Installation of openAFS on ARM boxes inside the CERN network:

start from openafs 1.6.2 from openafs.org Note, that 1.6.2.1 arelady doesn't compile for me. Unknown reason, never checked.

Follow wiki from openafs to compile AFS with kerberos http://wiki.openafs.org/HowToBuildOpenAFSFromSource/

> yum install byacc bison flex
> yum install krb5-libs
> yum install glibc-devel krb5-devel perl-devel ncurses-devel pam-devel
> ./configure --enable-linux-syscall-probing=no --prefix=/usr/local --with-krb5-conf=/usr/bin/krb5-config

useful later for debugging:

> yum install openldap-clients

before starting AFS and kerberos, check that the clock is running OK.

cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime

yum install ntp ntpdate

copy /etc/ntp.conf from lxplus

start ntp, you might need to copy ntpd from lxplus machine

Copy an /etc/init/afs startup file from lxplus to your ARM box and modify paths. (you can compile openafs to have same paths as lxplus to ease things.) Also copy few other files from lxplus (ThisCell, CellDB and others mentioned in the /etc/init/afs file)

Check your hostname !

Create keytab on host and enable ssh with kerberos:

> yum install arc msktutil
> yum install perl-XML-Simple perl-WWW-Curl perl-Data-Dumper perl-Authen-Krb5

I copied these packages from the CERN SLC6 repository. Then install

> rpm -i ~rolf/cern-get-keytab-0.8.1-1.slc5.noarch.rpm ~rolf/CERN-CA-certs-20120322-10.slc5.noarch.rpm
> rpm --nodeps -i ~rolf/cern-config-keytab-1-50.1.slc5.noarch.rpm
> cern-get-keytab

copy /etc/sysconfig/afs from lxplus machine to ARM copy /etc/krb5.conf from lxplus machine to ARM

> mkdir /usr/local/cache

to install addusercern :

> yum install perl-LDAP
> rpm -i ~rolf/useraddcern-0.3-1.slc6.noarch.rpm

Now, ssh to that machine should work. Note, that the AFS token is not forwarded, but that can be solved by issuing aklog, e.g. in login files.

For bash and tcsh, add on the ARM machine these two files to /etc/profile.d:

armmpp001[1]:/etc/profile.d > cat aklog.sh 
# run eklog if we login via ssh

if [ -n "$SSH_CLIENT" ]; then
  if [ -n "$KRB5CCNAME" ]; then
    if [ -d /afs/cern.ch ]; then
      if [ -n "$HOSTNAME" ]; then
        if [ $HOSTNAME == "armmpp001.cern.ch" ]; then
          if [ -x /usr/local/bin/aklog ]; then
            /usr/local/bin/aklog
            # echo running aklog
          fi
        fi
      fi
    fi
  fi
fi

armmpp001[1]:/etc/profile.d > cat aklog.csh 
# run eklog if we login via ssh

# echo "login csh"
if ($?SSH_CLIENT && $?KRB5CCNAME && -d /afs/cern.ch ) then
  if ( $?HOSTNAME ) then
    if ( $HOSTNAME =~ {armmpp00*.cern.ch} ) then
      if (-x /usr/local/bin/aklog) then
        /usr/local/bin/aklog
        echo running aklog
      endif
    endif
  endif
endif

Note: replace "armmpp001.cern.ch" with your $HOSTNAME

Note: AFS does not start automatically after reboot, F18 uses systemd not init.d at startup. To be fixed in future

Edit | Attach | Watch | Print version | History: r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r1 - 2013-05-10 - RolfSeuster
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    Sandbox All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback