From GridPP Wiki
Jump to: navigation, search

PPS UI ( client rebuild instructions

These instructions are primarily for tier1 staff at Rutherford Appleton Laboratory UK, however the wider EGEE community is welcomed to use as well if they find it usefull.


The PPS UI is xen guest system hosted on SL5 upper machine room) If you need or want to reinstall even the host system then on run


and reboot the machine pps-xen-285. Please be aware that critical virtual machine is running on the same host.

For pps-xen-285 at RAL the kickstart process takes care of everything, but the non-RAL readers should check the following prerequisities:

Make sure you are booted into xen kernel (uname -a) and xend is running, try

xm list

Make sure you have xen network working with the bridge technique. Check the file


for the presence of something like this:

 (network-script 'network-bridge vifnum=1 bridge=xenbr1')
 (vif-script 'vif-bridge bridge=xenbr1')

('ifconfig' and 'brctl show' commands should list among others the xenbr1 or xenbr0)

Network address translation NAT / masqueradding should also work but I have not tested it. With NAT the ifconfig and 'brctl show' should display virbr0 or virb1)

Make sure you have LVM (Logical volume manager) packages installed , try either or both of the next examples:

lvm version
lvcreate --version

The next instructions expect you also have now a volume group called 'xen' created. You may check it with the command:

vgdisplay xen

If you don't have you need to do something like this:

vgcreate xen /dev/sda15 /dev/sdb15 /dev/hdb15

Main installation

Download the xen-strap tool from or from and change the permissions

chmod 755 ./xen-strap

The next is magnum opus, it does take about 30 minutes, most of the time is the installation of the middleware:

Comment1: if you don't want to use LVM in your next command, you may use something like 'file:/root/pps-ui.img:3G' instead of lvm:/... , you have to make sure you have enough space on the partition you are going to use

Comment2: If you want to customize the post install scripts in the next command for any reason, then download the scripts by using wget, customize them and use path to the file instead of the URL: --post-install-in="host:/root/glite-ui-sl4-customized" , if you don't specify host: or dom0: prefix, the file is looked for wrongly in guest/target system

Tier1 staff at RAL will make with the command

./xen-strap -a -u -y -b --name=pps-ui --ip= --ntp -i mc \
--adduser="marian," \
--post-install-in="" \
sl4 lvm:xen/pps-ui:3G

the others readers will use the public post install script:

./xen-strap -a -u -y -b --name=ui01 --ip=<your IP> --ntp -i mc \
--adduser="<your name>,http://path_to/authorized_keys" \
--post-install-in="" \
sl4 lvm:xen/ui01:3G


These next two arguments are mandatory
     Create LVM image of the size 3G in the group LV group xen with the logical volume name pps-sam               
sl4 installs the latest  Scientific Linux 4.x on the system. (4.5)
the next options are optional
-a  installs apt system rather then default yum (for sl4 the apt is much faster then yum)
-u  updates system immediately after system installation
-y  confirm yes to install questions,  : apt-get install -y ....
-b  boot guest xen system immediately after succesfull installation
--ntp  installs ntp server, (for sl4) it also synchronize the time with in the guest system before running the server.
-i mc  installs package mc (Midnight Commander)
--name=pps-ui     use this name in xen system, it will be listed in: xm list, also it will be used as a hostname in guest system
                  if not specified then it tries to get the name from ip
--ip=  this IP is used in guest/target system. The gateway and netmask and network are detected from host system.
         This expect you use bridge network approach (as opposed to nat or route) in xen host  config file /etc/xen/xend-config.sxp
         like this
        (network-script 'network-bridge vifnum=1 bridge=xenbr1')
         (vif-script 'vif-bridge bridge=xenbr1')

      add this user to the system and copy specified file to  .ssh/authorized_keys (it is safe to publish public key on the internet)
      the password for the user is not set
      downloads the script and source it in the chrooted environment after the system is installed and configured and before guest xen is booted 

More datailed explanation of the command you get by ./xen-strap --help or ./xen-strap --examples

After some time (30 min) if everything is ok, you should end up with login prompt in xen-guest system with UI middleware installed. It is recommended you login via ssh rather then from host system, because the console doesn't work properly from host. By pressing CTRL + ] you leave the guest system and login via ssh from anywhere:


and login by using the copied public keys. The root password for the guest system is taken from the host system.

place *.pem certificate into .globus/*.pem

you may work now:

voms-proxy-init -voms dteam

You also may want to visit