DCache Yaim Install
dCache install using yaim on a fresh SL3 OS
1. Install SL3.0.5 (minimal install + apt). Make sure /sbin and /usr/sbin are in your PATH. Configure ntp (see LCG generic install guide).
2. Copy host certificates to correct location. The required openssl commands to generate the public and private keys from the .pfx (or .p12) certificate are:
# openssl pkcs12 -in cert.pfx -clcerts -nokeys -out hostcert.pem # openssl pkcs12 -in cert.pfx -nocerts -nodes -out hostkey.pem # mkdir -p /etc/grid-security # cp hostcert.pem hostkey.pem /etc/grid-security
make sure that hostkey.pem is unencrypted.
# chmod 400 hostkey.pem # chmod 644 hostcert.pem
3. install j2sdk-1_4_2_08-linux-i586.rpm by downloading the .bin from java website. Install and configure ntp. Both of these steps are covered in the LCG Generic Installation and Configuration guide.
4. Create the relevant potinters to the rpm repositories
# echo 'rpm http://storage.esc.rl.ac.uk/ apt/datastore/sl3.0.4 stable obsolete' \ > /etc/apt/sources.list.d/gpp_storage.list # echo 'rpm http://grid-deployment.web.cern.ch/grid-deployment/gis apt/LCG-2_4_0/sl3/en/i386 lcg_sl3 lcg_sl3.updates' \ > /etc/apt/sources.list.d/lcg.list # echo 'rpm http://grid-deployment.web.cern.ch/grid-deployment/gis apt/LCG_CA/en/i386 lcg' \ > /etc/apt/sources.list.d/lcg-ca.list
5. Install yaim
# apt-get update # apt-get install lcg-yaim
6. Setup site-info.def file.
MY_DOMAIN=your.domain SE_HOST=srm.$MY_DOMAIN RB_HOST=lxn1188.cern.ch BDII_HOST=lxn1189.cern.ch LCG_REPOSITORY="rpm http://grid-deployment.web.cern.ch/grid-deployment/gis apt/LCG-2_4_0/sl3/en/i386 lcg_sl3 lcg_sl3.updates" MYSQL_PASSWORD=<suitable password> DCACHE_ADMIN="<FQDN of admin node>" DCACHE_POOLS="<FQDN of admin node>:/pool" RESET_DCACHE_CONFIGURATION=yes
The dCache variables were set up so as just to get a pool on the admin node. The full pool node can be added to the system at a later date. From yaim version 2.6.0-9 onwards, a new vaiable has been added (RESET_DCACHE_CONFIGURATION). This prevents a carefully crafted dCache configuration from being destroyed if yaim is re-run (e.g. to set up gip or during an upgrade). The default value is no, so it must explicitly be set to yes when performing a fresh install.
7. A very important thing to check is that `search xxx.yyy.ac.uk` in `/etc/resolv.conf` must equal the output of `hostname -d` otherwise the yaim installation will fail! This need to be fixed.
8. Make the following users
# /usr/sbin/useradd -d /opt/edg/var/edg-rgma -r -c "RGMA user for running services" rgma # /usr/sbin/usermod -d /opt/edg/var/edg-rgma rgma
This will work, even if there is no edg software installed as yet. Yaim will install the edg-mkgridmapfile etc. There may be an issue with the creation of the users edguser and edginfo.
9. Turn firewall off for the duration of the installation.
service iptables stop
A full list of ports that should be open for dCache are listed on the RAL website.
10. Use the YAIM install target `lcg-SE_dcache`:
# /opt/lcg/yaim/scripts/install_node /opt/lcg/yaim/examples/site-info.def lcg-SE_dcache | tee /tmp/dcache_install.txt
11. Run the YAIM configure script for `SE_dcache`:
# /opt/lcg/yaim/scripts/configure_node /opt/lcg/yaim/examples/site-info.def SE_dcache | tee /tmp/dcache_config.txt
The yaim install includes all of the edg, vdt, postgres, pnfs software that is required to get everything up and running. The lcg-SE_dcache script should set up everything that is required, including the postgreSQL database and postgres user.
12. Setup PNFS databases
The YAIM install of dCache sets up a single PNFS database for use by all supported VOs. This is not a good solution, as it introduces a potential bottleneck into the system. Instead, a more scalable soltuion involves associating a single PNFS database with each VO. To set up such a system, follow the instructions given in the DCache_FAQ for creating new PNFS databases and mapping pools to VOs. Before performing these steps, it will be necessary to remove the VO directories in /pnfs/<domain-name>/data that YAIM creates. These will be re-created by following the instructions in the FAQ.
13. Setup cron jobs for grid-mapfile2dcache-kpwd and logrotate.d
grid-mapfile2dcache-kpwd is used to synchronise the Gridmap file typically used by Globus utility's to map certificate distinguished name to local user group and identity. Dcache must import this user to VO table.
The following script should be placed in the directory "/etc/cron.hourly" I suggest the name "grid-mapfile2dcache-kpwd"
#!/bin/sh /opt/d-cache/bin/grid-mapfile2dcache-kpwd
Set correct permissions on cron job
# chmod 755 /etc/cron.hourly/grid-mapfile2dcache-kpwd
If you have not yet joined a VO yet (you should join dteam) and want to test out your dCache install, you can temporarily add in entry to /etc/grid-security/grid-mapfile
"/C=UK/O=eScience/OU=Edinburgh/L=NeSC/CN=greig cowan" .dteam
Log rotation prevents log files from becoming too large. It is recommended that a dcache file is added as "/etc/logrotate.d/d-cache" with the content as follows.
/opt/d-cache/log/*.log { rotate 4 weekly missingok compress copytruncate }
14. Open up the correct ports in your site firewall and iptables (if you have them). See the FAQ for a list of ports that dCache uses.