Difference: DynamicFederation (1 vs. 20)

Revision 202016-04-14 - rptaylor

Line: 1 to 1
 

Documentation

Line: 34 to 34
  dav_module modules/mod_dav.so #Module dav_module modules/mod_dav.so
Added:
>
>
  • Set ServerName in /etc/httpd/conf/httpd.conf to the FQDN of the system
 

CAs

Revision 192016-02-15 - rptaylor

Line: 1 to 1
 

Documentation

Line: 95 to 95
 
  • Install the EPEL repository (or UMD) ; then yum install voms-clients
  • Install the wlcg-voms-atlas RPM from http://linuxsoft.cern.ch/wlcg/ . This populates /etc/vomses and /etc/grid-security/vomsdir
Changed:
<
<
  • Set up a cron job /etc/cron.hourly/ugr-proxy to generate the proxy
>
>
  • Set up a cron job /etc/cron.daily/ugr-proxy to generate the proxy
 

Robot Exclusion

Line: 109 to 109
  Use the ugrconfig_from_AGIS script (which comes in src/utils from the dynafed .src.rpm file) to query AGIS for all ATLAS https storage endpoints and generate the necessary UGR configuration to include them in the federation.
  • Prerequisite: yum install davix
Changed:
<
<
  • Copy and chown /etc/grid-security/ugr/ugr1.proxy for your own use, then export X509_USER_PROXY=ugr1.proxy
>
>
  • Copy and chown /etc/grid-security/ugr/dynafed1.proxy for your own use, then export X509_USER_PROXY=dynafed1.proxyy
 
  • ./ugrconfig_from_AGIS  -e scratchdisk tape hotdisk HOTDISK -t 10  -P grid -k

Operating the Federation

Revision 172015-05-14 - rptaylor

Line: 1 to 1
 

Documentation

Line: 122 to 122
 
curl --show-error --connect-timeout 300 --max-time 3600 --cacert $X509_USER_PROXY --capath $X509_CERT_DIR --cert $X509_USER_PROXY --key $X509_USER_PROXY -L http://ugr.heprc.uvic.ca/myfed/atlas/atlaslocalgroupdisk/rucio/data12_8TeV/0b/7e/AOD.01057594._000196.pool.root.1  -o /tmp/testfile.root -w "%{url_effective}\n"
Changed:
<
<
>
>
  -- RyanTaylor - 2013-10-31

Revision 162015-05-08 - rptaylor

Line: 1 to 1
 

Documentation

Line: 29 to 29
 
  • The federator itself does not need to serve pages via HTTPS (so does not need a host certificate). It simply redirects to the endpoints (which use HTTPS). Therefore, comment out the entire IfModule ssl_module stanza in /etc/httpd/conf.d/zlcgdm-ugr-dav.conf
  • Change NSType DPM to NSType lfc in /etc/httpd/conf.d/zlcgdm-ugr-dav.conf
  • If it exists, rm /etc/httpd/conf.d/zlcgdm-dav.conf
Added:
>
>
  • The following lines in /etc/httpd/conf/httpd.conf can be problematic so ensure they are commented out:
#LoadModule dav_module modules/mod_dav.so
#Module dav_module modules/mod_dav.so
 

CAs

Line: 57 to 62
 

Performance Tuning

Changed:
<
<
  • Make sure the glb.locplugin lines in the endpoint configuration specify a concurrency of 10
>
>
  • Make sure the glb.locplugin lines in the endpoint configuration specify a concurrency of 10 as a reasonable default. Rules of thumb:
    • If the ping time to an endpoint is double, double the concurrency
    • If an endpoint is weak or overloaded, halve the concurrency
 
  • Create /etc/security/limits.d/99-federation.conf containing:
apache   soft   nofile   65000
Line: 72 to 79
 
<IfModule mpm_event_module>
   StartServers          4
Changed:
<
<
ServerLimit 4 MinSpareThreads 1 MaxSpareThreads 1200 ThreadLimit 300 ThreadsPerChild 300 MaxClients 1200 MaxRequestsPerChild 0
>
>
ServerLimit 16 MinSpareThreads 16 MaxSpareThreads 400 ThreadLimit 400 ThreadsPerChild 100 MaxClients 400 MaxRequestsPerChild 10000
 
Deleted:
<
<
  • Each Apache process should have the highest number of threads that works
 

VOMS Proxy Configuration

Revision 152015-03-03 - rptaylor

Line: 1 to 1
 

Documentation

Line: 104 to 104
 Use the ugrconfig_from_AGIS script (which comes in src/utils from the dynafed .src.rpm file) to query AGIS for all ATLAS https storage endpoints and generate the necessary UGR configuration to include them in the federation.
  • Prerequisite: yum install davix
  • Copy and chown /etc/grid-security/ugr/ugr1.proxy for your own use, then export X509_USER_PROXY=ugr1.proxy
Changed:
<
<
  • ./ugrconfig_from_AGIS.py  -e scratch tape -t 10  -P grid -k
>
>
  • ./ugrconfig_from_AGIS  -e scratchdisk tape hotdisk HOTDISK -t 10  -P grid -k
 

Operating the Federation

Start

Revision 142015-03-02 - rptaylor

Line: 1 to 1
 

Documentation

Line: 101 to 101
 

Endpoint generation using AGIS

Changed:
<
<
Use the ugrconfig_from_AGIS script to query AGIS for all ATLAS https storage endpoints and generate the necessary UGR configuration to include them in the federation.
>
>
Use the ugrconfig_from_AGIS script (which comes in src/utils from the dynafed .src.rpm file) to query AGIS for all ATLAS https storage endpoints and generate the necessary UGR configuration to include them in the federation.
 
  • Prerequisite: yum install davix
  • Copy and chown /etc/grid-security/ugr/ugr1.proxy for your own use, then export X509_USER_PROXY=ugr1.proxy
  • ./ugrconfig_from_AGIS.py  -e scratch tape -t 10  -P grid -k

Revision 132015-01-13 - rptaylor

Line: 1 to 1
 

Documentation

Added:
>
>
  lcgdm-dav is the front-end module for the federator (also used as a front-end for DPM). It passes queries and responses to the federator through a layer called "dmlite", which is a generic plugin-loading layer for implementing data management services, such as UGR.
Line: 25 to 26
 

Apache Configuration

Changed:
<
<
(add info about ssl config)
>
>
  • The federator itself does not need to serve pages via HTTPS (so does not need a host certificate). It simply redirects to the endpoints (which use HTTPS). Therefore, comment out the entire IfModule ssl_module stanza in /etc/httpd/conf.d/zlcgdm-ugr-dav.conf
  • Change NSType DPM to NSType lfc in /etc/httpd/conf.d/zlcgdm-ugr-dav.conf
  • If it exists, rm /etc/httpd/conf.d/zlcgdm-dav.conf
 

CAs

Line: 54 to 57
 

Performance Tuning

Changed:
<
<
  • Make sure the glb.locplugin lines of ugr.conf specify a concurrency of 10
>
>
  • Make sure the glb.locplugin lines in the endpoint configuration specify a concurrency of 10
 
  • Create /etc/security/limits.d/99-federation.conf containing:
apache   soft   nofile   65000
Line: 106 to 108
 

Operating the Federation

Start

Changed:
<
<
Do sudo service httpd restart; sudo service rsyslog restart; sudo service memcached restart. Connect with a browser to http://servername/myfed and you should be able to browse the WebDav resources specified in /etc/ugr.conf .

Adding endpoints

Update ugr.conf and then sudo service httpd restart; sudo service memcached restart
>
>
Do sudo service httpd restart; sudo service memcached restart. Connect with a browser to http://servername/myfed and you should be able to browse the WebDav endpoints.

Changing endpoints

Update the configuration and then sudo service httpd restart; sudo service memcached restart

Test

  • CLI download:
curl --show-error --connect-timeout 300 --max-time 3600 --cacert $X509_USER_PROXY --capath $X509_CERT_DIR --cert $X509_USER_PROXY --key $X509_USER_PROXY -L http://ugr.heprc.uvic.ca/myfed/atlas/atlaslocalgroupdisk/rucio/data12_8TeV/0b/7e/AOD.01057594._000196.pool.root.1  -o /tmp/testfile.root -w "%{url_effective}\n"
  -- RyanTaylor - 2013-10-31

Revision 122015-01-06 - rptaylor

Line: 1 to 1
 

Documentation

Line: 12 to 12
 To install the Dynamic Federations packages, use the repositories mentioned here, then:
Changed:
<
<
yum install ugr ugr-dav-plugin ugr-dmlite-plugin lcgdm-dav-server httpd memcached neon GeoIP
>
>
yum install dynafed dynafed-dmlite-frontend dynafed-dmlite-plugin dynafed-http-plugin yum install httpd memcached neon GeoIP
 wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz gunzip GeoLiteCity.dat.gz mv GeoLiteCity.dat /usr/share/GeoIP/
Line: 20 to 21
 

UGR Configuration

Changed:
<
<
Edit /etc/ugr.conf and add entries for each endpoint, e.g.:
glb.locplugin[]: /usr/lib64/ugr/libugrlocplugin_dav.so e10_babar 10 dav://elephant10.heprc.uvic.ca/babar
locplugin.e10_babar.ssl_check: false
locplugin.e10_babar.auth_login: xxxxxxxx
locplugin.e10_babar.auth_passwd: yyyyyyyy

glb.locplugin[]: /usr/lib64/ugr/libugrlocplugin_dav.so e08_atlas 10 dav://elephant08.heprc.uvic.ca/atlas
locplugin.e08_atlas.ssl_check: false
locplugin.e08_atlas.auth_login: xxxxxxxx
locplugin.e08_atlas.auth_passwd: yyyyyyyy

glb.locplugin[]: /usr/lib64/ugr/libugrlocplugin_dav.so charon03_atlas 10 https://charon03.westgrid.ca:2880/pnfs/westgrid-test.uvic.ca/data/atlas/
locplugin.charon03_atlas.cli_certificate:/etc/grid-security/federation-ugr1.p12
locplugin.charon03_atlas.ca_path: /etc/grid-security/certificates/
>
>
Create a .conf file in /etc/ugr.conf.d/ and add entries in it for each endpoint.
 

Apache Configuration

Changed:
<
<
Note: zlcgdm-ugr-dav.conf is used instead of zlcgdm-dav.conf, so do rm /etc/httpd/conf.d/zlcgdm-dav.conf
>
>
(add info about ssl config)
 

CAs

Revision 112014-12-11 - rptaylor

Line: 1 to 1
 

Documentation

Line: 112 to 112
 Disallow: /
Added:
>
>

Endpoint generation using AGIS

Use the ugrconfig_from_AGIS script to query AGIS for all ATLAS https storage endpoints and generate the necessary UGR configuration to include them in the federation.

  • Prerequisite: yum install davix
  • Copy and chown /etc/grid-security/ugr/ugr1.proxy for your own use, then export X509_USER_PROXY=ugr1.proxy
  • ./ugrconfig_from_AGIS.py  -e scratch tape -t 10  -P grid -k
 

Operating the Federation

Start

Do sudo service httpd restart; sudo service rsyslog restart; sudo service memcached restart. Connect with a browser to http://servername/myfed and you should be able to browse the WebDav resources specified in /etc/ugr.conf .

Revision 102014-08-28 - rptaylor

Line: 1 to 1
 

Documentation

Line: 103 to 103
 
  • Install the wlcg-voms-atlas RPM from http://linuxsoft.cern.ch/wlcg/ . This populates /etc/vomses and /etc/grid-security/vomsdir
  • Set up a cron job /etc/cron.hourly/ugr-proxy to generate the proxy
Added:
>
>

Robot Exclusion

Ensure that myfederation.org/robots.txt contains:

User-agent: *
Disallow: /
 

Operating the Federation

Start

Do sudo service httpd restart; sudo service rsyslog restart; sudo service memcached restart. Connect with a browser to http://servername/myfed and you should be able to browse the WebDav resources specified in /etc/ugr.conf .

