Common items for EOS/FedCloud installation

This page keeps common chunks for other manuals. The machinery behing this are sections (http://twiki.org/cgi-bin/view/TWiki/VarSTARTSECTION) and includes (http://twiki.org/cgi-bin/view/TWiki/VarINCLUDE).

Operating systems and software repositories

Standard software repositories:

• RHEL 6.x (CentOS, Scientific Linux, etc)
• EPEL
• CA roots, http://grid-deployment.web.cern.ch/grid-deployment/glite/repos/3.2/lcg-CA.repo

cat << EOF > /etc/yum.repos.d/eos.repo
[eos-aquamarine]
name=EOS aquamarine, modern location
baseurl=https://dss-ci-repo.web.cern.ch/dss-ci-repo/eos/aquamarine/tag/el-$releasever/$basearch/
gpgcheck=0
enabled=1
priority=45

[eos-aquamarine-depends]
name=EOS aquamarine, dependencies
baseurl=https://dss-ci-repo.web.cern.ch/dss-ci-repo/eos/aquamarine-depend/el-$releasever-$basearch/
gpgcheck=0
enabled=1
priority=45
EOF

Scientific Linux and its derivatives have major.minor $releasever, so for these OS variants we should hardcode mainline version into repo files:

cat << EOF > /etc/yum.repos.d/eos.repo
[eos-aquamarine]
name=EOS aquamarine, modern location
baseurl=https://dss-ci-repo.web.cern.ch/dss-ci-repo/eos/aquamarine/tag/el-6/$basearch/
gpgcheck=0
enabled=1
priority=45

[eos-aquamarine-depends]
name=EOS aquamarine, dependencies
baseurl=https://dss-ci-repo.web.cern.ch/dss-ci-repo/eos/aquamarine-depend/el-6-$basearch/
gpgcheck=0
enabled=1
priority=45
EOF

Use yum-priorities plugin and make EOS repository priority higher than EPEL one (default priority is 99, lower number gives more priority).

MGM/FST packages

Install packages:

yum install -y eos-server eos-client eos-nginx eos-fuse eos-test eos-apmon eos-cleanup jemalloc nscd

Authentication between MGM and FST

Install EOS keytab: to be done by central team. Keytab ownership/mode must be tweaked:

chmod 400 /etc/eos.keytab
chown daemon:daemon /etc/eos.keytab

Firewall rules

• MGM allows incoming connections to the port 1094 from the world: it is the main client port for metadata and redirections
• MGM allows incoming connections to the ports 1096 and 1097 fromr all other MGMs and FSTs

• FST allows incoming connections to the port 1095 from the world: it is the main client port for getting the data

Grid mapfile

Mapfile itself:

cat << EOF > /etc/grid-security/grid-mapfile
/C=RU/O=RDIG/OU=users/OU=spbu.ru/CN=Andrey Zarochentsev" eosuser
/C=RU/O=RDIG/OU=users/OU=pnpi.nw.ru/CN=Andrey Kiryanov" eosuser
/C=RU/O=RDIG/OU=users/OU=grid.kiae.ru/CN=Eygene A. Ryabinkin" eosuser
/C=RU/O=RDIG/OU=users/OU=grid.kiae.ru/CN=Igor Tkachenko" eosuser
EOF

Associated local users:

groupadd -g 2016 eosuser
useradd -u 2016 -g 2016 eosuser

-- EygeneRyabinkin - 2016-03-14