Before Starting

  1. HOSTNAME: emitestbed07.cnaf.infn.it
  2. OS: SL5 X86_64 Installed + Network
  3. Host certificate required : they must be put in /etc/grid-security/certificates/ after yum install and before yaim configure

Service Installation

  1. Repositories ( see EMI basic configuration):
    1. egi-trustanchors.repo + emi1.repo + epel.repo
  2. $> yum clean all
  3. $> yum makecache
  4. INSTALLING VOMS
    1. $> yum install ca-policy-egi-core
    2. $> yum install emi-voms-mysql
    3. $> yum install xml-commons-apis

Service Configuration

  1. Preparing MySQL:
    1. service mysqld start
    2. /usr/bin/mysqladmin -u root password YOURPASSWORD
  2. PREPARING FOR YAIM CONFIGURATION:
    1. COPY YAIM FILES UNDER ROOT: $>cp -r /opt/glite/yaim/examples/siteinfo/ /root/siteinfo/
    2. CONTENT of /root/siteinfo: site-info.def + servuces/
    3. Find below the settings for Inter-Component testing EMI Testbed. Of course you will need to adapt these values to your own site (hostnames of other servers (SE, BDII, ARGUS..) , passwd, etc. etc. )

[root@emitestbed07 siteinfo]# grep -v "#" site-info.def services/glite-voms
site-info.def:MYSQL_PASSWORD="YOURPASS"
site-info.def:VOMS_DB_TYPE="mysql"
site-info.def:SITE_NAME="emi-testbed-cnaf"
site-info.def:VOS="testers.eu-emi.eu"
services/glite-voms:VOMS_HOST=`hostname -f`
services/glite-voms:VOMS_DB_HOST=localhost
services/glite-voms:VO_TESTERS_EU_EMI_EU_VOMS_DB_NAME="db_emitesters"
services/glite-voms:VO_TESTERS_EU_EMI_EU_VOMS_DB_USER="emitesters_user"
services/glite-voms:VO_TESTERS_EU_EMI_EU_VOMS_DB_PASS="YOURTESTERSDBPASS"
services/glite-voms:VO_TESTERS_EU_EMI_EU_VOMS_PORT="15002"
services/glite-voms:VOMS_ADMIN_SMTP_HOST="iris.cnaf.infn.it"
services/glite-voms:VOMS_ADMIN_MAIL="danilo.dongiovanni@cnaf.infn.it"
services/glite-voms:VOMS_DB_DEPLOY="false"      ---> this depends on whether you use a dump of previous DB

Note :

  1. YAIM variables set into /root/siteinfo/services/XXXfiles will overrid variables in siteinfo.def file with same name
  2. some YAIM variables are set in the yaim defaults files: /opt/glite/yaim//defaults/XXXfiles

  1. After all yaim files are OK run the following commands:
    1. $> /opt/glite/yaim/bin/yaim -c -s site-info.def -n VOMS
  2. If everything's OK yaim will end with (BTW yaim output is in /opt/glite/yaim/log/yaimlog file)

.....
  INFO: Configuration Complete.                                               [  OK  ]
  INFO: YAIM terminated succesfully.

Service REPLICA Configuration

  1. MASTER: emitestbed07.cnaf.infn.it
  2. REPLICA: emitestbed01.cnaf.infn.it
    1. First configure your replica as usual (the VOMS_DB_DEPLOY="true" at first configuration, to let it create users, then once the db is imported from other db put it to "false" for future reconfigurations)
  3. THEN:


ON MASTER-------->
[root@emitestbed07 ~]# /usr/libexec/voms/voms_replica_master_setup.sh --mysql-pwd=YOURPASS --slave-host emitestbed01.cnaf.infn.it --master-db=db_emitesters --mysql-version=5
WARNING: This script assumes that it can thrash the current server
configuration.  If instead you wish to keep it, read the
documentation and perform the procedure by hand.
Do you wish to continue?  type YES if it is so.
YES
Stopping MySQL:                                            [  OK  ]
Starting MySQL:                                            [  OK  ]
Send these informations to the administrator of the slave server:
Log File    :  OUTPUTFROMSCRIPT
Log Position: OUTPUTFROMSCRIPT
Account name: OUTPUTFROMSCRIPT
Account pwd : OUTPUTFROMSCRIPT
DB name     : OUTPUTFROMSCRIPT
Ignore      : OUTPUTFROMSCRIPT
Also, send this file: db_emitesters.dump

