Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

UMD:Prerequisites

From EGIWiki
Revision as of 14:40, 4 October 2011 by Kkoum (talk | contribs)
Jump to navigation Jump to search

This document is addressed to Site Administrators responsible for middleware installation and configuration. It is a generic guide to manual installation and configuration for any supported node types.

The list of supported node types can be found in the EMI 1 web pages.

When installing a particular node type please also have a look at the specific release page of that node type to get specific installation information.


Installing the Operating System

All EMI 1 components are fully supported on the SL5/64 platform with EPEL as repository for external components.

Full platform support means the component is distributed from the EMI repository using certified source and binary packages according to the format specification of the platform.


Scientific Linux 5

The OS version of EMI 1 is Scientific Linux 5 (SL). For more information please check: http://www.scientificlinux.org

All the information to install the operating system can be found: https://www.scientificlinux.org/download Example of sl.repo file

[core]
name=name=SL 5 base
baseurl=http://linuxsoft.cern.ch/scientific/5x/$basearch/SL
   http://ftp.scientificlinux.org/linux/scientific/5x/$basearch/SL
        http://ftp1.scientificlinux.org/linux/scientific/5x/$basearch/SL
        http://ftp2.scientificlinux.org/linux/scientific/5x/$basearch/SL
protect=0


Node synchronization, NTP installation and configuration

A general requirement is that the nodes are synchronized. This requirement may be fulfilled in several ways. If your nodes run under AFS they are most likely already synchronized. Otherwise, you can use the NTP protocol with a time server.

Instructions and examples for a NTP client configuration are provided in this section. If you are not planning to use a time server on your machine you can just skip this section.

Use the latest ntp version available for your system. If you are using APT, an apt-get install ntp will do the work.


  • Configure the file /etc/ntp.conf by adding the lines dealing with your time server configuration such as, for instance:
       restrict <time_server_IP_address> mask 255.255.255.255 nomodify notrap noquery
       server <time_server_name>

Additional time servers can be added for better performance results. For each server, the hostname and IP address are required. Then, for each time-server you are using, add a couple of lines similar to the ones shown above into the file /etc/ntp.conf.

  • Edit the file /etc/ntp/step-tickers adding a list of your time server(s) hostname(s), as in the following example:
      137.138.16.69
      137.138.17.69
  • If you are running a kernel firewall, you will have to allow inbound communication on the NTP port. If you are using iptables, you can add the following to /etc/sysconfig/iptables
      -A INPUT -s NTP-serverIP-1 -p udp --dport 123 -j ACCEPT 
      -A INPUT -s NTP-serverIP-2 -p udp --dport 123 -j ACCEPT

Remember that, in the provided examples, rules are parsed in order, so ensure that there are no matching REJECT lines preceding those that you add. You can then reload the firewall

     # /etc/init.d/iptables restart
  • Activate the ntpd service with the following commands:
      # ntpdate <your ntp server name>
      # service ntpd start
      # chkconfig ntpd on
  • You can check ntpd's status by running the following command
 
  1. ntpq -p


Cron and logrotate

Many middleware components rely on the presence of cron (including support for /etc/cron.* directories) and logrotate. You should make sure these utils are available on your system.


Host Certificates

All nodes except UI, WN and BDII require the host certificate/key files to be installed. Contact your Certification Authority (CA) to understand how to obtain a host certificate if you do not have one already.

Once you have obtained a valid certificate:


  • hostcert.pem - containing the machine public key
  • hostkey.pem - containing the machine private key

make sure to place the two files in the target node into the /etc/grid-security directory and check the access right for hostkey.pem is only readable by root and that the public key, hostcert.pem, is readable by everybody.


=

Introduction Prerequisites Repository Products Capabilities

Installing the Middleware =

For SL5 the yum package manager is considered the to be the default installation tool.


Installations[[|]]

You need to have enabled only the above repositories (Operating System, EPEL, Certification Authority, EMI).

Example of a general installation of a node:

# yum update
# yum install ca-policy-egi-core
# yum install <meta-package name>

NOTE: it happened that on other operating systems than SL5/x86_64, as for example CentOS, for certain node-types you have to install first the jdk (SunJdk) package. Please refer to your Operating System documentation to learn how to do this.