DCache Yaim Install

From GridPP Wiki
Revision as of 09:39, 18 November 2005 by Andrew beresford (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

dCache install using yaim on a fresh SL3 OS

1. Install SL3.0.5 (minimal install + apt). Make sure /sbin and /usr/sbin are in your PATH. Configure ntp (see LCG generic install guide).

2. Copy host certificates to correct location. The required openssl commands to generate the public and private keys from the .pfx (or .p12) certificate are:

# openssl pkcs12 -in cert.pfx -clcerts -nokeys -out hostcert.pem
# openssl pkcs12 -in cert.pfx -nocerts -nodes  -out hostkey.pem
# mkdir -p /etc/grid-security
# cp hostcert.pem hostkey.pem /etc/grid-security

make sure that hostkey.pem is unencrypted.

# chmod 400 hostkey.pem
# chmod 644 hostcert.pem

3. install j2sdk-1_4_2_08-linux-i586.rpm by downloading the .bin from java website. Install and configure ntp. Both of these steps are covered in the LCG Generic Installation and Configuration guide.

4. Create the relevant potinters to the rpm repositories

    # echo 'rpm http://storage.esc.rl.ac.uk/ apt/datastore/sl3.0.4 stable
    obsolete' \
    > /etc/apt/sources.list.d/gpp_storage.list

    # echo 'rpm http://grid-deployment.web.cern.ch/grid-deployment/gis apt/LCG-2_4_0/sl3/en/i386 lcg_sl3 lcg_sl3.updates' \
    > /etc/apt/sources.list.d/lcg.list

    # echo 'rpm http://grid-deployment.web.cern.ch/grid-deployment/gis apt/LCG_CA/en/i386 lcg' \
    > /etc/apt/sources.list.d/lcg-ca.list

5. Install yaim

# apt-get update
# apt-get install lcg-yaim

6. Setup site-info.def file.

   MY_DOMAIN=your.domain
   SE_HOST=srm.$MY_DOMAIN
   RB_HOST=lxn1188.cern.ch
   BDII_HOST=lxn1189.cern.ch
   LCG_REPOSITORY="rpm http://grid-deployment.web.cern.ch/grid-deployment/gis apt/LCG-2_4_0/sl3/en/i386 lcg_sl3 lcg_sl3.updates"
   MYSQL_PASSWORD=<suitable password>
   DCACHE_ADMIN="<FQDN of admin node>"
   DCACHE_POOLS="<FQDN of admin node>:/pool"
   RESET_DCACHE_CONFIGURATION=yes

The dCache variables were set up so as just to get a pool on the admin node. The full pool node can be added to the system at a later date. From yaim version 2.6.0-9 onwards, a new vaiable has been added (RESET_DCACHE_CONFIGURATION). This prevents a carefully crafted dCache configuration from being destroyed if yaim is re-run (e.g. to set up gip or during an upgrade). The default value is no, so it must explicitly be set to yes when performing a fresh install.

7. A very important thing to check is that `search xxx.yyy.ac.uk` in `/etc/resolv.conf` must equal the output of `hostname -d` otherwise the yaim installation will fail! This need to be fixed.

8. Make the following users

  # /usr/sbin/useradd -d /opt/edg/var/edg-rgma -r -c "RGMA user for running services" rgma
  # /usr/sbin/usermod -d /opt/edg/var/edg-rgma rgma

This will work, even if there is no edg software installed as yet. Yaim will install the edg-mkgridmapfile etc. There may be an issue with the creation of the users edguser and edginfo.

9. Turn firewall off for the duration of the installation.

 service iptables stop

A full list of ports that should be open for dCache are listed on the RAL website.

10. Use the YAIM install target `lcg-SE_dcache`:

# /opt/lcg/yaim/scripts/install_node /opt/lcg/yaim/examples/site-info.def lcg-SE_dcache | tee /tmp/dcache_install.txt

11. Run the YAIM configure script for `SE_dcache`:

# /opt/lcg/yaim/scripts/configure_node /opt/lcg/yaim/examples/site-info.def SE_dcache | tee /tmp/dcache_config.txt

The yaim install includes all of the edg, vdt, postgres, pnfs software that is required to get everything up and running. The lcg-SE_dcache script should set up everything that is required, including the postgreSQL database and postgres user.

12. Setup PNFS databases

The YAIM install of dCache sets up a single PNFS database for use by all supported VOs. This is not a good solution, as it introduces a potential bottleneck into the system. Instead, a more scalable soltuion involves associating a single PNFS database with each VO. To set up such a system, follow the instructions given in the DCache_FAQ for creating new PNFS databases and mapping pools to VOs. Before performing these steps, it will be necessary to remove the VO directories in /pnfs/<domain-name>/data that YAIM creates. These will be re-created by following the instructions in the FAQ.

13. Setup cron jobs for grid-mapfile2dcache-kpwd and logrotate.d

grid-mapfile2dcache-kpwd is used to synchronise the Gridmap file typically used by Globus utility's to map certificate distinguished name to local user group and identity. Dcache must import this user to VO table.

The following script should be placed in the directory "/etc/cron.hourly" I suggest the name "grid-mapfile2dcache-kpwd"

   #!/bin/sh
   /opt/d-cache/bin/grid-mapfile2dcache-kpwd

Set correct permissions on cron job

# chmod 755 /etc/cron.hourly/grid-mapfile2dcache-kpwd

If you have not yet joined a VO yet (you should join dteam) and want to test out your dCache install, you can temporarily add in entry to /etc/grid-security/grid-mapfile

   "/C=UK/O=eScience/OU=Edinburgh/L=NeSC/CN=greig cowan" .dteam

Log rotation prevents log files from becoming too large. It is recommended that a dcache file is added as "/etc/logrotate.d/d-cache" with the content as follows.

 /opt/d-cache/log/*.log {
     rotate 4
     weekly
     missingok
     compress
     copytruncate
 }

14. Open up the correct ports in your site firewall and iptables (if you have them). See the FAQ for a list of ports that dCache uses.