TWiki>
EMI Web>EmiProjectStructure>EmiProductTeams>VOMS>EMIVomsDocumentation>VOMSystemAdministratorGuide (revision 4)EditAttachPDF
EMI Web>EmiProjectStructure>EmiProductTeams>VOMS>EMIVomsDocumentation>VOMSystemAdministratorGuide (revision 4)VOMS System administrator guide
Functional description
For a functional description of the service see [TODO: insert link to functional description]Operating system installation and configuration
In order to install the EMI VOMS metapackage you will need a clean SL5 X86_64 machine with the EPEL repository configured. More information here.VOMS Node clean Installation
- Make sure that your VOMS server has NTP properly configured. Clock skew between VOMS clients and servers may cause proxy generations failures.
- Make sure you install the IGTF EUGridPMA trust anchors bundle, using the EGI CA repo
yum install ca-policy-egi-core
- In case you plan to install the
emi-voms-oraclemetapackage, download and install the Oracle instant client libraries (v. 10.2.0.4) RPM on your system.
- Add the EMI repository file into your local /etc/yum.repos.d/ directory, e.g., for EMI 1:
cd /etc/yum.repos.d; wget --no-check-certificate https://twiki.cern.ch/twiki/pub/EMI/EMI-1/rc4.repo
- Install the
emi-voms-mysqlmetapackage oremi-voms-oracledepending on the database backend you are using (mysql or Oracle):-
yum install emi-voms-mysqloryum install emi-voms-oracle
-
- Manually install
xml-commons-apislibraries (after having installed the right metapackage for your installation), as the ones provided by the JRE cause warnings when starting/stopping tomcat:
yum install xml-commons-apis
VOMS Node Configuration
Configuring the database backend
MySQL configuration
Make sure that the MySQL administrator password that you specify in the YAIM VOMS configuration files matches the password that is set for the root MySQL account. Yaim configuration script does not set it for you. If you want to set a MySQL administrator password: 1) Check that mySQL is running; if not, launch it usingservice mysqld start
2) Issue the following commands as root:
/usr/bin/mysqladmin -u root password <adminPassword>;The above command sets a password for the mysql root account. At this point, log into mysql:
mysql -uroot -p<adminPassword>And issue the following commands:
grant all on *.* to 'root'@'<vomsHostname>' identified by '<adminPassword>'; grant all on *.* to 'root'@'<fullyQualifiedVomsHostname>' identified by '<adminPassword>'; exit;For instance, assuming
p@ssw0rd is the password chosen for the mysql root account and voms-01.example.it is the host where VOMS is being installed, the above commands would be:
/usr/bin/mysqladmin -u root password p@ssw0rd mysql -uroot -pp@ssw0rd grant all on *.* to 'root'@'voms-01' identified by 'p@ssw0rd'; grant all on *.* to 'root'@'voms-01.example.it' identified by 'p@ssw0rd'; exit;
Oracle configuration
Create the necessary users and databases in Oracle. Please see the Oracle manuals for details.Configuring the VOMS server with YAIM
- Copy the
site-info.defandservices/glite-voms_mysql(orservices/glite-voms_oracle, depending on your database backend) files from '/opt/glite/yaim/examples/siteinfo' into your favourite dir. - Rename
glite-voms_mysql(orglite-voms_oracle, depending on your database backend) as glite-voms. - Set yaim variables as specified in the VOMS YAIM configuration guide
- Make sure mysql is running with
service mysqld status. Start the service in case it's not running with the command:service mysqld start - Launch yaim as follows:
/opt/glite/yaim/bin/yaim -c -s site-info.def -n VOMS
- In order to starting using the voms-admin cli you without opening a new shell may need to source the grid environment:
source /etc/profile.d/grid-env.sh
YAIM siteinfo and glite-voms example files
Below is a siteinfo and service file for a VOMS mysql node configuration:[root@cert-voms-01 ~]# cat siteinfo/site-info.def MYSQL_PASSWORD="pwd" SITE_NAME="voms-certification.cnaf.infn.it" VOS="cert.mysql" [root@cert-voms-01 ~]# cat siteinfo/services/glite-voms # VOMS server hostname VOMS_HOST=cert-voms-01.cnaf.infn.it VOMS_DB_HOST='localhost' VO_CERT_MYSQL_VOMS_PORT=15000 VO_CERT_MYSQL_VOMS_DB_USER=cert_mysql_user VO_CERT_MYSQL_VOMS_DB_PASS="pwd" VO_CERT_MYSQL_VOMS_DB_NAME=voms_cert_mysql_db VOMS_ADMIN_SMTP_HOST=iris.cnaf.infn.it VOMS_ADMIN_MAIL=andrea.ceccanti@cnaf.infn.it
Upgrading VOMS mysql from a gLite 3.2 VOMS server
Install and configure an SL5 X86_64 EPEL machine
In order to install the EMI VOMS metapackage you will need a clean SL5 X86_64 machine with the EPEL repository configured. SL5, as configured by gLite 3.2, is not suitable for installing the EMI VOMS since gLite uses the DAG repository, which is alternative and incompatible with EPEL. Once you have a clean machine configured, install theemi-voms-mysql metapackage without launching yaim configuration.
VOMS database dump and YAIM configuration
On your existing gLite 3.2 VOMS node dump the VOMS database for all the VO using the following command:mysqldump -uroot -p<MYSQL_ROOT_PASSWORD> --all-databases --flush-privileges > voms_database_dump.sqlYou will then copy the dump file on the new EMI VOMS node. Remember to save your YAIM configuration (in most cases,
site-info.def and services/glite-voms in your siteinfo directory) and
copy it on the new EMI VOMS node.
Restoring the VOMS database on the EMI node
You should now have themysql daemon installed in your EMI machine (it was installed as a dependency of the emi-voms-mysql metapackage).
Follow the instructions in this section to properly configure the mysql root account.
Once the root account is configured and working (check that you can login issuing the command mysql -uroot -p<MYSQL_ROOT_PASSWORD>), you can restore the VOMS database
issuing the following command:
mysql -uroot -p<PASSWORD> < voms_database_dump.sql
Configuring VOMS on the EMI node
The gLite 3.2 YAIM configuration should work in your EMI installation. Just check that no gLite-specific paths are referenced in your configuration. In order to configure VOMS, place the YAIM configuration files in your favorite directory and launch the following command:/opt/glite/yaim/bin/yaim -c -s site-info.def -n VOMS
Troubleshooting
For MySQL and Oracle debugging, please see the corresponding MySQL and Oracle manuals. -- AndreaCeccanti - 07-Apr-2011
EMI Web
News
Events
Procedures and Tools
Mailing Lists
Documents
Project Structure
Create New Topic
Index
Search
Changes
Statistics
- ABATBEA
- ACPP
- ADCgroup
- AEGIS
- AfricaMap
- AgileInfrastructure
- ALICE
- AliceEbyE
- AliceSPD
- AliceSSD
- AliceTOF
- AliFemto
- ALPHA
- Altair
- ArdaGrid
- ASACUSA
- AthenaFCalTBAna
- Atlas
- AtlasLBNL
- AXIALPET
- CAE
- CALICE
- CDS
- CENF
- CERNSearch
- CLIC
- Cloud
- CloudServices
- CMS
- Controls
- CTA
- CvmFS
- DB
- DefaultWeb
- DESgroup
- DPHEP
- DM-LHC
- DSSGroup
- EGEE
- EgeePtf
- ELFms
- EMI
- ETICS
- FIOgroup
- FlukaTeam
- Frontier
- Gaudi
- GeneratorServices
- GuidesInfo
- HardwareLabs
- HCC
- HEPIX
- ILCBDSColl
- ILCTPC
- IMWG
- Inspire
- IPv6
- IT
- ItCommTeam
- ITCoord
- ITdeptTechForum
- ITDRP
- ITGT
- ITSDC
- LAr
- LCG
- LCGAAWorkbook
- Leade
- LHCAccess
- LHCAtHome
- LHCb
- LHCgas
- LHCONE
- LHCOPN
- LinuxSupport
- Main
- Medipix
- Messaging
- MPGD
- NA49
- NA61
- NA62
- NTOF
- Openlab
- PDBService
- Persistency
- PESgroup
- Plugins
- PSAccess
- PSBUpgrade
- R2Eproject
- RCTF
- RD42
- RFCond12
- RFLowLevel
- ROXIE
- Sandbox
- SocialActivities
- SPI
- SRMDev
- SSM
- Student
- SuperComputing
- Support
- SwfCatalogue
- TMVA
- TOTEM
- TWiki
- UNOSAT
- Virtualization
- VOBox
- WITCH
- XTCA
 |
|
Copyright &© 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback