Installing PanDA server

Keep in mind: this instruction is still work in progress.

Preparation

Two modules are needed to install the server: panda-server and panda-common.

They can be obtained with git:

https://github.com/PanDAWMS/panda-server

https://github.com/PanDAWMS/panda-common

Server also requires some additional software:

# yum install httpd
# yum install mod_ssl
# yum install mod_python
# yum install gridsite
# yum install lfc-python
# yum install cx_Oracle
# yum install ca-certificates
# yum install globus-gsi-cert-utils
# rpm -Uhv http://linuxsoft.cern.ch/cern/slc6X/i386/yum/updates/CERN-CA-certs-20120322-10.slc6.noarch.rpm
# rpm -Uhv http://repo.grid.iu.edu/osg/3.2/osg-3.2-el6-release-latest.rpm
# yum install osg-ca-certs

If MySQL will be used instead of Oracle:

# yum install MySQL-python

Some additional info on dependencies:

https://twiki.cern.ch/twiki/bin/viewauth/AtlasComputing/PandaServerServiceDocumentationCard

If some package (in my case mod_python) is not available in the default repositories and you have access to an existing installation, you can find out the yum repository the package was retrieved from:

[root@pandawms yum.repos.d]# repoquery -i mod_python
Failed to set locale, defaulting to C

Name        : mod_python
Version     : 3.3.1
Release     : 16.el6
Architecture: x86_64
Size        : 1563523
Packager    : Fedora Project
Group       : System Environment/Daemons
URL         : http://www.modpython.org/
Repository  : epel
Summary     : An embedded Python interpreter for the Apache HTTP Server
Source      : mod_python-3.3.1-16.el6.src.rpm
Description :
...

You can install the epel repository through yum as well:

yum install epel-release

Then you'll see that you have new repository files under /etc/yum.repos.d.

Installation

PanDA packages:

You need to get the code to deploy from https://github.com/PanDAWMS/panda-server (we still need to create a standard rpm/yum repository for PanDA server components). Choose the branch you want:

  • master is the official ATLAS branch. Since April 2015 it supports both Oracle and MySQL, so please use this branch.

# cd panda-common
# python setup.py install
# cd panda-server
# vi setup.py #change the unix user and group if you want to install under something else than atlpan
# python setup.py install

yum install rpm-build #First time only!

cd panda-common
python setup.py bdist_rpm
rpm -Uhv dist/panda-common-0.0.5-1.noarch.rpm #Version/path/name might differ slightly

cd panda-server
python setup_mysql.py bdist_rpm
rpm -Uhv dist/panda-server-mysql-0.0.2-1.noarch.rpm #Version/path/name might differ slightly

Note the installation paths used in the rpm! [root@ip-10-236-195-92 dist]# rpm -ql panda-server-mysql-0.0.2-1 /etc/logrotate.d/panda_server /etc/panda/* /etc/rc.d/init.d/panda_server /etc/sysconfig/panda_server /usr/bin/panda_server* /usr/lib/python2.6/site-packages/pandaserver/

DQ2:

Dq2 is a tool for defining and managing datasets. Dq2 client can be obtained with pacman:

# wget http://physics.bu.edu/pacman/sample_cache/tarballs/pacman-latest.tar.gz
# tar xfz pacman-latest.tar.gz
# rm pacman-latest.tar.gz
# cd pacman-3.29/
# source setup.sh
# cd /data/atlpan
# mkdir DQ2Clients
# cd DQ2Clients
# pacman -trust-all-caches -allow tar-overwrite -get http://atlas.web.cern.ch/Atlas/GROUPS/DATABASE/project/ddm/releases/pacman/cache:DQ2Clients

Configuration

# cd /etc/panda
# mv panda_common.cfg.rpmnew panda_common.cfg
# mv panda_server.cfg.rpmnew panda_server.cfg
# mv panda_server-httpd.conf.rpmnew panda_server-httpd.conf

panda_server.cfg:

set database password:

# password
dbpasswd = FIXME

and SMTP password:

# login password for SMTP
emailPass = FIXME

dq2 directory (usually /opt/dq2):

# dq2 dir
dq2_dir = /opt/dq2

panda_server-httpd.conf:

Specify user and group to run server (should be created, if necessary):

User atlpan
Group zp

Warning, important: If user does not exist, you can add a new one via. We should move to a non-ATLAS name, e.g. pansrv

useradd pansrv

Replace:

# LoadModule access_module modules/mod_access.so
LoadModule authz_host_module modules/mod_authz_host.so

Specify server certificate and key:

SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

panda_server-sysconfig:

# cd /etc/sysconfig
# mv panda_server-sysconfig.rpmnew panda_server-sysconfig

add to panda_server-sysconfig: what?

.gacl file

GACL Grid Access Control List, XML-like programming language which is used to describe file access rights. In our case .gacl file is used to define access rights for PanDA community members. File should be placed into /usr/lib/python*/site-packages/pandaserver/server/ (* - python version can be different)

File contents example (everyone has free access to everything):

<gacl>
<entry>
<any-user/>
<allow><read/><list/></allow>
</entry>
</gacl>

Since May 2015 the .gacl should be created automatically

Logs and cache:

Create logs and cache directories:

# mkdir -p /var/log/panda/wsgisocks
# mkdir -p /var/cache/pandaserver

Their owner must be changed if RPM was used for installation:

# chown atlpan:zp /var/log/panda
# chown atlpan:zp /var/log/panda/wsgisocks
# chown atlpan:zp /var/cache/pandaserver
Added this functionality to the setup.py installation: https://github.com/PanDAWMS/panda-server/commit/df1e32b0b71210a681b80805c96c581e87c3bdb2 *

crontab:
0-59/5 * * * * INSTALLDIR/usr/bin/panda_server-add.sh &gt; /dev/null 2>&1
15 0-21/3 * * * INSTALLDIR/usr/bin/panda_server-copyArchive.sh > /dev/null 2>&1

Certificates

Certificate is needed to set up a server. Simple selfsigned certificate can be used for debug purposes. It can be created using openssl:

# openssl req -new -x509 -nodes -out server.crt -keyout server.key
Generating a 2048 bit RSA private key
..................................................................................+++
.......+++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CH
State or Province Name (full name) []:Geneva
Locality Name (eg, city) [Default City]:Geneva
Organization Name (eg, company) [Default Company Ltd]:CERN
Organizational Unit Name (eg, section) []:PH-UAT
Common Name (eg, your name or your server's hostname) []:ip-10-236-195-92
Email Address []:<your email address or distribution list>

This key has no password, which can be added:

# openssl rsa -des3 -in server.key -out server.key.new
# mv server.key.new server.key

It is worth mentioning that password is not always necessary. In some cases (for example, when server is started via script, which will require you to openly specify the password) it can even be harmful.

Certificate and key should be put into places specified in panda_server-httpd.conf

Test startup

Starting the server:

# sudo INSTALLDIR/etc/init.d/panda_server-ctl start

Stopping the server:

# sudo INSTALLDIR/etc/init.d/panda_server-ctl stop
Edit | Attach | Watch | Print version | History: r9 < r8 < r7 < r6 < r5 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r9 - 2016-02-24 - FernandoHaraldBarreiroMegino
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    PanDA All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback