Installation

Prerequisites

The EGI Trust anchors .repo file is needed. You need to go here.

You also need to install the fetch-crl

yum install fetch-crl

The Hydra clients are installed from the EMI repositories. Install the EMI release package.

yum install yum-priorities yum-protectbase 
rpm -Uvh http://emisoft.web.cern.ch/emisoft/dist/EMI/2/sl6/x86_64/base/emi-release-2.0.0-1.sl6.noarch.rpm

In order to have access to the proxy generation clients the VOMS clients should be installed:
yum install voms-clients

Client Installation

The installation command is:
yum install emi-hydra-cli

Configuration

Introduction

The Hydra clients provide the access to the Hydra key stores and also some Data Management functionalities. The Hydra clients are typically NOT installed on the same machine as a Hydra service.

Configuration

Credentials

• Access to a valid certificate/key pair through one of the following methods:
  • Standard certificate/key pair (usercert.pem/userkey.pem) in standard location: $HOME/.globus
  • Non-standard certificate/key pair naming or location specified through X509_USER_CERT/X509_USER_KEY environment variables.
  • Standard proxy in standard location /tmp/x509up_u[uid].
  • Non-standard proxy naming or location specified through X509_USER_PROXY environment variable.

Service end-points variables

• It must be specified through the environment variable GLITE_SD_PLUGIN whether the client picks up Hydra services information from a local file or through the BDII. Failure to set this variable to either of the choices below will result in a service discovery error.
  • export GLITE_SD_PLUGIN="file" or
  • export GLITE_SD_PLUGIN="bdii"

• If GLITE_SD_PLUGIN is set to "file" then the Hydra services file must be specified by the GLITE_SD_SERVICES_XML environment variable. Failure to set this variable to a valid file will result in an error.
  • export GLITE_SD_SERVICES_XML="$HOME/[name of hydra services xml file]

• If GLITE_SD_PLUGIN is set to "bdii" then the BDII service to be used must be specified by the LCG_GFAL_INFOSYS environment variable. Failure to set this variable to a valid BDII location will result in an error.
  • export LCG_GFAL_INFOSYS=[name and port of BDII]

Service end-points file.

The client requires some information of the current Hydra servers, this can be a local file (for test purposes) or any information system (e.g. BDII). Is is assumed that the user or their administrator is aware of the Hydra service end-points to be used.

If the file method is being used to describe the Hydra end-points then the format of the expressed by the environment variable $GLITE_SD_SERVICES_XML is as follows.

An example of such a file can be found here

In the example file, there are three end-points configured within a single Hydra server (hip-paha-virt-14.cern.ch). A service block looks like:

<service name="hydra-1">
        <parameters>
            <endpoint>https://hip-paha-virt-14.cern.ch:8443/1/glite-data-hydra-service/services/Hydra</endpoint>
            <type>org.glite.KeyStore</type>
            <version>2.0.0</version>
            <volist><vo></vo></volist>
        </parameters>
        <associatedservices>
            <name>hydra-2</name>
            <name>hydra-3</name>
        </associatedservices>
    </service>

* service name is arbitrary but must be consistent in the other service blocks. It is used to describe the web service URLs.

* endpoint describes the URLs where the web services reside.

* type Do not change.

* version Do not change.

* associatedservices These list the other URLs that are to be used to store key fragments.

The service blocks corresponding to the other URLs that store the key fragments must follow the same cyclic order. Specifically, the service block for "hydra-2" needs to reference in its associatedservices block the other multiple Hydra URL service name etc.

Data Management variables

* If the Hydra client is to be used with Data Management components then some more environment variables will need to be set. The following environment variables need to be set:

-- JohnWhite - 26-Oct-2012