MigrateBEgridToEMI3 part1
VOMS servers upgrade from EMI2 to EMI3
Prepare the upgrade
Always start from a clean situation
Before I started the upgrade, I've made sure that the voms servers were working, by doing a "voms-proxy-init --voms beapps" on a UI.
Backup
We make a backup of the configuration and of the voms database using the recipe given in the Italiangrid documentation :
[root@voms01 ~]# scp -r /root/* mon.iihe.ac.be:/userbackup/backup_voms_begrid_april2014/voms01/root/ [root@voms01 ~]# scp -r /etc/voms-admin mon.iihe.ac.be:/userbackup/backup_voms_begrid_april2014/voms01/etc/ [root@voms01 ~]# scp -r /etc/voms mon.iihe.ac.be:/userbackup/backup_voms_begrid_april2014/voms01/etc/ [root@voms01 ~]# mysqldump -uroot -p<MYSQL_ROOT_PASSWORD> --all-databases --flush-privileges > voms_database_dump.sql
We can now shut off the main voms server (voms01). Once the VM is off, we make a backup of the disk image. We will keep voms02 (fail-over voms server), running during the upgrade process, so that users are not disturbed. Restart voms01.
Upgrade
EMI3 repositories configuration
You will find the detailed instructions here.
Here is what I've done :
- Check that priorities are ok in the following file :
/etc/yum/pluginconf.d/priorities.conf
- Update of emi-release package :
cd /root/ wget http://emisoft.web.cern.ch/emisoft/dist/EMI/3/sl6/x86_64/base/emi-release-3.0.0-2.el6.noarch.rpm yum localupdate emi-release-3.0.0-2.el6.noarch.rpm
Note: this will update the repo files in /etc/yum.repos.d
Upgrade
- Stop the voms services and tomcat :
service voms stop service voms-admin stop service tomcat6 stop
- Yum-update the voms packages :
yum clean all yum update
- Tomcat is not needed anymore (Jetty is used instead) :
yum remove tomcat6
- Env variables no longer used :
unset VOMS_LOCATION_CONF VOMS_ADMIN_LOCATION_VAR VOMS_LOCATION VOMS_LOCATION_VAR VOMS_ADMIN_LOCATION
and remove any reference to these variables in /etc/profile.d/grid-env.sh :
cp -a /etc/profile.d/grid-env.sh /etc/profile.d/grid-env.sh.bak sed -i '/VOMS_LOCATION/d' /etc/profile.d/grid-env.sh sed -i '/VOMS_ADMIB_LOCATION/d' /etc/profile.d/grid-env.sh
Configuring the voms-admin container
- The host, port and ssl information should already be set in the file :
/etc/voms-admin/voms-admin-server.properties
As a reference, here is the actual content of the file :
## The hostname where service is accepting requests host=voms01.begrid.be ## The port where the service will be listening for requests port=8443 # VOMS X.509 certificate and trust-anchors settings ## The service PEM encoded X.509 certificate cert=/etc/grid-security/vomscert.pem ## The service private key key=/etc/grid-security/vomskey.pem ## The trust anchors directory trust_anchors.dir = /etc/grid-security/certificates # How ofter trust anchors are refreshed from the trust anchors dir # (in seconds) trust_anchors.refresh_period = 3600 # Max number of concurrent connections max_connections = 50 # Max length of the request queue max_request_queue_size = 200
Note : if you put "localhost" instead of "voms01.begrid.be" for the value of host, the service (port 8443) will start on the IPV6 127.0.0.1 address. As a result, you wont be able to access the service ! (A stupid mistake that costed me 2 hours of debugging !)
- Put some limits on the user "voms" under which the process voms-admin is run, by adding to the file /etc/security/limits.conf :
voms soft nofile 63536 voms hard nofile 63536
- Configuring memory for the VOMS Admin container :
As we are supporting less than 10 VOs, it is not necessary to increase the memory for the Jetty container by modifying the VOMS_JAVA_OPTS in file /etc/sysconfig/voms-admin ;-)
Reconfiguring the VOs
- As YAIM is no more supported, we need to use voms-admin command to reconfigure the VOs (using information found in site-info.def) :
voms-configure install --vo betest --hostname voms01.begrid.be --dbname betest --dbusername betest_admin --dbpassword darealpassword --core-port 18003 --mail-from grid_admin@listserv.vub.ac.be --smtp-host localhost voms-configure install --vo beapps --hostname voms01.begrid.be --dbname beapps --dbusername beapps_admin --dbpassword darealpassword --core-port 18004 --mail-from grid_admin@listserv.vub.ac.be --smtp-host localhost
- We can now restart the voms services :
service voms start service voms-admin start
- Database upgrading :
voms-configure upgrade --vo beapps voms-configure upgrade --vo betest
Reconfiguring the information system
- Configuring the info provider :
voms-config-info-providers -s BEgrid-BELNET -e service bdii restart
- Checking that bdii service returns the good info for each vo :
ldapsearch -x -h localhost -p 2170 -b 'GLUE2GroupID=resource,o=glue' objectCLass=GLUE2Service
About the voms replication
We have one replicate called voms02, but since we haven't found any procedure explaining how to upgrade a replicate voms server, I suggest that we re-create the replicate from scratch...
Useful documents
- https://github.com/italiangrid/voms/wiki/System-Administrator-guide
- https://wiki.egi.eu/wiki/MAN07_VOMS_Replication
- https://twiki.cern.ch/twiki/bin/view/EMI/GenericInstallationConfigurationEMI3
Site BDII upgrade from EMI2 to EMI3
No special care (like backup) were taken since this service doesn't have a database. Here are the steps we followed :
- copy the package emi-release-3.0.0-2.el6.noarch.rpm in the /root directory (this package was copied from voms01)
- update of emi yum.repos.d config files and update :
cd /root yum localinstall emi-release-3.0.0-2.el6.noarch.rpm yum update