Overview, goals

The idea is to have the RPMS available for all the deployed components. The base OS distribution is provided by CERN Linux Team.

Internal Repository

The repository housing the packages neither available from OS distribution nor from etics repository. Under construction.

Condor

  • Condor is available at Univ of Wisconsin in the form of tar.gz or packages versions. Look for the download section. The installation is performed by extracting the tarball file. All the necessary steps are present in the script file. The settings for the job migration between pool require:
    • FW port being open on the submitter (CERN) side
    • FW port being open on the target ( UW) side
    • FW port being open on the target (INFN) side
    • ....

Here is the script for installation and configuration of Condor:

#########
#Valid only for CERN machines
mkdir -p /mnt/tmp 
echo "Mounting the /tftpboot" 
/bin/mount lxb1431.cern.ch:/tftpboot /mnt/tmp 
#########

/usr/sbin/useradd -u 14816 -d /home/condor -s /bin/bash -c "Condor" -p <passwd> condor 
chmod +rwx /home/condor 
find /home/condor -exec chown condor.condor {} \; 
cd /opt

######### 
#Only for CERN, otherwise download it from Condor Web Site
tar xzf /mnt/tmp/kickstart/extra/bin/Condor/condor-6.7.20-linux-x86-glibc23-dynamic.tar.gz 
#########

ln -s condor-6.7.20 condor 
cd condor 
./condor_configure --install --verbose --owner=condor --local-dir=/home/condor/ --install-log=INSTALL.LOG 

mv etc/condor_config etc/condor_config.orig 
mv -f /home/condor/condor_config.local /home/condor/condor_config.local.orig 

######### 
#Only for CERN, otherwise change it manually
cp /mnt/tmp/kickstart/extra/bin/Condor/condor_config ./etc/ 
cp /mnt/tmp/kickstart/extra/bin/Condor/condor_config.local /home/condor/condor_config.local 
#########

mkdir -p /etc/condor 
ln -s /opt/condor/etc/condor_config /etc/condor/ 


######### 
#Only for CERN, otherwise download it from NMI Web Site
(cd /tmp; tar xzf /mnt/tmp/kickstart/extra/bin/NMI/NMI-1.9.tar.gz) 
#########

mv /tmp/NMI-1.9/hawkeye_modules/ /home/condor 
chmod uog+x /home/condor/hawkeye_modules/NMI_platform 
chmod uog+x /home/condor/hawkeye_modules/prereq 
chmod +rwx /home/condor 
find /home/condor -exec chown condor.condor {} \; 
/etc/init.d/iptables stop 
cd /usr/local 
ln -s /opt/condor/ . 
cp -p /usr/local/condor/etc/examples/condor.boot /etc/rc.d/init.d/condor.boot 
/sbin/chkconfig --add condor.boot

MySQL

  • MySQL v4.x is part of the Base OS installation, however the version required is 5.x. It should be downloaded from the one of the mirrors as listed on mysql.org

Tomcat

Apache port redirector

  • Due to running applications in well-know ports require root privileges, Tomcat cannot run on 443 by itselt. So there are two options to see Tomat on port 443: using Apache as a frontend, redirecting all requests to Tomcat as a reverse proxy or redirect the 443 to the 8443 port using OS native tools (e.g. iptables).
  • Apache option: extra configuration step is needed for the redirection from port 443 to the 8443 (WebApplication). This is done with the mod_proxy and mod_ssl apache modules so it is necessary load them in /etc/httpd/conf/httpd.conf.
    LoadModule proxy_module modules/mod_proxy.so
    
    Also under the SSL configuration file (/etc/httpd/conf.d/ssl.conf) for global configuration or under the virtual server definitions is necessary to add the following lines:
    LoadModule ssl_module modules/mod_ssl.so
    
    SSLProxyEngine On
    ProxyVia On
    ProxyRequests Off
    SSLProxyMachineCertificateFile /etc/httpd/conf/ssl.key/server.pem
    
    <Location /etics/>
       ProxyPass http://etics.cern.ch:8443/etics/
       ProxyPassReverse http://etics.cern.ch:8443/etics/
    </Location>
    
    This configuration is valid only for HTTPS section.
IMPORTANT NOTE: currently, with this redirection the certificate-based authentication in the web application does not work (the client certificate is reachable only by Apache, not by Tomcat).

  • Iptables way
    # iptables -A FORWARD -p tcp --destination-port 443 -j ACCEPT
    # iptables -t nat -A PREROUTING -j REDIRECT -p tcp --destination-port 443 --to-ports 8443
    

NMI

  • NMI. Home page is located here. Look for the 'Latest Release' under Administrator section. No RPM version available at the moment. The installation steps are located here.

CA

Client

Build-System Web Service

Build-System Web Application

  • Build-System Web Application. Please see the Savannah bug. In the meantime copy the WAR file from Paolo to /opt/etics/share/webapps/

NMI Scripts

Build Reactor

Web Reactor

Etics Administration Web Application

Repository Browser

Report Browser (Build System Browser)

-- Main.mselmi - 15 Nov 2006

Tried to re-order a little. -- MebSter - 22 Nov 2006

Edit | Attach | Watch | Print version | History: r29 < r28 < r27 < r26 < r25 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r29 - 2006-12-19 - MebSter
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    ETICS All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback