Common items for dCache/FedCloud installation

links

Operating systems and software repositories

Standard software repositories:

  • RHEL 6.x (CentOS, Scientific Linux, etc)
  • EPEL,
  • Postrgesql 94 (for Server):
For centos:
yum install -y https://download.postgresql.org/pub/repos/yum/9.4/redhat/rhel-6-x86_64/pgdg-centos94-9.4-2.noarch.rpm
For SL:
yum install -y https://download.postgresql.org/pub/repos/yum/9.4/redhat/rhel-6-x86_64/pgdg-sl94-9.4-3.noarch.rpm
Packages:
  • Main package:
wget --no-check-certificate  https://131.169.4.221/downloads/1.9/repo/2.16/dcache-2.16.10-1.noarch.rpm
or
wget --no-check-certificate  https://131.169.4.221/downloads/1.9/repo/3.0/dcache-3.0.10-1.noarch.rpm

yum localinstall dcache-2.16.10-1.noarch.rpm -y
or
yum localinstal dcache-3.0.10-1.noarch.rpm -y
  • Requrements packages:
yum install java-1.8.0-openjdk rpcbind liquibase -y
  • Database pacakages (for server):

yum install postgresql94-server postgresql94-jdbc plpgsql_check_94 -y
  • CA and voms (for server):
yum install http://repository.egi.eu/sw/production/umd/4/sl6/x86_64/updates/umd-release-4.1.2-1.el6.noarch.rpm
yum install lcg-CA

Server setting

DB setting:

service postgresql-9.4 initdb
sed -ie 's/max_connections = 100/max_connections = 1000/' /var/lib/pgsql/9.4/data/postgresql.conf
mv  /var/lib/pgsql/9.4/data/pg_hba.conf{,_ori}
cat > /var/lib/pgsql/9.4/data/pg_hba.conf <<EOF
local   all        all                               trust
host    all         all         127.0.0.1/32          trust
host    all         all         ::1/128               trust
EOF


service postgresql-9.4 start
chkconfig postgresql-9.4 on


createuser -U postgres --no-superuser --no-createrole --createdb chimera
createuser -U postgres --no-superuser --no-createrole --createdb dcache
createuser -U postgres --no-superuser --no-createrole --createdb srmdcache
createdb -U srmdcache dcache
createdb -O dcache -U postgres chimera 
createdb -O srmdcache -U postgres billing
createdb -O dcache -U postgres spacemanager
createdb -U dcache replica


Autentiction setting (emty)

mv /etc/dcache/gplazma.conf{,_ori}
vim /etc/dcache/gplazma.conf

example /etc/dcache/gplazma.conf for FedSE:

[root@alice01 ~]# cat  /etc/dcache/gplazma.conf
auth    optional  x509
auth    optional  kpwd

map     requisite gridmap
map     sufficient authzdb

session sufficient authzdb
session requisite kpwd

Example /etc/dcache/dcache.conf


~]# cat  /etc/dcache/dcache.conf
dcache.layout=fedlayout
pnfsmanager.default-retention-policy=REPLICA
pnfsmanager.default-access-latency=ONLINE

# It is used by logback.xml
dcache.log.dir=/var/log/dcache
#keep logs while domain restarting
dcache.log.mode=keep
#log levels
#dcache.log.level.file=debug
dcache.log.level.file=info
#dcache.log.level.pinboard=debug
#dcache.log.level.events=off
#dcache.log.level.access=debug
dcache.log.level.access=info
#log format
dcache.log.format.file=%d{yyyy-MM-dd}T%d{HH:mm:ss.SSS} \\(%X{cells.cell}\\) [%X{org.dcache.ndc}] %m%n
dcache.log.format.pinboard=${dcache.log.format.file}

 dcache.java.memory.heap=512m
 dcache.java.memory.direct=512m


xrootd.net.port=1094
xrootdIsReadOnly=false

xrootd.authz.read-paths = /
xrootd.authz.write-paths = /
xrootd.plugins=gplazma:gsi
xrootdAuthNPlugin=gsi
dcache.authn.hostcert.verify=true

dcache.enable.replica=true
#replica.poolgroup=reppool


And files for gplazma:

touch  /etc/grid-security/grid-mapfile
chmod 664 /etc/grid-security/grid-mapfile
touch  /etc/grid-security/storage-authzdb
chown dcache: /etc/grid-security/storage-authzdb
Example layout file (fedlayout.conf now)

~]# cat  /etc/dcache/layouts/fedlayout.conf
[dCacheDomain]
[dCacheDomain/admin]
[dCacheDomain/poolmanager]
[dCacheDomain/spacemanager]
[dCacheDomain/pnfsmanager]
[dCacheDomain/billing]
[dCacheDomain/httpd]
[dCacheDomain/topo]
[dCacheDomain/info]


[zookeeperDomain]
[zookeeperDomain/zookeeper]

[XROOTD]
[XROOTD/xrootd]

[AUTH]
[AUTH/gplazma]

[replicaDomain]
[replicaDomain/replica]

Update DB

dcache database update

Create access for admin interface:

cat .ssh/id_rsa.pub > /etc/dcache/admin/authorized_keys2  

Start services:

dcache start

Check access:

ssh -p 22224 -l admin localhost -i .ssh/id_rsa

Port open: For servers:

tcp  2181
tcp  11111
udp 11111

For all:

tcp 1094

Pool setting

Files:

[root@eos ~]# cat /etc/dcache/dcache.conf
# This is the main configuration file of dCache.
#
# This file used to be called config/dCacheSetup, but is now stored in
# etc/dcache.conf. Documentation may still refer to it as
# config/dCacheSetup. Most of the parameters are the same and the
# documentation also applies to this file.
#
# By default the file is empty. Default values are picked up from the
# properties files in share/defaults/. Do not modify the defaults
# files: any changes will be lost when upgrading. Instead override the
# defaults by redefining the parameters in this file.


dcache.broker.host=alice01.spbu.ru
dcache.layout=domain01

dcache.net.lan.port.min = 1095
dcache.net.lan.port.max = 1099


[root@eos ~]#    

And layout:

cat >> /etc/dcache/layouts/domain01.conf << EOF
[${HOSTNAME}-pool]
[${HOSTNAME}-pool/xrootd]
EOF

Command:

dcache start
dcache pool create --size=1000G /data0/dcache2 `hostname -s`_2 ${HOSTNAME}-poo
dcache restrart

Port open: For servers:

tcp  11111
udp 11111

For all:

tcp 1094:1099

Authorisation setting (on manager)

Example of files:

[root@muon ~]# cat /etc/grid-security/storage-authzdb
authorize eosuser read-write 2016 2016 / / /
[root@muon ~]# cat /etc/grid-security/grid-mapfile
"/C=RU/O=RDIG/OU=users/OU=spbu.ru/CN=Andrey Zarochentsev" eosuser

Setting on chimeria:

chimera:/# mkdir /dcache
chimera:/# mkdir /dcache/fedcloud
chimera:/# mkdir /dcache/fedcloud/zar/

chimera:/# chown 2016:2016 /dcache/fedcloud/
chimera:/# chown 2016:2016 /dcache/fedcloud/zar

Host certs:

[root@muon ~]# cp /etc/grid-security/daemon/host* /etc/grid-security/
[root@muon ~]# chown dcache: /etc/grid-security/host*

-- AndreyZarochentsev - 2016-08-25

Edit | Attach | Watch | Print version | History: r22 < r21 < r20 < r19 < r18 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r22 - 2017-03-21 - AndreyZarochentsev
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    Sandbox All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback