DCache upgrade 1.6.6 to 1.7.0

From GridPP Wiki
Jump to: navigation, search

This page details the steps required to upgrade to the v1.7.0 of dCache from v1.6.6 that was distributed with gLite 3.

Pre-Upgrade

At the time of writing, dCache v1.7.0 has not moved to the CERN gLite apt repository and can only be installed by using the dCache.org repository:

cat /etc/apt/sources.list.d/dcache.list
rpm http://www.dcache.org/apt/ sl stable                                                            

This also contains an updated version of glite-yaim which has new configuration options that dCache can take advantage of.

apt-get install glite-yaim 

Modify your site-info.def to take account of the new config options. Make sure that you set

RESET_DCACHE_PNFS=no
RESET_DCACHE_RDBMS=no

and have these port ranges set (note that YAIM looks for these settings, so you must have them defined in your site-info.def)

DCACHE_PORT_RANGE_PROTOCOLS_SERVER_GSIFTP=50000,52000
DCACHE_PORT_RANGE_PROTOCOLS_SERVER_MISC=60000,62000
DCACHE_PORT_RANGE_PROTOCOLS_CLIENT_GSIFTP=33115,33215

I think the DCACHE_PORT_RANGE is depreciated. These ranges correspond to the following:

  • GridFTP range for the dCache server acting in passive mode.
  • dcap/xrootd port range for server acting in passive mode (now default for these protocols).
  • GridFTP port range when the dCache is acting as an active client.

Depending on your site policy, you will need to carefully choose the port ranges for the gridftp traffic. Typically sites only have 20000:25000 open for gridftp transfers, so anything that tries to use the defauly 33115:33215 for active client transfers will be blocked. If you want, you could split up the assigned range across the server and client range variables above.

The are now two dCache admin node metapackages available.

  • glite-SE_dcache_admin_postgres - for sites running the postgreSQL version of PNFS
  • glite-SE_dcache_admin_gdbm - for sites still running with the GDBM backend.

Information for migrating to the postgres version can be found in the dCache book here. Sites are recommended to move to the postgres version as soon as possible, preferably before performing this upgrade.

For sites already running the postgres version of dCache 1.6.6-5 you need to drop some of the postgres tables and recreate them _before_ upgrading to dCache 1.7.0. Stop all dCache and PNFS services then run:

dropdb -U srmdcache billing
dropdb -U srmdcache dcache
dropdb -U srmdcache replicas
createdb -U srmdcache billing
createdb -U srmdcache dcache
createdb -U srmdcache replicas
psql -U srmdcache replicas -f /opt/d-cache/etc/psql_install_replicas.sql

Upgrade

Make sure that postgres is running before you run the upgrade.

Installation and configuration then proceed as normal for YAIM.

/opt/glite/yaim/scripts/install_node /opt/glite/yaim/etc/site-info.def \
glite-SE_dcache_admin_postgres 2>&1 | tee /root/dcache_admin_upgrade.txt
/opt/glite/yaim/scripts/configure_node /opt/glite/yaim/etc/site-info.def \
glite-SE_dcache_admin_postgres 2>&1 | tee /root/dcache_admin_upgrade-config.txt

Post-Upgrade

If you have set

RESET_DCACHE_CONFIGURATION=yes

in site-info.def then after the upgrade you should also check that the dCache billing database is still enabled:

grep billingToDb /opt/d-cache/config/dCacheSetup
billingToDb=yes
#   EXPERT: First is default if billingToDb=no, second for billingToDb=yes

and that the GridFTP performance markers are set to a sensible value like 10 (you may experience problems with FTS transfers if you use the default value of 180).

grep performanceMarkerPeriod /opt/d-cache/config/dCacheSetup
#   Set  performanceMarkerPeriod to 180 to get performanceMarkers
performanceMarkerPeriod=10

If you have made any changes to the /opt/d-cache/config/*.batch files then these will also have to be remade.

Checks

Simple check to see what processes are listening:

# netstat -tlp|grep java
tcp        0      0 localhost.localdomain:8005  *:*                         LISTEN      14248/java
tcp        0      0 *:8009                      *:*                         LISTEN      14248/java
tcp        0      0 *:5001                      *:*                         LISTEN      14248/java
tcp        0      0 *:22223                     *:*                         LISTEN      13659/java
tcp        0      0 *:webcache                  *:*                         LISTEN      14248/java
tcp        0      0 *:22128                     *:*                         LISTEN      14197/java
tcp        0      0 *:2288                      *:*                         LISTEN      13738/java
tcp        0      0 *:57559                     *:*                         LISTEN      13412/java
tcp        0      0 *:8443                      *:*                         LISTEN      14248/java
tcp        0      0 *:2811                      *:*                         LISTEN      14089/java
tcp        0      0 *:22111                     *:*                         LISTEN      13989/java
  • 5001 is used by SOAPMonitor service.
  • 8005 is used locally by a shutdown script. Tomcat binds it to the localhost interface only.
  • 8009 is used for AJPv13 (Apache JServ Protocol which has something to do with communication between the web server and the servlet container).
  • 8080 is http access to tomcat. Since the SRM web service is using GSI authentication and verification of the user's credential, before execution any of the requests, it is not a security risk to have it open, if you trust tomcat to be secure ( it might allow attackers to exploit some other known tomcat/axis vulnerabilities).
  • 8443 is the SRM.
  • 2811 is the GridFTP door.
  • 2288 is the web interface.
  • 22223 is the ssh admin interface.
  • 22128 is GSIDcap door.
  • 22111 is dCache information publisher.

The SRM developer has stated that future versions of the code will have modified installation scripts which will disable services on 5001, 8009 and 8080. In case of shutdown, the service will protected by dynamically generated password (see here).

Make sure that you can srmcp into and out of the dCache after the upgrade and that PNFS is atill mounted on the door nodes.