Line: 1 to 1 | ||||||||
---|---|---|---|---|---|---|---|---|
Notes about Installation and Configuration of WN using Torque and GLEXEC
| ||||||||
Line: 130 to 130 | ||||||||
hideimgright="/twiki/pub/TWiki/TWikiDocGraphics/toggleclose.gif"
}%
users and groups configuration | ||||||||
Changed: | ||||||||
< < | here an example on how to define pool accounts (ig-users.conf) and groups (ig-groups.conf) for several VOs | |||||||
> > | here an example on how to define pool accounts (ig-users.conf) and groups (ig-groups.conf) for several VOs | |||||||
</> <--/twistyPlugin-->%TWISTY{ |
Line: 1 to 1 | ||||||||
---|---|---|---|---|---|---|---|---|
Notes about Installation and Configuration of WN using Torque and GLEXEC
| ||||||||
Line: 423 to 423 | ||||||||
Revisions
| ||||||||
Added: | ||||||||
> > |
| |||||||
| ||||||||
Changed: | ||||||||
< < | -- AlessandroPaolini - 2012-01-25 | |||||||
> > | -- AlessandroPaolini - 2012-02-02 | |||||||
\ No newline at end of file |
Line: 1 to 1 | ||||||||
---|---|---|---|---|---|---|---|---|
Notes about Installation and Configuration of WN using Torque and GLEXEC
| ||||||||
Line: 85 to 85 | ||||||||
# yum install ca-policy-egi-core # yum install emi-wn emi-torque-client emi-glexec_wn # yum install tcsh openldap-clients | ||||||||
Added: | ||||||||
> > | # yum install nfs-utils | |||||||
see here for details
</> <--/twistyPlugin--> | ||||||||
Line: 288 to 289 | ||||||||
%TWISTY{ mode="div" | ||||||||
Added: | ||||||||
> > | showlink=" software area settings "
hidelink=" software area settings "
remember="off" firststart="hide"
showimgright="/twiki/pub/TWiki/TWikiDocGraphics/toggleopen.gif"
hideimgright="/twiki/pub/TWiki/TWikiDocGraphics/toggleclose.gif"
}%
software area settingsyou have to import the software area from CE.
cremino.cnaf.infn.it:/opt/exp_soft/ /opt/exp_soft/ nfs rw,defaults 0 0
# service nfs status rpc.mountd is stopped nfsd is stopped # service portmap status portmap is stopped # service portmap start Starting portmap: [ OK ] # service nfs start Starting NFS services: [ OK ] Starting NFS daemon: [ OK ] Starting NFS mountd: [ OK ] Starting RPC idmapd: [ OK ] # chkconfig nfs on # chkconfig portmap on
mount -a
# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda3 65G 1.9G 59G 4% / /dev/sda1 99M 18M 76M 19% /boot tmpfs 2.0G 0 2.0G 0% /dev/shm cremino.cnaf.infn.it:/opt/exp_soft/ 65G 4.4G 57G 8% /opt/exp_soft</> <--/twistyPlugin-->%TWISTY{ mode="div" | |||||||
showlink=" yaim check " hidelink=" yaim check " remember="off" firststart="hide" showimgright="/twiki/pub/TWiki/TWikiDocGraphics/toggleopen.gif" hideimgright="/twiki/pub/TWiki/TWikiDocGraphics/toggleclose.gif" }% | ||||||||
Added: | ||||||||
> > | yaim check | |||||||
Verify to have set all the yaim variables by launching:
# /opt/glite/yaim/bin/yaim -v -s site-info_cremino.def -n WN -n TORQUE_client -n GLEXEC_wn | ||||||||
Line: 310 to 364 | ||||||||
showimgright="/twiki/pub/TWiki/TWikiDocGraphics/toggleopen.gif" hideimgright="/twiki/pub/TWiki/TWikiDocGraphics/toggleclose.gif" }% | ||||||||
Changed: | ||||||||
< < | ||||||||
> > | yaim config | |||||||
# /opt/glite/yaim/bin/yaim -c -s site-info_cremino.def -n WN -n TORQUE_client -n GLEXEC_wn |
Line: 1 to 1 | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
Notes about Installation and Configuration of WN using Torque and GLEXEC
| ||||||||||
Line: 368 to 368 | ||||||||||
</> <--/twistyPlugin--> Revisions | ||||||||||
Changed: | ||||||||||
< < |
| |||||||||
> > |
| |||||||||
-- AlessandroPaolini - 2012-01-25 |
Line: 1 to 1 | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
Changed: | ||||||||
< < | Notes about Installation and Configuration of WN using Torque and GLEXEC (WORK IN PROGRESS) | |||||||
> > | Notes about Installation and Configuration of WN using Torque and GLEXEC
| |||||||
Line: 9 to 11 | ||||||||
Changed: | ||||||||
< < | ||||||||
> > | ||||||||
Changed: | ||||||||
< < | ||||||||
> > | ||||||||
Changed: | ||||||||
< < | ||||||||
> > | ||||||||
Service installation%TWISTY{ | ||||||||
Line: 29 to 32 | ||||||||
hideimgright="/twiki/pub/TWiki/TWikiDocGraphics/toggleclose.gif" }% | ||||||||
Changed: | ||||||||
< < | O.S. and Repos | |||||||
> > | O.S. and Repos | |||||||
# cat /etc/redhat-release | ||||||||
Line: 44 to 47 | ||||||||
# rpm -ivh http://mirror.switch.ch/ftp/mirror/epel//5/x86_64/epel-release-5-4.noarch.rpm # wget http://repo-pd.italiangrid.it/mrepo/repos/egi-trustanchors.repo # rpm -ivh http://repo-pd.italiangrid.it/mrepo/EMI/1/sl5/x86_64/updates/emi-release-1.0.1-1.sl5.noarch.rpm | ||||||||
Deleted: | ||||||||
< < | # wget http://repo-pd.italiangrid.it/mrepo/repos/igi/sl5/x86_64/igi-emi.repo | |||||||
| ||||||||
Line: 60 to 62 | ||||||||
# ls /etc/yum.repos.d/ egi-trustanchors.repo emi1-third-party.repo emi1-base.repo emi1-updates.repo | ||||||||
Deleted: | ||||||||
< < | igi-emi.repo | |||||||
epel.repo epel-testing.repo sl-contrib.repo sl-fastbugs.repo sl-security.repo sl-testing.repo sl-debuginfo.repo sl.repo sl-srpms.repo | ||||||||
Added: | ||||||||
> > | IMPORTANT: remove the dag repository if present | |||||||
</> <--/twistyPlugin-->%TWISTY{ | ||||||||
Line: 74 to 76 | ||||||||
showimgright="/twiki/pub/TWiki/TWikiDocGraphics/toggleopen.gif" hideimgright="/twiki/pub/TWiki/TWikiDocGraphics/toggleclose.gif" }% | ||||||||
Changed: | ||||||||
< < | ||||||||
> > | yum install | |||||||
# yum clean all Loaded plugins: downloadonly, kernel-module, priorities, protect-packages, protectbase, security, verify, versionlock Cleaning up Everything | ||||||||
Line: 82 to 85 | ||||||||
# yum install ca-policy-egi-core # yum install emi-wn emi-torque-client emi-glexec_wn # yum install tcsh openldap-clients | ||||||||
Added: | ||||||||
> > |
see here for details
</> <--/twistyPlugin--> Service configurationYou have to copy the configuration files in another path, for example root, and set them properly (see later):# ls /opt/glite/yaim/examples/siteinfo/ services site-info.def # ls /opt/glite/yaim/examples/siteinfo/services/ glite-glexec_wn glite-vobox glite-wn glite-wn_tar # cp -r /opt/glite/yaim/examples/siteinfo/* . <--/twistyPlugin twikiMakeVisibleInline--> vo.d directoryCreate the vo.d directory for the VO configuration file (you can decide if keep the VO information in the site.def or putting them in the vo.d directory)# mkdir vo.dhere an example for some VOs. Information about the several VOs are available at the CENTRAL OPERATIONS PORTAL. <--/twistyPlugin--> <--/twistyPlugin twikiMakeVisibleInline--> users and groups configurationhere an example on how to define pool accounts (ig-users.conf) and groups (ig-groups.conf) for several VOs<--/twistyPlugin--> <--/twistyPlugin twikiMakeVisibleInline--> site-info.defSUGGESTION: use the same site-info.def for CREAM and WNs: for this reason in this example file there are yaim variable used by CREAM, TORQUE or emi-WN. It is also included the settings of some VOs For your convenience there is an explanation of each yaim variable. For more details look at [6, 7, 8, 9]<--/twistyPlugin--> <--/twistyPlugin twikiMakeVisibleInline--> services/glite-glexec_wn############################################################################## # Copyright (c) Members of the EGEE Collaboration. 2004. # See http://www.eu-egee.org/partners/ for details on the copyright # holders. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS # OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ############################################################################## # # NAME : glite-glexec_wn # # DESCRIPTION : This configuration file contains the variables needed to configure the # glexec for the WN. Sys admins must define these variables. # # AUTHORS : yaim-contact@cern.ch # # NOTES : # # YAIM MODULE: glite-yaim-clients # ############################################################################## # Define this variable to configure glexec to work with SCAS. # - yes : means you want to use a SCAS server and therefore you need to define: # SCAS_ENDPOINTS="https://scas1.site.com:8443 https://scas2.site.com:8443" # Alternatively, the old style variables can be used as well: # - SCAS_HOST="scas server hostname" # - SCAS_PORT="scas server port" # - no : means you don't want to use any SCAS server. GLEXEC_WN_SCAS_ENABLED="no" # Define this variable to configure glexec to use the ARGUS authorization framework. # - yes : means you want to use ARGUS and therefore you need to define: # ARGUS_PEPD_ENDPOINTS="http://argus1.site.com:8154/authz http://argus2.site.com:8154/authz" # A list of endpoints for the pepc plugin to try. # - no : means you don't want to use ARGUS. GLEXEC_WN_ARGUS_ENABLED="yes" # Note that if both GLEXEC_WN_SCAS_ENABLED = yes and GLEXEC_WN_ARGUS_ENABLED = yes then # the policy is to use ARGUS first, then SCAS. This may be useful if e.g. you use # ARGUS for global banning and SCAS for account mapping, but typically you want just # one or the other, not both. # Define this variable to configure the operation mode of glexec in your WN. # The possibilities are: # - setuid : it will actually enable glexec to do the identity change # - log-only : it won't do any identity change. If you select log-only, it # doesn't matter whether SCAS is enabled or not. It isn't used. GLEXEC_WN_OPMODE="setuid" # Optional variable to tell glexec where to send the glexec logging information. # There are two values: 'syslog' and 'file'. The default is 'syslog' # The value 'syslog' puts all messages in the syslog # and 'file' puts the messages in a file. # Define this variable if you want to specify a file. # For value 'file' the variable GLEXEC_WN_LOG_FILE defines the location # of the log file. # REMEMBER that for log-only mode, 'syslog' should be used ! # GLEXEC_WN_LOG_DESTINATION=file # Optional variable to add additional users to the glexec white list, # e.g. for local testing purposes. Syntax is comma separated user and/or # pool names. # GLEXEC_EXTRA_WHITELIST="john,fred,.pvier" GLEXEC_EXTRA_WHITELIST="misva" # Glexec user home dir; this optional variable is passed to the adduser # call only if it is set. # GLEXEC_USER_HOME=/var/lib/glexec # Variables to set the locking mechanism used by glexec, for # the input proxies and the target proxy # Allowed values are flock, fcntl, disabled. # GLEXEC_WN_INPUT_LOCK=flock # GLEXEC_WN_TARGET_LOCK=flock <--/twistyPlugin--> <--/twistyPlugin twikiMakeVisibleInline--> munge configurationIMPORTANT: The updated EPEL5 build of torque-2.5.7-1 as compared to previous versions enables munge as an inter node authentication method.
# rpm -qa | grep munge munge-libs-0.5.8-8.el5 munge-0.5.8-8.el5
# /usr/sbin/create-munge-key # ls -ltr /etc/munge/ total 4 -r-------- 1 munge munge 1024 Jan 13 14:32 munge.key
# chown munge:munge /etc/munge/munge.key
# service munge start Starting MUNGE: [ OK ] # chkconfig munge on <--/twistyPlugin--> | |||||||
Added: | ||||||||
> > | <--/twistyPlugin twikiMakeVisibleInline-->
Verify to have set all the yaim variables by launching:
# /opt/glite/yaim/bin/yaim -v -s site-info_cremino.def -n WN -n TORQUE_client -n GLEXEC_wnsee details | |||||||
<--/twistyPlugin--> | ||||||||
Added: | ||||||||
> > | <--/twistyPlugin twikiMakeVisibleInline--> # /opt/glite/yaim/bin/yaim -c -s site-info_cremino.def -n WN -n TORQUE_client -n GLEXEC_wnsee details <--/twistyPlugin--> Service checks<--/twistyPlugin twikiMakeVisibleInline-->
verify that the ownership and permissions of the software area are properly set
# ls -ltr /opt/exp_soft/ total 28 drwxrwxr-x 2 sgmops001 sgmops 4096 Jan 16 10:26 ops drwxrwxr-x 2 sgminfngrid001 sgminfngrid 4096 Jan 16 10:26 infngrid drwxrwxr-x 2 sgmgridit001 sgmgridit 4096 Jan 16 10:26 gridit drwxr-xr-x 2 sgmglast glast 4096 Jan 16 10:26 glast drwxrwxr-x 2 sgmenmr001 sgmenmr 4096 Jan 16 10:26 enmr drwxrwxr-x 2 sgmdteam001 sgmdteam 4096 Jan 16 10:26 dteam drwxrwxr-x 2 sgmcomputer001 sgmcomputer 4096 Jan 16 10:26 computer <--/twistyPlugin--> <--/twistyPlugin twikiMakeVisibleInline-->
ssh has to work without using password from WN to CE:
[root@wn01 ~]# su - dteam002 [dteam002@wn01 ~]$ ssh cremino Last login: Tue Jan 17 20:50:02 2012 from vwn-tf-24.cnaf.infn.it ___ _ _ _____ _ _ ____ _ _ _ _____ |_ _| \ | | ___| \ | | / ___| \ | | / \ | ___| | || \| | |_ | \| |_____| | | \| | / _ \ | |_ | || |\ | _| | |\ |_____| |___| |\ |/ ___ \| _| |___|_| \_|_| |_| \_| \____|_| \_/_/ \_\_| [dteam002@cremino ~]$ <--/twistyPlugin--> | |||||||
Revisions
| ||||||||
Added: | ||||||||
> > |
| |||||||
| ||||||||
Deleted: | ||||||||
< < | -- AlessandroPaolini - 2012-01-20 | |||||||
\ No newline at end of file | ||||||||
Added: | ||||||||
> > | -- AlessandroPaolini - 2012-01-25 |
Line: 1 to 1 | ||||||||
---|---|---|---|---|---|---|---|---|
Notes about Installation and Configuration of WN using Torque and GLEXEC (WORK IN PROGRESS) | ||||||||
Line: 66 to 66 | ||||||||
</> <--/twistyPlugin--> | ||||||||
Added: | ||||||||
> > | <--/twistyPlugin twikiMakeVisibleInline-->
# yum clean all
Loaded plugins: downloadonly, kernel-module, priorities, protect-packages, protectbase, security, verify, versionlock
Cleaning up Everything
# yum install ca-policy-egi-core
# yum install emi-wn emi-torque-client emi-glexec_wn
# yum install tcsh openldap-clients
<--/twistyPlugin--> | |||||||
Revisions
|
Line: 1 to 1 | ||||||||
---|---|---|---|---|---|---|---|---|
Added: | ||||||||
> > |
Notes about Installation and Configuration of WN using Torque and GLEXEC (WORK IN PROGRESS)References
Service installation<--/twistyPlugin twikiMakeVisibleInline--> O.S. and Repos
# cat /etc/redhat-release Scientific Linux SL release 5.7 (Boron)* Install the additional repositories: EPEL, Certification Authority, UMD # yum install yum-priorities yum-protectbase # cd /etc/yum.repos.d/ # rpm -ivh http://mirror.switch.ch/ftp/mirror/epel//5/x86_64/epel-release-5-4.noarch.rpm # wget http://repo-pd.italiangrid.it/mrepo/repos/egi-trustanchors.repo # rpm -ivh http://repo-pd.italiangrid.it/mrepo/EMI/1/sl5/x86_64/updates/emi-release-1.0.1-1.sl5.noarch.rpm # wget http://repo-pd.italiangrid.it/mrepo/repos/igi/sl5/x86_64/igi-emi.repo
# getenforce Disabled
# ls /etc/yum.repos.d/ egi-trustanchors.repo emi1-third-party.repo emi1-base.repo emi1-updates.repo igi-emi.repo epel.repo epel-testing.repo sl-contrib.repo sl-fastbugs.repo sl-security.repo sl-testing.repo sl-debuginfo.repo sl.repo sl-srpms.repo <--/twistyPlugin--> Revisions
|