Instalacao do novo dCache-admin
Description
Instalacão do Sistema Operacional
Primeiro criamos o mirror para a instalacao, na sprace:
[root@sprace ~]# mkdir /export/linux/SL_45_i386
[root@sprace ~]# cd
[root@sprace ~]# vim download.verbose
set ftp:list-options -a
open ftp.scientificlinux.org/linux/scientific/45/i386
lcd /export/linux/SL_45_i386
mirror --delete --exclude sites/Fermi --exclude errata/debuginfo --exclude errata/obsolete --verbose=4
quit
[root@sprace ~]# nohup lftp -f download.verbose &
Para fazer a instalacao via rede, precisamos configurar o dhcp:
[root@sprace ~]# vim /etc/hosts
192.168.1.151 osg-se.grid osg-se
[root@sprace ~]# vim /etc/dhcpd.conf
ddns-update-style none;
option space PXE;
option PXE.mtftp-ip code 1 = ip-address;
option PXE.mtftp-cport code 2 = unsigned integer 16;
option PXE.mtftp-sport code 3 = unsigned integer 16;
option PXE.mtftp-tmout code 4 = unsigned integer 8;
option PXE.mtftp-delay code 5 = unsigned integer 8;
option PXE.discovery-control code 6 = unsigned integer 8;
option PXE.discovery-mcast-addr code 7 = ip-address;
# PXE specific options
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) =
"PXEClient";
option vendor-class-identifier "PXEClient";
vendor-option-space PXE;
option PXE.mtftp-ip 0.0.0.0;
}
subnet 200.136.80.0 netmask 255.255.255.0
{
}
subnet 192.168.1.0 netmask 255.255.255.0 {
deny unknown-clients;
min-lease-time 300;
default-lease-time 1800;
max-lease-time 1800;
use-host-decl-names on;
option subnet-mask 255.255.255.0;
option routers 192.168.1.200;
host osg-se
{
hardware ethernet 00:30:48:89:5D:40;
fixed-address osg-se;
filename "/tftpboot/pxelinux.0";
}
}
[root@sprace ~]# /etc/init.d/dhcpd start
e o tftpd
[root@sprace ~]# cp /export/linux/SL_45_i386/isolinux/vmlinuz /tftpboot/.
[root@sprace ~]# cp /export/linux/SL_45_i386/isolinux/initrd.img /tftpboot/.
[root@sprace ~]# vim /tftpboot/pxelinux.cfg/default
#SERIAL 1 19200
# Mensagem a ser apresentada
DISPLAY msgs/message.txt
# timeout de espera
TIMEOUT 100
# Sempre mostrar o prompt
PROMPT 1
# Default e' realizar o boot normal
DEFAULT linux
LABEL linux
kernel vmlinuz
append ks=nfs:192.168.1.200:/export/linux/kickstart/ks_osgse_instalar.cfg initrd=initrd.img devfs=nomount ksdevice=eth0
#console=ttyS1,19200
LABEL boot
LOCALBOOT 0
[root@sprace ~]# /etc/init.d/xinetd restart
A instalacao é feita usando o seguinte kickstart anexo no
[root@sprace ~]# less /export/linux/kickstart/ks_osgse_instalar.cfg
Post-Install
Após a instalacão foram feitos alguns ajustes
[root@osg-se ~]# echo "/osg-se /etc/auto.osg-se --timeout=30" >> /etc/auto.master
[root@osg-se ~]# echo "OSG -rw,soft,bg,rsize=8192,wsize=8192,tcp spg00:/OSG" >/etc/auto.osg-se
[root@osg-se ~]# mkdir /osg-se
[root@osg-se ~]# chmod 775 /osg-se/
[root@osg-se ~]# ln -s /osg-se/OSG /OSG
[root@osg-se ~]# ln -s /osg-se/OSG /usr/local/opt/OSG
[root@osg-se ~]# chkconfig autofs on
Remova a linha mcast_if eth1 do /etc/gmond se a rede interna for conectada a eth0, como é o caso.
Com a última upgrade do gmetad da spgrid há um problema com as permissões quanto a insercão de máquinas novas no cluster. Isso foi resolvido na spgrid da seguinte forma:
[root@spgrid ~]# echo "192.168.1.151 osg-se.grid osg-se">>/etc/hosts
[root@spgrid ~]# cd /var/lib/ganglia/rrds/SPGRID\ Cluster/
[root@spgrid SPGRID Cluster]# /etc/init.d/gmond stop; /etc/init.d/gmetad stop
[root@spgrid SPGRID Cluster]# cp -rpf node86.grid/ osg-se.grid
[root@spgrid SPGRID Cluster]# /etc/init.d/gmetad start; /etc/init.d/gmond start
[root@spgrid SPGRID Cluster]# tail -f /var/log/messages
Instalacao do java
[root@osg-se ~]# wget http://www.java.net/download/jdk6/6u2/promoted/b02/binaries/jdk-6u2-ea-bin-b02-linux-i586-12_apr_2007-rpm.bin
[root@osg-se ~]# chmod 755 jdk-6u2-ea-bin-b02-linux-i586-12_apr_2007-rpm.bin
[root@osg-se ~]# ./jdk-6u2-ea-bin-b02-linux-i586-12_apr_2007-rpm.bin
[root@osg-se etc]# updatedb; locate javac |grep bin
[root@osg-se ~]# cd /etc/
[root@osg-se etc]# vim profile
export JAVA_HOME=/usr/java/jdk1.6.0_02
[root@osg-se ~]# java -version
java version "1.6.0_02-ea"
Java(TM) SE Runtime Environment (build 1.6.0_02-ea-b02)
Java HotSpot(TM) Server VM (build 1.6.0_02-ea-b02, mixed mode)
[root@osg-se alternatives]# cd
[root@osg-se ~]# cd /etc/alternatives/
[root@osg-se alternatives]# ls -al java
lrwxrwxrwx 1 root root 35 Jan 8 09:59 java -> /usr/lib/jvm/jre-1.4.2-sun/bin/java
[root@osg-se alternatives]# rm -rf java
[root@osg-se alternatives]# ln -s /usr/java/jdk1.6.0_02/bin/java java
Instalação do Postgresql
Baixando:
[root@osg-se ~]# cd /tmp/
[root@osg-se tmp]# wget ftp://ftp.postgresql.org/pub/latest/postgresql-8.2.5.tar.bz2
[root@osg-se tmp]# tar -xjvf postgresql-8.2.5.tar.bz2
[root@osg-se tmp]# cd postgresql-8.2.5/
[root@osg-se postgresql-8.2.5]# ./configure --prefix=/usr/local/pgsql --bindir=/usr/bin --sysconfdir=/etc/postgres
[root@osg-se postgresql-8.2.5]# gmake
[root@osg-se postgresql-8.2.5]# gmake install
Criando usuário e grupo
[root@osg-se postgresql-8.2.5]# groupadd postgres
[root@osg-se postgresql-8.2.5]# adduser -g postgres postgres
Criando diretorio para os dados
[root@osg-se postgresql-8.2.5]# mkdir /usr/local/pgsql/data
[root@osg-se postgresql-8.2.5]# chown postgres:postgres /usr/local/pgsql/data
Inicializando o banco
[root@osg-se postgresql-8.2.5]# su - postgres
[postgres@osg-se ~]$ initdb -D /usr/local/pgsql/data
Rodando em segundo plano e gravando os logs
[postgres@osg-se ~]$ postmaster -D /usr/local/pgsql/data >> /usr/local/pgsql/data/logfile &
Criando a base de dados e testando
[postgres@osg-se ~]$ createdb test
[postgres@osg-se ~]$ psql test
\q
Para ja rodar no boot da maquina
[root@osg-se ~]# vim /etc/init.d/postgresql
#! /bin/sh
#chkconfig:2345 90 10
#description: PostgreSQL
#onde foi instalado
prefix=/usr/local/pgsql
#diretorio de dados
PGDATA="/usr/local/pgsql/data"
#para rodar pg_ctl deve ser postgres
PGUSER=postgres
#onde manter o arquivo de log
PGLOG="/usr/local/pgsql/data/logfile "
####################################
if echo 'c'|grep -s c> /dev/null 2>&1; then
ECHO_N="echo -n"
ECHO_C=""
else
ECHO_N="echo"
ECHO_C='c'
fi
#Caminho usado pelo script
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
#o que usar para startar o postmaster
DAEMON="/usr/bin/pg_ctl"
set -e
#somente inicia se pode achar pg_ctl
test -f $DAEMON ||exit 0
# comandos
case $1 in
start)
$ECHO_N "Iniciando PostgreSQL:"$ECHO_C
su -l $PGUSER -s /bin/sh -c "$DAEMON -D '$PGDATA' -o -"i" -l $PGLOG start"
echo "ok"
;;
stop)
echo -n "Parando PostgreSQL: "
su - $PGUSER -c "$DAEMON stop -D '$PGDATA' -s -m fast"
echo "ok"
;;
restart)
echo -n "Reiniciando PostgreSQL: "
su - $PGUSER -c "$DAEMON restart -D '$PGDATA' -s -m fast"
echo "ok"
;;
status)
su - $PGUSER -c "$DAEMON status -D '$PGDATA'"
;;
*)
#exibe ajuda
echo "Modos de uso: postgresql {start|stop|restart|status}" 1>&2
exit 1
;;
esac
exit 0
[root@osg-se ~]# chmod a+x /etc/init.d/postgresql
[root@osg-se ~]# chkconfig --add postgresql
Instalando o JDBC: primeiro instalamos o driver
[root@osg-se ~]# mkdir /usr/local/pgsql/share/java
[root@osg-se ~]# cd /usr/local/pgsql/share/java
[root@osg-se java]# wget http://jdbc.postgresql.org/download/postgresql-8.2-507.jdbc4.jar
[root@osg-se java]# mv postgresql-8.2-507.jdbc4.jar postgresql.jar
[root@osg-se java]# vim /etc/profile
export CLASSPATH=/usr/local/pgsql/share/java/postgresql.jar:$CLASSPATH
[root@osg-se java]# vim /usr/local/pgsql/data/postgresql.conf
listen_addresses = '*'
[root@osg-se java]# vim /usr/local/pgsql/data/pg_hba.conf
host all all 200.136.80.0 255.255.255.0 trust
[root@osg-se java]# /etc/init.d/postgresql restart
Testando
[root@osg-se ~]# vim pgdbping.java
// -- begin
/*
** pgdbping.java - programa para testar uma conexo jdbc com PostGRES
**
** Elielson - 24.07.2002
*/
import java.sql.*;
class pgdbping {
public static void main(String args[]) {
try {
Class.forName("org.postgresql.Driver");
Connection con;
if ( args.length != 3 )
{
String
url =
"jdbc:postgresql://200.136.80.27/test", user = "postgres", password="";
System.out.println("Uso: java dbping URL user password");
System.out.println("URL jdbc:postgresql://host:port/dbname");
System.out.println("Vou usar conexao interna: " + url
+ ", " + user + ", " + "*******");
con = DriverManager.getConnection(url, user, password);
}
else
{
con = DriverManager.getConnection(args[0], args[1], args[2]);
}
System.out.println("Sucesso na conexo!!");
con.close();
}
catch(Exception e) {
System.out.println("Falha na conexao");
e.printStackTrace();
}
}
}
// -- end
[root@osg-se ~]# javac pgdbping.java
[root@osg-se ~]# java pgdbping
verificar os hosts autorizados a rodar isto em /usr/local/pgsql/data/pg_hba.conf
Instalacao do dCache
Devido a nossa configuracão vamos fazer o link do /opt para /usr/local/opt
[root@osg-se ~]# mkdir /usr/local/opt
[root@osg-se ~]# cp -prf /opt/* /usr/local/opt/.
[root@osg-se ~]# rm -rf /opt
[root@osg-se ~]# ln -s /usr/local/opt/ /opt
Baixando os pacotes e inicializando o banco de dados.
[root@osg-se ~]# wget http://cvs.dcache.org/repository/yum/sl3.0.5/i386/RPMS.stable/pnfs-postgresql-3.1.10-3.i386.rpm
[root@osg-se ~]# wget http://www.dcache.org/downloads/1.8.0/dcache-server-1.8.0-8.noarch.rpm
[root@osg-se ~]# wget http://www.dcache.org/downloads/1.8.0/dcache-client-1.8.0-0.noarch.rpm
[root@osg-se ~]# rpm -ivh pnfs-postgresql-3.1.10-3.i386.rpm
[root@osg-se ~]# rpm -ivh dcache-server-1.8.0-8.noarch.rpm
[root@osg-se ~]# rpm -Uvh dcache-client-1.8.0-0.noarch.rpm
[root@osg-se ~]# createuser -U postgres --no-superuser --no-createrole --createdb --pwprompt pnfsserver
[root@osg-se ~]# createuser -U postgres --no-superuser --no-createrole --createdb --pwprompt srmdcache
[root@osg-se ~]# createdb -U srmdcache dcache
[root@osg-se ~]# createdb -U srmdcache companion
[root@osg-se ~]# psql -U srmdcache companion -f /opt/d-cache/etc/psql_install_companion.sql
[root@osg-se ~]# createdb -U srmdcache replicas
[root@osg-se ~]# psql -U srmdcache replicas -f /opt/d-cache/etc/psql_install_replicas.sql
[root@osg-se ~]# createdb -U srmdcache billing
Configurando o pnfs
[root@osg-se ~]# cd /opt/pnfs
[root@osg-se pnfs]# cp etc/pnfs_config.template etc/pnfs_config
[root@osg-se pnfs]# vim etc/pnfs_config
[root@osg-se pnfs]# /opt/pnfs/install/pnfs-install.sh
[root@osg-se pnfs]# cp /opt/pnfs/bin/pnfs /etc/init.d/.
[root@osg-se pnfs]# chkconfig --add pnfs
[root@osg-se pnfs]# chkconfig pnfs on
[root@osg-se ~]# service pnfs start
Configurando para que os clientes 200.136.80. possam fazer a montagem pnfs e setando a segurança
[root@osg-se ~]# cd /pnfs/fs/admin/etc/exports
[root@osg-se exports]# touch 255.255.255.0..200.136.80.0
[root@osg-se exports]# echo "/pnfs /0/root/fs/usr 30 nooptions" >>255.255.255.0..200.136.80.0
[root@osg-se exports]# echo "/pnfsdoors /0/root/fs/usr/ 30 nooptions" >>255.255.255.0..200.136.80.0
[root@osg-se exports]# touch trusted/200.136.80.10
[root@osg-se exports]# echo "15" >> trusted/200.136.80.10
[root@osg-se exports]# echo "15" >> trusted/200.136.80.5
[root@osg-se exports]# echo "15" >> trusted/200.136.80.5
[root@osg-se exports]# echo "15" >> trusted/200.136.80.27
[root@osg-se ~]# /etc/init.d/pnfs stop
[root@osg-se ~]# /etc/init.d/pnfs start
Testando, de um outro host:
[root@spdc00 mdias]# mount -o intr,rw,noac,hard,vers=2,udp 200.136.80.27:/pnfs /home/mdias/teste
Instalacao do Phedex
Vamos dar uma parada para instalar o Phedex. Primeiro precisamos instalar o glite UI (user interface), para conseguir fazer transferências FTS
[root@osg-se ~]# cd /etc/yum.repos.d/
[root@osg-se yum.repos.d]# wget http://grid-deployment.web.cern.ch/grid-deployment/yaim/repos/glite-UI.repo
[root@osg-se yum.repos.d]# more glite-UI.repo
# This is the official YUM repository string for the glite 3.1 UI
# Fetched from: http://grid-deployment.web.cern.ch/grid-deployment/yaim/repos/glite-UI.repo
# Place it to /etc/yum.repos.d/ and run 'yum update'
[glite-UI]
name=gLite 3.1 User Interface
baseurl=http://linuxsoft.cern.ch/EGEE/gLite/R3.1/glite-UI/sl4/i386/
enabled=1
[root@osg-se yum.repos.d]# vim /etc/yum.repos.d/ca.repo
[CA]
name=CAs
baseurl=http://linuxsoft.cern.ch/LCG-CAs/current
[root@osg-se yum.repos.d]# vim /etc/yum.repos.d/dag.repo
enabled=1
[root@osg-se yum.repos.d]# vim /etc/yum.repos.d/dries.repo
enabled=1
[root@osg-se yum.repos.d]# vim /etc/yum.repos.d/jpackage.repo
[main]
[jpackage17-generic]
name=JPackage 1.7, generic
baseurl=http://mirrors.dotsrc.org/jpackage/1.7/generic/free/
http://sunsite.informatik.rwth-aachen.de/ftp/pub/Linux/jpackage/1.7/generic/freeenabled=1
protect=1
[root@osg-se yum.repos.d]# rpm --import http://www.jpackage.org/jpackage.asc
[root@osg-se yum.repos.d]# yum update
[root@osg-se yum.repos.d]# cd
[root@osg-se ~]# yum install lcg-CA
[root@osg-se ~]# cp /opt/glite/yaim/examples/siteinfo/site-info.def /opt/glite/yaim/etc/.
Colocando uma senha para o mysql
[root@osg-se ~]# /etc/init.d/mysqld start
[root@osg-se ~]# /usr/bin/mysqladmin -u root password 'senha'
Configurar o mysql para só escutar a própria máquina
[root@osg-se ~]# vim /etc/my.cnf
[mysqld]
bind-address=127.0.0.1
[root@osg-se ~]# /etc/init.d/mysqld restart
[root@osg-se ~]# chkconfig mysqld on
Veja se ele esta escutando em
[root@osg-se ~]# netstat -tlnp
[root@osg-se ~]# vim /opt/glite/yaim/etc/site-info.def
MY_DOMAIN=sprace.org.br
CE_HOST=osg-se.$MY_DOMAIN
RB_HOST=osg-se.$MY_DOMAIN
WMS_HOST=osg-se.$MY_DOMAIN
PX_HOST=osg-se.$MY_DOMAIN
BDII_HOST=osg-se.$MY_DOMAIN
MON_HOST=osg-se.$MY_DOMAIN
REG_HOST=osg-se.gridpp.rl.ac.uk
FTS_HOST=osg-se.$MY_DOMAIN
LFC_HOST=osg-se.$MY_DOMAIN
VOBOX_HOST=osg-se.$MY_DOMAIN
LCG_REPOSITORY="baseurl= http://glitesoft.cern.ch/EGEE/gLite/R3.1/glite-UI/sl4/i386/"
REPOSITORY_TYPE="yum"
JAVA_LOCATION="/usr/java/jdk1.6.0_02"
MYSQL_PASSWORD=senha
SITE_NAME=Sao Paulo
SITE_LOC="Sao Paulo, Brazil"
SITE_LAT=23.0 # -90 to 90 degrees
SITE_LONG=46.0 # -180 to 180 degrees
SITE_WEB="http://www.sprace.org.br"
SITE_SUPPORT_SITE="sprace.org"
CE_OS_RELEASE=4.5
DCACHE_POOLS="ftp-01.sprace.org.br:all:/raid2 ftp-01.sprace.org.br:all:/raid3 ftp-01.sprace.org.br:all:/raid4 ftp-01.sprace.org.br:all:/raid5"
DCACHE_ADMIN="osg-se.sprace.org.br"
DCACHE_DOOR_SRM="osg-se.sprace.org.br"
DCACHE_DOOR_GSIFTP="ftp-01.sprace.org.br"
DCACHE_DOOR_GSIDCAP="ftp-01.sprace.org.br"
DCACHE_DOOR_DCAP="ftp-01.sprace.org.br"
DCACHE_PNFS_SERVER="osg-se.sprace.org.br"
configure usando o yam
[root@osg-se ~]# /opt/glite/yaim/bin/yaim -c -s /opt/glite/yaim/etc/site-info.def -n glite-UI
Agora comeca a instalacao do Phedex propriamente
[root@osg-se ~]# groupadd phedex
[root@osg-se ~]# useradd -g phedex phedex
[root@osg-se ~]# su - phedex
[phedex@osg-se ~]$ mkdir -p state logs sw gridcert
[phedex@osg-se ~]$ chmod 700 gridcert
[phedex@osg-se ~]$ export sw=$PWD/sw
[phedex@osg-se ~]$ export version=2_5_4_2
[phedex@osg-se ~]$ export myarch=slc4_ia32_gcc345
[phedex@osg-se ~]$ wget -O $sw/bootstrap-${myarch}.sh http://cmsrep.cern.ch/cmssw/bootstrap-${myarch}.sh
[phedex@osg-se ~]$ sh -x $sw/bootstrap-${myarch}.sh setup -path $sw
[phedex@osg-se ~]$ source $sw/$myarch/external/apt/0.5.15lorg3.2-CMS3/etc/profile.d/init.sh
[phedex@osg-se ~]$ apt-get update
[phedex@osg-se ~]$ apt-get install cms+PHEDEX+PHEDEX_$version
[phedex@osg-se ~]$ rm -f PHEDEX; ln -s $sw/$myarch/cms/PHEDEX/PHEDEX_$version PHEDEX
Da spdc00
[root@spdc00 ~]# cd /home/phedex/
[root@spdc00 phedex]# tar -cjpvf phedex_conf.tar.bz2 SITECONF/SPRACE/PhEDEx/; scp phedex_conf.tar.bz2 200.136.80.27:/home/phedex/. ; rm phedex_conf.tar.bz2
Voltando a osg-se
[phedex@osg-se ~]$ tar -xjvpf phedex_conf.tar.bz2
[phedex@osg-se ~]$ rm phedex_conf.tar.bz2
[phedex@osg-se ~]$ cd SITECONF/SPRACE/PhEDEx/
[phedex@osg-se PhEDEx]$ sed -i 's/2_5_1/2_5_4_2/g' *
[phedex@osg-se PhEDEx]$ sed -i 's/slc3_ia32_gcc323/slc4_ia32_gcc345/g' *
[phedex@osg-se PhEDEx]$ sed -i 's/\/etc\/glite\/profile.d\/glite_setenv.sh/\/opt\/glite\/etc\/profile.d\/grid-env.sh/g' *
[phedex@osg-se PhEDEx]$ cd
[phedex@osg-se ~]$ echo "source /OSG/setup.sh" >>.bashrc
[phedex@osg-se ~]$echo "export X509_USER_PROXY=$HOME/gridcert/proxy.cert">>.bashrc
[phedex@osg-se ~]$ echo "source $HOME/PHEDEX/etc/profile.d/init.sh">>.bashrc [phedex@osg-se ~]$ echo "export PATH=$PATH:$HOME/PHEDEX/Utilities">>.bashrc
[phedex@osg-se ~]$ echo "source /opt/glite/etc/profile.d/grid-env.sh">>.bashrc
[phedex@osg-se ~]$ echo "export PYTHONPATH=$PYTHONPATH:/opt/lcg/lib/python">>.bashrc
[phedex@osg-se ~]$ source $sw/$myarch/cms/PHEDEX/PHEDEX_$version/etc/profile.d/env.sh
[phedex@osg-se ~]$ vim SITECONF/SPRACE/PhEDEx/storage.xml
/pnfs/sprace.org.br/data/cms/phedex_loadtest/
/pnfs/sprace.org.br/data/cms/store/PhEDEx_LoadTest07/LoadTest07_Debug_SPRACE/LoadTest07_SPRACE_$1pnfs/sprace.org.br/data/cms/store/PhEDEx_LoadTest07/LoadTest07_Prod_SPRACE/LoadTest07_SPRACE_$1"/\>
srm://osg-se.sprace.org.br:8443/srm/managerv1?SFN=$1
gsiftp://osg-se.sprace.org.br/$1"
Criação do proxy, valido por um mês:
[mdias@osg-se ~]$ grid-proxy-init -valid 720:00
[mdias@osg-se ~]$ su -
[root@osg-se ~]# cp /tmp/x509up_u`id -u mdias` /home/phedex/gridcert/proxy.cert
[root@osg-se ~]# ls -al /home/phedex/gridcert/proxy.cert
-rw------- 1 phedex phedex 2588 Jan 9 17:53 /home/phedex/gridcert/proxy.cert
Deve ter como proprietario o phedex e ter permissao 600.
Obtenção dos Certificados
[root@osg-se ~]# . /OSG/setup.sh
[root@osg-se ~]# cd $VDT_LOCATION
[root@osg-se OSG]# source ./setup.sh
[root@osg-se OSG]# cd /root/
[root@osg-se ~]# cert-request -ou s -dir . -label osg-se -agree -email mdias1@ift.unesp.br -phone +55.11.XXXXXXX -reason "Instaling a new Storage Element head node for SPRACE site" -name "Marco Dias"
input full hostname: osg-se.sprace.org.br
registration authority: osg
virtual organization: dosar
O pessoal da DOE pediu um e-mail de confirmacao para o requerimento (muitos dias depois..). Na maquina criamos um arquivo texto com a confirmacao message.txt e ela é enviada pela linha de comando:
[mdias@spgrid ~]$ openssl smime -sign -signer ~/.globus/usercert.pem -inkey ~/.globus/userkey.pem -in message.txt | mail -s "DOEGrids
CA - OSG:DOSAR - osg-se.sprace.org.br- Confirmation of Certificate Request in Queue (request id XXXX)" pessoa@alguma.coisa
Feito isso, com o numero recebido por e-mail
[root@osg-se ~]# . /OSG/setup.sh
[root@osg-se ~]# cert-retrieve -certnum XXXXX -label osg-se -dir . -prefix osg-se.sprace.org.br
using CA doegrids
Checking that the usercert and ./osg-sekey.pem match
writing RSA key
./osg-se.sprace.org.brcert.pem and ./osg-se.sprace.org.brkey.pem now contain your Globus credential
[root@osg-se ~]# mv osg-se.sprace.org.brcert.pem osg-se.sprace.org.brkey.pem /etc/grid-security/
[root@osg-se ~]# chmod 444 /etc/grid-security/osg-se.sprace.org.br
[root@osg-se ~]# chmod 400 /etc/grid-security/osg-se.sprace.org.brkey.pem
[root@osg-se ~]# ln -s /etc/grid-security/osg-se.sprace.org.brcert.pem /etc/grid-security/hostcert.pem
[root@osg-se ~]# ln -s /etc/grid-security/osg-se.sprace.org.brkey.pem /etc/grid-security/hostkey.pem
Verifica se esta legivel
openssl x509 -text -noout -in /etc/grid-security/hostcert.pem
Configuracao do dCache
Da spgrid, sera necessário setar o dns para a osg-se temporariamente, e copiar um file
[root@spgrid ~]# scp /etc/grid-security/grid-mapfile 200.136.80.27:/etc/grid-security/grid-mapfile
[root@spgrid ~]# vim /var/named/chroot/var/named/80.136.200.in-addr.arpa.zone
2007121701 ; Serial
27 IN PTR osg-se. <----era 10 anteriormente
[root@spgrid ~]# vim /var/named/chroot/var/named/sprace.org.br.zone
2007121701 ; Serial
osg-se IN A 200.136.80.27 <- era 200.136.80.10
[root@spgrid ~]# /etc/init.d/named restart
Voltando à osg-ce
[root@osg-se ~]# chmod 0644 /etc/grid-security/hostcert.pem
[root@osg-se ~]# chmod 0400 /etc/grid-security/hostkey.pem
[root@osg-se ~]# cd /opt/d-cache/bin
[root@osg-se bin]# wget http://www.atlasgrid.bnl.gov/dcache_admin/pkg/dcache_scripts/grid-mapfile2dcache-kpwd
[root@osg-se bin]# chmod a+x grid-mapfile2dcache-kpwd
[root@osg-se bin]# ./grid-mapfile2dcache-kpwd -g -r /pnfs/fs/usr/data
[root@osg-se bin]# mv dcache.kpwd /opt/d-cache/etc/.
[root@osg-se bin]# cp -p /opt/d-cache/etc/dCacheSetup.template /opt/d-cache/config/dCacheSetup
serviceLocatorHost=osg-se.sprace.org
java="/usr/java/jdk1.6.0_02/bin/java"
useGPlazmaAuthorizationModule=true
useGPlazmaAuthorizationCell=false
OBS: colocando o gplazma dessa forma fez com que o gsidcap tentasse funcionar, como mostra abaixo depois de instalado o d-cache:
[root@osg-se bin]# netstat -tap|grep *:22128
tcp 0 0 *:22128 *:* LISTEN 25642/java
Continuando
[root@osg-se ~]# cp -p /opt/d-cache/etc/node_config.template /opt/d-cache/etc/node_config
[root@osg-se bin]# vim /opt/d-cache/etc/node_config
NODE_TYPE=admin
ADMIN_NODE=osg-se.sprace.org.br
GSIDCAP=yes
DCAP=yes
GRIDFTP=yes
SRM=yes
XROOTD=no
replicaManager=no
infoProvider=yes
statistics=no
gPlazmaService=yes
[root@osg-se bin]#vim /opt/d-cache/etc/dcachesrm-gplazma.policy
saml-vo-mapping="ON"
kpwd="ON"
grid-mapfile="OFF"
gplazmalite-vorole-mapping="OFF"
saml-vo-mapping-priority="1"
kpwd-priority="2"
grid-mapfile-priority="3"
gplazmalite-vorole-mapping-priority="4"
mappingServiceUrl="https://spgrid.if.usp.br:8443/gums/services/GUMSAuthorizationServicePort"
[root@osg-se bin]# more /opt/d-cache/etc/dcache.kpwd|grep sprace.org.br|sed 's/login/authorize/g' > /etc/grid-security/storage-authzdb
[root@osg-se bin]# /opt/d-cache/install/install.sh
O problema com o srm abaixo
[root@osg-se ~]# /opt/d-cache/bin/dcache-core start
Pinging srm server to wake it up, will take few seconds ...
- Unable to find required classes (javax.activation.DataHandler and javax.mail.internet.MimeMultipart). Attachment support is disabled.
foi resolvido da seguinte forma: 1)fazendo o download do
JavaBeans(TM) Activation Framework 1.1.1e do
JavaMail API 1.4.1. 2)unzip
[root@osg-se ~]# mv mail.jar activation.jar /usr/local/pgsql/share/java/.
[root@osg-se ~]# vim /etc/profile
export CLASSPATH=/usr/local/pgsql/share/java/postgresql.jar:/usr/local/pgsql/share/java/mail.jar:/usr/local/pgsql/share/java/activation.jar:$CLASSPATH
A versão do java foi mudada devido a instalacão do tomcat
[root@osg-se ~]# mv /usr/bin/java /usr/bin/java.old
[root@osg-se ~]# ln -s /usr/java/jdk1.6.0_02/bin/java /usr/bin/java
Feito estes devidos ajustes
[root@osg-se ~]# cp /opt/d-cache/bin/dcache-core /etc/init.d/.
[root@osg-se ~]# chkconfig --add dcache-core
[root@osg-se ~]# chkconfig dcache-core on
[root@osg-se ~]# /etc/init.d/dcache-core start
Problemas de dependência da glibc2.4,
[root@osg-se ~]# ldd /opt/d-cache/dcap/bin/dccp
/opt/d-cache/dcap/bin/dccp: /lib/i686/libc.so.6: version `GLIBC_2.4' not found (required by /opt/d-cache/dcap/bin/dccp)
[root@osg-se ~]# wget http://www.dcache.org/downloads/1.8.0/dcache-dcap-1.8.0-4.i586.rpm
[root@osg-se ~]# rpm -ivh --force dcache-dcap-1.8.0-4.i586.rpm
Solucão de um erro de configuracão do dccp
[root@osg-se data]# dccp -d 63 /bin/sh my-test-file
No IO tunneling plugin specified for osg-se.sprace.org.br.sprace.org.br:22125.
Totaly 1 doors entries found
Allocated message queues 1, used 1
[root@osg-se data]# echo "osg-se.sprace.org.br:22125" >>/pnfs/fs/admin/etc/config/dCache/dcache.conf
Outro erro que apareceu em transferências srm:
[mdias@osg-se ~]$ PATH=/opt/d-cache/srm/bin/:$PATH
[mdias@osg-se ~]$ srmcp srm://osg-se.sprace.org.br:8443/pnfs/sprace.org.br/data/my-test-file file:///tmp/test
Authentication failed. Caused by GSSException: Operation unauthorized (Mechanism level: [JGLOBUS-56] Authorization failed. Expected "/CN=host/200.136.80.27" target but received "/DC=org/DC=doegrids/OU=Services/CN=osg-se.sprace.org.br")
Que foi resolvido simplesmente adicionando ao /etc/hosts
200.136.80.27 osg-se.sprace.org.br osg-se
[root@osg-se ~]# vim /etc/cron.daily/grid-mapfile2dcache-kpwd
#!/bin/sh
/etc/init.d/ypbind start #pega a lista de usuarios da osg-ce
/opt/d-cache/bin/grid-mapfile2dcache-kpwd -g -r /pnfs/sprace.org.br/data -o /opt/d-cache/etc/dcache.kpwd
/etc/init.d/ypbind stop
[root@osg-se ~]# chmod 755 /etc/cron.daily/grid-mapfile2dcache-kpwd
Configurando o logrotate:
[root@osg-se ~]# vim /etc/logrotate.conf
compress
/var/log/srm*.log {
weekly
create 0664 root root
size 250M
rotate 1
}
[root@osg-se ~]# vim /etc/cron.daily/logrotate
#!/bin/sh
/usr/sbin/logrotate /etc/logrotate.conf
EXITVALUE=$?
if [ $EXITVALUE != 0 ]; then
/usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
fi
DELPID=`lsof /dev/md5|tr -s ' ' ' ' |grep srm*| grep "deleted"|tail -1|cut -f2
-d' '`
while [ "$DELPID" ]; do
kill -9 $DELPID
DELPID=`lsof /dev/md5|tr -s ' ' ' ' |grep srm*| grep "deleted"|tail -1|cut -f2
-d' '`
done
exit 0
Instalação do Frontier-dcache-squid
[root@osg-se ~]# groupadd dbfrontier
[root@osg-se ~]# useradd -g dbfrontier dbfrontier
[root@osg-se frontier_squid-1.0rc4]# mkdir /usr/local/frontier
[root@osg-se frontier_squid-1.0rc4]# chown dbfrontier:dbfrontier /usr/local/dbfrontier/frontier-cache/squid/var/cache
[root@osg-se ~]# cd /tmp/
[root@osg-se ~]# su dbfrontier
[dbfrontier@osg-se tmp]# wget http://edge.fnal.gov:8888/frontier/dist/frontier_squid-1.0rc4.tar.gz
[dbfrontier@osg-se tmp]# tar -xvzf frontier_squid-1.0rc4.tar.gz
[dbfrontier@osg-se tmp]# cd frontier_squid-1.0rc4
[dbfrontier@osg-se frontier_squid-1.0rc4]# ./configure
Responda as perguntas do script: o diretório de instalação é /usr/local/frontier; as redes que deve acessar são as 200.136.80.0/255.255.255.0 192.168.1.0/255.255.255.0
[dbfrontier@osg-se frontier_squid-1.0rc4]# make
Problemas: setar a variável visible_hostname e também as variaveis:
[dbfrontier@osg-se frontier_squid-1.0rc4]# vim /tmp/frontier_squid-1.0rc4/squid/files/postinstall/squid.conf
cache_effective_user dbfrontier
cache_effective_group dbfrontier
visible_hostname osg-se.sprace.org.br
[dbfrontier@osg-se frontier_squid-1.0rc4]# make install
[dbfrontier@osg-se frontier_squid-1.0rc4]$ /usr/local/frontier/frontier-cache/utils/bin/fn-local-squid.sh start
Testando a instalação. Da sprace, faça duas vezes, a terceira e quarta linha:
[mdias@sprace ~]$ wget http://edge.fnal.gov:8888/frontier/dist/fnget.py
[mdias@sprace ~]$ chmod +x fnget.py
[mdias@sprace ~]$./fnget.py --url=http://cmsfrontier.cern.ch:8000/Frontier/Frontier --sql="select 1 from dual"
[mdias@sprace ~]$ export http_proxy=http://200.136.80.27:3128
Do terminal da osg-se deve aparecer
[dbfrontier@osg-se frontier_squid-1.0rc4]$ tail -f /usr/local/frontier/frontier-cache/squid/var/logs/access.log
Agora, ainda como dbfrontier
[dbfrontier@osg-se ~]$ crontab -e
7 7 * * * /usr/local/frontier-cache/utils/cron/daily.sh 2>&1 >/dev/null
[dbfrontier@osg-se ~]$ exit
Como root, adicione logo após o /bin/bash:
[root@osg-se ~]# cp /usr/local/frontier/frontier-cache/utils/init.d/frontier-squid.sh /etc/init.d/.
[root@osg-se ~]# vim /etc/init.d/./frontier-squid.sh
#chkconfig: 345 99 01
#description: starts Frontier services
[root@osg-se ~]# /sbin/chkconfig --add frontier-squid.sh
Ja fomos obrigados a fazer uma upgrade do squid
[root@osg-se ~]# cd /tmp/
[root@osg-se tmp]# su dbfrontier
[dbfrontier@osg-se tmp]$ wget http://frontier.cern.ch/dist/frontier_squid-3.0rc5.tar.gz
[dbfrontier@osg-se tmp]$ tar -xvzf frontier_squid-3.0rc5.tar.gz
[dbfrontier@osg-se tmp]$ cd frontier_squid-3.0rc5
[dbfrontier@osg-se frontier_squid-3.0rc5]$ ./configure
/usr/local/frontier
200.136.80.0/255.255.255.0 192.168.1.0/255.255.255.0
cache_mem: 1000
cache_dir: 68000
[dbfrontier@osg-se frontier_squid-3.0rc5]$ make install
[dbfrontier@osg-se frontier_squid-3.0rc5]$ crontab -e
7 7 * * * /usr/local/frontier/frontier-cache/utils/cron/daily.sh 2>&1 >/dev/null
[dbfrontier@osg-se frontier_squid-3.0rc5]$ exit
exit
[root@osg-se tmp]# cp /usr/local/frontier/frontier-cache/utils/init.d/frontier-squid.sh /etc/init.d/.
[root@osg-se tmp]# /sbin/chkconfig --add frontier-squid.sh
Upgrade da instalacao do Phedex
Antes de colocar em producao foi necessario fazer uma upgrade da instalacao do phedex
[root@osg-se ~]# su - phedex
[phedex@osg-se ~]$ version=2_6_1
[phedex@osg-se ~]$ myarch=slc4_ia32_gcc345
[phedex@osg-se ~]$ export sw=$PWD/sw
[phedex@osg-se ~]$ pwd
/home/phedex
[phedex@osg-se ~]$ source $sw/$myarch/external/apt/0.5.15lorg3.2-CMS3/etc/profile.d/init.sh
[phedex@osg-se ~]$ apt-get update
[phedex@osg-se ~]$ apt-get install cms+PHEDEX+PHEDEX_$version
[phedex@osg-se ~]$ rm -f PHEDEX; ln -s $sw/$myarch/cms/PHEDEX/PHEDEX_$version PHEDEX
[phedex@osg-se PhEDEx]$ cd /home/phedex/SITECONF/SPRACE/PhEDEx/
[phedex@osg-se PhEDEx]$ sed -i 's/2_5_4_2/2_6_1/g' *
Problemas quanto ao particionamento
O diretorio /home/phedex encheu o /. Teremos de mudar esse diretorio:
[root@osg-se ~]# mkdir /usr/local/phedex
[root@osg-se ~]# chown phedex:phedex /usr/local/phedex
[root@osg-se ~]# rm -rf /home/phedex/
[root@osg-se ~]# vim /etc/passwd
phedex:x:502:502::/usr/local/phedex:/bin/bash
[root@osg-se ~]# su - phedex
-bash-3.00$ mkdir -p state logs sw gridcert
-bash-3.00$ chmod 700 gridcert
-bash-3.00$ export sw=$PWD/sw
-bash-3.00$ export version=2_6_2
-bash-3.00$ export myarch=slc4_ia32_gcc345
-bash-3.00$ wget -O $sw/bootstrap-${myarch}.sh http://cmsrep.cern.ch/cmssw/bootstrap-${myarch}.sh
-bash-3.00$ sh -x $sw/bootstrap-${myarch}.sh setup -path $sw
-bash-3.00$ source $sw/$myarch/external/apt/0.5.15lorg3.2-CMS3/etc/profile.d/init.sh
-bash-3.00$ apt-get update
-bash-3.00$ apt-get install cms+PHEDEX+PHEDEX_$version
[phedex@osg-se ~]$ rm -f PHEDEX; ln -s $sw/$myarch/cms/PHEDEX/PHEDEX_$version PHEDEX
Na spdc00
[root@spdc00 ~]# cd /home/phedex/
[root@spdc00 phedex]# tar -cjpvf phedex_conf.tar.bz2 SITECONF/SPRACE/PhEDEx/; scp phedex_conf.tar.bz2 192.168.1.151:/usr/local/phedex/. ; rm phedex_conf.tar.bz2
de volta na osg-se
-bash-3.00$ tar -xjvpf phedex_conf.tar.bz2
-bash-3.00$ rm phedex_conf.tar.bz2
-bash-3.00$ cd SITECONF/SPRACE/PhEDEx/
-bash-3.00$ sed -i 's/2_5_1/2_6_2/g' *
-bash-3.00$ sed -i 's/slc3_ia32_gcc323/slc4_ia32_gcc345/g' *
-bash-3.00$ sed -i 's/\/etc\/glite\/profile.d\/glite_setenv.sh/\/opt\/glite\/etc\/profile.d\/grid-env.sh/g' *
-bash-3.00$ sed -i 's/home/usr\/local/g' SITECONF/SPRACE/PhEDEx/*
-bash-3.00$ cd
-bash-3.00$ echo "source /OSG/setup.sh" >>.bashrc
-bash-3.00$ echo "export X509_USER_PROXY=$HOME/gridcert/proxy.cert">>.bashrc
-bash-3.00$ echo "export X509_USER_PROXY=$HOME/gridcert/proxy.cert">>.bashrc
-bash-3.00$ echo "source $HOME/PHEDEX/etc/profile.d/init.sh">>.bashrc ; echo "export PATH=$PATH:$HOME/PHEDEX/Utilities">>.bashrc
-bash-3.00$ echo "source /opt/glite/etc/profile.d/grid-env.sh">>.bashrc
-bash-3.00$ echo "export PYTHONPATH=$PYTHONPATH:/opt/lcg/lib/python">>.bashrc
-bash-3.00$ source $sw/$myarch/cms/PHEDEX/PHEDEX_$version/etc/profile.d/env.sh
-bash-3.00$ vim SITECONF/SPRACE/PhEDEx/storage.xml
mudar para as maquinas novas e dominio como sprace.org.br
-bash-3.00$ exit
[root@osg-se ~]# su - mdias
[mdias@osg-se ~]$ grid-proxy-init -valid 720:00
[root@osg-se ~]# cp /tmp/x509up_u`id -u mdias` /usr/local/phedex/gridcert/proxy.cert
[root@osg-se ~]# chown phedex:phedex /usr/local/phedex/gridcert/proxy.cert
[root@osg-se ~]# ln -s /OSG/ /opt/osg-0.8.0
[root@osg-se ~]# ln -s /usr/local/phedex/ /home/phedex