Difference: InstallationProcedureV2_1 (2 vs. 3)

Revision 32009-06-09 - DanieleCesini

Line: 1 to 1
 

Introduction to v2.1 Installation and Configuration

This installation guide is divided as follows:
Line: 30 to 30
 

WMSMON data collector installation

(done all the following as root)
Changed:
<
<
  • Install an SL4 machine (Not to be done if this is an upgrade)
>
>
  • Install an SL4 machine (Not to be done if this is an upgrade)
 
  • If it is an upgrade it is safer to create a backup copy of the wmsmon database using an utility such as mysqldump
Line: 152 to 152
 Look for errors. Configuration is complete only if a string like "WMSMonitor Successfully Configured" is displayed at the end.

In case of problems please contact wms-support<at>cnaf.infn.it

Added:
>
>

Post installation STEPS

  • Increased php available memory
In order to increase php performance it is advisable that you increase the php allocable memory.
Modify the /etc/php.ini to have the folloving line:
memory_limit = 56M

  • Optional http port change
The WMSMON web configuration does not modify the default port (80) used by httpd. To modify the port number edit /etc/httpd/conf/httpd.conf and edit the line:
Listen <port_number>

Then restart httpd ( service httpd restart)

  • Optional secure http enabled
The WMSMON server needs a valid host certificate stored in a HOST_CERTIFICATE_DIR (i.e. /etc/grid-security)
Install mod_ssl package:
-Run: yum install mod_ssl

Install the accepted ca packages, i.e. you can execute the following:
- Create the /etc/yum.repos.d/lcg-ca.repo file containing:

    [CA]
    name=CAs
    baseurl=http://linuxsoft.cern.ch/LCG-CAs/current
    protect=1

- Run : yum install lcg_CA

Edit the /etc/httpd/conf/httpd.con f and add the following inside the <Directory /var/www/html> section the following lines :

         SSLRequireSSL
         SSLVerifyClient      require
         SSLVerifyDepth 10

Edit the /etc/httpd/conf.d/ssl.conf and:

- set the SSLCertificateFile variable to HOST_CERTIFICATE_DIR/hostcert.pem and comment any other line that set this variable.

- set the SSLCertificateKeyFile variable to HOST_CERTIFICATE_DIR/hostkey.pem and comment any other line that set this variable. _ _

- set the SSLCertificatePath variable to the name of the directory containing the CA file (i.e. /etc/grid-security/certificates if you installed the lcg_CA metapackage) and comment any other line that set this variable.

If you want to change the default https port (443) you should change in the /etc/httpd/conf.d/ssl.conf file the line:
Listen <port_number> (i.e. Listen 8443)

_Oprtional redirect - If you want to automatically redirect http requests to https pages you should add to the /etc/httpd/conf/httpd.conf file the following section (using the proper values for the variables_ SERVER_HOST_IP,SERVER_HOST_NAME and YOUR_DOMAIN):

<VirtualHost SERVER_HOST_IP:80>
   DocumentRoot /var/www/html
   ServerName SERVER_HOST_NAME.YOUR_DOMAIN
   RedirectMatch (/.*)$ https://SERVER_HOST_NAME.YOUR_DOMAIN/$1
</VirtualHost>

Restart httpd

  • Unlock protected pages to specific certificate DNs

WMSMONitor reports a section with users activity on each WMS. Name and surname of each user is reported on some pages and these pages for privacy reasons are not exposed to all certificates

If you want to unlock those pages to some certificate DN you should enable https protocol as descrbed in the previous paragraph(Optional secure http enabled) and do the following:

- Edit the

/var/www/html/wmsmon/common/config.php file and modify the last line adding the list of DNs in the line

$config->dnEnabledList=array('DN1','DN2'....'DNn');

If you want to unlock the pages with sensible data to everyone (using either http or https) you have to change the value of the $config->protectedPage variable in /var/www/html/WEBDIR/common/config.php file (WEBDIR is defined in the site-info.def file) and set it to 0:

$config->protectedPages=0;

  • Enable high port range communication for inter cluster monitoring

WMSMON uses the snmp standard port (in general the 183) for sensor-collector communications. If a firewall blocks the snmp port it is possible to enable the communication on a not-standard port. This can be useful when the data collector and the WMS cluster are not in the same computing centre.
If you are not in this case you can skip this section.
NOTE: this feature is not well tested, please report any problem and bug found to wms-support<at>cnaf.infn.it
To enable high port support you should modify the wmslist.conf file adding a fourth column indicating which is the port number to be used on that particular wms/lb pair:

wms1.your_domain lb1.your_domain vo1 port1

NOTE: it is not possible to specify 2 different port numbers for WMS and LB.

On WMS/LB sensor side you should set snmp in order to listen for request on the port you choose. This is accomplished by adding in the /etc/snmp.conf file the following line:

agentaddress <port_number>

and restarting snmp (service snmpd restart)

 
TWIKI.NET
This site is powered by the TWiki collaboration platformCopyright © 2008-2022 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback