CvmFS Operations for PES Members

These are tasks for PES members to do, this page is not of interest to anyone else.

White List Signing

IF IT EXPIRES ALL OF WLCG STOPS WORKING AT ONCE

Currently this only applys to the following repositories:

  • AMS node cvmfs-ams.cern.ch which hosts repository ams.cern.ch.
  • LHCb node cvmfs-lhcb-conddb.cern.ch which hosts repository lhcb-conddb.cern.ch.
  • alice-ocdb.cern.ch
  • bbp.epfl.ch
  • belle.cern.ch
  • ilc.cern.ch
The dns names are aliases to lxcvmfsXX nodes in the lxcvmfs CDB cluster.

For all other repositories bother Jakob/Artem/Predrag about them.

Per repository the CVMFS whitelist is located at /srv/cvmfs/example.cern.ch/pub/catalogs/.cvmfswhitelist must be signed with smart card every month.

If you mess this is up it will take one to two hours for people to start noticing so don't do it ad 3.00pm.

Current Status

Number of days left can be checked via lemon:

Each host is in a sub cluster named by repository, e.g lxcvmfs06 is in cluster lxcvmfs, subcluster ams.

Resigning a White List.

Do your self a favour and don't do this, nag Steve (or Alberto) to do it.

I know this can be done with a mac , I'm less sure about anything else.

Background: https://cernvm.cern.ch/project/trac/cernvm/wiki/Smartcards

You require 4 things in advance.

  • Your laptop/desktop, works certainly with mac or linux.
  • The smart card.
  • The pin for the smart card.
  • The smart card reader.
N.B. Members of the IT-PES-PS section can get a working smart card and a card reader from the IT secretariat.

Check out the magic scripts and input.

git clone https://git.cern.ch/ldap/it-cvmfs 
cd signing

Plug in card reader and card and execute script.

./do-everything.sh

During the script run the pin reader will request the pin for as many repositories as we have.

Running lemon host check and waiting for lemonweb to update to check your handy work.

Debugging dodgy CVMFS Nodes

Sometimes we get errors reported such as

lxbsq0635 $   cd /cvmfs/lhcb.cern.ch/lib/lhcb/DBASE/TCK/HltTCK/v2r1
v2r1/ v2r10/ v2r11/ v2r12/ v2r13 v2r1p2/ v2r1p4/ 
lxbsq0635 $ cd /cvmfs/lhcb.cern.ch/lib/lhcb/DBASE/TCK/HltTCK/v2r13
-bash: cd: /cvmfs/lhcb.cern.ch/lib/lhcb/DBASE/TCK/HltTCK/v2r13: No such file or directory

These basically need investigating by hand using the methods:

  • Check /var/log/messages
  • Add debugging with CVMFS_DEBUGLOG=/tmp/cvmfs.log to /etc/cvmfs/default.local , this will require a remount to be active. Note that quattor is configured to remove this line with ncm-checklines.

Updating cvmfs-server puppet/appstate procedure

New procedure.

1. roger update --appstate=intervention <host>
2. Run puppet twice on host.
3. wait until /var/spool/cvmfs/*.cern.ch/in_transaction.lock doesn't exist
4. yum update 'cvmfs*'
5. Set creator_version: 2.3.3-1 in host's fqdn yaml.
6. Set roger appstate back to production.
7. Run puppet twice.
-- SteveTraylen - 23-Mar-2012
Edit | Attach | Watch | Print version | History: r15 < r14 < r13 < r12 < r11 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r15 - 2017-09-18 - DanielVanDerSter
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    CvmFS All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback