Installation Guide

To install the Dynamic Federations packages, use the repositories mentioned here, then:

yum install ugr ugr-dav-plugin ugr-dmlite-plugin lcgdm-dav-server httpd memcached neon GeoIP
gunzip GeoLiteCity.dat.gz
mv GeoLiteCity.dat /usr/share/GeoIP/

UGR Configuration

Edit /etc/ugr.conf and add entries for each endpoint, e.g.:

glb.locplugin[]: /usr/lib64/ugr/ e10_babar 30 dav://
locplugin.e10_babar.ssl_check: false
locplugin.e10_babar.auth_login: xxxxxxxx
locplugin.e10_babar.auth_passwd: yyyyyyyy

glb.locplugin[]: /usr/lib64/ugr/ e08_atlas 30 dav://
locplugin.e08_atlas.ssl_check: false
locplugin.e08_atlas.auth_login: xxxxxxxx
locplugin.e08_atlas.auth_passwd: yyyyyyyy

glb.locplugin[]: /usr/lib64/ugr/ charon03_atlas 30
locplugin.charon03_atlas.ca_path: /etc/grid-security/certificates/

Apache Configuration

rm /etc/httpd/conf.d/zlcgdm-dav.conf

Edit /etc/httpd/conf.d/ssl.conf and add this line at the end of file:

NameVirtualHost *:443

Host Certificates

Request a host certificate and install hostcert.pem and hostkey.pem in /etc/grid-security (what is this needed for? SSL?). Also Install CAs.

Also install fetch-crl:

  • Install the latest v3 RPM from or EPEL
  • Apply the following settings in /etc/fetch-crl.conf:
    verbosity = 1
  • /sbin/chkconfig fetch-crl-boot on
  • /sbin/chkconfig fetch-crl-cron on
  • /etc/init.d/fetch-crl-cron start

For https-jglobus authentication to Storage Elements, just get a user certificate in PKCS#12 format, e.g. /etc/grid-security/federation-ugr1.p12


The log level can be set in /etc/ugr.conf, from level 1 to 9.
glb.debug: 1
The logs are located in /var/log/ugr/

Performance Tuning

  • Make sure the glb.locplugin lines of ugr.conf specify a concurrency of 10
  • Create /etc/security/limits.d/99-federation.conf containing:
apache   soft   nofile   65000
apache   hard   nofile   65000
apache   soft   nproc   10000
apache   hard   nproc   10000
  • Apache should use the mpm_event module, tuned to have at most 2-4 slave Apache processes. (It should not be too high because every fork means multiplying the memory, threads and internal UGR communication paths that are used.)
  • Each Apache process should have the highest number of threads that works
  • Here is a reference for mpm_event tuning in /etc/httpd/conf/httpd.conf, suitable for a system with 16 cores and 24 GB RAM:
<IfModule mpm_event_module>
   StartServers          4
   ServerLimit           4
   MinSpareThreads       1
   MaxSpareThreads    1200
   ThreadLimit         300
   ThreadsPerChild     300
   MaxClients         1200
   MaxRequestsPerChild   0

Operating the Federation


Do sudo service httpd restart; sudo service rsyslog restart; sudo service memcached restart. Connect with a browser to http://servername/myfed and you should be able to browse the WebDav resources specified in /etc/ugr.conf .

Adding endpoints

Update ugr.conf and then sudo service httpd restart; sudo service memcached restart

-- RyanTaylor - 2013-10-31

Edit | Attach | Watch | Print version | History: r20 | r6 < r5 < r4 < r3 | Backlinks | Raw View | More topic actions...
Topic revision: r4 - 2014-04-01 - rptaylor
  • Edit
  • Attach
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback