wiki:cerncertification/guide
Last modified 8 years ago Last modified on 05/25/10 15:57:29

Central page for all Certification for LHC/GLite/Etics

On normal release-tests for server releases half the servers should be fresh installed and half should be upgraded.

How to do an UPGRADE

How to do a clean install of a machine

it is always sensible to first backup the current (hopefully running!) image of the machine:

log into the xenmaster:

ssh -X root@it-xen-irl

doing a back up of galway.desy.de to cert.backup.2010-04-26:

vmimagemanager -b galway.desy.de -s cert.backup.2010-04-26
libvir: QEMU error : operation failed: could not query memory balloon allocation
libvir: QEMU error : Requested operation is not valid: domain is not running
exception thrown

then do a "fresh install" with a clean image:

root@it-xen-irl:~# vmimagemanager -b galway.desy.de -r sl4_x86_64.tgz

after that always to a yum update first on that machine:

[root@galway ~]# yum update
[root@galway ~]# yum upgrade
yum clean all
Repository CA is listed more than once in the configuration
Loading "kernel-module" plugin
Cleaning up Everything
2 headers removed
2 packages removed
18 metadata files removed
0 cache files removed
6 cache files removed

If content was updated, save the image back to save time in the future.

root@it-xen-irl:~# vmimagemanager -b galway.desy.de -z -s sl4_x86_64.tgz

now you have a fresh machine with no dCache on it.

How to install the CURRENT(this example 1.9.1) CERN-Version of dCache

SL4 machines need Glite 3.1 - SL5 need Glite 3.2

Glite 3.1 repos are found here - in general you should be able to find them with the help of google:

http://grid-deployment.web.cern.ch/grid-deployment/glite/repos/3.1/

Each dCache metapackages is one .repo-file. Download the metapackages for each dcache type you want to test. Under ideal cicumstances each metapackages should be on one machine, but for quicker testing we make a single-node dCache and install all metapackages on one node.

yum install lcg-CA
yum install ca_BitFace
yum install ctb-vomscerts
yum install lcg-sam-client-sensors-ctb  
fetch-crl 
/opt/d-cache/sbin/dcacheVoms2Gplasma.py -r -a -c /opt/d-cache/etc/dcacheVoms2Gplasma.conf -q
cd /etc/yum.repos.d/
wget http://grid-deployment.web.cern.ch/grid-deployment/glite/repos/3.1/glite-SE_dcache_admin_postgres.repo
yum search glite
yum install glite-SE_dcache_admin_postgres
wget http://grid-deployment.web.cern.ch/grid-deployment/glite/repos/3.1/glite-SE_dcache_info.repo
yum install glite-SE_dcache_info
wget http://grid-deployment.web.cern.ch/grid-deployment/glite/repos/3.1/glite-SE_dcache_pool.repo
yum install glite-SE_dcache_pool
yum install fetch-crl
mkdir /etc/grid-security

if e.g. fetch-crl fails there is a need for newer repositories very likely. Now, to make work easier get hostcertificates etc back from your backup:

root@it-xen-irl:~# scp /space/SNAPSHOT/galway.desy.de/cert.backup.2010-04-26/etc/grid-security/host* root@galway:/etc/grid-security
hostcert.pem                                  100% 2071     2.0KB/s   00:00    
hostkey.pem                                   100% 1852     1.8KB/s   00:00
[root@galway ~]# scp root@it-xen-irl:/space/SNAPSHOT/galway.desy.de/cert.backup.2010-04-26/root/site-info.def .
site-info.def                                                                                                              100%   22KB  22.5KB/s   00:00    
[root@galway ~]# scp root@it-xen-irl:/space/SNAPSHOT/galway.desy.de/cert.backup.2010-04-26/root/us* .
users.conf

Finally run Yaim:

[root@galway ~]# /opt/glite/yaim/bin/yaim  -c -s /root/site-info.def  -n glite-SE_dcache

It may happen that you need to install java first and adjust the value of java_location in site-info.def.

in case of this nice error:

gpasswd: unknown user edginfo                                                  
gpasswd: unknown user edguser                                                  
gpasswd: unknown user rgma                                                     
chown: `edguser.infosys': invalid user                                         
chown: `edguser.infosys': invalid user                                         
chown: `edguser.infosys': invalid user                                         

chown: `edguser.infosys': invalid user
chown: `edguser.infosys': invalid user
chown: `edguser.infosys': invalid user
chown: `edguser:edguser': invalid user
chown: `edguser:edguser': invalid user

do this and rerun yaim:

adduser edguser
adduser edginfo
adduser rgma

Upgrade to new Version (this example 1.9.5)

/opt/d-cache/bin/dcache stop
/opt/pnfs/bin/pnfs stop
ps aux | grep java
mv /opt/d-cache/etc/node_config  /opt/d-cache/etc/node_config.bak
mv /opt/d-cache/config/PoolManager.conf /opt/d-cache/config/PoolManager.conf.bak
mv /opt/d-cache/etc/glue-1.3.xml /opt/d-cache/etc/glue-1.3.xml.bak

SAVE YOUR DATABASE: how to do this see http://www.postgresql.org/docs/8.1/static/backup.html should work like this, but no guarantee especially on bigger dcaches with more than one database:

pg_dumpall -U postgres > outfile

get the new metapackages(in this walkthrough they are different to the previous, because they changed between 1.9.1 and 1.9.5 and this is an upgrade from 1.9.1(pnfs) to 1.9.5(chimera)). You can find them in the savannah-patches provided by the previous etics build. This will look like this:

wget http://etics-repository.cern.ch/repository/pm/registered/repomd/id/4c834f0b-5460-4007-a802-7df9ce1de582/slc4_ia32_gcc346/etics-registered-build-by-id.repo
mv etics-registered-build-by-id.repo etics-registered-build-by-id-4023.repo
yum search  glite-SE_dcache_nameserver_chimera
wget http://etics-repository.cern.ch/repository/pm/registered/repomd/id/35acae80-296c-4d82-9800-d741de9ecb93/slc4_ia32_gcc346/etics-registered-build-by-id.repo
mv etics-registered-build-by-id.repo etics-registered-build-by-id-4024.repo
wget http://etics-repository.cern.ch/repository/pm/registered/repomd/id/847cff4c-d981-47eb-b8bd-462626ff2b74/slc4_ia32_gcc346/etics-registered-build-by-id.repo
mv etics-registered-build-by-id.repo etics-registered-build-by-id-4021.repo
wget http://etics-repository.cern.ch/repository/pm/registered/repomd/id/049a9005-1b2d-4ba3-9b38-3166ab3c38b6/slc4_ia32_gcc346/etics-registered-build-by-id.repo
mv etics-registered-build-by-id.repo etics-registered-build-by-id-4027.repo

rename the ones with .1 ... .n to something sensible

yum update

yum install glite-SE_dcache_nameserver_chimera
yum install glite-SE_dcache_pool
yum install glite-SE_dcache_info
yum install glite-SE_dcache_srm

now you should have a newer psql installed - so repopulate your db (again use http://www.postgresql.org/docs/8.1/static/backup.html and no guarantee here):

mv /var/lib/pgsql /var/lib/pgsql.old
/etc/init.d/postgresql initdb
nedit /var/lib/pgsql/data/pg_hba.conf (put in "trust" where "ident" is - 3 replacements or just copy the file out of the .old dir)
/etc/init.d/postgresql start
psql -f outfile -U postgres
make sure that site-info.def has these set to "no":
RESET_DCACHE_CONFIGURATION=no
RESET_DCACHE_PNFS=no
RESET_DCACHE_RDBMS=no

/opt/d-cache/bin/dCacheConfigure.sh -s /root/site-info.def -c config_sedcache
restart your dcache:
/opt/d-cache/bin/dcache start

migrate to chimera

migration instructions are found here: http://trac.dcache.org/projects/dcache/wiki/pnfsDump2MigratePnfs2Chimera