www.epikh.eu

The EPIKH Project(Exchange Programme to advance e-Infrastructure Know-How)

Bouchra RAHIM(rahim@cnrst.ma)

Joint EPIKH/EUMEDGRID-Support Event in Rabat

Morocco, 30.05.2011

gLite UI Installation

gLite UI

• The access point to the glite Grid is the User Interface– This can be any machine where users have an account and

where their user certificate is installed• From a UI, a user can be authenticated and authorized to use the glite

Grid resources• It provides CLI tools to perform some basic Grid operations:

– list all the resources suitable to execute a given job;– submit jobs for execution;– cancel jobs;– retrieve the output of finished jobs;– show the status of submitted jobs;– retrieve the logging and bookkeeping information of jobs;– copy, replicate and delete files from the Grid;– retrieve the status of different resources from the Inforamtion

System

2

• The instructions provided in this presentation assume that you are going to use a machine with Scientific Linux 5.4 installed.

– Virtual Machine image (GILDA VM Base_SLC5.4_x86_64) available at:https://gilda.ct.infn.it/VirtualServices.html

3

Preliminaries

Login as root@pcxx.magrid.ma

XX = 01, 02, 03, ….., 28

Password: grid2011

Preliminaries

Preliminaries

5

System requirements

• Check if exists the ntp service otherwise install that:yum install ntp

• Check that public machine name is NOT an alias for “localhost”, but appears on a line by its own, like in the following:

• Please check:– If you have a valid hostname

– To verify, type: hostname -f– To edit the hostname:

• Disable Selinux: make sure /etc/selinux/config contains line:

• REBOOT your server, for changes to take effect

vim /etc/hostname vim /etc/sysconfig/network hostname <pc_name> service network restart

vim /etc/hostname vim /etc/sysconfig/network hostname <pc_name> service network restart

root# cat /etc/hosts

213.92.16.191 servername.some.domain.org servername

127.0.0.1 localhost.localdomain localhost

root# cat /etc/hosts

213.92.16.191 servername.some.domain.org servername

127.0.0.1 localhost.localdomain localhost

SELINUX=disabled SELINUX=disabled

• Disable automatic yum update:

– chkconfig yum off ; service yum stop

• Similarly disable other useless services (sendmail, pcmcia, isdn,...): see for example http://wiki.eumedgrid.eu/twiki/bin/view/InfrastructureStatus/SiteSecurityAndPerformance

• Cleanup yum cache:

– yum clean all

• Download list of important packages from CIC portal, https://cic.gridops.org/index.php?section=vo&vo=eumed see section “Other requirements” and save to a file, then issue command:

– cat <file.txt> | xargs -i yum -y install {}

6

System requirements (2/2)

7

Repository settings

• Specify the mrepo host:export MREPO=http://repo.magrid.ma/yumrepo/glite32

• Configure the repository as follows:REPOS="dag glite-GENERIC lcg-CA glite-UI"

• Get repositories with:for name in $REPOS;do wget $MREPO/$name.repo -O /etc/yum.repos.d/$name.repo; done

• Install CAs (this need to be done for ANY profile):

yum install lcg-CA ca-policy-egi-core ca-policy-lcg

• Glite UI Metapackage installation:

yum groupinstall glite-UI– we use groupinstall command to install all the packages for

the glite-UI group of packages, read from the comps.xml file on the repo server.

– glite-UI: all the software needed to install and run a gLite User Interface, yaim-utilities for the configuration of the UI, libraries, and all the CLI tools to interact with the gLite Grid services.

8

YUM install

9

site-info.def

• All the configuration samples files are located in /opt/glite/yaim/examples/siteinfo directory

• it’s better to make a copy of the original files

• Open your own site-info.def and customize it:

vi /opt/glite/yaim/etc/siteinfo/site-info.defvi /opt/glite/yaim/etc/siteinfo/site-info.def

mkdir /opt/glite/yaim/etc/siteinfo/

cp /opt/glite/yaim/examples/siteinfo/site-info.def /opt/glite/yaim/etc/siteinfo/site-info.def

mkdir /opt/glite/yaim/etc/siteinfo/

cp /opt/glite/yaim/examples/siteinfo/site-info.def /opt/glite/yaim/etc/siteinfo/site-info.def

https://twiki.cern.ch/twiki/bin/view/LCG/Site-info_configuration_variables#UI

BDII_HOST=bdii.eumedgrid.eu (or your own if you have one)WMS_HOST=wms-01.eumedgrid.eu (or your own if you have one)LB_HOST=wms-01.eumedgrid.eu (or your own if you have one)PX_HOST=myproxy.ct.infn.itLFC_HOST=lfc.ulakbim.gov.tr (or your own if you have one)DPM_HOST=torik1.ulakbim.gov.tr (or your own if you have one)

10

EUMED Settings - Setup site-info.def

Add EUMED Settings

VOS="eumed" Add eumed hereVO_EUMED_SW_DIR=$VO_SW_DIR/eumed

VO_EUMED_DEFAULT_SE=$SE_HOST

VO_EUMED_STORAGE_DIR=$CLASSIC_STORAGE_DIR/eumed

VO_EUMED_VOMS_SERVERS="'vomss://voms2.cnaf.infn.it:8443/voms/eumed?/eumed' 'vomss://voms-02.pd.infn.it:8443/voms/eumed?/eumed'"

VO_EUMED_VOMSES="'eumed voms2.cnaf.infn.it 15016 /C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it eumed' 'eumed voms-02.pd.infn.it 15016 /C=IT/O=INFN/OU=Host/L=Padova/CN=voms-02.pd.infn.it eumed'"

VO_EUMED_VOMS_CA_DN="'/C=IT/O=INFN/CN=INFN CA' '/C=IT/O=INFN/CN=INFN CA'"

VO_EUMED_WMS_HOSTS="wms-4.dir.garr.it wms.ulakbim.gov.tr wms-01.eumedgrid.eu wms.grid.arn.dz rb-eugrid.eri.sci.eg“

!Make sure to comment VO_<vo_name>...

11

Add EUMED Settings-users

• Add following lines to users.conf file pointed to by variable USERS_CONF in your siteinfo.def file– 3101:eumed001:2418:eumed:eumed::– 3102:eumed002:2418:eumed:eumed::– 3103:eumed003:2418:eumed:eumed::– 3104:eumed004:2418:eumed:eumed::– 3105:eumed005:2418:eumed:eumed::– …..– 3201:sgmeumed001:2419,2418:sgmeumed,eumed:eumed:sg

m:– 3202:sgmeumed002:2419,2418:sgmeumed,eumed:eumed:sg

m:– 3203:sgmeumed003:2419,2418:sgmeumed,eumed:eumed:sg

m:

See ftp://repo.magrid.ma/pub/GridSchoolConfFiles/Location, Meeting title, dd.mm.yyyy 12

Add EUMED Settings-groups

• Add following lines to groups file pointed to by variable GROUPS_CONF in your site-info.def

– "/eumed/ROLE=SoftwareManager":::sgm:– “/eumed"::::

– See ftp://repo.magrid.ma/pub/GridSchoolConfFiles/

Location, Meeting title, dd.mm.yyyy 13

14

Configuring UI• Update the date (ftp://repo.magrid.ma/pub/GridSchoolConfFiles/)

configure ntp : /etc/ntp.conf , /etc/ntp/step-tickers

/etc/init.d/ntpd stop

ntpdate ntp.marwan.ma

/etc/init.d/ntpd start

• Disable iptables

• service iptables stop

• Chkconfig iptables off

• Configure the UI with YAIM (To check the syntax : source <path_to_siteinfo>/site-info.def )

/opt/glite/yaim/bin/yaim -c -s <path_to_siteinfo>/site-info.def -n glite-UI

• If everything is ok, the UI is now READY for testing

YAIM does not configure the LFC_HOST variable; please edit the file

/opt/glite/etc/profile.d/grid-env.sh and add the following for eumed:

gridenv_set "LFC_HOST" "lfc.ulakbim.gov.tr"gridenv_set "LFC_HOST" "lfc.ulakbim.gov.tr"

15

[root@pc01 ~]# adduser grid01

[root@pc01 ~]# mkdir /home/grid01/.globus

[root@pc01 ~]# cp /root/user_cert/usercert.pem /home/grid01/.globus/usercert.pem

[root@pc01 ~]# cp /root/user_cert/userkey.pem /home/grid01/.globus/userkey.pem

[root@pc01 ~]# chown grid01 /home/grid01/.globus/usercert.pem

[root@pc01 ~]# chown grid01 /home/grid01/.globus/userkey.pem

[root@pc01 ~]# chmod 400 /home/grid01/.globus/userkey.pem

[root@pc01 ~]# su – grid01

[grid01@pc01 ~]$ voms-proxy-init --voms eumed

Enter GRID pass phrase: [grid2011]

Your identity: /C=MA/O=MaGrid/OU=CNRST/CN=Grid School

Creating temporary proxy .................................................................

....................................... Done

Contacting voms2.cnaf.infn.it:15016 [/C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it] "eumed" Done

Creating proxy ........................................................................................ Done

Your proxy is valid until Sun May 29 04:25:35 2011

[root@pc01 ~]# adduser grid01

[root@pc01 ~]# mkdir /home/grid01/.globus

[root@pc01 ~]# cp /root/user_cert/usercert.pem /home/grid01/.globus/usercert.pem

[root@pc01 ~]# cp /root/user_cert/userkey.pem /home/grid01/.globus/userkey.pem

[root@pc01 ~]# chown grid01 /home/grid01/.globus/usercert.pem

[root@pc01 ~]# chown grid01 /home/grid01/.globus/userkey.pem

[root@pc01 ~]# chmod 400 /home/grid01/.globus/userkey.pem

[root@pc01 ~]# su – grid01

[grid01@pc01 ~]$ voms-proxy-init --voms eumed

Enter GRID pass phrase: [grid2011]

Your identity: /C=MA/O=MaGrid/OU=CNRST/CN=Grid School

Creating temporary proxy .................................................................

....................................... Done

Contacting voms2.cnaf.infn.it:15016 [/C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it] "eumed" Done

Creating proxy ........................................................................................ Done

Your proxy is valid until Sun May 29 04:25:35 2011

Testing UI

Testing UI for GILDA

• OtherTests:

Copy a jdl file:

Password [grid01]

Submit a job:

16

scp grid01@ui01.magrid.ma:/home/grid01/hostname.jdl .scp grid01@ui01.magrid.ma:/home/grid01/hostname.jdl .

lfc-ls /gridlfc-ls /grid

glite-wms-job-submit -a –o jobid hostname.jdl glite-wms-job-submit -a –o jobid hostname.jdl

• For the real installation you have to export you personal certificate from web browser to the UI and than have a look at the following: ATTENTION USE eumed INSTEAD gilda

• Certificate management:

https://grid.ct.infn.it/twiki/bin/view/GILDA/HowToConvertPkcs12ToPem

• Voms creation with extentions

https://grid.ct.infn.it/twiki/bin/view/GILDA/AuthenticationAuthorization#Creation_of_a_proxy_with_voms_ex

• Job Submission

https://grid.ct.infn.it/twiki/bin/view/GILDA/SimpleJobSubmission

• Data Management

https://grid.ct.infn.it/twiki/bin/view/GILDA/DataManagement

17

Testing UI for EUMED Installation

18

References

INFNGrid installation http://igrelease.forge.cnaf.infn.it/doku.php?id=doc:guides:install-3_2

EUMED wiki for system administrators: http://wiki.eumedgrid.eu/twiki/bin/view/InfrastructureStatus/EumedSiteInstallation