ARC CE on EL 7

ARC CE Admin guide (long)

Preliminaries


	yum install epel-release 

	wget http://repository.egi.eu/sw/production/umd/4/centos7/x86_64/updates/umd-release-4.1.3-1.el7.centos.noarch.rpm 

	yum install umd-release-4.1.3-1.el7.centos.noarch.rpm 

	wget http://repository.egi.eu/sw/production/cas/1/current/repo-files/EGI-trustanchors.repo -O /etc/yum.repos.d/EGI-trustanchors.repo 

	yum install ca-policy-egi-core

Place hostkey.pem and hostcert.pem in /etc/grid-security.
Register the ARC-CE in the GOCDB. If you are using JURA to publish your accounting records, you also need to register the ARC-CE host as a "glite-APEL" service.

Install ARC CE and related packages (carefully curated by Simon)

yum install nordugrid-arc nordugrid-arc-arex.x86_64 nordugrid-arc-gridftpd.x86_64 

	yum install lcas.x86_64 lcas-lcmaps-gt4-interface.x86_64 lcas-plugins-basic.x86_64 lcas-plugins-voms.x86_64 lcmaps.x86_64 lcmaps-plugins-basic.x86_64 lcmaps-plugins-voms.x86_64

Install SGE
Note the autofs shenanigans !

yumdownloader ic-hep-sge-qmaster.noarch

	service autofs stop

	yum install ic-hep-sge-qmaster-8.1.9-1.el7hep.noarch.rpm

	service autofs start

	bash -x /opt/sge/default/common/.distkeys/config_userkeys

Configuration: VO related
(i.e. copy all these files lovingly made by yaim elsewhere)
cd /etc/grid-security/vomsdir/
cp -r /vols/grid/vomsdir/{dteam,ops,atlas,cms,lhcb}
expected:
ls /etc/grid-security/vomsdir/ops/
lcg-voms2.cern.ch.lsc voms2.cern.ch.lsc
similar for the other VOs
Users
In /etc/grid-security/gridmapdir, create empty files as placeholders:
for i in `seq -w 50 99`; do touch lt2-ops0${i}; done (etc.)
matching the users that actually exist on the system.
Also needs (in /etc/grid-security) grid-mapfile and groupmapfile.

Configuration: ARC proper
It's all in the arc.conf.

bdii


	semanage fcontext -a -t slapd_db_t "/var/lib/arc/bdii(/.*)?"; restorecon -vR /var/lib/arc/bdii/

In /etc/hosts.allow add:

slapd: ALL

	/usr/bin/ldapsearch -x -h cetest01.grid.hep.ph.ic.ac.uk:2135 -b o=grid

Start services

systemctl enable fetch-crl-cron.service

	systemctl start fetch-crl-cron.service

To restart the ARC-CE use this handy script.
Overview:

systemctl list-units | grep nordu

	journalctl -xe -u nordugrid-arc-slapd.service

logrotate
/etc/logrotate.d/nordugrid-arc-arex
needs the 'copytruncate' option, otherwise /var/log will start filling up.

/var/log/arc/grid-manager.log {

      missingok 

      compress 

      delaycompress 

      daily 

      rotate 14 

      create 

      copytruncate 

      postrotate
      kill -HUP `cat /var/run/arched-arex.pid 2> /dev/null` 2> /dev/null || true 

      endscript 

      }