Tags:
, view all tags

Notes about Installation and Configuration of VOMS MySQL (WORK IN PROGRESS)

  • These notes are provided by site admins on a best effort base as a contribution to the IGI communities and MUST not be considered as a subsitute of the Official IGI documentation.
  • This document is addressed to site administrators responsible for middleware installation and configuration.
  • The goal of this page is to provide some hints and examples on how to install and configure a VOMS server based on EMI middleware.

References

  1. About IGI - Italian Grid infrastructure
  2. VOMS System administrator guide
  3. About IGI Release
  4. IGI Official Installation and Configuration guide
  5. Troubleshooting Guide for Operational Errors on EGI Sites
  6. Grid Administration FAQs page

Service installation

O.S. and Repos

  • Starts from a fresh installation of Scientific Linux 5.x (x86_64).
# cat /etc/redhat-release 
Scientific Linux SL release 5.7 (Boron) 

* Install the additional repositories: EPEL, Certification Authority, UMD

# yum install yum-priorities yum-protectbase
# cd /etc/yum.repos.d/
# rpm -ivh http://mirror.switch.ch/ftp/mirror/epel//5/x86_64/epel-release-5-4.noarch.rpm
# wget http://repo-pd.italiangrid.it/mrepo/repos/egi-trustanchors.repo
# rpm -ivh http://repo-pd.italiangrid.it/mrepo/EMI/1/sl5/x86_64/updates/emi-release-1.0.1-1.sl5.noarch.rpm
# wget http://repo-pd.italiangrid.it/mrepo/repos/igi/sl5/x86_64/igi-emi.repo

  • Be sure that SELINUX is disabled (or permissive). Details on how to disable SELINUX are here:

# getenforce 
Disabled

  • Check the repos list (sl-*.repo are the repos of the O.S. and they should be present by default).

# ls /etc/yum.repos.d/
adobe.repo       egi-trustanchors.repo  emi1-updates.repo  lemon.repo       sl-debuginfo.repo  sl-security.repo
atrpms.repo      emi1-base.repo         epel.repo          puppetlabs.repo  sl-fastbugs.repo   sl-srpms.repo
cnaf-local.repo  emi1-third-party.repo  epel-testing.repo  sl-contrib.repo  sl.repo            sl-testing.repo
IMPORTANT: remove the dag repository if present

yum install

# yum clean all
Loaded plugins: downloadonly, kernel-module, priorities, protect-packages, protectbase, security, verify, versionlock
Cleaning up Everything

# yum install ca-policy-egi-core
# yum install emi-voms-mysql
# yum install xml-commons-apis

see here for details

Service configuration

You have to copy the configuration files in another path, for example root, and set them properly (see later):

# cp -r /opt/glite/yaim/examples/siteinfo/* .
and rename glite-voms_mysql as glite-voms

mysql configuration

  • if not running, start mysqld
# service mysqld start
Initializing MySQL database:  Installing MySQL system tables...
OK
Filling help tables...
OK

To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system

PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h vomsmania.cnaf.infn.it password 'new-password'

Alternatively you can run:
/usr/bin/mysql_secure_installation

which will also give you the option of removing the test
databases and anonymous user created by default.  This is
strongly recommended for production servers.

See the manual for more instructions.

You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &

You can test the MySQL daemon with mysql-test-run.pl
cd mysql-test ; perl mysql-test-run.pl

Please report any problems with the /usr/bin/mysqlbug script!

The latest information about MySQL is available on the web at
http://www.mysql.com
Support MySQL by buying support/licenses at http://shop.mysql.com
                                                           [  OK  ]
Starting MySQL:                                            [  OK  ]

  • define the password for root user:
# /usr/bin/mysqladmin -u root password qualcosa;
Make sure that the MySQL administrator password that you specify in the YAIM VOMS configuration files matches the password that is set for the root MySQL account

site-info.def

MYSQL_PASSWORD=qualcosa
SITE_NAME=INFN-CNAF
BDII_DELETE_DELAY=0
VOS="icarus-exp.org"

services/glite-voms

# VOMS server hostname
VOMS_HOST=vomsmania.cnaf.infn.it

# The port on the VOMS server listening for request for each VO
# This is used in the vomses configuration file
# By convention, port numbers are allocated starting with 15000

VO_ICARUS_EXP_ORG_VOMS_PORT=15000

# Database name to be used to store VOMS information.
# Required on oracle installations, refers to the tns alias associated with the db.
#VO_<vo_name>_VOMS_DB_NAME=db_name

VO_ICARUS_EXP_ORG_VOMS_DB_NAME=voms_icarusexp_org

# Name of database user.
#VO_<vo_name>_VOMS_DB_USER=user_name

VO_ICARUS_EXP_ORG_VOMS_DB_USER=vo_adm

# Password of database user account.
#VO_<vo_name>_VOMS_DB_USER_PASSWORD=password

VO_ICARUS_EXP_ORG_VOMS_DB_PASS=qualcosa

# Hostname of the database server. Put 'localhost'
# if you run the database on the same machine.
# This parameter can be specified per VO in the following way:
# VO_<vo_name>_VOMS_DB_HOST
VOMS_DB_HOST='localhost'

# Host to which voms-admin-service-generated emails should
# be submitted. Use 'localhost' if you have an fully configured SMTP
# server running on this host. Otherwise specify the hostname of a working
# SMTP submission service.
# This parameter can be specified per VO in the following way:
# VO_<vo_name>_VOMS_ADMIN_SMTP_HOST
VOMS_ADMIN_SMTP_HOST=postino.cnaf.infn.it

# E-mail address that is used to send notification mails
# from the VOMS-admin.
# This parameter can be specified per VO in the following way:
# VO_<vo_name>_VOMS_ADMIN_MAIL
#VOMS_ADMIN_MAIL=mail

VO_ICARUS_EXP_ORG_VOMS_ADMIN_MAIL=indirizzo

# The path of the certificate file (in pem format) of an initial VO administrator.
# The VO will be set up so that this user has full VO administration
# privileges.
# Uncomment this variable if you want to set up an initial VO administrator.
# This parameter can be specified per VO in the following way:
# VO_<vo_name>_VOMS_ADMIN_CERT
# VOMS_ADMIN_CERT=user_certificate
VOMS_ADMIN_CERT=/root/qualcuno.pem

# The UNIX group that Tomcat is run under
# voms admin default is tomcat 5
# VOMS_ADMIN_TOMCAT_GROUP=new_value

# The UNIX group that the VOMS core service is run under
# voms admin default is voms
# VOMS_ADMIN_VOMS_GROUP=new_value


-- AlessandroPaolini - 2012-02-29

Edit | Attach | PDF | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | More topic actions...
Topic revision: r4 - 2012-03-02 - AlessandroPaolini
 
  • Edit
  • Attach
This site is powered by the TWiki collaboration platformCopyright © 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback