Today : Wed, 18 Sep 24 .


INFN-PADOVA wiki


Fabric Management

Notes

PmWiki

edit SideBar

VOMS

Page: Site.VOMS - Last Modified : Tue, 09 Sep 14

VOMS

Host certificate update

  • Copy new host certificate and key in /etc/grid-security/ and /usr/share/tomcat5/.certs/
cp /etc/grid-security/hostcert.pem /usr/share/tomcat5/.certs/hostcert.pem
cp /etc/grid-security/hostkey.pem /usr/share/tomcat5/.certs/hostkey.pem
  • Restart mysqld, tomcat5 and voms services:
service mysqld restart
service tomcat5 restart
/opt/glite/etc/init.d/voms restart
  • Check log and processes:
less /var/log/mysqld.log
less /var/log/tomcat5/catalina.out
ps aux | grep voms

Configuration after update

  • Configuration:
/opt/glite/etc/config/scripts/glite-voms-server-config.py --configure
  • Check in /etc/tomcat5/tomcat5.conf:
CATALINA_OPTS="-XX:MaxPermSize=256m -Xmx1013M -server -Dsun.net.client.defaultReadTimeout=240000"
JAVA_ENDORSED_DIRS="$JAVA_ENDORSED_DIRS:/opt/glite/share/voms-admin/endorsed"
  • Start services:
/opt/glite/etc/config/scripts/glite-voms-server-config.py --start
  • Verify:
    • /opt/glite/etc/init.d/voms-admin status
    • /opt/glite/etc/init.d/voms status
    • ps aux|grep voms
    • /etc/my.conf
    • /var/log/mysqld.log
    • web voms admin

Set up new VO <voname> replica

  • Edit /opt/glite/etc/config/vo-list.cfg.xml configuration file adding new VO <voname> section and using information coming from Alessandro Paolini.
  • Configure the new VO <voname> with the following command:
/opt/glite/etc/config/scripts/glite-voms-server-config.py --configure --vo=<voname>
  • Start the new VO <voname> with the following command:
/opt/glite/etc/config/scripts/glite-voms-server-config.py --start --vo=<voname>
  • Edit /etc/my.cnf adding replica information for <voname_db>:
replicate-do-db=<voname_db>
replicate-ignore-table=<voname_db>.seqnumber
replicate-ignore-table=<voname_db>.realtime
replicate-ignore-table=<voname_db>.transactions
replicate-ignore-table=<voname_db>.seqnumber
replicate-ignore-table=<voname_db>.realtime
replicate-ignore-table=<voname_db>.transactions
  • Configure replica running the following script:
~/voms-scripts/next_replicas.sh --master-db=<voname_db> --db=<voname_db>
  • Services to be restarted:
# /opt/glite/etc/init.d/voms-admin stop
# /opt/glite/etc/init.d/voms stop
# service mysqld restart
# service tomcat5 restart
# /opt/glite/etc/init.d/voms start
# /opt/glite/etc/init.d/voms-admin start

Set VOMS server replica as read.only

  • Set voms.readonly variable in the template /opt/glite/etc/voms-admin/templates/voms.service.properties.template (this setting will be valid for all new configurations):
#### Add other options after this line
voms.readonly = true
  • If you need to modify any existing settings you have to edit each /var/glite/etc/voms-admin/<vo>/voms.service.properties.

How to resync VOMS-replica with VOMS-master (from CNAF)

  • Following example is for voms-02.pd.infn.it
[root@voms-02 ~]# LISTA="voms_superbvo_org voms_pacs_infn_it voms_ipv6_hepix_org voms_glast_org voms_eumed voms_euindia voms_euchina voms_enmr_eu voms_comput_er_it voms_compassit voms_ams02_cern_ch"

[root@voms-02 ~]# for i in `echo $LISTA`; do echo "voms-scripts/next_replicas.sh --master-db=$i --db=$i \n"; voms-scripts/next_replicas.sh --master-db=$i --db=$i; done
[...]
voms-scripts/next_replicas.sh --master-db=voms_superbvo_org --db=voms_superbvo_org \n
ERROR 1146 (42S02) at line 1: Table 'voms_superbvo_org.seqnumber' doesn't exist
CHANGE MASTER TO MASTER_HOST='voms2.cnaf.infn.it',MASTER_USER='XXX',MASTER_PASSWORD='XXX',MASTER_LOG_FILE='mysql-bin.000032',MASTER_LOG_POS=839715;
Stopping mysqld:                                           [  OK  ]
Starting mysqld:                                           [  OK  ]
[...]

# service voms-admin stop
Stopping voms-admin:                                       [  OK  ]
[root@voms-02 ~]# ps -ef |grep voms-admin
root     31953 10347  0 18:04 pts/0    00:00:00 grep voms-admin
[root@voms-02 ~]# service voms stop
Stopping voms(ams02.cern.ch):                              [  OK  ]
Stopping voms(compassit):                                  [  OK  ]
Stopping voms(comput-er.it):                               [  OK  ]
Stopping voms(enmr.eu):                                    [  OK  ]
Stopping voms(euchina):                                    [  OK  ]
Stopping voms(euindia):                                    [  OK  ]
Stopping voms(eumed):                                      [  OK  ]
Stopping voms(glast.org):                                  [  OK  ]
Stopping voms(ipv6.hepix.org):                             [  OK  ]
Stopping voms(pacs.infn.it):                               [  OK  ]
Stopping voms(superbvo.org):                               [  OK  ]

[root@voms-02 ~]# ps -ef |grep voms
mysql    31862 31795  0 18:03 pts/0    00:00:00 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-external-locking --log-error=/var/lib/mysql/voms-02.pd.infn.it.err --socket=/var/lib/mysql/mysql.sock
root     32245 10347  0 18:05 pts/0    00:00:00 grep voms

[root@voms-02 ~]# service voms status
Status voms(ams02.cern.ch): stopped
Status voms(compassit): stopped
Status voms(comput-er.it): stopped
Status voms(enmr.eu): stopped
Status voms(euchina): stopped
Status voms(euindia): stopped
Status voms(eumed): stopped
Status voms(glast.org): stopped
Status voms(ipv6.hepix.org): stopped
Status voms(pacs.infn.it): stopped
Status voms(superbvo.org): stopped

[root@voms-02 ~]# service voms start
Starting voms(ams02.cern.ch):                              [  OK  ]
Starting voms(compassit):                                  [  OK  ]
Starting voms(comput-er.it):                               [  OK  ]
Starting voms(enmr.eu):                                    [  OK  ]
Starting voms(euchina):                                    [  OK  ]
Starting voms(euindia):                                    [  OK  ]
Starting voms(eumed):                                      [  OK  ]
Starting voms(glast.org):                                  [  OK  ]
Starting voms(ipv6.hepix.org):                             [  OK  ]
Starting voms(pacs.infn.it):                               [  OK  ]
Starting voms(superbvo.org):                               [  OK  ]

[root@voms-02 ~]# /etc/init.d/voms-admin start
Deployed VOs:
	ams02.cern.ch
	compassit
	comput-er.it
	cyclops
	enmr.eu
	euchina
	euindia
	eumed
	glast.org
	ipv6.hepix.org
	pacs.infn.it
	superbvo.org
Starting voms-admin:                                       [  OK  ]


Powered by PmWiki
Skin by CarlosAB

looks borrowed from http://haran.freeshell.org/oswd/sinorca
More skins here