MigrateBEgridToEMI3 part1

From T2B Wiki
Jump to navigation Jump to search

VOMS servers upgrade from EMI2 to EMI3

Prepare the upgrade

Always start from a clean situation

Before I started the upgrade, I've made sure that the voms servers were working, by doing a "voms-proxy-init --voms beapps" on a UI.


We make a backup of the configuration and of the voms database using the recipe given in the Italiangrid documentation :

[root@voms01 ~]# scp -r /root/* mon.iihe.ac.be:/userbackup/backup_voms_begrid_april2014/voms01/root/
[root@voms01 ~]# scp -r /etc/voms-admin mon.iihe.ac.be:/userbackup/backup_voms_begrid_april2014/voms01/etc/
[root@voms01 ~]# scp -r /etc/voms mon.iihe.ac.be:/userbackup/backup_voms_begrid_april2014/voms01/etc/
[root@voms01 ~]# mysqldump -uroot -p<MYSQL_ROOT_PASSWORD> --all-databases --flush-privileges > voms_database_dump.sql

We can now shut off the main voms server (voms01). Once the VM is off, we make a backup of the disk image. We will keep voms02 (fail-over voms server), running during the upgrade process, so that users are not disturbed. Restart voms01.


EMI3 repositories configuration

You will find the detailed instructions here.

Here is what I've done :

  • Check that priorities are ok in the following file :
  • Update of emi-release package :
cd /root/
wget http://emisoft.web.cern.ch/emisoft/dist/EMI/3/sl6/x86_64/base/emi-release-3.0.0-2.el6.noarch.rpm
yum localupdate emi-release-3.0.0-2.el6.noarch.rpm
Note: this will update the repo files in /etc/yum.repos.d


  • Stop the voms services and tomcat :
service voms stop
service voms-admin stop
service tomcat6 stop
  • Yum-update the voms packages :
yum clean all
yum update
  • Tomcat is not needed anymore (Jetty is used instead) :
yum remove tomcat6
  • Env variables no longer used :
and remove any reference to these variables in /etc/profile.d/grid-env.sh :
cp -a /etc/profile.d/grid-env.sh /etc/profile.d/grid-env.sh.bak
sed -i '/VOMS_LOCATION/d' /etc/profile.d/grid-env.sh
sed -i '/VOMS_ADMIB_LOCATION/d' /etc/profile.d/grid-env.sh

Configuring the voms-admin container

  • The host, port and ssl information should already be set in the file :
As a reference, here is the actual content of the file :
## The hostname where service is accepting requests

## The port where the service will be listening for requests

# VOMS X.509 certificate and trust-anchors settings
## The service PEM encoded X.509 certificate

## The service private key

## The trust anchors directory
trust_anchors.dir = /etc/grid-security/certificates

# How ofter trust anchors are refreshed from the trust anchors dir 
# (in seconds)
trust_anchors.refresh_period = 3600

# Max number of concurrent connections
max_connections = 50

# Max length of the request queue
max_request_queue_size = 200

Note : if you put "localhost" instead of "voms01.begrid.be" for the value of host, the service (port 8443) will start on the IPV6 address. As a result, you wont be able to access the service ! (A stupid mistake that costed me 2 hours of debugging !)
  • Put some limits on the user "voms" under which the process voms-admin is run, by adding to the file /etc/security/limits.conf :
voms          soft    nofile  63536
voms          hard    nofile  63536
  • Configuring memory for the VOMS Admin container :
As we are supporting less than 10 VOs, it is not necessary to increase the memory for the Jetty container by modifying the VOMS_JAVA_OPTS in file /etc/sysconfig/voms-admin ;-)

Reconfiguring the VOs

  • As YAIM is no more supported, we need to use voms-admin command to reconfigure the VOs (using information found in site-info.def) :
voms-configure install --vo betest --hostname voms01.begrid.be --dbname betest --dbusername betest_admin --dbpassword darealpassword --core-port 18003 --mail-from grid_admin@listserv.vub.ac.be --smtp-host localhost
voms-configure install --vo beapps --hostname voms01.begrid.be --dbname beapps --dbusername beapps_admin --dbpassword darealpassword --core-port 18004 --mail-from grid_admin@listserv.vub.ac.be --smtp-host localhost
  • We can now restart the voms services :
service voms start
service voms-admin start
  • Database upgrading :
voms-configure upgrade --vo beapps
voms-configure upgrade --vo betest

Reconfiguring the information system

  • Configuring the info provider :
voms-config-info-providers -s BEgrid-BELNET -e
service bdii restart
  • Checking that bdii service returns the good info for each vo :
ldapsearch -x -h localhost -p 2170 -b 'GLUE2GroupID=resource,o=glue' objectCLass=GLUE2Service

About the voms replication

We have one replicate called voms02, but since we haven't found any procedure explaining how to upgrade a replicate voms server, I suggest that we re-create the replicate from scratch...

Useful documents

Site BDII upgrade from EMI2 to EMI3

No special care (like backup) were taken since this service doesn't have a database. Here are the steps we followed :

  • copy the package emi-release-3.0.0-2.el6.noarch.rpm in the /root directory (this package was copied from voms01)
  • update of emi yum.repos.d config files and update :
cd /root
yum localinstall emi-release-3.0.0-2.el6.noarch.rpm
yum update