Maintenance script: Created page with " == VOMS servers upgrade from EMI2 to EMI3 == === Prepare the upgrade === ==== Always start from a clean situation ==== Before I started the upgrade, I've made sure that th..."

2015-08-26T12:28:47Z

Created page with " == VOMS servers upgrade from EMI2 to EMI3 == === Prepare the upgrade === ==== Always start from a clean situation ==== Before I started the upgrade, I've made sure that th..."

New page

== VOMS servers upgrade from EMI2 to EMI3 ==
=== Prepare the upgrade ===
==== Always start from a clean situation ====
Before I started the upgrade, I've made sure that the voms servers were working, by doing a "voms-proxy-init --voms beapps" on a UI.
==== Backup ====
We make a backup of the configuration and of the voms database using the recipe given in the Italiangrid documentation :
<pre>
[root@voms01 ~]# scp -r /root/* mon.iihe.ac.be:/userbackup/backup_voms_begrid_april2014/voms01/root/
[root@voms01 ~]# scp -r /etc/voms-admin mon.iihe.ac.be:/userbackup/backup_voms_begrid_april2014/voms01/etc/
[root@voms01 ~]# scp -r /etc/voms mon.iihe.ac.be:/userbackup/backup_voms_begrid_april2014/voms01/etc/
[root@voms01 ~]# mysqldump -uroot -p<MYSQL_ROOT_PASSWORD> --all-databases --flush-privileges > voms_database_dump.sql
</pre>
We can now shut off the main voms server (voms01). Once the VM is off, we make a backup of the disk image. We will keep voms02 (fail-over voms server), running during the upgrade process, so that users are not disturbed. Restart voms01.

=== Upgrade ===
==== EMI3 repositories configuration ====
You will find the detailed instructions [https://twiki.cern.ch/twiki/bin/view/EMI/GenericInstallationConfigurationEMI3#The_middleware_EMI_repositories here].

Here is what I've done :
*Check that priorities are ok in the following file :
<pre>
/etc/yum/pluginconf.d/priorities.conf
</pre>
*Update of emi-release package :
<pre>
cd /root/
wget http://emisoft.web.cern.ch/emisoft/dist/EMI/3/sl6/x86_64/base/emi-release-3.0.0-2.el6.noarch.rpm
yum localupdate emi-release-3.0.0-2.el6.noarch.rpm
</pre>
Note: this will update the repo files in /etc/yum.repos.d
==== Upgrade ====
*Stop the voms services and tomcat :
<pre>
service voms stop
service voms-admin stop
service tomcat6 stop
</pre>
*Yum-update the voms packages :
<pre>
yum clean all
yum update
</pre>
*Tomcat is not needed anymore (Jetty is used instead) :
<pre>
yum remove tomcat6
</pre>
*Env variables no longer used :
<pre>
unset VOMS_LOCATION_CONF VOMS_ADMIN_LOCATION_VAR VOMS_LOCATION VOMS_LOCATION_VAR VOMS_ADMIN_LOCATION
</pre>
and remove any reference to these variables in /etc/profile.d/grid-env.sh :
<pre>
cp -a /etc/profile.d/grid-env.sh /etc/profile.d/grid-env.sh.bak
sed -i '/VOMS_LOCATION/d' /etc/profile.d/grid-env.sh
sed -i '/VOMS_ADMIB_LOCATION/d' /etc/profile.d/grid-env.sh
</pre>
==== Configuring the voms-admin container ====
*The host, port and ssl information should already be set in the file :
<pre>
/etc/voms-admin/voms-admin-server.properties
</pre>
As a reference, here is the actual content of the file :
<pre>
## The hostname where service is accepting requests
host=voms01.begrid.be

## The port where the service will be listening for requests
port=8443

# VOMS X.509 certificate and trust-anchors settings
## The service PEM encoded X.509 certificate
cert=/etc/grid-security/vomscert.pem

## The service private key
key=/etc/grid-security/vomskey.pem

## The trust anchors directory
trust_anchors.dir = /etc/grid-security/certificates

# How ofter trust anchors are refreshed from the trust anchors dir
# (in seconds)
trust_anchors.refresh_period = 3600

# Max number of concurrent connections
max_connections = 50

# Max length of the request queue
max_request_queue_size = 200

</pre>
Note : if you put "localhost" instead of "voms01.begrid.be" for the value of host, the service (port 8443) will start on the IPV6 127.0.0.1 address. As a result, you wont be able to access the service ! (A stupid mistake that costed me 2 hours of debugging !)

*Put some limits on the user "voms" under which the process voms-admin is run, by adding to the file /etc/security/limits.conf :
<pre>
voms soft nofile 63536
voms hard nofile 63536
</pre>
*Configuring memory for the VOMS Admin container :
As we are supporting less than 10 VOs, it is not necessary to increase the memory for the Jetty container by modifying the VOMS_JAVA_OPTS in file /etc/sysconfig/voms-admin ;-)
==== Reconfiguring the VOs ====
*As YAIM is no more supported, we need to use voms-admin command to reconfigure the VOs (using information found in site-info.def) :
<pre>
voms-configure install --vo betest --hostname voms01.begrid.be --dbname betest --dbusername betest_admin --dbpassword darealpassword --core-port 18003 --mail-from grid_admin@listserv.vub.ac.be --smtp-host localhost
voms-configure install --vo beapps --hostname voms01.begrid.be --dbname beapps --dbusername beapps_admin --dbpassword darealpassword --core-port 18004 --mail-from grid_admin@listserv.vub.ac.be --smtp-host localhost
</pre>
*We can now restart the voms services :
<pre>
service voms start
service voms-admin start
</pre>
*Database upgrading :
<pre>
voms-configure upgrade --vo beapps
voms-configure upgrade --vo betest
</pre>
==== Reconfiguring the information system ====
*Configuring the info provider :
<pre>
voms-config-info-providers -s BEgrid-BELNET -e
service bdii restart
</pre>
*Checking that bdii service returns the good info for each vo :
<pre>
ldapsearch -x -h localhost -p 2170 -b 'GLUE2GroupID=resource,o=glue' objectCLass=GLUE2Service
</pre>
=== About the voms replication ===
We have one replicate called voms02, but since we haven't found any procedure explaining how to upgrade a replicate voms server, I suggest that we re-create the replicate from scratch...
=== Useful documents ===
*https://github.com/italiangrid/voms/wiki/System-Administrator-guide
*https://wiki.egi.eu/wiki/MAN07_VOMS_Replication
*https://twiki.cern.ch/twiki/bin/view/EMI/GenericInstallationConfigurationEMI3

== Site BDII upgrade from EMI2 to EMI3 ==
No special care (like backup) were taken since this service doesn't have a database. Here are the steps we followed :
*copy the package emi-release-3.0.0-2.el6.noarch.rpm in the /root directory (this package was copied from voms01)
*update of emi yum.repos.d config files and update :
<pre>
cd /root
yum localinstall emi-release-3.0.0-2.el6.noarch.rpm
yum update
</pre>

{{TracNotice|{{PAGENAME}}}}

MigrateBEgridToEMI3 part1 - Revision history

Maintenance script: Created page with " == VOMS servers upgrade from EMI2 to EMI3 == === Prepare the upgrade === ==== Always start from a clean situation ==== Before I started the upgrade, I've made sure that th..."