Installing SPADE at the UKDC

Upgrade notes

Upgrading widlfly
Stop the SPADE server.
From wildfly downloads get "Java EE Full & Web Distribution" and upack it: tar -xvf wildfly-[version].Final.tar.gz
From /opt/spade/wildfly-[version].Final/standalone/configuration/standalone.xml remove:

<socket-binding name="https" port="${jboss.https.port:8443}"/> 
      and <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>

Change all the 'https' to 'http' and remove the security-realm, so you end up with this line next:


    <http-listener name="http" socket-binding="http" enable-http2="true"/>

Now wildfly can start: ./wildfly-[version].Final/bin/standalone.sh -b=0.0.0.0 -bmanagement=0.0.0.0
In a different window (wildfly must be running) deploy postgres:
wildfly-[version].Final/bin/jboss-cli.sh --connect
Note: We need to use the proper command line tools for most things now.


      module add --name=org.postgresql --resources=/usr/share/java/postgresql-jdbc.jar --dependencies=javax.api,javax.transaction.api 
  
      /subsystem=datasources/jdbc-driver=postgresql:add(driver-name="postgresql",driver-module-name="org.postgresql",driver-class-name=org.postgresql.Driver) 

      data-source add --jndi-name=java:jboss/datasources/SpadeDS --name=SpadeDS_Pool --connection-url=jdbc:postgresql://localhost:5432/spade 
      --driver-name=postgresql --user-name=spade --password=[redacted]

Restart the wildfly server to check it all works. Stop wildfly.
Then edit /opt/spade/wildfly-[version].Final/standalone/configuration/standalone.xml to add the <pool> and <validation> section by gently copying it from a previous version.
Remove http remoting.
Copy extra/cacerts from a previous version to th enew location.
Start wildfly again.
Update start_spade.sh

Updating SPADE
To deploy a new version of SPADE:
Stop SPADE. If old version exist, remove it:
rm wildfly-[version].Final/standalone/deployments/spade.war.deployed
rm wildfly-[version].Final/standalone/deployments/spade.war (just to be safe ;-)
cp spade.versioniwant.war wildfly-[version].Final/standalone/deployments/spade.war
start SPADE

Installing SPADE at the UKDC

The logs of the 2018 attempt to install SPADE at the UKDC can be found here.
The SPADE server runs on lzprod00.

Extra packages installed:


    wget -O /etc/yum.repos.d/EGI-trustanchors.repo http://repository.egi.eu/sw/production/cas/1/current/repo-files/EGI-trustanchors.repo 

    yum install postgresql10 postgresql10-server postgresql-jdbc python-requests apg httpd mod_ssl fetch-crl ca-policy-egi-core

Open ports
(In /etc/sysconfig/iptables as usual. No ipv6 here.)
Open to fellow SPADE servers (RAL, NERSC) for call backs (confirmation of transfers).
Open to our subnet for monitoring.

postgres


    systemctl enable postgresql-10 

    systemctl start postgresql-10 

    edit: /var/lib/pgsql/10/data/pg_hba.conf

    cause I never use postgres:

    [root@lzprod00 ~]# su - postgres 

    psql 

    postgres=# CREATE ROLE spade LOGIN PASSWORD '[redacted]'; 

    postgres=# CREATE DATABASE spade OWNER spade ENCODING 'UTF-8';

    postgres=# CREATE EXTENSION IF NOT EXISTS plpgsql WITH SCHEMA pg_catalog; (???)

    \q

SPADE
All SPADE code runs as the lz prod user. So off I go:
The code is installed in /opt/spade/.
SPADE requires two sets of software: An application server and the JAVA SAPDE code:
We get wildfly from wildfly downloads. At the moment we are using: wildfly-15.0.1.Final.tar.gz
tar -xvf wildfly-15.0.1.Final.tar.gz
Edit /opt/spade/wildfly-15.0.1.Final/standalone/configuration/standalone.xml to add datasource SpadeDS.
Start the wildfly application server: ./wildfly-15.0.1.Final/bin/standalone.sh -b=0.0.0.0 -bmanagement=0.0.0.0
wildfly-15.0.1.Final/bin/jboss-cli.sh --connect (opens new terminal)
[standalone@localhost:9990 /] deploy /usr/share/java/postgresql-jdbc.jar

Download and deploy SPADE
wget https://lux-zeplin.lbl.gov/maven2/repository/gov/lbl/lux-zeplin/lz-spade/1.0.0-rc04/lz-spade-1.0.0-rc04.war
cp lz-spade-1.0.0-rc04.war /opt/spade/wildfly-15.0.1.Final/standalone/deployments/spade.war
The spade main config file is: /opt/spade/spade/spade.xml
Check the SPADE command line tool (copied from Chris code) is working:

Setting up Apache to stop everyone and sundry to log into our control console
Control console
Edit standalone.xml (disable port 8443) and /etc/httpd/conf.d/ssl.conf (use grid certs for server and client authentication, listen on port 8443). Create /etc/httpd/conf.d/spade.conf /etc/httpd/conf/admin.htpass.
restart apache: systemctl restart httpd.service

File transfers between RALPP and Imperial
/opt/spade/spade/spade.xml
and
/opt/spade/spade/registrations/inbound/ralpptest1.xml
stacktraces can be found in: /opt/spade/spade/cache/problems/

Make sure there's always a proxy around
First we need cvmfs:
make repo file (i.e. steal /etc/yum.repos.d/cernvm.repo of a worker node of your choice) copy the key as well: /etc/pki/rpm-gpg/RPM-GPG-KEY-CernVM yum install cvmfs cvmfs needs its onw partition: vgs lvcreate -n cvmfsvol -L 40G lzprod00vg mkfs.ext4 /dev/mapper/lzprod00vg-cvmfsvol tune2fs -c0 -i0 /dev/mapper/lzprod00vg-cvmfsvol emacs /etc/fstab mkdir /srv/cvmfs mount -a chown cvmfs:cvmfs /srv/cvmfs/
copy /etc/cvmfs/default.local from worker node
service autofs restart ls /cvmfs/grid.cern.ch The renewal is then done by a cron job. export X509_USER_PROXY=/path/to/proxy