Tags:
, view all tags

IGI (based on EMI) Installation and Configuration

Installation

OS installation

Install SL5 using SL5.X repository (CERN mirror) or one of the supported OS (RHEL5 clones).

You may find information on official repositories at Repositories for APT and YUM
If you want to set up a local installation server please refer to Mrepo Quick Guide

NOTE: Please check if NTP , cron and logrotate are installed, otherwise install them!

Check the FQDN hostname

Ensure that the hostnames of your machines are correctly set. Run the command:

 hostname -f

It should print the fully qualified domain name (e.g. prod-ce.mydomain.it). Correct your network configuration if it prints only the hostname without the domain. If you are installing WN on private network the command must return the external FQDN for the CE and the SE (e.g. prod-ce.mydomain.it) and the internal FQDN for the WNs (e.g. node001.myintdomain).

Repository Settings

To have more details to the repository have a look to the this link Repository Specifications

If not present by default on your SL5/x86_64 nodes, you should enable the EPEL repository (https://fedoraproject.org/wiki/EPEL)

EPEL has an 'epel-release' package that includes gpg keys for package signing and repository information. Installing this package, http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm, should allow you to use normal tools such as yum to install packages and their dependencies. By default the stable EPEL repo is enabled. Example of epel.repo file:

[extras]
name=epel
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch
protect=0

IMPORTANT NOTE

If present remember to disable the dag.repo if it is enabled.

You need to have enabled only the above repositories (Operating System, EPEL, Certification Authority, EMI):

Common repositories *x86_64*
epel.repo
emi.repo
egi-trustanchors.repo

Generic Configuration

Configuration files

IGI YAIM configuration files

YAIM configuration files should be stored in a directory structure. All the involved files HAVE to be under the same folder <confdir>, in a safe place, which is not world readable. This directory should contain:

File Scope Example Details
<your-site-info.def> whole-site ig-site-info.def List of configuration variables in the format of key-value pairs.
It's a mandatory file.
It's a parameter passed to the ig_yaim command.
IMPORTANT: You should always check if your <your-site-info.def> is up-to-date comparing with the last /opt/glite/yaim/examples/siteinfo/ig-site-info.def template deployed with ig-yaim and get the differences you find.
For example you may use vimdiff:
vimdiff /opt/glite/yaim/examples/siteinfo/ig-site-info.def <confdir>/<your-site-info.def>
<your-wn-list.conf> whole-site - Worker nodes list in the format of hostname.domainname per row.
It's a mandatory file.
It's defined by WN_LIST variable in <your-site-info.def>.
<your-users.conf> whole-site ig-users.conf Pool account user mapping.
It's a mandatory file.
It's defined by USERS_CONF variable in <your-site-info.def>.
IMPORTANT: You may create <your-users.conf> starting from the /opt/glite/yaim/examples/ig-users.conf template deployed with ig-yaim, but probably you have to fill it on the base of your site policy on uids/guis. We suggest to proceed as explained here: ”<a href="http://igrelease.forge.cnaf.infn.it/doku.php?id=doc:use_cases:users" title="doc:use_cases:users">Whole site: How to create local users.conf and configure users</a>”.
<your-groups.conf> whole-site ig-groups.conf VOMS group mapping.
It's a mandatory file.
It's defined by GROUPS_CONF variable in <your-site-info.def>.
IMPORTANT: You may create <your-groups.conf> starting from the /opt/glite/yaim/examples/ig-groups.conf template deployed with ig-yaim.

Additional files

Furthermore the configuration folder can contain:

Directory Scope Details
services/ service-specific It contains a file per nodetype with the name format: ig-node-type.
The file contains a list of configuration variables specific to that nodetype.
Each yaim module distributes a configuration file in /opt/glite/yaim/examples/siteinfo/services/[ig or glite]-node-type.
It's a mandatory directory if required by the profile and you should copy it under the same directory where <your-site-info.def> is.
   
nodes/ host-specific It contains a file per host with the name format: hostname.domainname.
The file contains host specific variables that are different from one host to another in a certain site.
It's an optional directory.
vo.d/ VO-specific It contains a file per VO with the name format: vo_name, but most of VO settings are still placed in ig-site-info.def template. For example, for ”lights.infn.it”:
# cat vo.d/lights.infn.it
SW_DIR=$VO_SW_DIR/lights
DEFAULT_SE=$SE_HOST
VOMS_SERVERS="vomss://voms2.cnaf.infn.it:8443/voms/lights.infn.it?/lights.infn.it"
VOMSES="lights.infn.it voms2.cnaf.infn.it 15013 /C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it lights.infn.it"

It's an optional directory for “normal” VOs (like atlas, alice, babar), mandatory only for “fqdn-like” VOs. In case you support such VOs you should copy the structure vo.d/<vo.specific.file> under the same directory where <your-site-info.def> is.

group.d/ VO-specific It contains a file per VO with the name format: groups-<vo_name>.conf.
The file contains VO specific groups and it replaces the former <your-groups.conf> file where all the VO groups were specified all together.
It's an optional directory.

The optional folders are created to allow system administrators to organise their configurations in a more structured way.”

BDII Site installation and Configuration

Before starting the installation procedure remember to clean all yum cache and headers:

yum clean all

CAa installation:

  • Install CAs on ALL profiles:
yum install ca-policy-egi-core

Service installation

  • Install the BDII_site metapackage, containing all packages needed by this service:
yum install emi-bdii-site 

Service Configuration

To proper configure the BDII site profile you need this file:

- ig-site-info.def

If you would like to cutomize the BDII_site service you can modify the varibles in the service-specific file in the services/ directory. You will find an example in:

/opt/glite/yaim/examples/siteinfo/services/glite-bdii_site

YAIM Verification

  • Before starting the configuration PLEASE TEST that you have defined all the mandatory variables and that all configuration files contain all the site-specific values needed:
 /opt/glite/yaim/bin/yaim -v -s <site-info.def> -n BDII_site 

The mandatory variabiles are:

SITE_DESC
SITE_EMAIL
SITE_NAME
SITE_LOC
SITE_LAT
SITE_LONG
SITE_WEB
SITE_SECURITY_EMAIL
SITE_SUPPORT_EMAIL
SITE_OTHER_GRID
SITE_BDII_HOST
BDII_REGIONS

Most of those are in the file ig-bdii_site in directory services (the better things is to modify it). Remeber in particular to set:

SITE_OTHER_GRID="WLCG|EGI"
SITE_OTHER_EGI_NGI="NGI_IT"

If no errors are reported you can proceed to the configuration, otherwise correct them before continuing with the configuration.

YAIM Configuration

Please use the debug flag ( "-d 6") to configure the services in order to have detailed information. For your convenience yo can save all the configuration information in a log file you can look at any time, separated from the yaimlog defulat one.

/opt/glite/yaim/bin/yaim -c -d 6 -s -n BDII_site 2>&1 | tee /root/conf_BDII.`hostname -s`.`date`.log

-- SergioTraldi - 2011-11-10

Edit | Attach | PDF | History: r77 | r6 < r5 < r4 < r3 | Backlinks | Raw View | More topic actions...
Topic revision: r4 - 2011-11-11 - CristinaAiftimiei
 
  • Edit
  • Attach
This site is powered by the TWiki collaboration platformCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback