Sections

About GridPP

Documents

Activities

Management

Wiki

Help Pages

Post Installation for LCFG Installed Nodes

LCFG does set up almost everything on the CE, SE, WN and UI in an EDG testbed. There are still some extras though.

Estimated times have been added for each of the major sections.

These instructions are currently aimed at EDG version v1_4_7.

Certificate Authority Configuration

Estimated time: 10 minutes.

On any machine that you want to generate host or user certificates you need to configure the UKHEP CA or your own to be the default for grid-cert-request. This may just be on the user interface. Follow UKHEP CA's instructions or install ca_GridPP-local-0.8-1.noarch.rpm

Host Certificates

Estimated Time: 10 minutes + one to two days for the certificate request to come back.

You require a host certificate for you CE and your SE at the moment. These can be generated with.

grid-cert-request -host machine.liverpool.ac.uk \
                  -cert machine-ce-cert.pem \
                  -key  machine-ce-key.pem \
                  -req  machine-ce-cert_request.pem  \
                  -nopw
Once they have been signed they should be copied to where ever was defined in your site-cfg.h.ral.

PBS

Estimated time: 1 hour?

If you plan to use pbs so jobs submitted on the CE can be executed on the WN then pbs must be set up between these two.

Look at section 7.4 of notes on farm installation but this is just a plain pbs. There are two additions to these notes:

  • The file /usr/spool/PBS/server_name on each WN needs editing to contain the FQDN of the CE.
  • If PBS does not return the stdout and stderr from the WN's, you may find it necessary to edit the file /usr/spool/PBS/mom_priv/config, replacing the $usecp line with
    $usecp *:/ /

It is important that each of the queues you define have a maximum cpu time and a maximum walltime. eg
# /usr/pbs/bin/qmgr -c 'print server'

should show some similar resources for each queue.
set queue workq resources_max.cput = 30:00:00
set queue workq resources_max.walltime = 120:00:00

If these are not set every job submitted to a RB will collect on your machines reguradless of how many jobs are allready running.

Gridmap File and Gridmap Directory

Estimated time: 30 minutes.

The grid map file and the gridmap directory have to be same on the CE, SE and WN for the pool accounts to work effectivley. A certificate has to be mapped to the same user on each of these. This has been done in most cases by nfs exporting them from one of the nodes, usually the CE, to all of the others.

  • Create a gridmap directory for pool account lock files.
    # mkdir /share/grid-security/gridmapdir
  • You should also configure /opt/edg/etc/mkgridmap.conf on this machine. There is a man page "man /opt/edg/share/man/man1/mkgridmap.1.gz" to explain its format. This will determine who you allow to be entered into your grid-mapfile.

    Lock Files for Gridmapdir

    Estimated time: 10 minutes.

    For each pool account (eg atlas006) a lock file must be touched (eg /share/grid-security/gridmapdir/atlas006.)

    In the gridmapdir, the following command will create the lock files using the aaaaNNN entries in /etc/passwd: 

    touch `grep '^[a-z]*[0-9][0-9][0-9]:' /etc/passwd | cut -f1 -d:`

    More information on what gridmapdir is.

    GDMP Configuration

    Estimated time: 5 minutes.

    You must send the SE's certifcate file and the subject of your SE, not the key, to Grid.Support@nikhef.nl and ask them to include your certificate in the "SE apptb" list.

    Cron Jobs

    Cron jobs are installed as root on CE, SE and WNs. You could wait up to five hours to run or just run them.

     /opt/edg/etc/cron/mkgridmap-cron
 /opt/edg/etc/cron/edg-fetch-crl-cron

    These will update the grid-mapfile from the mkgridmap.conf file and update the CRLs.

    Access Controls to the Site GIIS.

    On the CE a file will have been created the first time you start globus-mds.
    /opt/globus-24/etc/grid-info-devtb-policy.conf
    where devtb is the name of the site giis you created. This file for the RAL CE contained.
    objectclass: MdsRegistrationPolicy
policydata: (&(Mds-Service-hn=gppce06.gridpp.rl.ac.uk)(Mds-Service-port=2135))
    .
    This should be changed to allow the SE to also register into the site giis. 
    objectclass: MdsRegistrationPolicy
policydata: (&(Mds-Service-hn=*.gridpp.rl.ac.uk)(Mds-Service-port=2135))

    Symbolic Link on the SE

    Estimated time: 5 minutes.

    On the stortage element create a symbolic link.
    ln -s /flatfiles /flatfiles/flatfiles.

    If there is an extra directory to form the root of the storage element.
    ln -s /flatfiles /flatfiles/06/flatfiles.

    Filesystem Limits

    It is recommended to increase some file syteem parameters on the CE and SE.

    On the CE and SE to the end of /etc/rc.d/rc.local

    @---------------------------------------------------------------
# Increase some system parameters to improve EDG CE scalability
# Choose something greater than 16384 and 65536, respectively.
if [ -f /proc/sys/fs/file-max ]; then
    echo 120000 > /proc/sys/fs/file-max
fi
if [ -f /proc/sys/fs/inode-max ]; then
    echo 480000 > /proc/sys/fs/inode-max
fi
@---------------------------------------------------------------

    Last modified Mon 21 April 2008 . View page history
    Switch to HTTPS . Website Help . Print View . Built with GridSite 1.4.3
    • For more about GridPP please contact Neasan O'Neill