====== Storage Element (SE) ======
The CE is installed on our grid node, grow-grid.its.uiowa.edu.
===== Requirements =====
==== User Accounts ====
  - Need a bestman user which has sudo ability. Do so by adding the following lines to /etc/sudoers.
<xterm2 root>
[root@grow-prod dsquires]# vi /etc/sudoers
</xterm2>
<file text /etc/sudoers>
Cmnd_Alias SRM_CMD = /bin/rm, /bin/mkdir, /bin/rmdir, /bin/mv, /bin/cp, /bin/ls
Runas_Alias SRM_USR = ALL, !root
bestman ALL=(SRM_USR) NOPASSWD: SRM_CMD
</file>
Then proagate sudoers to all other nodes by running:
<xterm2 root>
[root@grow-prod dsquires]# ssh-agent $SHELL
[root@grow-prod dsquires]# ssh-add
<fc #008000>Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)</fc>
[root@grow-prod dsquires]# rocks sync users
[root@grow-prod dsquires]# rocks sync config
</xterm2>
==== Certificates ====
The SE will need both a host certificate, and a bestman certificate. Instructions to obtain these are below.
  * [[grow:installation:certificates#host_certificate|Host]]
  * [[grow:installation:certificates#bestman_service_certificate|Bestman]]
===== Installation =====
We have the CE and SE on the same nodes so the first steps have already been completed, if following this tutorial and you have  already installed the CE, skip to [[grow:installation:osg3:se&#installing_bestman2|here]] to begin, therwise follow from the beginning.
==== Install Epel ====
<xterm2 root>
[root@grow-grid ~]# cd /etc/yum.repos.d
[root@grow-grid yum.repos.d]# rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
</xterm2>

==== Install YUM Priorities Plugin ====
<xterm2 root>
[root@grow-grid yum.repos.d]#  yum install yum-priorities
</xterm2>

==== Enable YUM Plugins ====
Add the following line to /etc/yum.conf in the "Main" section.
<xterm2 root>
[root@grow-grid yum.repos.d]#  vi /etc/yum.conf
</xterm2>
<file text /etc/yum.conf>
plugins=1
</file>

==== Install OSG Repositories ====
<xterm2 root>
[root@grow-grid yum.repos.d]#  rpm -Uvh http://repo.grid.iu.edu/osg-el5-release-latest.rpm
</xterm2>

==== Instal CA Certificates ====
<xterm2 root>
[root@grow-grid yum.repos.d]# yum install osg-ca-certs
</xterm2>

==== Installing BeStMan2 ====
<xterm2 root>
[root@grow-grid yum.repos.d]# yum install osg-se-bestman
</xterm2>

==== Configure Gridmap Support ====
We use gridmap for authentication instead of GUMS.

Generate a gridmap file manually.
<xterm2 root>
[root@grow-grid ~]# edg-mkgridmap
</xterm2>

Enable gridmap to run.
<xterm2 root>
[root@grow-grid ~]# /sbin/service edg-mkgridmap start
[root@grow-grid ~]# /sbin/chkconfig edg-mkgridmap on
</xterm2>

Change some settings for bestman.
<xterm2 root>
[root@grow-grid ~]# vi /etc/bestman2/conf/bestman2.rc
</xterm2>

Make sure these settings are as follows.
<file text /etc/bestman2/conf/bestman2.rc>
localPathListAllowed=/tmp;/data
CertFileName=/etc/grid-security/bestman/bestmancert.pem
KeyFileName=/etc/grid-security/bestman/bestmankey.pem
GridMapFileName=/etc/grid-security/grid-mapfile
</file>

<xterm2 root>
[root@grow-grid ~]# vi /etc/sysconfig/bestman2
</xterm2>
Change the BESTMAN_GUMS_ENABLED flag to no if it is set to yes and make sure it is not commented out.
<file text /etc/sysconfig/bestman2>
BESTMAN_GUMS_ENABLED=no
</file>

==== Modify sudoers File ====
<note important>This must be done on the head node!</note>
<xterm2 root>
[root@grow-prod ~]# vi /etc/sudoers
</xterm2>
Modify /etc/sudoers by comment the following line and adding the last three lines to the end of the file.
<file text /etc/sudoers>
#Defaults    requiretty

Cmnd_Alias SRM_CMD = /bin/rm, /bin/mkdir, /bin/rmdir, /bin/mv, /bin/cp, /bin/ls
Runas_Alias SRM_USR = ALL, !root
bestman   ALL=(SRM_USR) NOPASSWD: SRM_CMD
</file>
===== Verification =====

====== Notes ======


====== Contact Info ======
This Dokuwiki page is maintained by:\\
Daniel Squires\\
University of Iowa\\
Department of Computer Science\\
Email: <daniel-squires@uiowa.edu>