Voms gLite 3.2 Installation and Configuration Guide

Service Overview

VOMS serves as a central repository for user authorization information, providing support for sorting users into a general group hierarchy, keeping track of their roles, etc. Its functionality may be compared to that of a Kerberos KDC server. The VOMS Admin service is a web application providing tools for administering member databases for VOMS, the Virtual Organization Membership Service.

VOMS Admin provides an intuitive web user interface for daily administration tasks and a SOAP interface for remote clients. (The entire functionality of the VOMS Admin service is accessible via the SOAP interface.) The Admin package includes a simple command-line SOAP client that is useful for automating frequently occurring batch operations, or simply to serve as an alternative to the full blown web interface. It is also useful for bootstrapping the service. The VOMS server can use MySQL or ORACLE as a backend.

Voms Node Installation

The general steps for installing the OS are explained here.
  • Make sure you also install the EUGridPMA trust anchors bundle
    yum install lcg-CA
  • Copy the repository file into your local /etc/yum.repos.d/ directory, as in the following:
    http://grid-deployment.web.cern.ch/grid-deployment/glite/repos/3.2/glite-VOMS_mysql.repo
  • Install the glite-VOMS_mysql metapackage or glite-VOMS_oracle depending on the DB backend you are using (mysql or Oracle):
    yum install glite-VOMS_mysql or yum install glite-VOMS_oracle

Voms Node Configuration

Configuring the database backend

Configure MySQL

Make sure that the MySQL administrator password that you specify in the configuration files below matches the password that is set for the root MySQL account. Yaim configuration script does not set it for you. If you want to set a MySQL administrator password:

1) Check that mySQL is running; if not, launch it using service mysqld start

2) Issue the following commands as root:

/usr/bin/mysqladmin -u root password <adminPassword>;

At this point, log into mysql using the following command:

mysql -uroot -p<adminPassword>

And issue the following commands:

grant all on *.* to 'root'@'<vomsHostname>' identified by '<adminPassword>';
grant all on *.* to 'root'@'<fullyQualifiedVomsHostname>' identified by '<adminPassword>';
exit;

For instance, assuming p@ssw0rd is the password chosen for the mysql root account and voms-01.example.it is the host where VOMS is being installed, the above commands would be:

/usr/bin/mysqladmin -u root password p@ssw0rd
mysql -uroot -pp@ssw0rd
grant all on *.* to 'root'@'voms-01'  identified by 'p@ssw0rd';
grant all on *.* to 'root'@'voms-01.example.it'  identified by 'p@ssw0rd';
exit;

Configure Oracle

Create the necessary users and databases in ORACLE. Please see the ORACLE manuals for details.

Configuring the VOMS server with YAIM

  • Copy siteinfo.def and services/glite-voms_mysql or services/glite-voms_oracle from '/opt/glite/yaim/examples/siteinfo' into your favourite dir.
  • Rename glite-voms_mysql or glite-voms_oracle as glite-voms
  • Set yaim variables as specified in the VOMS YAIM configuration guide
  • Launch yaim as follows:
    /opt/glite/yaim/bin/yaim -c -s site-info.def -n VOMS
    
  • Make sure mysql is running with service mysqld status else you may have to manually start it service mysqld start
  • In order to use the voms-admin cli you may need to:
    source /etc/profile.d/grid-env.sh

YAIM siteinfo and glite-voms example files

Below is a siteinfo and service file for a VOMS mysql node configuration:
[root@cert-voms-01 ~]# cat siteinfo/site-info.def 
MYSQL_PASSWORD="***"
SITE_NAME="voms-certification.cnaf.infn.it"
VOS="cert.mysql"

[root@cert-voms-01 ~]# cat siteinfo/services/glite-voms
# VOMS server hostname
VOMS_HOST=cert-voms-01.cnaf.infn.it 
VOMS_DB_HOST='localhost'

VO_CERT_MYSQL_VOMS_PORT=15000
VO_CERT_MYSQL_VOMS_DB_USER=cert_mysql_user
VO_CERT_MYSQL_VOMS_DB_PASS=***
VO_CERT_MYSQL_VOMS_DB_NAME=voms_cert_mysql_db

VOMS_ADMIN_SMTP_HOST=iris.cnaf.infn.it
VOMS_ADMIN_MAIL=andrea.ceccanti@cnaf.infn.it

Upgrading VOMS mysql from a gLite 3.1 Voms server

Install a VOMS mysql SL5 node

Install only the rpms (as explained under 'Voms Node Installation') without launching yaim configuration

Migrating the database to the new node

To migrate the VO database to the new node you need to perform the following steps, for each VO DB:
  • Dump the old database on the old VOMS server and transfer the file to the new node
      mysqldump -h <OLD_HOSTNAME> -u <PRIV_USER> -p <PWD> --databases <DB_NAME> > <DUMP_FILE>
  • Use the database dump on the new machine to create the new database
    mysql -h <NEW_HOSTNAME> -u <PRIV_USER> -p <PWD> < <DUMP_FILE>
  • Grant ALL PRIVILEGES to the user that VOMS-ADMIN will use to connect to and use the database ( <NEW_HOSTNAME> is meant to be the fully qualified VOMS hostname)

 mysql -h <NEW_HOSTNAME> -u <PRIV_USER> -p <PWD>

 mysql> grant all on <DATABASE_NAME>.* to '<VOMS_USER>'@'localhost' identified by '<VOMS_USER_PASSWORD>';
 mysql> grant all on <DATABASE_NAME>.* to '<VOMS_USER>'@'<NEW_HOSTNAME>' identified by '<VOMS_USER_PASSWORD>';

As before,

  • synchronize voms configuration files from the old machine with the yaim configuration files on the new one, i.e. make sure username and password for the VO databases are the same. In particular:
    • the configuration files on the old machine using python scripts can be found in /opt/glite/etc/config:
      /opt/glite/etc/config/glite-voms-server.cfg.xml ---> for username and password of mysql admin
      /opt/glite/etc/config/vo-list.cfg.xml --> for username and password of each VO database
    • yaim configuration files on the new machine can be found in siteinfo/site-info.def and services/glite-voms
  • launch yaim configuration after setting yaim variable VOMS_DB_DEPLOY to 'false' in the site-info.def or the siteinfo/services/glite-voms file
    /opt/glite/yaim/bin/yaim  -c -s site-info.def -n VOMS
  • launch upgrade VO, for each VO as:
    /opt/glite/sbin/voms-admin-configure upgrade --vo  <VO name>
  • re-start tomcat
  • re-start voms server and voms admin with
    /opt/glite/etc/init.d/voms and /opt/glite/etc/init.d/voms-admin
  • register the VOMS host identity as a default admin:
    /opt/glite/sbin/voms-db-deploy.py add-admin --vo <VO name> --cert /etc/grid-security/hostcert.pem

Starting/Stopping the services

  • To start and stop the voms-admin use the following:
     /opt/glite/etc/init.d/voms-admin stop/start
  • To start and stop the voms server use the following:
     /opt/glite/etc/init.d/voms stop/start

Troubleshooting

For MySQL and Oracle debugging, please see the corresponding MySQL and Oracle manuals.

Log files

VOMS log files

  • /var/log/glite/voms.voName, where voName is the name of the VO.

VOMS admin log files

  • /usr/share/tomcat5/logs/catalina.out, for general tomcat messages;
  • /usr/share/tomcat5/logs/voms-admin-voName.log, where voName is the name of the VO.

-- ElisabettMolinari - 22-Apr-2010

Edit | Attach | Watch | Print version | History: r18 < r17 < r16 < r15 < r14 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r18 - 2011-06-01 - AndreaCeccantiExCern
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EGEE All webs login

This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright & by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Ask a support question or Send feedback