Revision 92014-08-19 - rptaylor

Line: 1 to 1
 

Documentation

Line: 42 to 42
 Note: zlcgdm-ugr-dav.conf is used instead of zlcgdm-dav.conf, so do rm /etc/httpd/conf.d/zlcgdm-dav.conf
Changed:
<
<

Host Certificates

CAs and fetch-crl probably not needed now that SSL is un-needed?
>
>

CAs

This is needed to verify the identities of the storage endpoints.

  Install CAs.
Line: 59 to 60
 
  • /sbin/chkconfig fetch-crl-cron on
  • /etc/init.d/fetch-crl-cron start
Deleted:
<
<
For https-jglobus authentication to Storage Elements, just get a user certificate in PKCS#12 format, e.g. /etc/grid-security/federation-ugr1.p12
 

Logging

The log level can be set in /etc/ugr.conf, from level 1 to 9.
Line: 96 to 95
 
  • Each Apache process should have the highest number of threads that works
Added:
>
>

VOMS Proxy Configuration

UGR can use a proxy with the necessary VO attributes to authenticate to the endpoints. Alternatively, a regular PKCS#12 format certificate can be used for UGR, and the DN will need to be explicitly allowed.

  • Install the EPEL repository (or UMD) ; then yum install voms-clients
  • Install the wlcg-voms-atlas RPM from http://linuxsoft.cern.ch/wlcg/ . This populates /etc/vomses and /etc/grid-security/vomsdir
  • Set up a cron job /etc/cron.hourly/ugr-proxy to generate the proxy
 

Operating the Federation

Start

Revision 82014-08-18 - rptaylor

Line: 1 to 1
 

Documentation

Line: 39 to 39
 

Apache Configuration

Changed:
<
<
Note: zlcgdm-ugr-dav.conf is used instead of zlcgdm-dav.conf .
>
>
Note: zlcgdm-ugr-dav.conf is used instead of zlcgdm-dav.conf, so do rm /etc/httpd/conf.d/zlcgdm-dav.conf
 
Deleted:
<
<
rm /etc/httpd/conf.d/zlcgdm-dav.conf

Edit /etc/httpd/conf.d/ssl.conf and add this line at the end of file:

NameVirtualHost *:443
 

Host Certificates

Changed:
<
<
Request a host certificate and install hostcert.pem and hostkey.pem in /etc/grid-security (what is this needed for? SSL?). Also Install CAs.
>
>
CAs and fetch-crl probably not needed now that SSL is un-needed?

Install CAs.

  Also install fetch-crl:

Revision 72014-07-28 - rptaylor

Line: 1 to 1
 

Documentation

Added:
>
>
lcgdm-dav is the front-end module for the federator (also used as a front-end for DPM). It passes queries and responses to the federator through a layer called "dmlite", which is a generic plugin-loading layer for implementing data management services, such as UGR.
 

Installation Guide

To install the Dynamic Federations packages, use the repositories mentioned here, then:

Line: 37 to 39
 

Apache Configuration

Added:
>
>
Note: zlcgdm-ugr-dav.conf is used instead of zlcgdm-dav.conf .
 rm /etc/httpd/conf.d/zlcgdm-dav.conf

Edit /etc/httpd/conf.d/ssl.conf and add this line at the end of file:

Revision 52014-04-11 - rptaylor

Line: 1 to 1
 

Documentation

Line: 19 to 19
  Edit /etc/ugr.conf and add entries for each endpoint, e.g.:
Changed:
<
<
glb.locplugin[]: /usr/lib64/ugr/libugrlocplugin_dav.so e10_babar 30 dav://elephant10.heprc.uvic.ca/babar
>
>
glb.locplugin[]: /usr/lib64/ugr/libugrlocplugin_dav.so e10_babar 10 dav://elephant10.heprc.uvic.ca/babar
 locplugin.e10_babar.ssl_check: false locplugin.e10_babar.auth_login: xxxxxxxx locplugin.e10_babar.auth_passwd: yyyyyyyy
Changed:
<
<
glb.locplugin[]: /usr/lib64/ugr/libugrlocplugin_dav.so e08_atlas 30 dav://elephant08.heprc.uvic.ca/atlas
>
>
glb.locplugin[]: /usr/lib64/ugr/libugrlocplugin_dav.so e08_atlas 10 dav://elephant08.heprc.uvic.ca/atlas
 locplugin.e08_atlas.ssl_check: false locplugin.e08_atlas.auth_login: xxxxxxxx locplugin.e08_atlas.auth_passwd: yyyyyyyy
Changed:
<
<
glb.locplugin[]: /usr/lib64/ugr/libugrlocplugin_dav.so charon03_atlas 30 https://charon03.westgrid.ca:2880/pnfs/westgrid-test.uvic.ca/data/atlas/
>
>
glb.locplugin[]: /usr/lib64/ugr/libugrlocplugin_dav.so charon03_atlas 10 https://charon03.westgrid.ca:2880/pnfs/westgrid-test.uvic.ca/data/atlas/
 locplugin.charon03_atlas.cli_certificate:/etc/grid-security/federation-ugr1.p12 locplugin.charon03_atlas.ca_path: /etc/grid-security/certificates/
Line: 74 to 74
 
apache   soft   nofile   65000
apache   hard   nofile   65000
Changed:
<
<
apache soft nproc 10000 apache hard nproc 10000
>
>
apache soft nproc 65000 apache hard nproc 65000 apache soft sigpending 65000 apache hard sigpending 65000
 
Changed:
<
<
  • Apache should use the mpm_event module, tuned to have at most 2-4 slave Apache processes. (It should not be too high because every fork means multiplying the memory, threads and internal UGR communication paths that are used.)
  • Each Apache process should have the highest number of threads that works
  • Here is a reference for mpm_event tuning in /etc/httpd/conf/httpd.conf, suitable for a system with 16 cores and 24 GB RAM:
>
>
  • Modify /etc/sysconfig/httpd and set HTTPD=/usr/sbin/httpd.event so that Apache uses the mpm_event module.
  • In /etc/httpd/conf.d/event.conf, the mpm_event module should be tuned to have at most 2-4 slave Apache processes. (It should not be too high because every fork means multiplying the memory, threads and internal UGR communication paths that are used.) Here is a reference suitable for a system with 16 cores and 24 GB RAM:
 
<IfModule mpm_event_module>
   StartServers          4
Line: 92 to 93
  MaxRequestsPerChild 0
Added:
>
>
  • Each Apache process should have the highest number of threads that works
 

Operating the Federation

Start

Revision 42014-04-01 - rptaylor

Line: 1 to 1
 

Documentation

Line: 17 to 17
 

UGR Configuration

Changed:
<
<
Edit /etc/ugr.conf and comment this entry:
>
>
Edit /etc/ugr.conf and add entries for each endpoint, e.g.:
 
Deleted:
<
<
########### ## Talk to a DPM instance at CERN via WebDAV ## #glb.locplugin[]: /usr/lib64/ugr/libugrlocplugin_dav.so dav_plugin_dpm 30 https://cvitbdpm1.cern.ch:443/dpm/cern.ch/home #locplugin.dav_plugin_dpm.ssl_check: false #locplugin.dav_plugin_dpm.cli_certificate: /etc/grid-security/federation-host-nopwd.p12
 glb.locplugin[]: /usr/lib64/ugr/libugrlocplugin_dav.so e10_babar 30 dav://elephant10.heprc.uvic.ca/babar locplugin.e10_babar.ssl_check: false locplugin.e10_babar.auth_login: xxxxxxxx
Line: 35 to 28
 locplugin.e08_atlas.ssl_check: false locplugin.e08_atlas.auth_login: xxxxxxxx locplugin.e08_atlas.auth_passwd: yyyyyyyy
Added:
>
>
glb.locplugin[]: /usr/lib64/ugr/libugrlocplugin_dav.so charon03_atlas 30 https://charon03.westgrid.ca:2880/pnfs/westgrid-test.uvic.ca/data/atlas/ locplugin.charon03_atlas.cli_certificate:/etc/grid-security/federation-ugr1.p12 locplugin.charon03_atlas.ca_path: /etc/grid-security/certificates/
 

Apache Configuration

Line: 46 to 43
 NameVirtualHost *:443
Deleted:
<
<
For good performance results, Apache should use the mpm_event module, tuned to have max 2-4 slave Apache processes, each one with the maximum number of threads that Apache can start and work with.
 

Host Certificates

Changed:
<
<
Request a host certificate and install hostcert.pem and hostkey.pem in /etc/grid-security . Also Install CAs.
>
>
Request a host certificate and install hostcert.pem and hostkey.pem in /etc/grid-security (what is this needed for? SSL?). Also Install CAs.
  Also install fetch-crl:
Line: 63 to 58
 
  • /sbin/chkconfig fetch-crl-cron on
  • /etc/init.d/fetch-crl-cron start
Added:
>
>
For https-jglobus authentication to Storage Elements, just get a user certificate in PKCS#12 format, e.g. /etc/grid-security/federation-ugr1.p12
 

Logging

The log level can be set in /etc/ugr.conf, from level 1 to 9.
Line: 70 to 67
  The logs are located in /var/log/ugr/
Added:
>
>

Performance Tuning

  • Make sure the glb.locplugin lines of ugr.conf specify a concurrency of 10
  • Create /etc/security/limits.d/99-federation.conf containing:
apache   soft   nofile   65000
apache   hard   nofile   65000
apache   soft   nproc   10000
apache   hard   nproc   10000
  • Apache should use the mpm_event module, tuned to have at most 2-4 slave Apache processes. (It should not be too high because every fork means multiplying the memory, threads and internal UGR communication paths that are used.)
  • Each Apache process should have the highest number of threads that works
  • Here is a reference for mpm_event tuning in /etc/httpd/conf/httpd.conf, suitable for a system with 16 cores and 24 GB RAM:
<IfModule mpm_event_module>
   StartServers          4
   ServerLimit           4
   MinSpareThreads       1
   MaxSpareThreads    1200
   ThreadLimit         300
   ThreadsPerChild     300
   MaxClients         1200
   MaxRequestsPerChild   0
</IfModule> 
 

Operating the Federation

Start

Do sudo service httpd restart; sudo service rsyslog restart; sudo service memcached restart. Connect with a browser to http://servername/myfed and you should be able to browse the WebDav resources specified in /etc/ugr.conf .

Revision 32013-12-05 - rptaylor

Line: 1 to 1
 

Documentation

Line: 52 to 52
 Request a host certificate and install hostcert.pem and hostkey.pem in /etc/grid-security . Also Install CAs.

Also install fetch-crl:

Changed:
<
<
>
>
 
  • Apply the following settings in /etc/fetch-crl.conf:
    warnings
    noquiet
Line: 68 to 68
 
glb.debug: 1
Added:
>
>
The logs are located in /var/log/ugr/
 
Added:
>
>

Operating the Federation

 

Start

Changed:
<
<
Do service httpd restart; service rsyslog restart, then test the system. Connect with a browser to http://servername/myfed You should be able to browse the WebDav resource specified in /etc/ugr.conf .
>
>
Do sudo service httpd restart; sudo service rsyslog restart; sudo service memcached restart. Connect with a browser to http://servername/myfed and you should be able to browse the WebDav resources specified in /etc/ugr.conf .

