Last modified 7 years ago Last modified on 06/23/13 13:45:48

Installing dCache on our Raspberry PI


We need the following prerequisites

  • A Raspberry Pi (Version B, built after Oct 2012), an SD card (>=8GB) and an USB powersupply for the RPi.
  • The 2013 version of the Raspbian OS with Soft-float ABI.
  • Oracle Java JRE for ARM 6/7
  • The PostgresQL server (9.1 or higher)
  • dCache 2.6 (the tgz version from

The Raspberry Hardware

Make sure you get a Raspberry Model B, produced after Oct 15, 2012. We need the 512MB version. Wikipedia provides some brief details on the hardware and the concept of the Raspberry. As the RPi only provides very limited power via the 2 USB sockets you might want to attach a 'powered USB Hup' to drive disk devices. This is not as easy as it might sound. Search the Internet for 'raspberry', 'USB HUB' and 'backfeed' to find an appropriate 'powered USB HUB'. eLinux provides a nice list of peripherals which should work with your RPi. Some experiences are list here. But there many more. I'm still looking for information which summarizes the fact in a more consistent way.

The Raspberry OS

A Raspberry Pi usually comes w/o an operating system. You need to install the OS of your choice on an SD card from a different computer. Here we describe to install dCache on Raspbian "wheezy". However, as the current (June 2013) Oracle Java RE only works with the soft-float ABI, which is not the default for Raspbian "Wheezy", make sure you download the "Soft-float Debian “wheezy”" image.

  • From here you can get the latest Raspbian (Soft-float)
  • This is a detailed description on how to create your own SD card with the necessary OS.

After having prepared the SD card, insert it into your RPi and connect the device with an HDMI monitor, a keyboard and the network. When starting up the RPi the first time, an configurate tool is displayed. Configure ssh access and choose 'boot to command line'.

In case you want to mount the image on your computer (not the raspberry) to add software or whatever you need: Here are some hints on how to do that.

When the system is starting the first time, you need to do some configuration from the console. Therefor you have to have the RPi connected to an HDMI device and a keyboard. Raspbian will boot into a configuration tool. You should configure at least:

  • Expand the home partition to the entire SD disk.
  • Set Time and date
  • The locale if you don't like "en GB utf8"
  • Set the system to 'boot into console' instead of boot to desktop.
  • Enable 'ssh'. This is a sub-option under 'advanced options'.

After all the setup is done, you should be able to login via ssh. Depending on your network setup you can either use the hostname you defined during setup to login or the IP number of the RPi (the default hostname it 'raspberrypi'). The ip number is displayed on the console after successful reboot. It says something like

[ok] Starting OpenBSD Secure Shell Server: sshd
My IP address is XXXX (<- IpNumber)

If you didn't change the password during the configuration, you do

ssh pi@raspberrypi


ssh pi@IpNumber

The default password is 'raspberry'.

Installing Java

Oracle provides a for ARM 6/7 but unfortunately only for the SoftABI. Therefor you needed to download the "Wheezy OS for Soft-float" in the section above. Here is a description on how to install the proper Java version on your running RPi with Raspbian OS. The actually download page should be here if not yet moved. Make sure you download the binary tagged with "ARMv6/7 Linux - Headless EABI, VFP, SoftFP ABI, Little Endian1"

You might have to create an account at Oracle to download the ejre. Do so and download the binary. It is something like:


Copy the binary to the RPi.

scp ejre-7u21-fcs-b11-linux-arm-vfp-client_headless-04_apr_2013.gz pi@raspberrypi:

Log into the RPi and gunzip the binary:

ssh pi@raspberrypi
gunzip gunzip ejre-7u21-fcs-b11-linux-arm-vfp-client_headless-04_apr_2013.gz

sudo /bin/bash

cd /usr

tar xf /home/pi/ejre-7u21-fcs-b11-linux-arm-vfp-client_headless-04_apr_2013

# Check if java works

root@raspberrypi: # /usr/ejre1.7.0_21/bin/java -version

java version "1.7.0_21"
Java(TM) SE Embedded Runtime Environment (build 1.7.0_21-b11, headless)
Java HotSpot(TM) Embedded Client VM (build 23.21-b01, mixed mode)

Installing and configuring the Postgres Server

Before installing postgres, make sure the 'locale' are set and supported properly. The 'locale' command shouldn't report an error. If it does, fix that first. The error might look like this:

# locale

locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory

A possible problem could be that the LC_CTYPE isn't set correctly. In that case


should work if you didn't change the 'locale' setting during the configuration step. For other case have a look here.

As soon as the 'locale' is happy, you can proceed with installing postgres.

The easiest way to get the postgres database server system to work is by using 'apt-get'.

apt-get update
apt-get install postgresql

The update command can take awhile. Be patient, it sometime just sits there for sometime w/o doing something.

In order to allow dCache to access the server you need to modify the configuration file.

vi /etc/postgresql/9.1/main/pg_hba.conf

Change the security mode to 'trust' on the following lines. (4 changes)

# Database administrative login by Unix domain socket
local   all             postgres                                trust

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     trust
# IPv4 local connections:
host    all             all               trust
# IPv6 local connections:
host    all             all             ::1/128                 trust

If all this is done, you can start 'postgres'.

pg_createcluster 9.1 main --start

Later you can use the OS mechanism of managing services:

service postgresql restart

Installing dCache

Get the latest 2.6 and install it here :

ssh pi@raspberrypi


sudo /bin/bash

dpkg -i dcache_2.6.2-1_all.deb

Configuring dCache

Step by step ...

Adjusting other services to work with dCache

In order to prepare the dCache head services we need make non-dCache services available.

  • SSH host keys for dCache
  • Setting the JVM location properly
  • Creating database users and tables.

Makeing SSH keys available for dCache

dCache is based on its own OS. As with other OSes, you can loggin with SSH to monitor or configure parts of the system. Here make the Linux OS host key available to dCache.

rm /etc/dcache/admin/ssh_host_dsa_key*

ln -s /etc/ssh/ssh_host_dsa_key  /etc/dcache/admin/ssh_host_dsa_key
ln -s /etc/ssh/  /etc/dcache/admin/

Preparing Certificates for SSL access

The dCache administration web pages and access to dCache data via http/WebDAV are secured by the "Secure Socket Layer, SSL" mechanism. In order to get this to work, which essentially means to allow the server to identify itself to the client applications, a server host x509 certificate and the certificate of the certificate issue, the Certification Authority (CA), has to be installed.

In case you intend to run a regular public service you would need to

  • ask your CA for your private x509 host certificate issues for the DNS name of your server host.
  • download the CA certificate from your CAs web pages..

In case this is just a test infrastructure you can create your own CA and from this create your own x509 host certificate. You can use the openssl tool (which should already be installed on your Raspbian) to create both. There is plenty of description and advise available in the web on how to do that. Here is just one example.

Now we assume that you have three files somewhere on your system

  • the CA certificate (e.g called. myCAroot.cer) and
  • the server host certificate (e.g. called myhostcert.cer) and
  • the server host private key (e.g. called myhostcert.key)

In oder to make the CA certificate available to dCache, its filename need to follow a certain naming convention (imposed by Globus). You may either rename the CA certificate file or create a link. In this example we simple create a link.

We assume that your are 'root' and the CA certificate is in your current working directory and that the certificate file is called myCAroot.cer. Please adjust the command accordingly. Note that the name of the file is used twice in the command below. So please make sure you replace both occurrences with the correct name.

ln -s myCAroot.cer $(openssl x509 -in myCAroot.cer  -subject_hash -noout).0
dcache import cacerts --cacerts=.

Now you will find a link from the original CA certificate file to a file called something lik a3c67d.0. (The numbers infront of the dot is the hash of the certificate subject) The dCache import tool will actually try to include all certificate files with the extension ".0" from the current working directory.

Inserting the x509 host certificate is slightly easier. Again assuming the certificat and the private key file being stored in the current working directory and being called myhostcert,cer and myhostcert.key respectively, you only need to issue the command below. Here again, please make sure you adjust the name of the cer AND the name of the KEY file.

dcache import hostcert --hostcert=myhostcert.cer --hostkey=myhostcert.key

Letting dCache know where the JVM is

dCache is mostly written in JAVA. In order to find the JVM, dCache first checks the /etc/default/dcache file before falling back to the OS PATH variable. edit /etc/default/dcache and add set the JAVA_HOME variable.

echo "JAVA_HOME=/usr/ejre1.7.0_21" >/etc/default/dcache

You need to adjust the line above to your needs.

Preparing the postgres database for dCache

dCache is storing important information in a postgres database. Earlier in this document, we installed postgres. Now we have to setup some postgres users and tables. (The information it taken from dCache, the Book. So you may want to check the Book for more details. Remember: You need to run the postgres commands below as super-user (root).

root@raspberrypi:/etc/dcache/admin# createdb -U postgres chimera
root@raspberrypi:/etc/dcache/admin# createuser -U postgres --no-superuser --no-createrole --createdb  chimera
root@raspberrypi:/etc/dcache/admin# createuser -U postgres --no-superuser --no-createrole --createdb  srmdcache
root@raspberrypi:/etc/dcache/admin# createdb -U srmdcache dcache
root@raspberrypi:/etc/dcache/admin# createdb -O srmdcache -U postgres billing

dCache provides an automated schema migration facility which we have to initialize.

dcache database update 

The dCache head-node services

Next we configure our customized dCache.

Add the following lines to the

/etc/dcache/dcache.conf file.

dcache.user = root
dcache.layout = dcache-rpi


The first line allows dCache to run as root. The second line points dCache to our private RPi configuration file, which we will create and customize later in this chapter. The last two lines simply make our dCache a 'disk only' system, assuming that you don't want to attach a tape system to your RPi yet.

Now we need to specify the services you want your dCache to run. This is done in the file we specified in the dcache.conf file earlier. It was called 'dcache-rpi.conf'. dCache assumes to find this file in the layout directory. So create /etc/dcache/layout/dcache-rpi.conf and give it the following content:


Next we need to tell dCache how to authenticate users. Initially we only want to make sure that the system administrator gets permission to log into the SSH interface of dCache. This is only for administrative purposes and doesn't yet allow data to be stored or retrieved.

mv /etc/dcache/gplazma.conf /etc/dcache/gplazma.conf.bak
touch /etc/dcache/gplazma.conf

So give /etc/dcache/gplazma.conf the following content:

auth  optional  kpwd
map   optional  kpwd
account optional kpwd
session optional kpwd

Those lines essentially tell dCache to use the kpwd file for user/password authentication as well as for the mapping between the username (admin) and the groupId and userID. The kpwd file is not modified directly but manipulated by the 'dcache' tool. In order to assign the necessary attributes to the admin account, run the following command:

dcache kpwd dcuseradd -u 1000 -g 0 -h nohome -r noroot -f nofs -w read-write -p dcacherpi admin

The new admin user gets user ID 1000 and group ID 0. The latter it important as it assignes super-user privileges to the admin account.

A pool

Access Protocol : http/WebDAV


mount the image
fix locale problems
apt-get install postgresql
vi /usr/bin/pg_createcluster
Remove the lines after "check validity of locale"

pg_createcluster 9.1 main --start

vi /etc/postgresql/9.1/main/pg_hba.conf

service postgresql restart

edit /usr/dcache.../etc/dcache.conf
dcache.user = root
dcache.layout = dcache-rpi
cd /usr/dcache.../etc/layout/single.conf dcache-rpi.conf

ln -s /usr/dcache-2.6.1/bin/dcache /usr/bin/dcache

ssh-keygen -b 768 -t rsa1 -f /usr/dcache-2.6.1/etc/admin/server_key -N ""
ssh-keygen -b 1024 -t rsa1 -f /usr/dcache-2.6.1/etc/admin/host_key -N ""
ssh-keygen -t dsa -f /usr/dcache-2.6.1/etc/admin/ssh_host_dsa_key -N ""
dcache start