SEE-GRID Cookbook
From EGEE-see WIki
This is a cookbook for building a simple SEE-GRID site consisting of:
- WN_torque + UI (1)
- CE_torque
- SE_classic + MON
Nodes should be installed in this order.
Contents |
Ingredients
- three dedicated computers. Any average computer will do (1GHz, 512MB RAM, 30 GB HDD).
- static public IP addresses and DNS names for these computers (from your network administrator). You may want to choose generic names (e.g. grid1, grid2) or according to the function of the node (e.g. se, ce, wn01). It is not wise to start node name with a number, choose an alpha.Also check that reverse DNS works.
- host certificates for CE and SE, and a user certificate for the site administrator. You will be able to do this after you install the WN/UI (does not require host certificate):
- Configure GSI
- generate host certificate requests for CE/SE (grid-cert-request -host host.domain-dirhost.domain)
- generate user certificate requests (grid-cert-request -cn 'FirstName LastName')
- contact SEE-GRID RA for your country
Recipe
Use the detailed instructions in LCG Installation Guide. This has been superseded by [1], and the supported OS is Scientific Linux 4.
In short, these are the steps:
- Install the latest Scientific Linux 3.0.x version on the machines.
- Install Java SDK from RPM.
- Install and configure NTP. You can use public NTP servers if you don't have a local one available. Check that NTP works!
- Copy the host certificate and private key to /etc/grid-security/ (CE, SE only).
- Download glite-yaim and use it to install and configure LCG on the nodes.
- Use site-info.def as a template and follow the indications inside it to create your custom site-info.def
- Use users.conf as a template for users
- Use groups.conf as a template for groups
- Create wn-list.conf with the full hostname of your WN.
- To install the LCG software run:
- on WN:
install_node site-info.def glite-WN glite-torque-client-config glite-UI - on CE:
install_node site-info.def lcg-CE_torque - on SE:
install_node site-info.def glite-SE_classic glite-MON
- on WN:
- To configure the LCG software run:
- on WN:
configure_node site-info.def WN_torque UI - on CE:
configure_node site-info.def CE_torque BDII_site - on SE:
configure_node site-info.def SE_classic MON
- on WN:
- Open ports in firewall:
- -A INPUT -s wn_ip/255.255.255.255 -j ACCEPT
- -A INPUT -s ce_ip/255.255.255.255 -j ACCEPT
- -A INPUT -s se_ip/255.255.255.255 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 2119 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 2135 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 2136 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 2170 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 2811 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 8443 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 20000:25000 -j ACCEPT
- -A INPUT -s
- Install SEE-GRID VOMS RPM.
- Register your hosts IP range to get R-GMA registry access.
- Apply for SEE-GRID VO membership (you need to have your certificate imported into the browser)
In case of problems write to see-grid-gim mailing list.
Notes
Note: Starting with gLite 3.0.x, a problem appeared where a node configured both as WN and UI can not function. This is due to a yaim configuration that adds two environment variables, X509_USER_PROXY and GRID_PROXY_FILE. It is a valid configuration for a separate UI, but not for a WN/UI. The problem can be resolved by manually deleting (or commenting) the lines containing these environment variables and restarting the computer. The variables are located in files /etc/profile.d/lcgenv.(c)sh and /etc/glite/profile.d/glite_setenv.(c)sh. If this is not done, the jobs on the WN will not be able to find their certificates and will fail with the error "Cannot read JobWrapper output, both from Condor and from Maradona". Easiest solution would be to dedicate two separate computers for WN and UI. More info about the error here and here.