ON SLAVE 
 /usr/libexec/voms/voms_replica_slave_setup.sh --mysql-pwd=YOURPASS --replica-user=OUTPUTFROMSCRIPTONMASTER --replica-user-pwd=OUTPUTFROMSCRIPTONMASTER --master-host emitestbed07.cnaf.infn.it --master-db=OUTPUTFROMSCRIPTONMASTER --log-file=OUTPUTFROMSCRIPTONMASTER --log-file-position=OUTPUTFROMSCRIPTONMASTER

Run this from same directory where you put the db_emitesters.dump obtained in the MASTER

Configuring VO

Adding VO admin

  $  voms-admin --vo testers.eu-emi.eu create-user usercert.pem 
  $  voms-admin --vo testers.eu-emi.eu add-member /dteam usercert.pem 
  $  voms-admin --nousercert --vo testers.eu-emi.eu  assign-role /testers.eu-emi.eu VO-Admin '/DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=twolak/CN=664547/CN=Tomasz Wolak' '/DC=ch/DC=cern/CN=CERN Trusted Certification Authority'

Service Testing

  1. daemons status:
    1. service mysqld status
    2. /etc/init.d/voms status
    3. /etc/init.d/voms-admin status
    4. service tomcat5 status
    5. /etc/init.d/bdii status
  2. try opening https://emitestbed07.cnaf.infn.it:8443/voms/testers.eu-emi.eu/ in the browser
  3. voms-admin --vo testers.eu-emi.eu list-users ------> lists users in db for VO testers...
  4. Basic test creating proxy from UI was done as reported at this page EMI gLite Job Management Tests Page

EMI 3

In EMI 3 release yaim is not supported anymore. voms-configure is used instead.

Service install

host: emitestbed43.cnaf.infn.it (SL6)
$ yum clean all
$ yum makecache
$ yum -y install emi-release
$ yum install emi-voms-mysql
$ service mysqld status
$ service mysqld start
$ /usr/bin/mysqladmin -u root password 'pwd'
$ /usr/bin/mysqladmin -u root -h localhost --password password 'pwd'

Service configuration

$ voms-configure install --dbtype mysql --vo testers3.eu-emi.eu --createdb --deploy-database --admin-port 16000 --core-port 15000 --dbauser root --dbapwd 'pwd' --dbusername emi3_vo --dbpassword 'pwd' --smtp-host postino.cnaf.infn.it --mail-from fabio.capannini@cnaf.infn.it
$ /usr/sbin/fetch-crl -q -r 360
$ service voms start
$ service voms-admin start
$ voms-db-util add-admin --vo testers3.eu-emi.eu --cert fabio_cert.pem

BDII publication

$ voms-config-info-providers -s emi-testbed-cnaf -e
$ /etc/init.d/bdii start
$ ldapsearch -x -h localhost -p 2170 -b 'GLUE2GroupID=resource,o=glue' objectCLass=GLUE2Service

EMIR publication

You can use EMIR-SERP to publish VOMS information to EMIR. EMIR-SERP uses the information already available in the resource bdii and publish it to an EMIR DSR endpoint. You have to know the EMIR endpoint to do this, in the following example the EMI testbed EMIR endpoint is used.
$ yum install emir-serp
edit the configuration file /etc/emi/emir-serp/emir-serp.ini, providing the url for the EMIR DSR and the url for the resource bdii
...
url = http://emitbdsr1.cern.ch:9126
...
[servicesFromResourceBDII]
resource_bdii_url = ldap://localhost:2170/GLUE2GroupID=resource,o=glue
...
Start emir-serp with
$ service emir-serp start
and check your EMIR deployment to make sure the endpoints are published.
$ curl -v -H "Accept:application/xml" -X GET http://emitbdsr1.cern.ch:9126/services?Service_ID=emitestbed43.cnaf.infn.it_VOMS_257915444&pageSize=1000
See also https://twiki.cern.ch/twiki/bin/view/EMI/EMIRCONSUME for instructions on how to query for resources in EMIR.
You can spot problems increasing the verbosity of the emir-serp logging by editing the configuration file
verbosity = debug

-- FabioCapannini - 29-Jan-2013

Edit | Attach | Watch | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r4 - 2013-01-29 - FabioCapanniniExternal
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EMI All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback