116 k perl-libwww-perl noarch 5.805-1.1.1 sl-base 375 k unixODBC x86_64 2.2.11-7.1 sl-base 834 k

Transaction Summary ======================================================================================================================================================================================================================================= Install 25 Package(s) Upgrade 0 Package(s)

Total download size: 8.0 M Is this ok [y/N]: y

Downloading Packages: (1/25): emi-bdii-top-1.0.0-1.sl5.x86_64.rpm | 1.7 kB 00:00 (2/25): glite-info-plugin-fcr-2.0.2-1.sl5.noarch.rpm | 3.7 kB 00:00 (3/25): bdii-config-top-1.0.4-1.el5.noarch.rpm | 4.1 kB 00:00 (4/25): glite-info-update-endpoints-2.0.7-1.el5.noarch.rpm | 5.6 kB 00:00 (5/25): glite-info-provider-ldap-1.4.1-1.el5.noarch.rpm | 7.1 kB 00:00 (6/25): glite-yaim-bdii-4.3.4-1.el5.noarch.rpm | 10 kB 00:00 (7/25): perl-HTML-Tagset-3.10-2.1.1.noarch.rpm | 14 kB 00:00 (8/25): bdii-5.2.5-2.el5.noarch.rpm | 20 kB 00:00 (9/25): glue-schema-2.0.8-1.el5.noarch.rpm | 33 kB 00:00 (10/25): libtool-ltdl-1.5.22-7.el5_4.x86_64.rpm | 38 kB 00:00 (11/25): openldap2.4-2.4.22-1.el5.x86_64.rpm | 40 kB 00:00 (12/25): openldap2.4-extra-schemas-1.3-10.el5.noarch.rpm | 46 kB 00:00 (13/25): perl-Compress-Zlib-1.42-1.fc6.x86_64.rpm | 52 kB 00:00 (14/25): glite-info-provider-service-1.7.0-1.el5.noarch.rpm | 53 kB 00:00 (15/25): perl-HTML-Parser-3.55-1.fc6.x86_64.rpm | 91 kB 00:00 (16/25): perl-URI-1.35-3.noarch.rpm | 116 kB 00:00 (17/25): glite-yaim-core-5.0.2-1.sl5.noarch.rpm | 116 kB 00:00 (18/25): expect-5.43.0-5.1.x86_64.rpm | 160 kB 00:00 (19/25): openldap-clients-2.3.43-12.el5_6.7.x86_64.rpm | 223 kB 00:00 (20/25): lib64ldap2.4_2-2.4.22-1.el5.x86_64.rpm | 300 kB 00:00 (21/25): perl-libwww-perl-5.805-1.1.1.noarch.rpm | 375 kB 00:01 (22/25): unixODBC-2.2.11-7.1.x86_64.rpm | 834 kB 00:00 (23/25): cyrus-sasl-2.1.22-5.el5_4.3.x86_64.rpm | 1.2 MB 00:00 (24/25): openldap2.4-servers-2.4.22-1.el5.x86_64.rpm | 2.1 MB 00:01 (25/25): openldap-servers-2.3.43-12.el5_6.7.x86_64.rpm | 2.2 MB 00:01


Total 372 kB/s | 8.0 MB 00:22 warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID df9e12ef EMI-1-updates/gpgkey | 1.7 kB 00:00 Importing GPG key 0xDF9E12EF "Doina Cristina Aiftimiei (EMI Release Manager) <aiftim@pd.infn.it>" from /etc/pki/rpm-gpg/RPM-GPG-KEY-emi Is this ok [y/N]: y Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing : libtool-ltdl 1/25 Installing : openldap-servers 2/25 Installing : glite-info-update-endpoints 3/25 Installing : glite-info-provider-service 4/25 Installing : glue-schema 5/25 Installing : expect 6/25 Installing : openldap-clients 7/25 Installing : perl-Compress-Zlib 8/25 Installing : cyrus-sasl 9/25 Installing : unixODBC 10/25 Installing : bdii 11/25 Installing : glite-yaim-bdii 12/25 Installing : glite-yaim-core 13/25 Installing : glite-info-plugin-fcr 14/25 Installing : perl-HTML-Tagset 15/25 Installing : perl-HTML-Parser 16/25 Installing : perl-URI 17/25 Installing : perl-libwww-perl 18/25 Installing : glite-info-provider-ldap 19/25 Installing : lib64ldap2.4_2 20/25 Installing : openldap2.4 21/25 Installing : openldap2.4-extra-schemas 22/25 useradd: user ldap exists Adding user ldap to group ldap Installing : openldap2.4-servers 23/25 Generating self-signed certificate... To generate a self-signed certificate, you can use the utility /usr/share/openldap2.4/gencert.sh... Installing : bdii-config-top 24/25 Installing : emi-bdii-top 25/25

Installed: emi-bdii-top.x86_64 0:1.0.0-1.sl5

Dependency Installed: bdii.noarch 0:5.2.5-2.el5 bdii-config-top.noarch 0:1.0.4-1.el5 cyrus-sasl.x86_64 0:2.1.22-5.el5_4.3 expect.x86_64 0:5.43.0-5.1 glite-info-plugin-fcr.noarch 0:2.0.2-1.sl5 glite-info-provider-ldap.noarch 0:1.4.1-1.el5 glite-info-provider-service.noarch 0:1.7.0-1.el5 glite-info-update-endpoints.noarch 0:2.0.7-1.el5 glite-yaim-bdii.noarch 0:4.3.4-1.el5 glite-yaim-core.noarch 0:5.0.2-1.sl5 glue-schema.noarch 0:2.0.8-1.el5 lib64ldap2.4_2.x86_64 0:2.4.22-1.el5 libtool-ltdl.x86_64 0:1.5.22-7.el5_4 openldap-clients.x86_64 0:2.3.43-12.el5_6.7 openldap-servers.x86_64 0:2.3.43-12.el5_6.7 openldap2.4.x86_64 0:2.4.22-1.el5 openldap2.4-extra-schemas.noarch 0:1.3-10.el5 openldap2.4-servers.x86_64 0:2.4.22-1.el5 perl-Compress-Zlib.x86_64 0:1.42-1.fc6 perl-HTML-Parser.x86_64 0:3.55-1.fc6 perl-HTML-Tagset.noarch 0:3.10-2.1.1 perl-URI.noarch 0:1.35-3 perl-libwww-perl.noarch 0:5.805-1.1.1 unixODBC.x86_64 0:2.2.11-7.1

Complete!

>
>
# yum install ca-policy-egi-core SOMETHING
 

Service configuration

The configuration file for this service is really basic:
# cat site-info.def 
Changed:
<
<
################################ # Site configuration variables # ################################ SITE_NAME=INFN-CNAF SITE_EMAIL="grid-operations@lists.cnaf.infn.it" SITE_LAT=44.4948 SITE_LONG=11.3417

################################ # BDII configuration variables # ################################

# Hostname of the top level BDII BDII_HOST=top-bdii01.cnaf.infn.it

>
>
????
 

YAIM check

#  chmod -R 600 /root/siteinfo
Changed:
<
<
# /opt/glite/yaim/bin/yaim -v -s /root/siteinfo/site-info.def -n BDII_top
INFO
Using site configuration file: /root/siteinfo/site-info.def
INFO
###################################################################

. /'.-. ') . yA,-"-,( ,m,:/ ) .oo. oo o ooo o. .oo . / .-Y a a Y-. 8. .8' 8'8. 8 8b d'8 . / ~ ~ / 8' .8oo88. 8 8 8' 8 . (_/ '====' 8 .8' 8. 8 8 Y 8 . Y,-''-,Yy,-.,/ o8o o8o o88o o8o o8o o8o . I_))_) I_))_)

current working directory: /root/siteinfo site-info.def date: Nov 25 17:01 /root/siteinfo/site-info.def yaim command: -v -s /root/siteinfo/site-info.def -n BDII_top log file: /opt/glite/yaim/bin/../log/yaimlog Fri Nov 25 17:07:57 CET 2011 : /opt/glite/yaim/bin/yaim

Installed YAIM versions: glite-yaim-bdii 4.3.4-1 glite-yaim-core 5.0.2-1

####################################################################

INFO
The default location of the grid-env.(c)sh files will be: /usr/libexec
INFO
Sourcing the utilities in /opt/glite/yaim/functions/utils
INFO
Detecting environment
INFO
Executing function: config_info_service_bdii_top_check
INFO
Executing function: config_bdii_5.2_check
INFO
Checking is done.
INFO
All the necessary variables to configure BDII_top are defined in your configuration files.
INFO
Please, bear in mind that YAIM only guarantees the definition of variables
INFO
controlled in the _check functions.
INFO
YAIM terminated succesfully.
>
>
# /opt/glite/yaim/bin/yaim -v -s /root/siteinfo/site-info.def -n ??????
 

Know Issue and Workaround

Deleted:
<
<
Missing /etc/bdii/gip/glite-info-site-defaults.conf, GGUS
  • Workaround: Check if the file exists and it's contents. If it's missing do (replace INFN-CNAF with your SITE-NAME):
    • mkdir /etc/bdii/gip/
    • echo "SITE_NAME=INFN-CNAF" > /etc/bdii/gip/glite-info-site-defaults.conf
Check also the permission of the directory /opt/glite/var/cache/gip if it is not ldap:ldap change it:
  • chown -R ldap:ldap /opt/glite/var/cache/gip/
 

YAIM config

Please use the debug flag ( "-d 6") to configure the services in order to have detailed information. For your convenience yo can save all the configuration information in a log file you can look at any time, separated from the yaimlog defulat one.
Changed:
<
<
# /opt/glite/yaim/bin/yaim -c -d 6 -s /root/siteinfo/site-info.def -n BDII_top
DEBUG
Checking siteinfo dir is not world readable
DEBUG
Checking site-info.def is syntactically correct
DEBUG
Sourcing /opt/glite/yaim/bin/../defaults/site-info.pre
DEBUG
Sourcing /opt/glite/yaim/bin/../defaults/emi-bdii_top.pre
INFO
Using site configuration file: /root/siteinfo/site-info.def
DEBUG
Sourcing site-info.def file: /root/siteinfo/site-info.def
DEBUG
Sourcing /opt/glite/yaim/bin/../defaults/site-info.post
DEBUG
Sourcing /opt/glite/yaim/bin/../defaults/mapping
INFO
###################################################################

. /'.-. ') . yA,-"-,( ,m,:/ ) .oo. oo o ooo o. .oo . / .-Y a a Y-. 8. .8' 8'8. 8 8b d'8 . / ~ ~ / 8' .8oo88. 8 8 8' 8 . (_/ '====' 8 .8' 8. 8 8 Y 8 . Y,-''-,Yy,-.,/ o8o o8o o88o o8o o8o o8o . I_))_) I_))_)

current working directory: /root/siteinfo site-info.def date: Nov 25 17:01 /root/siteinfo/site-info.def yaim command: -c -d 6 -s /root/siteinfo/site-info.def -n BDII_top log file: /opt/glite/yaim/bin/../log/yaimlog Fri Nov 25 17:12:30 CET 2011 : /opt/glite/yaim/bin/yaim

