(r6) VOMSystemAdministratorGuide < EMI

EMI Web>EmiProjectStructure>EmiProductTeams>VOMS>EMIVomsDocumentation>VOMSystemAdministratorGuide (revision 6) (raw view)~~EditAttachPDF~~
---+ *VOMS System administrator guide*

%TOC%

---++ Operating system installation and configuration

In order to install the EMI !VOMS metapackage you will need a *clean* SL5 X86_64 machine with the EPEL repository configured.
More information [[ToBeDone][here]].


---++ !VOMS Node clean Installation

   * Make sure that your !VOMS server has NTP properly configured. Clock skew between !VOMS clients and servers may cause proxy generations failures.

   * Make sure you install the IGTF !EUGridPMA trust anchors bundle, using the EGI CA [[http://repository.egi.eu/sw/production/cas/1/current/repo-files/egi-trustanchors.repo][repo]]:
      * =yum install ca-policy-egi-core=

   * In case you plan to install the =emi-voms-oracle= metapackage, download and install the Oracle instant client [[http://download.oracle.com/otn/linux/instantclient/10204/oracle-instantclient-devel-10.2.0.4-1.x86_64.rpm][devel]] and [[http://download.oracle.com/otn/linux/instantclient/10204/oracle-instantclient-basic-10.2.0.4-1.x86_64.rpm][basic]] 10.2.0.4 libraries on your system:
      * =yum localinstall oracle-instantclient-basic-10.2.0.4-1.x86_64.rpm oracle-instantclient-devel-10.2.0.4-1.x86_64.rpm=

   * Add the EMI repository file into your local /etc/yum.repos.d/ directory, e.g., for EMI 1:
      * <verbatim>cd /etc/yum.repos.d; wget --no-check-certificate https://twiki.cern.ch/twiki/pub/EMI/EMI-1/rc4.repo</verbatim>

   * Install the =emi-voms-mysql= metapackage or  =emi-voms-oracle= depending on the database backend you are using (mysql or Oracle):
      * =yum install emi-voms-mysql= *or* =yum install emi-voms-oracle=

   * Manually install =xml-commons-apis= libraries (after having installed the right metapackage for your installation), as the ones provided by the JRE cause warnings when starting/stopping tomcat:
      * =yum install xml-commons-apis=

---++ !VOMS Node Configuration
---+++ Configuring the database backend

#MySQLAdminConf

---++++ !MySQL configuration

Make sure that the !MySQL administrator password that you specify in the YAIM !VOMS configuration files matches the password that is set for the root !MySQL account. *Yaim configuration script does not set it for you*. If you want to set a !MySQL administrator password:

1) Check that mySQL is running; if not, launch it using =service mysqld start=

2) Issue the following commands as root:

<verbatim>
/usr/bin/mysqladmin -u root password <adminPassword>;
</verbatim>

The above command sets a password for the mysql root account.  At this point, log into mysql:

<verbatim>
mysql -uroot -p<adminPassword>
</verbatim>

And issue the following commands:

<verbatim>
grant all on *.* to 'root'@'<vomsHostname>' identified by '<adminPassword>';
grant all on *.* to 'root'@'<fullyQualifiedVomsHostname>' identified by '<adminPassword>';
exit;
</verbatim>

For instance, assuming =p@ssw0rd= is the password chosen for the mysql root account and =voms-01.example.it= is the host where VOMS is being installed, the above commands would be:

<verbatim>
/usr/bin/mysqladmin -u root password p@ssw0rd
mysql -uroot -pp@ssw0rd
grant all on *.* to 'root'@'voms-01'  identified by 'p@ssw0rd';
grant all on *.* to 'root'@'voms-01.example.it'  identified by 'p@ssw0rd';
exit;
</verbatim>

---++++ Oracle configuration

Create the necessary users and databases in Oracle. Please see the Oracle manuals for details. 

---+++ Configuring the !VOMS server with !YAIM



   1. Copy the =site-info.def= and =services/glite-voms_mysql=  (or =services/glite-voms_oracle=, depending on your database backend) files from '/opt/glite/yaim/examples/siteinfo' into your favourite dir.
   2. Rename =glite-voms_mysql= (or =glite-voms_oracle=, depending on your database backend) as glite-voms.
   3. Set yaim variables as specified [[https://twiki.cern.ch/twiki/bin/view/LCG/Site-info_configuration_variables#VOMS][in the VOMS !YAIM configuration guide]] 
   4. Make sure mysql is running with =service mysqld status=. Start the service in case it's not running with the command:  =service mysqld start=
   5. Launch yaim as follows:
   <verbatim>
/opt/glite/yaim/bin/yaim -c -s site-info.def -n VOMS
</verbatim>
   6. In order to starting using the voms-admin cli you without opening a new shell may need to source the grid environment: <verbatim>source /etc/profile.d/grid-env.sh</verbatim>

---++++ !YAIM siteinfo  and =glite-voms= example files
Below is a siteinfo and service file for a VOMS mysql node configuration:<br>
<verbatim>
[root@cert-voms-01 ~]# cat siteinfo/site-info.def 
MYSQL_PASSWORD="pwd"
SITE_NAME="voms-certification.cnaf.infn.it"
VOS="cert.mysql"

[root@cert-voms-01 ~]# cat siteinfo/services/glite-voms
# VOMS server hostname
VOMS_HOST=cert-voms-01.cnaf.infn.it 
VOMS_DB_HOST='localhost'

VO_CERT_MYSQL_VOMS_PORT=15000
VO_CERT_MYSQL_VOMS_DB_USER=cert_mysql_user
VO_CERT_MYSQL_VOMS_DB_PASS="pwd"
VO_CERT_MYSQL_VOMS_DB_NAME=voms_cert_mysql_db

VOMS_ADMIN_SMTP_HOST=iris.cnaf.infn.it
VOMS_ADMIN_MAIL=andrea.ceccanti@cnaf.infn.it
</verbatim> 

---++ Upgrading VOMS mysql from a gLite 3.2 VOMS server

---+++ Install and configure an SL5 X86_64 EPEL machine

In order to install the EMI VOMS metapackage you will need a *clean* SL5 X86_64 machine with the EPEL repository configured.
SL5, as configured by gLite 3.2, is *not* suitable for installing the EMI VOMS since gLite uses the DAG repository, which is *alternative* and *incompatible* with EPEL.

Once you have a clean machine configured, install the =emi-voms-mysql= metapackage *without* launching  yaim configuration.

---+++ !VOMS database dump and YAIM configuration

On your existing gLite 3.2 !VOMS node dump the !VOMS database for all the VO using the following command:

<verbatim>
mysqldump -uroot -p<MYSQL_ROOT_PASSWORD> --all-databases --flush-privileges > voms_database_dump.sql
</verbatim>

You will then copy the dump file on the new EMI !VOMS node.

Remember to save your YAIM configuration (in most cases,  =site-info.def= and =services/glite-voms= in your =siteinfo= directory) and
copy it on the new EMI !VOMS node.

---+++ Restoring the !VOMS database on the EMI node

You should now have the =mysql= daemon installed in your EMI machine (it was installed as a dependency of the =emi-voms-mysql= metapackage).
Follow the instructions in this [[#MySQLAdminConf][section]] to properly configure the mysql root account.

Once the root account is configured and working (check that you can login issuing the command =mysql -uroot -p&lt;MYSQL_ROOT_PASSWORD&gt;=), you can restore the !VOMS database
issuing the following command:

<verbatim>
mysql -uroot -p<PASSWORD> < voms_database_dump.sql
</verbatim>

---+++ Configuring !VOMS on the EMI node

The gLite 3.2 YAIM configuration should work  in your EMI installation. Just check that no gLite-specific paths are referenced in your configuration.
In order to configure !VOMS, place the YAIM configuration files in your favorite directory and launch the following command:

<verbatim>
/opt/glite/yaim/bin/yaim -c -s site-info.def -n VOMS
</verbatim>


---++ Troubleshooting

For !MySQL and Oracle debugging, please see the corresponding !MySQL and Oracle manuals. 

-- Main.AndreaCeccanti - 07-Apr-2011
Topic revision: r6 - 2011-04-15 - unknown
Public webs
- Cern Search
- TWiki Search
- Google Search
EMI All webs
Copyright &© 2008-2022 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback