CREAM CE on EL 7

CREAMCE on CentOS 7

Documentation
UMD 4 guide
CREAM guide

Repos
yum install epel-release
yum install http://repository.egi.eu/sw/production/umd/4/centos7/x86_64/updates/umd-release-4.1.3-1.el7.centos.noarch.rpm
rpm --import http://repository.egi.eu/sw/production/umd/UMD-RPM-PGP-KEY

Installation
yum install ca-policy-egi-core
yum install puppet
(if not already installed: yum install bash-completion)
Currently glite-info-dynamic-ge is not yet in the base release. Therefore install it and its dependenciesby hand:
rpm --import http://igi-01.pd.infn.it/mrepo/dist/RPM-GPG-KEY-cream-dist
yum install perl-XML-Twig
yum install perl-Switch.noarch
rpm -iv http://igi-01.pd.infn.it/mrepo/dist/CREAM/centos7/noarch/base/glite-info-dynamic-ge-7.2.0-29.1.el7.centos.noarch.rpm

Grid engine (IC-HEP special)
* Stop autofs and umount /opt/sge, so the packages don't try to write somewhere they can't via nfs


        yum install ic-hep-sge.noarch 

        yumdownloader ic-hep-sge-qmaster.noarch

	systemctl stop autofs.service

        umount /opt/sge

	yum install ic-hep-sge-qmaster-8.1.9-1.el7hep.noarch.rpm

	systemctl start autofs.service

	mount -a

Then on sgemaster02 in /opt/sge

./synccerts.sh

On cetest00:


	bash -x /opt/sge/default/common/.distkeys/config_userkeys

Afterwards, delete -enc files on sgemaster02
On cetest00:


      /var/lib/sgeCA 

      ln -s sge_qmaster port6444

Host certificate
Copy hostcert.pem and hostkey.pem to /etc/grid-security/

Services
Note: chkconfig is out, systemctl is in.
systemctl status fetch-crl-cron.service
systemctl enable fetch-crl-cron.service
systemctl start fetch-crl-cron.service
systemctl status fetch-crl-cron.service
systemctl is-enabled fetch-crl-boot.service
Overview: systemctl list-unit-files --type=service

Configuration
in /etc/hosts.allow add slapd: ALL
mkdir -p /etc/puppet/manifests /var/lib/hiera/node
create /etc/puppet/manifests/site.pp
create /etc/hiera.yaml
ln -s /etc/hiera.yaml /etc/puppet/hiera.yaml
create /var/lib/hiera/node/cetest00.grid.hep.ph.ic.ac.uk.yaml
I use two scripts to generate the vo_table configuration part.
puppet apply /etc/puppet/manifests/site.pp > logfile.txt (there is a lot of output)
ignore: Error: NetworkManager is not running.

In /etc/glite-ce-cream/jobwrapper.tpl:
source /opt/grid/setup_wn.sh (sets up containers etc for El6, EL7)
cd $TMPDIR (to avoind running in homes dirs, when not running in a container)
in /etc/logrotate.d add "su tomcat tomcat" to: bupdater-logrotate, bnotifier-logrotate
check if apel cron job runs at a suitable time and adjust if needed

selinux
selinux can be set to enforcing, as long as there is an exception for tomcat: semanage permissive -a tomcat_t

Restart the CE
/bin/systemctl restart glite-services.target

But does it work ?
Basic ldap test: ldapsearch -LLL -x -H ldap://cetest00.grid.hep.ph.ic.ac.uk:2170 -b o=glue

yaml
Enable yaml mode in emacs:
mkdir .emacs/lisp
copy yaml-mode.el to .emacs/lisp
insert this section at the end of the .emacs file

yum install yamllint
My yamllint configuarion goes in .config/yamllint/config