Installed YAIM versions: glite-yaim-bdii 4.3.4-1 glite-yaim-core 5.0.2-1

####################################################################

INFO
The default location of the grid-env.(c)sh files will be: /usr/libexec
INFO
Sourcing the utilities in /opt/glite/yaim/functions/utils
INFO
Detecting environment
DEBUG
Detect platform: OS flavour detected is: emi
DEBUG
Detected architecture is 64BIT
DEBUG
Detect platform: OS type detected: sl5
DEBUG
Resulted NODE_TYPE_LIST is : BDII_top
DEBUG
Setting environment variable GRID_ENV_LOCATION, to value "/usr/libexec".
DEBUG
Unset environment variable GRID_ENV_LOCATION.
DEBUG
Setting environment variable LCG_LOCATION, to value "/usr".
DEBUG
Unset environment variable LCG_LOCATION.
DEBUG
Setting environment variable GLITE_LOCATION, to value "/usr".
DEBUG
Unset environment variable GLITE_LOCATION.
DEBUG
Setting environment variable GLITE_LOCATION_VAR, to value "/var".
DEBUG
Unset environment variable GLITE_LOCATION_VAR.
DEBUG
Appending value "/bin" to environment variable PATH.
DEBUG
Deleting value "/bin" from environment variable PATH.
DEBUG
Appending value "/opt/glite/share/man" to environment variable MANPATH.
DEBUG
Deleting value "/opt/glite/share/man" from environment variable MANPATH.
DEBUG
Sourcing node definition file: /opt/glite/yaim/bin/../node-info.d/glite-bdii_top
INFO
Executing function: config_info_service_bdii_top_check
INFO
Executing function: config_bdii_5.2_check
INFO
Executing function: config_info_service_bdii_top_setenv
DEBUG
This function currently doesn't set any environment variables.
INFO
Executing function: config_info_service_bdii_top
DEBUG
Skipping function: config_bdii_5.2_setenv because it is not defined
INFO
Executing function: config_bdii_5.2
mount: mount point /var/run/bdii/db does not exist Stopping BDII: BDII already stopped Starting BDII slapd: [ OK ] Starting BDII update process: [ OK ]
INFO
Configuration Complete. [ OK ]
INFO
YAIM terminated succesfully.
>
>
# /opt/glite/yaim/bin/yaim -c -d 6 -s /root/siteinfo/site-info.def -n ??????
 
Deleted:
<
<

Service checks

The service could takes ~10 minutes to publish all the informations. From a User Interfaces, try the following commands (replace top-bdii01.cnaf.infn.it with your top-bdii hostname):
  • telnet top-bdii01.cnaf.infn.it 2170. The port 2170 must be opened.
  • lcg-infosites --is top-bdii01.cnaf.infn.it --vo ops ce| wc -l should return a number at least grater than 500
  • check freshness: the information published must be updated. Downolad check_bdii_entries and execute it like in the example:
        ./check_bdii_entries -H top-bdii01.cnaf.infn.it -t 60 -b Mds-Vo-Name=local,O=Grid -p 2170 -w 1200:1 -c 3600:1 -f stats
         OK: freshness=276s, entries=1 |freshness=276s;entries=1
 
Changed:
<
<

Revision

Last revision: 2011-11-28 - Paolo Veronesi

-- PaoloVeronesi - 2011-11-25

>
>

Service checks

 
Added:
>
>

Revision

 

-- PaoloVeronesi - 2011-12-28 \ No newline at end of file

Revision 12011-12-28 - PaoloVeronesi

Line: 1 to 1
Added:
>
>
META TOPICPARENT name="WebHome"

Notes about Installation and Configuration of myproxy (DRAFT)

  • These notes are provided by site admins on a best effort base as a contribution to the IGI communities and MUST not be considered as a subsitute of the Official IGI documentation.
  • This document is addressed to site administrators responsible for middleware installation and configuration.
  • The goal of this page is to provide some hints and examples on how to install and configure an IGI myproxy service based on EMI/UMD middleware.

NB: The myproxy service is a CORE service, it should not be installed at Resource Center level. The official endpoint provided by IGI is myproxy.cnaf.infn.it and MUST be used by all Resource Centers and Services part of the IGI infrastructure.

References

  1. About IGI - Italian Grid infrastructure
  2. About IGI Release
  3. IGI Official Installation and Configuration guide
  4. Troubleshooting Guide for Operational Errors on EGI Sites
  5. Grid Administration FAQs page

Reccommendations

  • The service needs at least two cores, 4 GB RAM, 10 GB disk space. A full virtualized machine based on KVM has been used in the following notes.

O.S. and Repos (DRAFT)

  • Starts from a fresh installation of Scientific Linux 5.x (x86_64).
# cat /etc/redhat-release 
Scientific Linux SL release 5.7 (Boron) 
  • Install the additional repositories: EPEL, Certification Authority, EMI
# cd /etc/yum.repos.d/
# rpm -ivh http://mirror.switch.ch/ftp/mirror/epel//5/x86_64/epel-release-5-4.noarch.rpm
# wget http://repo-pd.italiangrid.it/mrepo/repos/egi-trustanchors.repo
# rpm -ivh http://repo-pd.italiangrid.it/mrepo/EMI/1/sl5/x86_64/updates/emi-release-1.0.1-1.sl5.noarch.rpm
# yum install yum-priorities yum-protectbase
  • Be sure that SELINUX is disabled (or permissive). Details on how to disable SELINUX are here:
# getenforce 
Disabled
  • Check the repos list (sl-*.repo are the repos of the O.S. and they should be present by default).
# ls /etc/yum.repos.d/
emi1-base.repo emi1-updates.repo epel-testing.repo emi1-third-party.repo
sl-contrib.repo sl-fastbugs.repo sl-security.repo sl-testing.repo sl-debuginfo.repo  sl.repo  sl-srpms.repo
egi-trustanchors.repo    
epel.repo                    

Update host and perform the installation of package(s)

# yum clean all
Loaded plugins: downloadonly, kernel-module, priorities, protect-packages, protectbase, security, verify, versionlock
Cleaning up Everything

# yum install ca-policy-egi-core emi-bdii-top 
Loaded plugins: downloadonly, kernel-module, priorities, protect-packages, protectbase, security, verify, versionlock
EGI-trustanchors                                                                                                                                                                                                    |  951 B     00:00     
EGI-trustanchors/primary                                                                                                                                                                                            |  29 kB     00:00     
EGI-trustanchors                                                                                                                                                                                                                   203/203
EMI-1-base                                                                                                                                                                                                          | 1.9 kB     00:00     
EMI-1-base/primary_db                                                                                                                                                                                               | 236 kB     00:00     
EMI-1-third-party                                                                                                                                                                                                   | 1.9 kB     00:00     
EMI-1-third-party/primary_db                                                                                                                                                                                        |  25 kB     00:00     
EMI-1-updates                                                                                                                                                                                                       | 1.9 kB     00:00     
EMI-1-updates/primary_db                                                                                                                                                                                            | 168 kB     00:00                                                                                                                                                                                                                       
epel                                                                                                                                                                                                                | 3.7 kB     00:00     
epel/primary_db                                                                                                                                                                                                     | 3.9 MB     00:00     
sl-base                                                                                                                                                                                                             | 1.1 kB     00:00     
sl-base/primary                                                                                                                                                                                                     | 1.0 MB     00:01     
sl-base                                                                                                                                                                                                                          3702/3702
sl-security                                                                                                                                                                                                         | 1.9 kB     00:00     
sl-security/primary_db                                                                                                                                                                                              | 200 kB     00:01     
234 packages excluded due to repository priority protections
0 packages excluded due to repository protections
Reading version lock configuration
Setting up Install Process
Package ca-policy-egi-core-1.42-1.noarch already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package emi-bdii-top.x86_64 0:1.0.0-1.sl5 set to be updated
--> Processing Dependency: openldap2.4-servers for package: emi-bdii-top
--> Processing Dependency: bdii-config-top for package: emi-bdii-top
--> Processing Dependency: glite-yaim-bdii for package: emi-bdii-top
--> Processing Dependency: glite-info-update-endpoints for package: emi-bdii-top
--> Processing Dependency: bdii for package: emi-bdii-top
--> Processing Dependency: glue-schema for package: emi-bdii-top
--> Processing Dependency: glite-info-provider-service for package: emi-bdii-top
--> Processing Dependency: glite-yaim-core for package: emi-bdii-top
--> Processing Dependency: glite-info-provider-ldap for package: emi-bdii-top
--> Processing Dependency: glite-info-plugin-fcr for package: emi-bdii-top
--> Running transaction check
---> Package bdii.noarch 0:5.2.5-2.el5 set to be updated
--> Processing Dependency: openldap-servers for package: bdii
--> Processing Dependency: expect for package: bdii
--> Processing Dependency: openldap-clients for package: bdii
---> Package bdii-config-top.noarch 0:1.0.4-1.el5 set to be updated
---> Package glite-info-plugin-fcr.noarch 0:2.0.2-1.sl5 set to be updated
---> Package glite-info-provider-ldap.noarch 0:1.4.1-1.el5 set to be updated
--> Processing Dependency: perl(LWP::Simple) for package: glite-info-provider-ldap
---> Package glite-info-provider-service.noarch 0:1.7.0-1.el5 set to be updated
---> Package glite-info-update-endpoints.noarch 0:2.0.7-1.el5 set to be updated
---> Package glite-yaim-bdii.noarch 0:4.3.4-1.el5 set to be updated
---> Package glite-yaim-core.noarch 0:5.0.2-1.sl5 set to be updated
---> Package glue-schema.noarch 0:2.0.8-1.el5 set to be updated
---> Package openldap2.4-servers.x86_64 0:2.4.22-1.el5 set to be updated
--> Processing Dependency: lib64ldap2.4_2 = 2.4.22-1.el5 for package: openldap2.4-servers
--> Processing Dependency: cyrus-sasl = 2.1.22 for package: openldap2.4-servers
--> Processing Dependency: openldap2.4-extra-schemas >= 1.3-7 for package: openldap2.4-servers
--> Processing Dependency: openldap2.4-extra-schemas >= 1.3-7 for package: openldap2.4-servers
--> Processing Dependency: libltdl.so.3()(64bit) for package: openldap2.4-servers
--> Processing Dependency: libldap_r-2.4.so.2()(64bit) for package: openldap2.4-servers
--> Processing Dependency: liblber-2.4.so.2()(64bit) for package: openldap2.4-servers
--> Processing Dependency: libodbc.so.1()(64bit) for package: openldap2.4-servers
--> Running transaction check
---> Package cyrus-sasl.x86_64 0:2.1.22-5.el5_4.3 set to be updated
---> Package expect.x86_64 0:5.43.0-5.1 set to be updated
---> Package lib64ldap2.4_2.x86_64 0:2.4.22-1.el5 set to be updated
--> Processing Dependency: openldap2.4 >= 2.1.25-4mdk for package: lib64ldap2.4_2
---> Package libtool-ltdl.x86_64 0:1.5.22-7.el5_4 set to be updated
---> Package openldap-clients.x86_64 0:2.3.43-12.el5_6.7 set to be updated
---> Package openldap-servers.x86_64 0:2.3.43-12.el5_6.7 set to be updated
EGI-trustanchors/filelists                                                                                                                                                                                          |  14 kB     00:00     
EMI-1-base/filelists_db                                                                                                                                                                                             | 181 kB     00:00     
EMI-1-third-party/filelists_db                                                                                                                                                                                      |  57 kB     00:00     
EMI-1-updates/filelists_db                                                                                                                                                                                          | 108 kB     00:00     
cnaf-local/filelists                                                                                                                                                                                                | 1.1 kB     00:00     
epel/filelists_db                                                                                                                                                                                                   | 5.5 MB     00:00     
lemon-sl5-i386/filelists                                                                                                                                                                                            | 9.5 kB     00:00     
sl-base/filelists                                                                                                                                                                                                   | 3.3 MB     00:02     
sl-security/filelists_db                                                                                                                                                                                            | 870 kB     00:01     
---> Package openldap2.4-extra-schemas.noarch 0:1.3-10.el5 set to be updated
---> Package perl-libwww-perl.noarch 0:5.805-1.1.1 set to be updated
--> Processing Dependency: perl-HTML-Parser >= 3.33 for package: perl-libwww-perl
--> Processing Dependency: perl(URI::URL) for package: perl-libwww-perl
--> Processing Dependency: perl(URI) for package: perl-libwww-perl
--> Processing Dependency: perl(HTML::Entities) for package: perl-libwww-perl
--> Processing Dependency: perl(Compress::Zlib) for package: perl-libwww-perl
--> Processing Dependency: perl(URI::Escape) for package: perl-libwww-perl
--> Processing Dependency: perl(URI::Heuristic) for package: perl-libwww-perl
---> Package unixODBC.x86_64 0:2.2.11-7.1 set to be updated
--> Running transaction check
---> Package openldap2.4.x86_64 0:2.4.22-1.el5 set to be updated
---> Package perl-Compress-Zlib.x86_64 0:1.42-1.fc6 set to be updated
---> Package perl-HTML-Parser.x86_64 0:3.55-1.fc6 set to be updated
--> Processing Dependency: perl-HTML-Tagset >= 3.03 for package: perl-HTML-Parser
--> Processing Dependency: perl(HTML::Tagset) for package: perl-HTML-Parser
---> Package perl-URI.noarch 0:1.35-3 set to be updated
--> Running transaction check
---> Package perl-HTML-Tagset.noarch 0:3.10-2.1.1 set to be updated
--> Finished Dependency Resolution
Beginning Kernel Module Plugin
Finished Kernel Module Plugin

Dependencies Resolved

===========================================================================================================================================================================================================================================
 Package                                                            Arch                                          Version                                                   Repository                                                Size
===========================================================================================================================================================================================================================================
Installing:
 emi-bdii-top                                                       x86_64                                        1.0.0-1.sl5                                               EMI-1-base                                               1.7 k
Installing for dependencies:
 bdii                                                               noarch                                        5.2.5-2.el5                                               EMI-1-updates                                             20 k
 bdii-config-top                                                    noarch                                        1.0.4-1.el5                                               EMI-1-updates                                            4.1 k
 cyrus-sasl                                                         x86_64                                        2.1.22-5.el5_4.3                                          sl-base                                                  1.2 M
 expect                                                             x86_64                                        5.43.0-5.1                                                sl-base                                                  160 k
 glite-info-plugin-fcr                                              noarch                                        2.0.2-1.sl5                                               EMI-1-updates                                            3.7 k
 glite-info-provider-ldap                                           noarch                                        1.4.1-1.el5                                               EMI-1-updates                                            7.1 k
 glite-info-provider-service                                        noarch                                        1.7.0-1.el5                                               EMI-1-updates                                             53 k
 glite-info-update-endpoints                                        noarch                                        2.0.7-1.el5                                               EMI-1-base                                               5.6 k
 glite-yaim-bdii                                                    noarch                                        4.3.4-1.el5                                               EMI-1-updates                                             10 k
 glite-yaim-core                                                    noarch                                        5.0.2-1.sl5                                               EMI-1-updates                                            116 k
 glue-schema                                                        noarch                                        2.0.8-1.el5                                               EMI-1-updates                                             33 k
 lib64ldap2.4_2                                                     x86_64                                        2.4.22-1.el5                                              EMI-1-third-party                                        300 k
 libtool-ltdl                                                       x86_64                                        1.5.22-7.el5_4                                            sl-base                                                   38 k
 openldap-clients                                                   x86_64                                        2.3.43-12.el5_6.7                                         sl-base                                                  223 k
 openldap-servers                                                   x86_64                                        2.3.43-12.el5_6.7                                         sl-base                                                  2.2 M
 openldap2.4                                                        x86_64                                        2.4.22-1.el5                                              EMI-1-third-party                                         40 k
 openldap2.4-extra-schemas                                          noarch                                        1.3-10.el5                                                EMI-1-third-party                                         46 k
 openldap2.4-servers                                                x86_64                                        2.4.22-1.el5                                              EMI-1-third-party                                        2.1 M
 perl-Compress-Zlib                                                 x86_64                                        1.42-1.fc6                                                sl-base                                                   52 k
 perl-HTML-Parser                                                   x86_64                                        3.55-1.fc6                                                sl-base                                                   91 k
 perl-HTML-Tagset                                                   noarch                                        3.10-2.1.1                                                sl-base                                                   14 k
 perl-URI                                                           noarch                                        1.35-3                                                    sl-base                                                  116 k
 perl-libwww-perl                                                   noarch                                        5.805-1.1.1                                               sl-base                                                  375 k
 unixODBC                                                           x86_64                                        2.2.11-7.1                                                sl-base                                                  834 k

Transaction Summary
===========================================================================================================================================================================================================================================
Install      25 Package(s)
Upgrade       0 Package(s)

Total download size: 8.0 M
Is this ok [y/N]: y

Downloading Packages:
(1/25): emi-bdii-top-1.0.0-1.sl5.x86_64.rpm                                                                                                                                                                         | 1.7 kB     00:00     
(2/25): glite-info-plugin-fcr-2.0.2-1.sl5.noarch.rpm                                                                                                                                                                | 3.7 kB     00:00     
(3/25): bdii-config-top-1.0.4-1.el5.noarch.rpm                                                                                                                                                                      | 4.1 kB     00:00     
(4/25): glite-info-update-endpoints-2.0.7-1.el5.noarch.rpm                                                                                                                                                          | 5.6 kB     00:00     
(5/25): glite-info-provider-ldap-1.4.1-1.el5.noarch.rpm                                                                                                                                                             | 7.1 kB     00:00     
(6/25): glite-yaim-bdii-4.3.4-1.el5.noarch.rpm                                                                                                                                                                      |  10 kB     00:00     
(7/25): perl-HTML-Tagset-3.10-2.1.1.noarch.rpm                                                                                                                                                                      |  14 kB     00:00     
(8/25): bdii-5.2.5-2.el5.noarch.rpm                                                                                                                                                                                 |  20 kB     00:00     
(9/25): glue-schema-2.0.8-1.el5.noarch.rpm                                                                                                                                                                          |  33 kB     00:00     
(10/25): libtool-ltdl-1.5.22-7.el5_4.x86_64.rpm                                                                                                                                                                     |  38 kB     00:00     
(11/25): openldap2.4-2.4.22-1.el5.x86_64.rpm                                                                                                                                                                        |  40 kB     00:00     
(12/25): openldap2.4-extra-schemas-1.3-10.el5.noarch.rpm                                                                                                                                                            |  46 kB     00:00     
(13/25): perl-Compress-Zlib-1.42-1.fc6.x86_64.rpm                                                                                                                                                                   |  52 kB     00:00     
(14/25): glite-info-provider-service-1.7.0-1.el5.noarch.rpm                                                                                                                                                         |  53 kB     00:00     
(15/25): perl-HTML-Parser-3.55-1.fc6.x86_64.rpm                                                                                                                                                                     |  91 kB     00:00     
(16/25): perl-URI-1.35-3.noarch.rpm                                                                                                                                                                                 | 116 kB     00:00     
(17/25): glite-yaim-core-5.0.2-1.sl5.noarch.rpm                                                                                                                                                                     | 116 kB     00:00     
(18/25): expect-5.43.0-5.1.x86_64.rpm                                                                                                                                                                               | 160 kB     00:00     
(19/25): openldap-clients-2.3.43-12.el5_6.7.x86_64.rpm                                                                                                                                                              | 223 kB     00:00     
(20/25): lib64ldap2.4_2-2.4.22-1.el5.x86_64.rpm                                                                                                                                                                     | 300 kB     00:00     
(21/25): perl-libwww-perl-5.805-1.1.1.noarch.rpm                                                                                                                                                                    | 375 kB     00:01     
(22/25): unixODBC-2.2.11-7.1.x86_64.rpm                                                                                                                                                                             | 834 kB     00:00     
(23/25): cyrus-sasl-2.1.22-5.el5_4.3.x86_64.rpm                                                                                                                                                                     | 1.2 MB     00:00     
(24/25): openldap2.4-servers-2.4.22-1.el5.x86_64.rpm                                                                                                                                                                | 2.1 MB     00:01     
(25/25): openldap-servers-2.3.43-12.el5_6.7.x86_64.rpm                                                                                                                                                              | 2.2 MB     00:01     
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                                                      372 kB/s | 8.0 MB     00:22     
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID df9e12ef
EMI-1-updates/gpgkey                                                                                                                                                                                                | 1.7 kB     00:00     
Importing GPG key 0xDF9E12EF "Doina Cristina Aiftimiei (EMI Release Manager) <aiftim@pd.infn.it>" from /etc/pki/rpm-gpg/RPM-GPG-KEY-emi
Is this ok [y/N]: y
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : libtool-ltdl                                                                                                                                                                                                       1/25 
  Installing     : openldap-servers                                                                                                                                                                                                   2/25 
  Installing     : glite-info-update-endpoints                                                                                                                                                                                        3/25 
  Installing     : glite-info-provider-service                                                                                                                                                                                        4/25 
  Installing     : glue-schema                                                                                                                                                                                                        5/25 
  Installing     : expect                                                                                                                                                                                                             6/25 
  Installing     : openldap-clients                                                                                                                                                                                                   7/25 
  Installing     : perl-Compress-Zlib                                                                                                                                                                                                 8/25 
  Installing     : cyrus-sasl                                                                                                                                                                                                         9/25 
  Installing     : unixODBC                                                                                                                                                                                                          10/25 
  Installing     : bdii                                                                                                                                                                                                              11/25 
  Installing     : glite-yaim-bdii                                                                                                                                                                                                   12/25 
  Installing     : glite-yaim-core                                                                                                                                                                                                   13/25 
  Installing     : glite-info-plugin-fcr                                                                                                                                                                                             14/25 
  Installing     : perl-HTML-Tagset                                                                                                                                                                                                  15/25 
  Installing     : perl-HTML-Parser                                                                                                                                                                                                  16/25 
  Installing     : perl-URI                                                                                                                                                                                                          17/25 
  Installing     : perl-libwww-perl                                                                                                                                                                                                  18/25 
  Installing     : glite-info-provider-ldap                                                                                                                                                                                          19/25 
  Installing     : lib64ldap2.4_2                                                                                                                                                                                                    20/25 
  Installing     : openldap2.4                                                                                                                                                                                                       21/25 
  Installing     : openldap2.4-extra-schemas                                                                                                                                                                                         22/25 
useradd: user ldap exists
Adding user ldap to group ldap
  Installing     : openldap2.4-servers                                                                                                                                                                                               23/25 
Generating self-signed certificate...
To generate a self-signed certificate, you can use the utility
/usr/share/openldap2.4/gencert.sh...
  Installing     : bdii-config-top                                                                                                                                                                                                   24/25 
  Installing     : emi-bdii-top                                                                                                                                                                                                      25/25 

Installed:
  emi-bdii-top.x86_64 0:1.0.0-1.sl5                                                                                                                                                                                                        

Dependency Installed:
  bdii.noarch 0:5.2.5-2.el5                     bdii-config-top.noarch 0:1.0.4-1.el5             cyrus-sasl.x86_64 0:2.1.22-5.el5_4.3             expect.x86_64 0:5.43.0-5.1                  glite-info-plugin-fcr.noarch 0:2.0.2-1.sl5 
  glite-info-provider-ldap.noarch 0:1.4.1-1.el5 glite-info-provider-service.noarch 0:1.7.0-1.el5 glite-info-update-endpoints.noarch 0:2.0.7-1.el5 glite-yaim-bdii.noarch 0:4.3.4-1.el5        glite-yaim-core.noarch 0:5.0.2-1.sl5       
  glue-schema.noarch 0:2.0.8-1.el5              lib64ldap2.4_2.x86_64 0:2.4.22-1.el5             libtool-ltdl.x86_64 0:1.5.22-7.el5_4             openldap-clients.x86_64 0:2.3.43-12.el5_6.7 openldap-servers.x86_64 0:2.3.43-12.el5_6.7
  openldap2.4.x86_64 0:2.4.22-1.el5             openldap2.4-extra-schemas.noarch 0:1.3-10.el5    openldap2.4-servers.x86_64 0:2.4.22-1.el5        perl-Compress-Zlib.x86_64 0:1.42-1.fc6      perl-HTML-Parser.x86_64 0:3.55-1.fc6       
  perl-HTML-Tagset.noarch 0:3.10-2.1.1          perl-URI.noarch 0:1.35-3                         perl-libwww-perl.noarch 0:5.805-1.1.1            unixODBC.x86_64 0:2.2.11-7.1               

Complete!

Service configuration

The configuration file for this service is really basic:
# cat site-info.def 
################################
# Site configuration variables #
################################
SITE_NAME=INFN-CNAF
SITE_EMAIL="grid-operations@lists.cnaf.infn.it"
SITE_LAT=44.4948
SITE_LONG=11.3417

################################
# BDII configuration variables #
################################

# Hostname of the top level BDII
BDII_HOST=top-bdii01.cnaf.infn.it

YAIM check

#  chmod -R 600 /root/siteinfo

# /opt/glite/yaim/bin/yaim -v -s /root/siteinfo/site-info.def -n BDII_top 
   INFO: Using site configuration file: /root/siteinfo/site-info.def
   INFO: 
         ###################################################################
         
         .             /'.-. ')
         .     yA,-"-,( ,m,:/ )   .oo.     oo    o      ooo  o.     .oo
         .    /      .-Y a  a Y-.     8. .8'    8'8.     8    8b   d'8
         .   /           ~ ~ /         8'    .8oo88.     8    8  8'  8
         . (_/         '===='          8    .8'     8.   8    8  Y   8
         .   Y,-''-,Yy,-.,/           o8o  o8o    o88o  o8o  o8o    o8o
         .    I_))_) I_))_)
         
         
         current working directory: /root/siteinfo
         site-info.def date: Nov 25 17:01 /root/siteinfo/site-info.def
         yaim command: -v -s /root/siteinfo/site-info.def -n BDII_top
         log file: /opt/glite/yaim/bin/../log/yaimlog
         Fri Nov 25 17:07:57 CET 2011 : /opt/glite/yaim/bin/yaim
         
         Installed YAIM versions:
         glite-yaim-bdii 4.3.4-1
         glite-yaim-core 5.0.2-1
         
         ####################################################################
   INFO: The default location of the grid-env.(c)sh files will be: /usr/libexec
   INFO: Sourcing the utilities in /opt/glite/yaim/functions/utils
   INFO: Detecting environment
   INFO: Executing function: config_info_service_bdii_top_check 
   INFO: Executing function: config_bdii_5.2_check 
   INFO: Checking is done.
   INFO: All the necessary variables to configure BDII_top are defined in your configuration files.
   INFO: Please, bear in mind that YAIM only guarantees the definition of variables
   INFO: controlled in the _check functions.
   INFO: YAIM terminated succesfully.

