This log refers to the EMI-1 LB Update 19. The base OS is CentOS 5.8
(0) Documentation
Update
19
EMI
installation guide.
(1) Repositories
wget
http://repository.egi.eu/sw/production/cas/1/current/repo-files/egi-trustanchors.repo
-O /etc/yum.repos.d/egi-trustanchors.repo
wget
http://download.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
wget http://emisoft.web.cern.ch/emisoft/dist/EMI/1/sl5/x86_64/updates/emi-release-1.0.1-1.sl5.noarch.rpm
rpm -i epel-release-5-4.noarch.rpm
rpm -i emi-release-1.0.1-1.sl5.noarch.rpm (yum-protectbase and yum-priorities
need to be installed first)
(2) Install the software
yum install yum-protectbase
yum install yum-priorities
yum install ca-policy-egi-core
yum install emi-lb
(3) Install the hostcert
cd /etc/grid-security
openssl pkcs12 -clcerts -nokeys -out hostcert.pem -in wmslb01.p12
openssl pkcs12 -nocerts -nodes -out hostkey.pem -in wmslb01.p12
(4) Configuration
(a) Open the relevant ports in the iptables (and don't forget /etc/init.d/iptables
restart).
(b) The default uid for edguser etc are already taken on our system, therefore I
need to edit /opt/glite/yaim/examples/edgusers.conf. Adding 400 to each user and
group id does the trick. A user 'glite' with a uid > 500 also gets me around
the 'root can't run cron jobs for users with uid < 500' paranoia setting on
our machines -> this turned out to be a bug in pam/kerberos, and can be fixed
by implementing /etc/pam.d/crond.
(c) add SLAPD: ALL to /etc/hosts.allow to allow the bdii to run.
(d) mkdir /opt/glite/yaim/siteinfo; chmod 700 /opt/glite/yaim/siteinfo
/opt/glite/yaim/bin/yaim -c -s /opt/glite/yaim/siteinfo/siteinfo-wmslb02.def -n LB
(5) Check services
[root@wmslb01 ~]# chkconfig --list | grep bdii
bdii 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@wmslb01 ~]# chkconfig bdii on
[root@wmslb01 ~]# chkconfig --list | grep bdii
bdii 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Also: chkconfig fetch-crl-cron on
Check bdii is working: /usr/bin/ldapsearch -x -H
ldap://wmslb01.grid.hep.ph.ic.ac.uk:2170 -b mds-vo-name=resource,o=grid
(6) Hacks
Check to glite-lb-bkserverd is running correctly, so that the RTM can extract
information from the LB: cron jobs and script.
This log below refers to the initial release of the EMi-1 LB.
(0) Documentation
Repositories: EMI, epel (see below)
Configuration: There's the
EMI Generic installation and configuration guide.
Otherwise the old YAIM guide still seems to apply. Oh well.
(1) Repositories
cd /etc/yum.repos.d
wget
http://repository.egi.eu/sw/production/cas/1/current/repo-files/EGI-trustanchors.repo
wget http://emisoft.web.cern.ch/emisoft/dist/EMI/1/sl5/repos/emi1-base.repo
wget http://emisoft.web.cern.ch/emisoft/dist/EMI/1/sl5/repos/emi1-updates.repo
wget
http://emisoft.web.cern.ch/emisoft/dist/EMI/1/sl5/repos/emi1-third-party.repo
EPEL repo (for globus and other
packages): rpm -Uvh
http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm
cd /etc/pki/rpm-gpg/
wget http://emisoft.web.cern.ch/emisoft/dist/EMI/1/RPM-GPG-KEY-emi
(2) Install the software
yum install ca-policy-egi-core
yum install emi-lb
(3) Install the hostcert
cd /etc/grid-security
openssl pkcs12 -clcerts -nokeys -out hostcert.pem -in wmslb01.p12
openssl pkcs12 -nocerts -nodes -out hostkey.pem -in wmslb01.p12
(4) Configuration
(a) Open the relevant ports in the iptables (and don't forget /etc/init.d/iptables
restart).
(b) The default uid for edguser etc are already taken on our system, therefore I
need to edit /opt/glite/yaim/examples/edgusers.conf. Adding 100 to each user and
group id does the trick.
(c) add SLAPD: ALL to /etc/hosts.allow to allow the bdii to run.
/opt/glite/yaim/bin/yaim -c -s /opt/glite/yaim/siteinfo/siteinfo-wmslb01.def -n LB
(5) Check services
[root@wmslb01 ~]# chkconfig --list | grep bdii
bdii 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@wmslb01 ~]# chkconfig bdii on
[root@wmslb01 ~]# chkconfig --list | grep bdii
bdii 0:off 1:off 2:on 3:on 4:on 5:on 6:off
(6) Hacks
We don't usually allow users with a uid below 500 to run cron jobs. Here's is
how to get around this: cron, script.
I run a cron job once a day to
check if the harvester for Janusz RTM is running. While this is not vital for the LB, it keeps the office happy ;-)
How to painlessly increase the mysql partition on wmslb02:
vgdisplay
lvresize -L +10GB /dev/mapper/rootvg-mysqlvol
resize2fs /dev/mapper/rootvg-mysqlvol