SEE-GRID VOMS Failover

From EGEE-see WIki

Jump to: navigation, search

Since the setup of the backup VOMS server it is possible to use both servers in failover fasion.

Contents

[edit]

edg-voms-proxy-init

Install the latest version of seegrid rpm on all grid nodes. It contains the configuration files and certificates of two SEE-GRID VOMS servers. Running edg-voms-proxy-init should contact VOMS servers in sequence - if the query to the first one fails it will try with the second one: 

$ edg-voms-proxy-init -voms seegrid
Your identity: /DC=ORG/DC=SEE-GRID/O=People/O=RBI/CN=Valentin Vidic
Enter GRID pass phrase:
Creating temporary proxy .................................................................. Done
Contacting  voms.irb.hr:15010 [/DC=ORG/DC=SEE-GRID/O=Hosts/O=RBI/CN=host/voms.irb.hr] "seegrid" Error: VERR_NOSOCKET Failed.
Trying next server for seegrid.
Creating temporary proxy ........................................... Done
Contacting  voms.grid.auth.gr:15040 [/C=GR/O=HellasGrid/OU=grid.auth.gr/CN=voms.grid.auth.gr]  "seegrid" Done
Creating proxy ........................................................... Done
Your proxy is valid until Wed Apr 19 03:12:33 2006

The order for querying the servers is determined by the order of files in ~/.edg/vomses and /opt/edg/etc/vomses. edg-voms-proxy-init reads the entries in this directory in unsorted order (ls -f) and applies random_shuffle function to the list of matching servers. Since the randomization function is not seeded properly it gives the same random order every time it is run. The following list gives the ordering for different number of elements (servers):

  • 2 servers: 2, 1
  • 3 servers: 2, 1, 3
  • 4 servers: 2, 1, 3, 4
  • 5 servers: 2, 5, 3, 5, 1

As a result, for VO with two servers, the last server listed will be contacted first.

If you wish to contact the primary server first, the order of files should be: 

$ ls -1f seegrid*     
seegrid-voms.grid.auth.gr
seegrid-voms.irb.hr

You can get this ordering by running the following script: 

#!/bin/sh
# fix to make voms-proxy-init use voms.irb.hr first
#
# for this to work voms.irb.hr file needs to be after
# voms.grid.auth.gr in the dir (ls -f)

set -e # die on error

BASEDIR=/opt/edg/etc/vomses
TMPDIR=/tmp/seegrid.$$

mkdir $TMPDIR

mv $BASEDIR/* $TMPDIR
mv $TMPDIR/* $BASEDIR # this will sort files alphabetically

rmdir $TMPDIR
[edit]

glite-voms-proxy-init

Some nodes link voms-proxy-init to glite-voms-proxy-init which behaves a bit different from edg-voms-proxy-init:

  • uses configuration from ~/.glite/vomses and /opt/glite/etc/vomses (these paths can be either file or directory)
  • contacts voms servers in truly random order (different order every time)
[edit]

edg-mkgridmap

gLite version of voms-admin interface can be trimmed down to allow only mkgridmap requests on the backup server. This is configured through voms.service.properties file with the following options: 

voms.request.webui.enabled      no
voms.admin.webui.enabled        no
voms.admin.webui.membership.operations.enabled  no
voms.config.webui.enabled       no
voms.core.webui.enabled         no
voms.readonly   yes
[edit]

registration interface

The registration for seegrid VO is centralized so there will be no failover for the registration interface.

Retrieved from "http://wiki.egee-see.org/index.php/SEE-GRID_VOMS_Failover"
Personal tools