VOMS System administrator guide

Functional description

For a functional description of the service see [TODO: insert link to functional description]

Operating system installation and configuration

TBD

VOMS Node Installation

  • Make sure that your VOMS server has NTP properly configured. Clock skew between VOMS clients and servers may cause proxy generations failures.

  • Make sure you install the IGTF EUGridPMA trust anchors bundle, using the EGI CA repo
    yum install ca-policy-egi-core

  • Add the EMI repository file into your local /etc/yum.repos.d/ directory, e.g., for EMI 1:
    https://twiki.cern.ch/twiki/pub/EMI/EMI-1/rc2.repo
  • Install the emi-voms-mysql metapackage or emi-voms-oracle depending on the database backend you are using (mysql or Oracle):
    • yum install emi-voms-mysql or yum install emi-voms-oracle

  • Manually install xml-commons-apis libraries (after having installed the VOMS metapackage), as the ones provided by the JRE cause warnings when starting/stopping tomcat:
    yum install xml-commons-apis

VOMS Node Configuration

Configuring the database backend

Configure MySQL

Make sure that the MySQL administrator password that you specify in the YAIM VOMS configuration files matches the password that is set for the root MySQL account. Yaim configuration script does not set it for you. If you want to set a MySQL administrator password:

1) Check that mySQL is running; if not, launch it using service mysqld start

2) Issue the following commands as root:

/usr/bin/mysqladmin -u root password <adminPassword>;

The above command sets a password for the mysql root account. At this point, log into mysql:

mysql -uroot -p<adminPassword>

And issue the following commands:

grant all on *.* to 'root'@'<vomsHostname>' identified by '<adminPassword>';
grant all on *.* to 'root'@'<fullyQualifiedVomsHostname>' identified by '<adminPassword>';
exit;

For instance, assuming p@ssw0rd is the password chosen for the mysql root account and voms-01.example.it is the host where VOMS is being installed, the above commands would be:

/usr/bin/mysqladmin -u root password p@ssw0rd
mysql -uroot -pp@ssw0rd
grant all on *.* to 'root'@'voms-01'  identified by 'p@ssw0rd';
grant all on *.* to 'root'@'voms-01.example.it'  identified by 'p@ssw0rd';
exit;

Configure Oracle

Create the necessary users and databases in ORACLE. Please see the ORACLE manuals for details.

Configuring the VOMS server with YAIM

  • Copy siteinfo.def and services/glite-voms_mysql or services/glite-voms_oracle from '/opt/glite/yaim/examples/siteinfo' into your favourite dir.
  • Rename glite-voms_mysql or glite-voms_oracle as glite-voms
  • Set yaim variables as specified in the VOMS YAIM configuration guide
  • Make sure mysql is running with service mysqld status else you may have to manually start it service mysqld start
  • Launch yaim as follows:
    /opt/glite/yaim/bin/yaim -c -s site-info.def -n VOMS
    
  • In order to use the voms-admin cli you may need to:
    source /etc/profile.d/grid-env.sh

YAIM siteinfo and glite-voms example files

Below is a siteinfo and service file for a VOMS mysql node configuration:
[root@cert-voms-01 ~]# cat siteinfo/site-info.def 
MYSQL_PASSWORD="***"
SITE_NAME="voms-certification.cnaf.infn.it"
VOS="cert.mysql"

[root@cert-voms-01 ~]# cat siteinfo/services/glite-voms
# VOMS server hostname
VOMS_HOST=cert-voms-01.cnaf.infn.it 
VOMS_DB_HOST='localhost'

VO_CERT_MYSQL_VOMS_PORT=15000
VO_CERT_MYSQL_VOMS_DB_USER=cert_mysql_user
VO_CERT_MYSQL_VOMS_DB_PASS=***
VO_CERT_MYSQL_VOMS_DB_NAME=voms_cert_mysql_db

VOMS_ADMIN_SMTP_HOST=iris.cnaf.infn.it
VOMS_ADMIN_MAIL=andrea.ceccanti@cnaf.infn.it

Upgrading VOMS mysql from a gLite 3.2 VOMS server

Install a VOMS mysql SL5 node

Install only the rpms (as explained under 'VOMS Node Installation') without launching yaim configuration

Migrating the database to the new node

To migrate the VO database to the new node you need to perform the following steps, for each VO DB:
  • Dump the old database on the old VOMS server and transfer the file to the new node
      mysqldump -h <OLD_HOSTNAME> -u <PRIV_USER> -p <PWD> --databases <DB_NAME> > <DUMP_FILE>
  • Use the database dump on the new machine to create the new database
    mysql -h <NEW_HOSTNAME> -u <PRIV_USER> -p <PWD> < <DUMP_FILE>
  • Grant ALL PRIVILEGES to the user that VOMS-ADMIN will use to connect to and use the database ( <NEW_HOSTNAME> is meant to be the fully qualified VOMS hostname)

 mysql -h <NEW_HOSTNAME> -u <PRIV_USER> -p <PWD>

 mysql> grant all on <DATABASE_NAME>.* to '<VOMS_USER>'@'localhost' identified by '<VOMS_USER_PASSWORD>';
 mysql> grant all on <DATABASE_NAME>.* to '<VOMS_USER>'@'<NEW_HOSTNAME>' identified by '<VOMS_USER_PASSWORD>';

The gLite 3.2 YAIM configuration should work (with minor modifications) in your EMI installation.

Starting/Stopping the services

  • To start and stop the voms-admin use the following:
     /etc/rc.d/init.d/voms-admin start/stop
  • To start and stop the voms server use the following:
     /etc/rc.d/init.d/voms start/stop

Troubleshooting

For MySQL and Oracle debugging, please see the corresponding MySQL and Oracle manuals.

Log files

VOMS log files

  • /var/log/glite/voms.voName, where voName is the name of the VO.

VOMS admin log files

  • /usr/share/tomcat5/logs/catalina.out, for general tomcat messages;
  • /usr/share/tomcat5/logs/voms-admin-VO_NAME.log, where VO_NAME is the name of the VO.

-- AndreaCeccanti - 05-Apr-2011

Edit | Attach | Watch | Print version | History: r11 | r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r2 - 2011-04-05 - unknown
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EMI All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2022 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback