LFC Install Checklist

From GridPP Wiki
Revision as of 22:10, 31 January 2006 by Graeme stewart (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

If you want to be reassured that LFC has installed properly, here's a checklist of what the state of the machine should be after a YAIM install.

Daemons

The file catalog runs as a multi-threaded daemon, lfcdaemon, running as the user lfcmgr. In addition the lfc-dli (Data Location Interface) daemon runs, also as lfcmgr.

 # ps auxw | grep lfcmg
 lfcmgr   10084  0.0  0.2 220324 2948 ?       S    Jan20   0:00 /opt/lcg/bin/lfcdaemon -c /opt/lcg/etc/NSCONFIG -l /var/log/lfc/log
 lfcmgr   10088  0.0  0.1 208516 1244 ?       S    Jan20   0:00 /opt/lcg/bin/lfc-dli -l /var/log/lfc-dli/log

After a default YAIM install MySQL will also be running.

Ports and Firewalls

The LFC binds to port 5010, the DLI to port 8085 (on all interfaces) - you can check this with netstat -tlp.

 # netstat -tlp
 Proto Recv-Q Send-Q Local Address    Foreign Address     State    PID/Program name
 tcp        0      0 *:5010           *:*                 LISTEN   10084/lfcdaemon
 tcp        0      0 *:8085           *:*                 LISTEN   10088/lfc-dli

Both of these ports need to be open to the world so that local SURLs can be resolved for, e.g., dataset replications (see Site Local Catalog Middleware), and new catalog registrations can be entered.

Users

The YAIM install will have added one user to the system, lfcmgr.

LFC Certificate

The lfcmgr user has access to a copy of the host's grid certificate, stored in /etc/grid-security/lfcmgr. This copy is owned by this user, with the key protected in the normal way:

 # ls -l /etc/grid-security/lfcmgr
 total 8
 -rw-r--r--    1 lfcmgr   lfcmgr       2206 Oct 19 22:25 lfccert.pem
 -r--------    1 lfcmgr   lfcmgr       3330 Oct 19 22:25 lfckey.pem

LFC Configuration Files

There are two LFC system configuration files, /etc/sysconfig/lfcdaemon and /etc/sysconfig/lfc-dli. As YAIM uses default values for everything to do with the LFC it doesn't bother writing /etc/sysconfig/lfcdaemon, but you will find the /etc/sysconfig/lfcdaemon.templ contains all the possible customisations which can be put here. Even for a local catalog install /etc/sysconfig/lfc-dli should contain

 RUN_DLIDAEMON=yes

as the DLI is now run for those experiments who use the local catalog.

When the LFC runs it gets its username and password for access to MySQL from /opt/lcg/etc/NSCONFIG. This file contains one line with the format

 DB_USER/PASSWORD@HOST[/DB_NAME]

The DB_NAME is optional, but changes the database name from the cns_db default (you'll need to use this on a site wide MySQL also hosting Disk Pool Manager).

LFC Logfiles

The LFC logs into /var/log/lfc/log. The default logrotate is set to keep logs for 15 days, but it's strongly advised to change this to 15 weeks, in accordance with required grid security practice of keeping logs for 90 days:

 # cat /etc/logrotate.d/lfcdaemon
 /var/log/lfc/log {
   compress
   weekly
   delaycompress
   missingok
   rotate 15
 }