This document is addressed to Site Administrators responsible for middleware installation and configuration. It is a generic guide to manual installation and configuration for any supported node types.
The list of supported node types can be found in the UMD 1 web pages: http://repository.egi.eu/category/umd_releases/.
When installing a particular product please also have a look at the specific release page of that node type to get specific installation information.
Installing the Operating System
All UMD 1 products are fully supported on the SL5/64 platform with EPEL as repository for external components.
Full platform support means the component is distributed from the UMD repository using certified source and binary packages according to the format specification of the platform.
Scientific Linux 5
For full details about Scientific Linux 5 (SL), please check: http://www.scientificlinux.org
All the information to install the operating system can be found: https://www.scientificlinux.org/download Example of sl.repo file
[core] name=name=SL 5 base baseurl=http://linuxsoft.cern.ch/scientific/5x/$basearch/SL http://ftp.scientificlinux.org/linux/scientific/5x/$basearch/SL http://ftp1.scientificlinux.org/linux/scientific/5x/$basearch/SL http://ftp2.scientificlinux.org/linux/scientific/5x/$basearch/SL protect=0
Node synchronization, NTP installation and configuration
A general requirement is that the nodes are synchronized. This requirement may be fulfilled in several ways. If your nodes run under AFS they are most likely already synchronized. Otherwise, you can use the NTP protocol with a time server.
Instructions and examples for a NTP client configuration are provided in this section. If you are not planning to use a time server on your machine you can just skip this section.
Use the latest ntp version available for your system. If you are using APT, an apt-get install ntp will do the work.
- Configure the file /etc/ntp.conf by adding the lines dealing with your time server configuration such as, for instance:
restrict <time_server_IP_address> mask 255.255.255.255 nomodify notrap noquery server <time_server_name>
Additional time servers can be added for better performance results. For each server, the hostname and IP address are required. Then, for each time-server you are using, add a couple of lines similar to the ones shown above into the file /etc/ntp.conf.
- Edit the file /etc/ntp/step-tickers adding a list of your time server(s) hostname(s), as in the following example:
- If you are running a kernel firewall, you will have to allow inbound communication on the NTP port. If you are using iptables, you can add the following to /etc/sysconfig/iptables
-A INPUT -s NTP-serverIP-1 -p udp --dport 123 -j ACCEPT -A INPUT -s NTP-serverIP-2 -p udp --dport 123 -j ACCEPT
Remember that, in the provided examples, rules are parsed in order, so ensure that there are no matching REJECT lines preceding those that you add. You can then reload the firewall
# /etc/init.d/iptables restart
- Activate the ntpd service with the following commands:
# ntpdate <your ntp server name> # service ntpd start # chkconfig ntpd on
- You can check ntpd's status by running the following command
- ntpq -p
Cron and logrotate
Many middleware components rely on the presence of cron (including support for /etc/cron.* directories) and logrotate. You should make sure these utils are available on your system.
All nodes except UI, WN and BDII require a host certificate. Contact your Certification Authority (CA) to understand how to obtain a host certificate if you do not have one already. The International Grid Trust Federation hold information about all supported/trusted Certification Authorities: http://www.igtf.net/
Once you have obtained a valid certificate:
- hostcert.pem - containing the machine public key
- hostkey.pem - containing the machine private key
make sure to place the two files in the target node into the /etc/grid-security directory and check the access right for hostkey.pem is only readable by root (permissions 400) and that the public key, hostcert.pem (permissions 644), is readable by everybody.
Installing the Middleware
For SL5 the yum package manager is considered the to be the default installation tool.
You need to have enabled only the above repositories (Operating System, EPEL, Certification Authority, UMD).
Example of a general installation of a node:
# yum update # yum install ca-policy-egi-core # yum install <meta-package name>
Most products have an rpm metapackage containing all dependencies needed to deploy and properly run the service, but there may be exceptions.
NOTE: it happened that on other operating systems than SL5/x86_64, as for example CentOS, for certain node-types you have to install first the jdk (SunJdk) package. Please refer to your Operating System documentation to learn how to do this.