DPM Information Publishing

From GridPP Wiki
Jump to: navigation, search

gLite Stable Release

The DPM GIP plugin written by User:Graeme_stewart has been included since the LCG 2.7.0 release (lcg-info-dynamic-dpm RPM), so should now be installed and configured automatically by YAIM.

Information Publishing Troubleshooting

There are two systems trying to run the plugin on a DPM node installed via YAIM:

  1. The globus-mds system, running as edginfo.
  2. An rgma-gin, running as rgma.

N.B. As of DPM >= 1.6.4 YAIM will setup DPM to use a local BDII, rather than globus-mbs. This will run as user edguser.

If you are having problems, then it's most likely that one or other of these systems is failing to present valid credentials to DPM when trying to query the storage stats.

To test this try:

 # su edginfo     [Or edguser]
 $ dpm-qryconf
 # su rgma
 $ export X509_USER_PROXY=/opt/lcg/hostproxy.rgma
 $ dpm-qryconf

If you get back send2dpm: DP002 - send error : No valid credential found then obviously something's wrong. You will have to check these users' credentials.

Note that credentials for these users come from different places:

  1. edginfo: has a copy of the server host certificate in ~edginfo/.globus.
  2. edguser: has a copy of the server host certificate in ~edguser/.globus.
  3. rgma: has a host certificate proxy available (usually setup by a cron job /etc/cron.d/rgma-proxy).

If both of these plugins return sensible values on the command line, but things are still broken in your BDII, then check /opt/lcg/var/gip/tmp is writable and overwritable by both these users. The usual way to do this now is to have mode 0775 and group infosys - edguser, edginfo and rgma are all members of the infosys group.

N.B. If you have upgraded to a DPM from a Classic SE, or indeed just upgraded your LCG release, ensure you restart the globus-mds GRIS to ensure that it understands any new Glue Schema properties.

Beta Release Plugin

There is a new version of the GIP plugin available, which queries the DPNS database directly to be able to attribute used space to the correct VOs - so it supports LCG storage acounting. Installing it by hand is quite simple, and their is beta YAIM support, which you can also try out.

N.B. This plugin only supports the MySQL version of DPM. Don't use it if you are using Oracle as your DPM backend.


The plugin is available from http://www.physics.gla.ac.uk/~graeme/scripts/packages/lcg-info-dynamic-dpm-beta-latest.tar.gz.


N.B. As this is a beta, the plugin is not activated on install and will not delete or inactivate the stable plugin!

To install the new plugin, unpack the tar archive in the $INSTALL_ROOT of your gLite installation (usually that means /opt), i.e.,

 # cd /opt
 # tar -xvzf lcg-info-dynamic-dpm-beta-latest.tar.gz

The script is unpacked to lcg/libexec/lcg-info-dynamic-dpm-beta. A new YAIM function, config_DPM_info and support script mkpass.py are added to glite/yaim/{functions,libexec}, respectively.

Testing the Plugin

The plugin needs database access in order to function. It uses the same file format as DPM and DPNS, so, as root, you can "borrow" this username and password to check the plugin. The plugin also needs to know which VOs are published in the information system, whch it gets from the SE's ldif file. These files are the script's two arguments:

 # /opt/lcg/libexec/lcg-info-dynamic-dpm-beta /opt/lcg/etc/DPMCONFIG /opt/lcg/var/gip/ldif/static-file-SE.ldif

If all has gone well you should see storage stats in LDAP format produced, something like

 dn: GlueSEUniqueID=se2-gla.scotgrid.ac.uk,mds-vo-name=local,o=grid
 GlueSESizeTotal: 1600
 GlueSESizeFree: 550
 dn: GlueSALocalID=atlas,GlueSEUniqueID=se2-gla.scotgrid.ac.uk,Mds-Vo-name=local,o=grid
 GlueSAStateAvailableSpace: 549500000
 GlueSAStateUsedSpace: 910017383
 dn: GlueSALocalID=babar,GlueSEUniqueID=se2-gla.scotgrid.ac.uk,Mds-Vo-name=local,o=grid
 GlueSAStateAvailableSpace: 549500000
 GlueSAStateUsedSpace: 0
 dn: GlueSALocalID=dteam,GlueSEUniqueID=se2-gla.scotgrid.ac.uk,Mds-Vo-name=local,o=grid
 GlueSAStateAvailableSpace: 549500000
 GlueSAStateUsedSpace: 241673703

Note that GlueSESizeTotal and GlueSESizeFree are in GB, but the GlueSAState numbers are in kB (i.e., 1000 bytes, not 1024 [1]).

You should also run the plugin with the --debug option, which will print more informational messages - it will also report if it found groups who are not in the information system but exist in DPM, or vice versa. Note that the new VOMS groups found in DPM will be aggregated to the totals for each VO.

MySQL Client Libraries

Errors like

 DBI connect('database=cns_db;host=svr018.gla.scotgrid.ac.uk;port=3306','dpminfo',...) failed: 
 Client does not support authentication protocol requested by server;

are caused by the version of perl::DBI using the old MySQL connection protocols, which are less secure. Either you have to update your perl-DBI RPM or set the password for the DPM user back to an old style one by doing, e.g.,

 mysql> user set mysql.password=old_password('MY_SECURE_PASSWORD') where host='svr018.gla.scotgrid.ac.uk' and user='dpminfo';

Get the password from /opt/lcg/etc/DPMINFO after you have used YAIM as detailed below.

Installing the Plugin

If you want to run the plugin permanently, then two things have to be done:

  1. Setup a restricted database user with permission to query the database.
  2. Modify the lcg-info-dynamic-se plugin wrapper to use the new plugin instead of the old.

Setting up the Database User

This is supported by the beta YAIM function config_DPM_info.

Simply run

 # /opt/glite/yaim/scripts/run_function SITE_INFO.DEF config_DPM_info

There are a number of variables which can be optionally defined, but the defaults should satisfy most T2 sites:

config_DPM_info YAIM variables
Name Purpose Default
DPM_INFO_USER Name of database user for DPM info queries dpminfo
DPM_INFO_PASS Database access password Random ASCII alphanumeric string generated by helper function mkpass.py (obtained from /dev/random)
DPM_INFO_CONFIG File name which stores database access parameters ${INSTALL_ROOT}/lcg/etc/DPMINFO
DPM_DPNS_DB Name of DPNS database cns_db

Also required are the variables MYSQL_PASSWORD and DPM_DB_HOST - these should already be in your site-info.def.

The function is so simple as to be almost self-documenting.

Modifying the Plugin Wrapper

Once database access has been granted, you can get GIP to use it by changing the plugin wrapper function in /opt/lcg/var/gip/plugin/lcg-info-dynamic-se to run the beta plugin as described above. Something like:

 #! /bin/sh
 /opt/lcg/libexec/lcg-info-dynamic-dpm-beta /opt/lcg/etc/DPMINFO /opt/lcg/var/gip/ldif/static-file-SE.ldif

would be correct for most sites.

Testing and Troubleshooting

If you have installed the plugin, remember that GIP runs the plugin as user edginfo (changing to edguser with DPM >= 1.6.4) and user rgma. It's essential to test the plugin running as these users to diagnose problems:

 # su edginfo  # (or edguser, or rgma)
 $ /opt/lcg/var/gip/plugin/lcg-info-dynamic-se

If there are problems, try running with --debug. In addition to the certificate issues described above check the database username and password in /opt/lcg/etc/DPMINFO give the necessary MySQL access.

Known Issues

It's perfect, don't you know!