Skip to content

Production node install instructions

Jump to bottom
Valentin Kuznetsov edited this page Jan 23, 2019 · 14 revisions

Instructions notes to install WMArchive on production CC7 node (vocms0182)

Step 1

sudo -u wma /bin/bash
sudo yum install libxslt.x86_64 libxml2.x86_64
sudo yum install unzip.x86_64 zip.x86_64

Step 2

sudo -l
sudo yum -y install git.x86_64
mkdir -p /tmp/foo
cd /tmp/foo
git clone git://github.com/dmwm/deployment.git cfg

IMPORTANT to avoid user id clashes, please use cfg_proxy.patch file and/or adjust it as necessary:

cd cfg
patch -p1 --dry-run < ../cfg_proxy.patch
# if everything is ok apply the patch
patch -p1 < ../cfg_proxy.patch
cd -

fix backends files in frontend configuration, please use cfg_backends.patch file and/or adjust it as necessary:

cd cfg
patch -p1 --dry-run < cfg_backends.patch
# if everything is ok apply the patch
patch -p1 < ../cfg_backends.patch
cd -

cfg/Deploy -t dummy -s post $PWD system/devvm

log out and log in again

exit
sudo -u wma /bin/bash

this will take care of resetting id's for wma account.

Step 3

To: [email protected]
Cc: [email protected]
Subject: myproxy registration request for HOSTNAME

Could you please add the following host certificate to myproxy.cern.ch
trusted_retrievers, authorized_retrievers, authorized_renewers policy?
This is a development server for CMS web services and requires use of
grid proxy certificates.

/DC=ch/DC=cern/OU=computers/CN=HOSTNAME.cern.ch

Regards,
Your Name

Step 4

create install area

(cd /data; git clone git://github.com/dmwm/deployment.git cfg && cd cfg && git reset --hard HG1705b)

re-apply the cfg_proxy.patch patch to cfg area:

cd cfg
patch -p1 --dry-run < cfg_proxy.patch
# if everything is ok apply the patch
patch -p1 < cfg_proxy.patch
cd -

adjust your packages in /data/cfg/PKG/deploy if necessary to new versions, e.g.

deploy_pkg comp cms+wmarchive v00.06.04-comp
deploy_pkg comp cms+PhedexReplicaMonitoring v00.00.16
deploy_pkg comp external+mongo 3.2.10

install services

(VER=HG1705b REPO="comp.valya" A=/data/cfg/admin; cd /data; $A/InstallDev -A slc7_amd64_gcc630 -R comp@$VER -s image -v $VER -r comp=$REPO -u valya -p "admin backend frontend mongodb wmarchive phedexreplicamonitoring")

if above procedure will fail, it is due to phedexreplicamonitoring service. the fix is easy:

mkdir /data/srv/HG1705b/config/phedexreplicamonitoring
sudo chown _sw /data/srv/HG1705b/config/phedexreplicamonitoring
sudo chmod g+w /data/srv/state/phedexreplicamonitoring

and repeat install service command.

create wma.keytab file (replace valya with your user name):

cd /tmp
ktutil
ktutil:  addent -password -p [email protected] -k 1 -e rc4-hmac
Password for [email protected]:
ktutil:  addent -password -p [email protected] -k 1 -e aes256-cts
Password for [email protected]:
ktutil:  wkt wma.keytab
ktutil:  quit

generate wma.keytab file

sudo mv wma.keytab /data/srv/state/wmarchive/
sudo chown _wmarchive /data/srv/state/wmarchive/wma.keytab
sudo chgrp _wmarchive /data/srv/state/wmarchive/wma.keytab

create pbr.keytab

mkdir /data/srv/state/phedexreplicamonitoring
sudo chown _phedexreplicamonitoring /data/srv/state/phedexreplicamonitoring
sudo chgrp _phedexreplicamonitoring /data/srv/state/phedexreplicamonitoring
sudo cp /data/srv/state/wmarchive/wma.keytab /data/srv/state/phedexreplicamonitoring/prm.keytab
sudo chown _phedexreplicamonitoring /data/srv/state/phedexreplicamonitoring/prm.keytab
sudo chgrp _phedexreplicamonitoring /data/srv/state/phedexreplicamonitoring/prm.keytab

create wma_broker.json file

cat > /data/srv/state/wmarchive/wma_broker.json
PASTE ITS CONTENT HERE
Ctrl-D

sudo chown _wmarchive /data/srv/state/wmarchive/wma_broker.json
sudo chgrp _wmarchive /data/srv/state/wmarchive/wma_broker.json
sudo chmod go-rwx /data/srv/state/wmarchive/wma_broker.json

adjust backends files In order to properly redirect your requests please make sure to check /data/srv/current/config/backend*.txt files

start services

(A=/data/cfg/admin; cd /data; $A/InstallDev -s start)

Reference:

  1. https://cms-http-group.web.cern.ch/cms-http-group/tutorials/environ/vm-setup.html

Instructions to install WMArchive on production node (vocms0182)

1 Login to vocms0182 and switch to wma account:

sudo -u wma /bin/bash

2 Update /data/cfg area

cd /data
cp -r cfg cfg.`date +%Y%m%d`
cd cfg
git pull

3 Adjust necessary files

  • if we use custom version of mongodb add to /data/cfg/mongodb/deploy the following line deploy_pkg comp external+mongo 3.2.10
  • if we use custom config for WMArchive, adjust /data/cfg/wmarchive/wmarchive_conf.py

4 You may need to adjust /data/cfg/admin/ProxySeed and comment last line which copies a proxy file:

#try scp -p /tmp/x509up_u$(id -u) $dest/seed-$me.cert

this is necessary since scp command is invoked from a service (wma) account for which we don't know a password. But since WMArchive does not require proxy seed we just comment it out (instead of manual copy).

5 proceed with normal installation procedure or better use /data/vm_manage.sh wrapper script as following:

/data/vm_manage.sh stop
/data/vm_manage.sh install
/data/vm_manage.sh start

6 Verify that logs are updated with 200 OK status in POST requests

tail /data/srv/logs/wmarchive/wmarchive-`date +%T%m%d`.log

7 adjust home area By default the install procedure will use /data/empty area as home account. This area is read-only. Starting with Spark 2.X all spark jobs will use $HOME/.ivy2 area for caching purposes. Therefore you'll need to adjust the /data/empty accordingly. Here are the steps:

# change permission
sudo chmod u+w /data/empty
# create ivy2 caching area elsewhere, e.g.
mkdir /data/ivy2
# link this area into home area
sudo ln -s /data/ivy2 /data/empty/.ivy2

Later you can check that this area will contain cache and jars sub-directories when first Spark job is run.

CMS collaboration

End-user tools

WMArchive internals

Clone this wiki locally