Know Issue and Workaround

Missing /etc/bdii/gip/glite-info-site-defaults.conf, GGUS
  • Workaround: Check if the file exists and it's contents. If it's missing do (replace INFN-CNAF with your SITE-NAME):
    • mkdir /etc/bdii/gip/
    • echo "SITE_NAME=INFN-CNAF" > /etc/bdii/gip/glite-info-site-defaults.conf
Check also the permission of the directory /opt/glite/var/cache/gip if it is not ldap:ldap change it:
  • chown -R ldap:ldap /opt/glite/var/cache/gip/

YAIM config

Please use the debug flag ( "-d 6") to configure the services in order to have detailed information. For your convenience yo can save all the configuration information in a log file you can look at any time, separated from the yaimlog defulat one.
# /opt/glite/yaim/bin/yaim -c -d 6 -s /root/siteinfo/site-info.def -n BDII_top
   DEBUG: Checking siteinfo dir is not world readable
   DEBUG: Checking site-info.def is syntactically correct
   DEBUG: Sourcing /opt/glite/yaim/bin/../defaults/site-info.pre
   DEBUG: Sourcing /opt/glite/yaim/bin/../defaults/emi-bdii_top.pre
   INFO: Using site configuration file: /root/siteinfo/site-info.def
   DEBUG: Sourcing site-info.def file: /root/siteinfo/site-info.def
   DEBUG: Sourcing /opt/glite/yaim/bin/../defaults/site-info.post
   DEBUG: Sourcing /opt/glite/yaim/bin/../defaults/mapping
   INFO: 
         ###################################################################
         
         .             /'.-. ')
         .     yA,-"-,( ,m,:/ )   .oo.     oo    o      ooo  o.     .oo
         .    /      .-Y a  a Y-.     8. .8'    8'8.     8    8b   d'8
         .   /           ~ ~ /         8'    .8oo88.     8    8  8'  8
         . (_/         '===='          8    .8'     8.   8    8  Y   8
         .   Y,-''-,Yy,-.,/           o8o  o8o    o88o  o8o  o8o    o8o
         .    I_))_) I_))_)
         
         
         current working directory: /root/siteinfo
         site-info.def date: Nov 25 17:01 /root/siteinfo/site-info.def
         yaim command: -c -d 6 -s /root/siteinfo/site-info.def -n BDII_top
         log file: /opt/glite/yaim/bin/../log/yaimlog
         Fri Nov 25 17:12:30 CET 2011 : /opt/glite/yaim/bin/yaim
         
         Installed YAIM versions:
         glite-yaim-bdii 4.3.4-1
         glite-yaim-core 5.0.2-1
         
         ####################################################################
   INFO: The default location of the grid-env.(c)sh files will be: /usr/libexec
   INFO: Sourcing the utilities in /opt/glite/yaim/functions/utils
   INFO: Detecting environment
   DEBUG: Detect platform: OS flavour detected is: emi
   DEBUG: Detected architecture is 64BIT
   DEBUG: Detect platform: OS type detected: sl5
   DEBUG: Resulted NODE_TYPE_LIST is : BDII_top
   DEBUG: Setting environment variable GRID_ENV_LOCATION, to value "/usr/libexec".
   DEBUG: Unset environment variable GRID_ENV_LOCATION.
   DEBUG: Setting environment variable LCG_LOCATION, to value "/usr".
   DEBUG: Unset environment variable LCG_LOCATION.
   DEBUG: Setting environment variable GLITE_LOCATION, to value "/usr".
   DEBUG: Unset environment variable GLITE_LOCATION.
   DEBUG: Setting environment variable GLITE_LOCATION_VAR, to value "/var".
   DEBUG: Unset environment variable GLITE_LOCATION_VAR.
   DEBUG: Appending value "/bin" to environment variable PATH.
   DEBUG: Deleting value "/bin" from environment variable PATH.
   DEBUG: Appending value "/opt/glite/share/man" to environment variable MANPATH.
   DEBUG: Deleting value "/opt/glite/share/man" from environment variable MANPATH.
   DEBUG: Sourcing node definition file: /opt/glite/yaim/bin/../node-info.d/glite-bdii_top
   INFO: Executing function: config_info_service_bdii_top_check 
   INFO: Executing function: config_bdii_5.2_check 
   INFO: Executing function: config_info_service_bdii_top_setenv 
   DEBUG: This function currently doesn't set any environment variables.
   INFO: Executing function: config_info_service_bdii_top 
   DEBUG: Skipping function: config_bdii_5.2_setenv because it is not defined
   INFO: Executing function: config_bdii_5.2 
mount: mount point /var/run/bdii/db does not exist
Stopping BDII: BDII already stopped
Starting BDII slapd:                                       [  OK  ]
Starting BDII update process:                              [  OK  ]
   INFO: Configuration Complete.                                               [  OK  ]
   INFO: YAIM terminated succesfully.

Service checks

The service could takes ~10 minutes to publish all the informations. From a User Interfaces, try the following commands (replace top-bdii01.cnaf.infn.it with your top-bdii hostname):
  • telnet top-bdii01.cnaf.infn.it 2170. The port 2170 must be opened.
  • lcg-infosites --is top-bdii01.cnaf.infn.it --vo ops ce| wc -l should return a number at least grater than 500
  • check freshness: the information published must be updated. Downolad check_bdii_entries and execute it like in the example:
        ./check_bdii_entries -H top-bdii01.cnaf.infn.it -t 60 -b Mds-Vo-Name=local,O=Grid -p 2170 -w 1200:1 -c 3600:1 -f stats
         OK: freshness=276s, entries=1 |freshness=276s;entries=1

Revision

Last revision: 2011-11-28 - Paolo Veronesi

-- PaoloVeronesi - 2011-11-25

-- PaoloVeronesi - 2011-12-28

 
This site is powered by the TWiki collaboration platformCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback