(r18) EntryDescriptionNo37 < Main

Tags: , view all tags
---+ Instalacao do novo Computer Element
---++Sistema Operacional
<pre>
[root@sprace ~]# vim /etc/hosts
192.168.1.152   osg-ce.grid     osg-ce
[root@sprace ~]# vim /etc/dhcpd.conf
host osg-ce
{
        hardware ethernet 00:30:48:89:22:88;
        fixed-address osg-ce;
        filename "/tftpboot/pxelinux.0";
}
[root@sprace ~]# vim /tftpboot/pxelinux.cfg/default
    append ks=nfs:192.168.1.200:/export/linux/kickstart/ks_osgce_instalar.cfg initrd=initrd.img  devfs=nomount ksdevice=eth0
[root@sprace ~]# cp /export/linux/kickstart/ks_osgse_instalar.cfg /export/linux/kickstart/ks_osgce_instalar.cfg
[root@sprace ~]# vim /export/linux/kickstart/ks_osgce_instalar.cfg

</pre>
Configurar como esta no arquivo anexo:
 * [[%ATTACHURL%/ks_osgce_instalar.cfg][ks_osgce_instalar.cfg]]: Kickstart para instala a OSG-CE
<pre>
[root@sprace ~]# /etc/init.d/dhcpd start
[root@sprace ~]# /etc/init.d/xinetd restart
</pre>
Mudando na spgrid temporariamente o DNS
<pre>
[root@spgrid ~]# vim /var/named/chroot/var/named/80.136.200.in-addr.arpa.zone
                                       2008012201 ; Serial
25      IN      PTR     osg-ce1.
[root@spgrid ~]# vim /var/named/chroot/var/named/sprace.org.br.zone
                                      2008012201 ; Serial
osg-ce1         IN      A       200.136.80.25
[root@spgrid ~]# /etc/init.d/named restart
</pre>
Ja no terminal da maquina
<pre>
[root@osg-ce ~]# mkdir /opt/scratch/
[root@osg-ce ~]# ln -s  /opt/scratch/ /scratch
[root@osg-ce ~]# ln -s /opt  /usr/local/opt
[root@osg-ce ~]# ln -s /home/ /usr/local/home
[root@osg-ce ~]# rpm -Uvh ftp://ftp.scientificlinux.org/linux/scientific/4x/i386/misc/RPMS/yum-conf-latest.SL.noarch.rpm; yum -y clean all; yum -y  update yum; yum -y update
</pre>
---++Configuracao do NIS
<pre>
[root@osg-ce ~]# yum install ypserv
[root@osg-ce ~]# vim /etc/nsswitch.conf
passwd:     files nis
shadow:     files nis
group:      files nis
protocols:  files nis
services:   files nis
netgroup:   files nis
automount:  files nis
aliases:    files nis
[root@osg-ce ~]# vim /etc/yp.conf
domain grid server 192.168.1.152

[root@osg-ce ~]# vim /etc/xinetd.d/time
        disable         = no
[root@osg-ce ~]# vim /etc/xinetd.d/time-udp
        disable         = no
[root@osg-ce ~]# chkconfig xinetd on
[root@osg-ce ~]# chkconfig ypserv on
[root@osg-ce ~]# chkconfig portmap on
[root@osg-ce ~]# chkconfig yppasswdd on
[root@osg-ce ~]# domainname grid
[root@osg-ce ~]# /usr/lib/yp/ypinit -m
[root@osg-ce ~]# service xinetd start
[root@osg-ce ~]# service portmap start
[root@osg-ce ~]# service ypserv start
[root@osg-ce ~]# service yppasswdd start
</pre>
Na spgrid
<pre>
[root@spgrid ~]#  scp /etc/passwd /etc/shadow /etc/group /etc/gshadow root@osg-ce.sprace.org.br:/etc/.
</pre>
Novamente
<pre>
[root@osg-ce ~]# cd /var/yp/
[root@osg-ce yp]# make
</pre>
Verifique se ele esta escutando
<pre>
[root@osg-ce ~]# rpcinfo -u localhost ypserv
</pre>
Em outra maquina sem jobs do cluster, teste
<pre>
[root@node84 ~]# vim /etc/yp.conf
ypserver 192.168.1.152
[root@node84 ~]# /etc/init.d/ypbind restart
[root@node84 ~]# rpcinfo -u localhost ypbind
[root@node84 ~]# ypcat passwd
</pre>
Copiando o home dos usuários da spgrid
<pre>
[root@spgrid ~]# scp -pr /home/* osg-ce.sprace.org.br:/home/.
</pre>
---++ Configuração do NFS
Da spgrid
<pre>
[root@spgrid ~]# scp /etc/hosts.allow osg-ce.sprace.org.br:/etc/.
</pre>
Principalmente a linha 
<pre>
192.168.1.              \
</pre>
Feito isso:
<pre>
[root@osg-ce ~]# vim /etc/exports 
/usr/local/home          192.168.1.0/24(rw,async,no_root_squash)
/usr/local/opt/OSG       192.168.1.0/24(rw,async,no_root_squash)
[root@osg-ce ~]# chkconfig nfs on
[root@osg-ce ~]# service nfs start
</pre>
De um nó qualquer
<pre>
[root@node84 ~]# mount 192.168.1.152:/usr/local/home teste
</pre>
---+++ Configuração do NTP
<pre>
[root@osg-ce ~]# vim /etc/ntp.conf
#Permite acesso ao servidor para sincronizar mas nao permite modificacoes no servico
restrict default nomodify notrap noquery
# Permite acesso completo para a interface local
restrict 127.0.0.1
# Libera acesso a minha rede local
  restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
#Nosso servidor
server pcdsh05.on.br
server ntp.cais.rnp.br
server ntp.puc-rio.br
server ntp1.pucpr.br
server ntp.pop-rs.rnp.br

driftfile /var/lib/ntp/drift
</pre>
Para ver as permissões:
<pre>
[root@osg-ce ~]# ntpdc -nc reslist
   address          mask            count        flags
=====================================================================
0.0.0.0         0.0.0.0               886  noquery, nomodify, notrap
127.0.0.1       255.255.255.255         1  none
127.0.0.1       255.255.255.255         0  ntpport, interface, ignore
192.168.1.152   255.255.255.255         0  ntpport, interface, ignore
200.136.80.25   255.255.255.255         0  ntpport, interface, ignore
::              ::                      0  none

</pre>
Para ver o status do servidor:
<pre>
[root@osg-ce ~]#  ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
+b.ntp.br        200.160.7.186    2 u  243 1024  377  162.219   -7.703   0.657
*a.ntp.br        200.160.7.192    2 u  270 1024  377  152.367  -10.902   1.354
+titan.cais.rnp. 69.100.142.49    2 u  728 1024   77   13.516   32.667   1.149
 LOCAL(0)        LOCAL(0)        10 l   47   64  377    0.000    0.000   0.004

</pre>
Feito isso
<pre>
[root@osg-ce ~]# service ntpd start
[root@osg-ce ~]# chkconfig ntpd on
</pre>
De uma maquina qualquer
<pre>
[root@node84 ~]# ntpdate -d  192.168.1.152
</pre>
---++Configuração do DNS(chrooted)
<pre>
[root@osg-ce ~]# vim /var/named/chroot/etc/named.conf
//Dominio sprace.org.br
zone "sprace.org.br" IN{
        type master;
        file "sprace.org.br.zone";
        allow-update { none; };
};
//Dominio Reverso da sprace.org.br
zone "80.136.200.in-addr.arpa" IN{
        type master;
        file "80.136.200.in-addr.arpa.zone";
        allow-update { none; };
};
//Dominio Grid
zone "grid" IN{
        type master;
        file "grid.zone";
        allow-update { none; };
};
//Dominio reverso grid
zone "1.168.192.in-addr.arpa" IN{
        type master;
        file "1.168.192.in-addr.arpa.zone";
        allow-update { none; };
};
[root@osg-ce ~]# vim /var/named/chroot/var/named/sprace.org.br.zone
$TTL    86400
;Nome do servidor e e-mail do administrador
@       IN      SOA   osg-ce1.sprace.org.br. root.osg-ce1.sprace.org.br.   (

                                      2008012201 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum
;Especificando o servidor de nomes
@       IN      NS      osg-ce1.sprace.org.br.
;Especificando o servidor de e-mails
@       IN      MX      5       osg-ce1.sprace.org.br.
;adicionando endereços
osg-ce          IN      A       200.136.80.4
access          IN      A       200.136.80.3
osg-se          IN      A       200.136.80.27
ftp-01          IN      A       200.136.80.14
osg-ce1      IN      A         200.136.80.25
;Adicionando o servidor www
www     IN      CNAME           access
[root@osg-ce ~]# vim /var/named/chroot/var/named/grid.zone
$TTL    86400
@       IN      SOA     osg-ce.grid. root.osg-ce.grid.  (
                                     2008011901 ; Serial
                                      8H      ; Refresh
                                      2H      ; Retry
                                      1W    ; Expire
                                      1D )    ; Minimum
;Servidor de nomes
@       IN      NS      osg-ce.grid.
;Servidor de e-mail
@       IN      MX      0       osg-ce.grid.
;Especificando enderecos
@       IN      A       192.168.1.152 ;(ip do servidor)                  
osg-ce   IN      A       192.168.1.152
;Adicionando apelidos
mail    IN      CNAME   osg-ce 
[root@osg-ce ~]# vim /var/named/chroot/var/named/80.136.200.in-addr.arpa.zone
$TTL    86400
@       IN      SOA   osg-ce1.sprace.org.br. root.osg-ce1.sprace.org.br.   (
                                      2008012201 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum
;Especificando o servidor de nomes
@       IN      NS      osg-ce1.sprace.org.br.
;Adicionando os enderecos reversos
3       IN      PTR     access.sprace.org.br.
4       IN      PTR     osg-ce.
14      IN      PTR     ftp-01.
27      IN      PTR     osg-se.
25      IN      PTR     osg-ce1.
[root@osg-ce ~]# vim /var/named/chroot/var/named/1.168.192.in-addr.arpa.zone
$TTL    86400
@       IN      SOA     osg-ce.grid. root.osg-ce.grid.  (
                                      2008011901 ; Serial
                                      8H      ; Refresh
                                      2H      ; Retry
                                      1W    ; Expire
                                      1D )    ; Minimum
;Especificando o servidor de nomes
@               IN      NS      osg-ce.grid.
;Adicionando endereços reversos
152             IN      PTR     osg-ce.grid.
[root@osg-ce ~]# chkconfig named on
</pre>
Testando em um nó
<pre>
[root@node84 ~]# vim /etc/resolv.conf
nameserver 192.168.1.152
</pre>
---++ Monitoramento do Ganglia
<pre>
[root@osg-ce ~]# wget http://dag.wieers.com/rpm/packages/rrdtool/rrdtool-1.0.50-3.el4.rf.i386.rpm
[root@osg-ce ~]# rpm -ivh rrdtool-1.0.50-3.el4.rf.i386.rpm 
[root@osg-ce tmp]# wget http://downloads.sourceforge.net/ganglia/ganglia-3.0.6-1.src.rpm?modtime=1197841780&big_mirror=0
[root@osg-ce ~]# cd /tmp/
[root@osg-ce tmp]# rpm -i /root/ganglia-3.0.6-1.src.rpm 
[root@osg-ce tmp]# cd /usr/src/redhat/SPECS
[root@osg-ce SPECS]# rpmbuild -ba --target noarch ganglia.spec
</pre>
Instalar dependências
<pre>
[root@osg-ce SPECS]# cd /root/
[root@osg-ce ~]# wget http://dag.wieers.com/rpm/packages/rrdtool/rrdtool-devel-1.0.50-3.el4.rf.i386.rpm
[root@osg-ce ~]# rpm -ivh rrdtool-devel-1.0.50-3.el4.rf.i386.rpm
[root@osg-ce ~]# yum install libart_lgpl-devel libpng-devel
[root@osg-ce ~]# cd /usr/src/redhat/SPECS
[root@osg-ce SPECS]# rpmbuild -ba --target noarch ganglia.spec
[root@osg-ce SPECS]# rpmbuild -ba --target i686 ganglia.spec
[root@osg-ce SPECS]# cd /usr/src/                                               
[root@osg-ce src]# rpm -ivh */RPMS/*/ganglia-gmetad-*rpm
[root@osg-ce src]# yum install php-gd.i386
[root@osg-ce src]# rpm -i */RPMS/*/ganglia-web*rpm
[root@osg-ce src]# chkconfig --level 345 gmetad on
[root@osg-ce src]# chkconfig httpd on
</pre>
Configurando o gmond
<pre>
[root@osg-ce src]# mount -t nfs 192.168.1.200:/export /teste;
[root@osg-ce src]# cd /teste
[root@osg-ce teste]# rpm -ivh ganglia-monitor-core-gmond-2.5.4-8.i386.rpm 
[root@osg-ce teste]# cd
[root@osg-ce ~]# umount /teste/
[root@osg-ce ~]# rmdir /teste/
[root@osg-ce ~]# vim /etc/gmond.conf
name "SPGRID Cluster"
owner "SPRACE-HEP"
url "http://osg-ce1.sprace.org.br/"
trusted_hosts 200.136.80.25
num_nodes  86
setuid ganglia
location "0,3,0"
</pre>
---++ Obter Certificado
<pre>
[root@osg-ce ~]# mkdir /OSG
[root@osg-ce ~]# mount 192.168.1.150:/usr/local/opt/OSG /OSG/
[root@osg-ce ~]# ln -s /OSG/ /usr/local/opt/OSG
[root@osg-ce ~]# . /OSG/setup.sh
[root@osg-ce ~]# cd $VDT_LOCATION
[root@osg-ce OSG]# source  ./setup.sh
[root@osg-ce ~]# date
Thu Jan 17 09:01:07 BRST 2008
[root@osg-ce OSG]# cd /root/
[root@osg-ce ~]# cert-request -ou s -host osg-ce.sprace.org.br -dir . -label osg-ce  -agree  -email mdias1@ift.unesp.br  -phone +55.11.XXXXXX -reason "Instaling a new Computer Element head node for SPRACE site"  -name "Marco Dias"
Choose a registration authority to which you are affiliated.
osg
Choose a virtual organization under your OSG affiliation:
dosar
</pre>
Recebido o e-mail com o certificado
<pre>
[root@osg-ce ~]# . /OSG/setup.sh
[root@osg-ce ~]# cert-retrieve  -certnum XXXX -label osg-ce -dir . -prefix osg-ce.sprace.org.br
[root@osg-ce ~]# mv osg-ce.sprace.org.brcert.pem /etc/grid-security/hostcert.pem
[root@osg-ce ~]# mv osg-ce.sprace.org.brkey.pem /etc/grid-security/hostkey.pem 
[root@osg-ce ~]# chmod 400 /etc/grid-security/hostkey.pem
[root@osg-ce ~]# chmod 444 /etc/grid-security/hostcert.pem

</pre>
---++Firewall 
Não dá para mostrar as regras aqui!! Logo o procedimento será
<pre>
[root@spgrid ~]# scp /etc/init.d/firewall osg-ce.sprace.org.br:/etc/init.d/.
</pre>
e na osg-ce
<pre>
CORPIF="eth1"
CORPIP="200.136.80.25"
SERVICEIF="eth0"
SERVICEIP="192.168.1.152"
[root@osg-ce ~]# chkconfig firewall on
</pre>
O teste é feito em um node qualquer
<pre>
[root@node84 ~]# more /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=node84
GATEWAY=192.168.1.152
NISDOMAIN=grid
[root@node84 ~]# /etc/init.d/network restart
[root@node84 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth1
0.0.0.0         192.168.1.152   0.0.0.0         UG    0      0        0 eth1
</pre>
---++ Instalacão do OSG
---+++Instalacao do PACMAN
<pre>
[root@osg-ce ~]# cd /opt/
[root@osg-ce opt]# wget http://physics.bu.edu/pacman/sample_cache/tarballs/pacman-latest.tar.gz
[root@osg-ce opt]# tar --no-same-owner -xzvf  pacman-latest.tar.gz
[root@osg-ce opt]# cd pacman-3.21
[root@osg-ce pacman-3.21]# source setup.sh
</pre>
---++ Preparacão 
<pre>
[root@osg-ce ~]# mkdir /opt/osg-0.8.0
[root@osg-ce ~]# ln -s /opt/osg-0.8.0/ /OSG/
[root@osg-ce ~]# . /opt/pacman-3.21/setup.sh
[root@osg-ce ~]# cd /opt/osg-0.8.0/
[root@osg-ce ~]#  pacman -get OSG:ce
[root@osg-ce ~]# cd /OSG/
[root@osg-ce OSG]# source setup.sh
[root@osg-ce OSG]# pacman -get OSG:Globus-Condor-Setup
[root@osg-ce OSG]# pacman -get  OSG:ManagedFork
[root@osg-ce OSG]# $VDT_LOCATION/vdt/setup/configure_globus_gatekeeper --managed-fork y --server y
</pre>
---++ Post Install
<pre>
[root@osg-ce1 ~]# visudo
Runas_Alias GLOBUSUSERS = ALL, !root
globus ALL=(GLOBUSUSERS) \
       NOPASSWD: /opt/osg-0.8.0/globus/libexec/globus-gridmap-and-execute \
       -g /etc/grid-security/grid-mapfile \
       /opt/osg-0.8.0/globus/libexec/globus-job-manager-script.pl *
globus ALL=(GLOBUSUSERS) \
       NOPASSWD: /opt/osg-0.8.0/globus/libexec/globus-gridmap-and-execute \
       -g /etc/grid-security/grid-mapfile \
       /opt/osg-0.8.0/globus/libexec/globus-gram-local-proxy-tool *
[root@osg-ce1 ~]# . /OSG/setup.sh
[root@osg-ce1 ~]# $VDT_LOCATION/vdt/setup/configure_monalisa --prompt
monalisa
SPRACE
OSG
[root@osg-ce1 ~]# vim $VDT_LOCATION/MonaLisa/Service/VDTFarm/ml.properties
MonaLisa.Location=Sao Paulo
MonaLisa.Country=Brazil
MonaLisa.LAT=-23.5592
MonaLisa.LONG=-46.7358
[root@osg-ce1 ~]#vdt-register-service --name MLD --enable
[root@osg-ce1 ~]# cd /etc/grid-security/
[root@osg-ce1 grid-security]# cp hostkey.pem containerkey.pem
[root@osg-ce1 grid-security]# cp hostcert.pem containercert.pem
[root@osg-ce1 grid-security]# chown globus: containerkey.pem containercert.pem
[root@osg-ce1 grid-security]# cp /opt/osg-0.8.0/post-install/gsi-authz.conf /etc/grid-security/.
[root@osg-ce1 grid-security]# cp /opt/osg-0.8.0/post-install/prima-authz.conf /etc/grid-security/.
[root@osg-ce1 ~]# . /OSG/setup.sh 
[root@osg-ce1 ~]#  /opt/osg-0.8.0/vdt/sbin/vdt-register-service -name
gums-host-cron --enable
vdt-register-service: updated cron service 'gums-host-cron'
vdt-register-service: desired state = enable
vdt-register-service: cron time     = '12 6,12,18,0 * * *'
vdt-register-service: cron command  =
'/opt/osg-0.8.0/gums/scripts/gums-host-cron'
[root@osg-ce1 ~]#  /opt/osg-0.8.0/vdt/sbin/vdt-control --on gums-host-cron
enabling cron service gums-host-cron... no crontab for root
ok

</pre>
Pedindo o certificado para o apache
<pre>
[mdias@spgrid ~]$ . /OSG/setup.sh
[mdias@spgrid ~]$ cert-request -ou s -dir . -host osg-ce.sprace.org.br
-service http -label osg-ce.http
[mdias@spgrid ~]$ . /OSG/setup.sh
[mdias@spgrid ~]$  cert-retrieve  -certnum 21546  -dir . -label osg-ce.http
 using CA doegrids
Checking that the usercert and ./osg-ce.httpkey.pem match
writing RSA key
./usercert.pem and ./userkey.pem now contain your Globus credential
[mdias@spgrid ~]$ scp usercert.pem userkey.pem osg-ce1.sprace.org.br:/home/mdias/.
[root@osg-ce1 mdias]#  mkdir /etc/grid-security/http 
[root@osg-ce1 mdias]# cp ./usercert.pem /etc/grid-security/http/httpcert.pem 
[root@osg-ce1 mdias]# cp ./userkey.pem /etc/grid-security/http/httpkey.pem 
[root@osg-ce1 mdias]# chmod 444 /etc/grid-security/http/httpcert.pem 
[root@osg-ce1 mdias]# chmod 400 /etc/grid-security/http/httpkey.pem 
[root@osg-ce1 mdias]# chown -R daemon.daemon /etc/grid-security/http 
</pre>
E finalmente
<pre>
[root@osg-ce1 ~]# hostname osg-ce.sprace.org.br
[root@osg-ce1 ~]#vdt-control --on
</pre>
---++TODO List:
   -trocar hostname e IP no /etc/sysconfig/network para o mesmo da spgrid

   -colocar o IP 192.168.1.150 no lugar de 192.168.1.152 no /etc/sysconfig/network/ifcfg-ethX

   -Trocar as interfaces de rede para ficar padrão