Trace: se

Table of Contents

Storage Element (SE)

The CE is installed on our grid node, grow-grid.its.uiowa.edu.

Requirements

User Accounts

  1. Need a bestman user which has sudo ability. Do so by adding the following lines to /etc/sudoers. 

[root@grow-prod dsquires]# vi /etc/sudoers

/etc/sudoers
Cmnd_Alias SRM_CMD = /bin/rm, /bin/mkdir, /bin/rmdir, /bin/mv, /bin/cp, /bin/ls
Runas_Alias SRM_USR = ALL, !root
bestman ALL=(SRM_USR) NOPASSWD: SRM_CMD

Then proagate sudoers to all other nodes by running: 

[root@grow-prod dsquires]# ssh-agent $SHELL
[root@grow-prod dsquires]# ssh-add
Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)
[root@grow-prod dsquires]# rocks sync users
[root@grow-prod dsquires]# rocks sync config

Certificates

The SE will need both a host certificate, and a bestman certificate. Instructions to obtain these are below.

Installation

We have the CE and SE on the same nodes so the first steps have already been completed, if following this tutorial and you have already installed the CE, skip to here to begin, therwise follow from the beginning.

Install Epel

[root@grow-grid ~]# cd /etc/yum.repos.d
[root@grow-grid yum.repos.d]# rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm

Install YUM Priorities Plugin

[root@grow-grid yum.repos.d]#  yum install yum-priorities

Enable YUM Plugins

Add the following line to /etc/yum.conf in the “Main” section. 

[root@grow-grid yum.repos.d]#  vi /etc/yum.conf

/etc/yum.conf
plugins=1

Install OSG Repositories

[root@grow-grid yum.repos.d]#  rpm -Uvh http://repo.grid.iu.edu/osg-el5-release-latest.rpm

Instal CA Certificates

[root@grow-grid yum.repos.d]# yum install osg-ca-certs

Installing BeStMan2

[root@grow-grid yum.repos.d]# yum install osg-se-bestman

Configure Gridmap Support

We use gridmap for authentication instead of GUMS.

Generate a gridmap file manually. 

[root@grow-grid ~]# edg-mkgridmap

Enable gridmap to run. 

[root@grow-grid ~]# /sbin/service edg-mkgridmap start
[root@grow-grid ~]# /sbin/chkconfig edg-mkgridmap on

Change some settings for bestman. 

[root@grow-grid ~]# vi /etc/bestman2/conf/bestman2.rc

Make sure these settings are as follows.

/etc/bestman2/conf/bestman2.rc
localPathListAllowed=/tmp;/data
CertFileName=/etc/grid-security/bestman/bestmancert.pem
KeyFileName=/etc/grid-security/bestman/bestmankey.pem
GridMapFileName=/etc/grid-security/grid-mapfile

[root@grow-grid ~]# vi /etc/sysconfig/bestman2
Change the BESTMAN_GUMS_ENABLED flag to no if it is set to yes and make sure it is not commented out.

/etc/sysconfig/bestman2
BESTMAN_GUMS_ENABLED=no

Modify sudoers File

This must be done on the head node! 

[root@grow-prod ~]# vi /etc/sudoers
Modify /etc/sudoers by comment the following line and adding the last three lines to the end of the file.

/etc/sudoers
#Defaults    requiretty
 
Cmnd_Alias SRM_CMD = /bin/rm, /bin/mkdir, /bin/rmdir, /bin/mv, /bin/cp, /bin/ls
Runas_Alias SRM_USR = ALL, !root
bestman   ALL=(SRM_USR) NOPASSWD: SRM_CMD

Verification

Notes

Contact Info

This Dokuwiki page is maintained by:
Daniel Squires
University of Iowa
Department of Computer Science
Email: daniel-squires@uiowa.edu