Tags:
create new tag
,
view all tags
---+ StoRM Installation & Configuration %TOC% ---++ Repository Settings Have a look to the section [[http://wiki.italiangrid.it/twiki/bin/view/IGIRelease/IgiEmi#Repository_Settings][Repository Settings]] of the general documentation and ensure that you have the common repo files.<BR/> Before starting the installation procedure remember to clean all yum cache and headers: <pre>yum clean all </pre> ---++ !StoRM Prerequisites ---+++ Host certificate installation: Hosts participating to the !StoRM-SE (FE, BE and !GridFTP hosts) must be configured with X.509 certificates signed by a trusted Certification Authority (CA). Usually the hostcert.pem and hostkey.pem certificates are located in the /etc/grid-security/ directory, and they must have permission 0644 and 0400 respectively: <b>Check existence</b><br/> <pre> [~]# ls -l /etc/grid-security/hostkey.pem -r-------- 1 root root 887 Mar 1 17:08 /etc/grid-security/hostkey.pem [~]# ls -l /etc/grid-security/hostcert.pem -rw-r--r-- 1 root root 1440 Mar 1 17:08 /etc/grid-security/hostcert.pem </pre> <b> Check expiration </b><br/> <pre>[~]# openssl x509 -in hostcert.pem -noout -dates</pre> <b> Change permission: (if needed) </b><br/> <pre> [~]# chmod 0400 hostkey.pem [~]# chmod 0644 hostcert.pem </pre> ---+++ ACL SUPPORT If you are installing a new !StoRM this check must be done, if you are updating your install or your storage has ACL you can step out to this issue. !StoRM uses the ACLs on files and directories to implement the security model. Doing so, !StoRM uses the native access to the file system. Therefore in order to ensure a proper running, !ACLs need to be enabled on the underlying file system (sometime they are enabled by default) and work properly. <b>Check ACL: </b> <pre> [~]# touch test [~]# setfacl -m u:storm:rw test </pre> Note: the storm user used to set the ACL entry must exist. <pre> [~]# getfacl test # file: test # owner: root # group: root user::rw- user:storm:rw- group::r-- mask::rw- other::r-- [~]# rm -f test </pre> <b>Install ACL (eventually): </b><br/> If the getfacl and setfacl commands are not available on your host: <pre>[~]# yum install acl </pre> <b>Enable ACL (if needed): </b><br/> To enable ACL, you must add the acl property to the relevant file system in your /etc/fstab file. For example: <pre> [~]# vi /etc/fstab ... /dev/hda3 /storage ext3 defaults, acl 1 2 ... </pre> Then you need to remount the affected partitions as follows: <pre> [~]# mount -o remount /storage </pre> This is valid for different file system types (i.e., ext3, xfs, gpfs and others). ---++++ EXTENDED ATTRIBUTE SUPPORT !StoRM uses the Extended Attributes (EA) on files to store some metadata related to the file (e.g. the checksum value); therefore in order to ensure a proper running, the EA support needs to be enabled on the underlying file system and work properly. Note: Depending on OS kernel distribution, for Reiser3, ext2 and ext3 file systems, the default kernel configuration should not enable the EA. <b>Check Extended Attribute Support </b>: <pre> [~]# touch testfile [~]# setfattr -n user.testea -v test testfile [~]# getfattr -d testfile # file: testfile user.testea="test" [~]# rm -f testfile </pre> <b>Install attr (eventually): </b><br/> If the getfattr and setfattrl commands are not available on your host: <pre>[~]# yum install attr </pre> <b>Enable EA (if needed):</b><br/> To set extended attributes, you must add the user_xattr property to the relevant file systems in your /etc/fstab file. For example: <pre> [~]# vi /etc/fstab ... /dev/hda3 /storage ext3 defaults,acl,user_xattr 1 2 ... </pre> Then you need to remount the affected partitions as follows: <pre>[~]# mount -o remount /storage </pre> ---++ !CAs installation: * Install !CAs on ALL profiles: <pre>yum install ca-policy-egi-core </pre> ---++ Service installation * Install the !StoRM metapackages, containing all packages needed by these four services. You can install !StoRM in one host or in more hosts. The mandatory profiles to install are emi-storm-backend-mp and emi-storm-frontend-mp. The other profiles are optional, have a look to the !StoRM documentation [[http://storm.forge.cnaf.infn.it/_media/documentation/storm-sysadminguide.pdf?id=documentation][System Administrator Guide]] to determinate if you need also emi-storm-globus-gridftp-mp or emi-storm-gridhttps-mp. <pre>yum install emi-storm-backend-mp yum install emi-storm-frontend-mp yum install emi-storm-globus-gridftp-mp yum install emi-storm-gridhttps-mp </pre> ---++ *Service Configuration* To proper configure the !StoRM !BackEnd and !FrontEnd profiles you have to customize the ig-site-indo.def file with you site parameter: - [[https://forge.cnaf.infn.it/plugins/scmsvn/viewcvs.php/branches/BRANCH-4_0_X/ig-yaim/examples/siteinfo/ig-site-info.def?rev=5964&root=igrelease&view=markup][ig-site-info.def]]<br/> - [[https://forge.cnaf.infn.it/plugins/scmsvn/viewcvs.php/branches/BRANCH-4_0_X/ig-yaim/examples/ig-users.conf?rev=6066&root=igrelease&view=markup][ig-users.conf]]<br/> - [[https://forge.cnaf.infn.it/plugins/scmsvn/viewcvs.php/branches/BRANCH-4_0_X/ig-yaim/examples/ig-groups.conf?rev=6075&root=igrelease&view=markup][ig-groups.conf]] ---+++ YAIM Verification * Before starting the configuration *PLEASE TEST* that you have defined all the mandatory variables for all the StoRM profiles. <pre> /opt/glite/yaim/bin/yaim -v -s <site-info.def> -n se_storm_backend -n se_storm_frontend </pre> You can find in this documentation: [[http://storm.forge.cnaf.infn.it/_media/documentation/storm-sysadminguide.pdf?id=documentation][System Administrator Guide]] all mandatory variables. In the section <b>GENERAL YAIM VARIABLES </b> If no errors are reported with the verification you can proceed to the configuration, otherwise correct them before continuing with the configuration. ---+++ YAIM Configuration Before configure pay attention: if you are installing a new !StoRM in a new host go on, if you are updating !StoRM to new release follow this documentation [[http://storm.forge.cnaf.infn.it/_media/documentation/storm-1.7-update.pdf?id=documentation%3Ahome&cache=cache][Storm Migration]] before proceeding. Please use the debug flag ( ="-d 6"=) to configure the services in order to have detailed information. For your convenience yo can save all the configuration information in a log file you can look at any time, separated from the =yaimlog= defulat one. <pre>/opt/glite/yaim/bin/yaim -c -d 6 -s -n se_storm_backend -n se_storm_frontend 2>&1 | tee /root/conf_StroRM_BE_FE.`hostname -s`.`date`.log</pre> <b>IMPORTANT NOTE</b> The order of the profile is important and must be : -n se_storm_backend -n se_storm_frontend ---++ Service Testing - Reference Card After service installation to have a look if all were installed in a proper way, you could have a look to [[https://twiki.cern.ch/twiki/bin/view/EMI/StoRMPTServiceReferenceCard][Service StoRM Reference Card]]. In this page you can found were all the log files are written, what daemons are running after installation and any other useful service information. -- Main.CristinaAiftimiei - 2011-11-16
E
dit
|
A
ttach
|
PDF
|
H
istory
: r1
|
B
acklinks
|
V
iew topic
|
M
ore topic actions
Topic revision: r1 - 2011-11-16
-
CristinaAiftimiei
Home
Site map
CEMon web
CREAM web
Cloud web
Cyclops web
DGAS web
EgeeJra1It web
Gows web
GridOversight web
IGIPortal web
IGIRelease web
MPI web
Main web
MarcheCloud web
MarcheCloudPilotaCNAF web
Middleware web
Operations web
Sandbox web
Security web
SiteAdminCorner web
TWiki web
Training web
UserSupport web
VOMS web
WMS web
WMSMonitor web
WeNMR web
IGI Documentation
Repositories specifications
Installation and Configuration Guides
Updates Guides
Services/Node Types List
IGI Updates Calendar
Tips & Tricks
Use Cases & Troubleshooting
Site Admin Corner
IGI Release Management
Integration Process
TODO List
IGI Testing & Certification
Certification Testbed
Blah testing
CREAM testing
HLR testing
Storm testing
UI testing
VOMS testing
WMS testing
WN testing
IGIRelease Web
Create New Topic
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
P
View
Raw View
Print version
Find backlinks
History
More topic actions
Edit
Raw edit
Attach file or image
Edit topic preference settings
Set new parent
More topic actions
Account
Log In
E
dit
A
ttach
Copyright © 2008-2022 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki?
Send feedback