Adding endpoints

Update ugr.conf and then sudo service httpd restart; sudo service memcached restart
  -- RyanTaylor - 2013-10-31

Revision 22013-11-18 - crlb

Line: 1 to 1
 

Documentation

Line: 6 to 6
 

Installation Guide

Changed:
<
<
To install the Dynamic Federations packages, use the repositories mentioned here, then do yum install ugr ugr-dav-plugin ugr-dmlite-plugin lcgdm-dav-server httpd memcached
>
>
To install the Dynamic Federations packages, use the repositories mentioned here, then:
 
Changed:
<
<
Also install Apache.
>
>
yum install ugr ugr-dav-plugin ugr-dmlite-plugin lcgdm-dav-server httpd memcached neon GeoIP
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
gunzip GeoLiteCity.dat.gz
mv GeoLiteCity.dat /usr/share/GeoIP/
 

UGR Configuration

Line: 20 to 25
 #glb.locplugin[]: /usr/lib64/ugr/libugrlocplugin_dav.so dav_plugin_dpm 30 https://cvitbdpm1.cern.ch:443/dpm/cern.ch/home #locplugin.dav_plugin_dpm.ssl_check: false #locplugin.dav_plugin_dpm.cli_certificate: /etc/grid-security/federation-host-nopwd.p12
Added:
>
>
glb.locplugin[]: /usr/lib64/ugr/libugrlocplugin_dav.so e10_babar 30 dav://elephant10.heprc.uvic.ca/babar locplugin.e10_babar.ssl_check: false locplugin.e10_babar.auth_login: xxxxxxxx locplugin.e10_babar.auth_passwd: yyyyyyyy

glb.locplugin[]: /usr/lib64/ugr/libugrlocplugin_dav.so e08_atlas 30 dav://elephant08.heprc.uvic.ca/atlas locplugin.e08_atlas.ssl_check: false locplugin.e08_atlas.auth_login: xxxxxxxx locplugin.e08_atlas.auth_passwd: yyyyyyyy

 

Apache Configuration

Line: 56 to 71
 

Start

Changed:
<
<
Do service httpd restart, then test the system. Connect with a browser to http://servername/myfed
>
>
Do service httpd restart; service rsyslog restart, then test the system. Connect with a browser to http://servername/myfed
 You should be able to browse the WebDav resource specified in /etc/ugr.conf .

Revision 12013-10-31 - rptaylor

Line: 1 to 1
Added:
>
>

Documentation

http://www.dynamicfederation.org

Installation Guide

To install the Dynamic Federations packages, use the repositories mentioned here, then do yum install ugr ugr-dav-plugin ugr-dmlite-plugin lcgdm-dav-server httpd memcached

Also install Apache.

UGR Configuration

Edit /etc/ugr.conf and comment this entry:

###########
## Talk to a DPM instance at CERN via WebDAV
##
#glb.locplugin[]: /usr/lib64/ugr/libugrlocplugin_dav.so dav_plugin_dpm 30 https://cvitbdpm1.cern.ch:443/dpm/cern.ch/home
#locplugin.dav_plugin_dpm.ssl_check: false
#locplugin.dav_plugin_dpm.cli_certificate: /etc/grid-security/federation-host-nopwd.p12

Apache Configuration

rm /etc/httpd/conf.d/zlcgdm-dav.conf

Edit /etc/httpd/conf.d/ssl.conf and add this line at the end of file:

NameVirtualHost *:443

For good performance results, Apache should use the mpm_event module, tuned to have max 2-4 slave Apache processes, each one with the maximum number of threads that Apache can start and work with.

Host Certificates

Request a host certificate and install hostcert.pem and hostkey.pem in /etc/grid-security . Also Install CAs.

Also install fetch-crl:

  • Install the latest v3 RPM from https://dist.eugridpma.info/distribution/util/fetch-crl3/
  • Apply the following settings in /etc/fetch-crl.conf:
    warnings
    noquiet
    verbosity = 1
    logmode=syslog
    
  • /sbin/chkconfig fetch-crl-boot on
  • /sbin/chkconfig fetch-crl-cron on
  • /etc/init.d/fetch-crl-cron start

Logging

The log level can be set in /etc/ugr.conf, from level 1 to 9.
glb.debug: 1

Start

Do service httpd restart, then test the system. Connect with a browser to http://servername/myfed You should be able to browse the WebDav resource specified in /etc/ugr.conf .

-- RyanTaylor - 2013-10-31

 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback