FCR Production installation
The
Freedom Of Choice For Resources framework has the following main comonents
- database
- +
bdii2oracle
tool (SAM Framework)
- software
FCR DB
As FCR and SAM are basically sharing database, the FCR DB declarations are strongly dependent on SAM tables. Scripts are available in
/opt/lcg/FCR/db/
to declare necessary tables and create synonyms for some SAM tables.
Some of the FCR tables are updated by the
bdii2oracle
tool, which is a part of the SAM framework.
FCR-specific tables:
-
ceResource
, seResource
: CE/SE resources information, obtained from BDII. (Resource means queue, SARoot, etc.).
- Update:
bdii2oracle
- Located at: SAM DB
-
ceResVo
, seResVo
: binding the above resources to VOs
- Update:
bdii2oracle
- Located at: SAM DB
-
fcrConfAccess
: access for VOs, based on user DNs
- Update: manually
- Located at: FCR DB
-
fcrConfCe
, fcrConfSe
: black&whitelists defined by the VOs
- Updated: by FCR portal on interactive modifications
- Located at: FCR DB
-
fcrConfCeHistory
, fcrConfSeHistory
: archive for changes on the above two
Threre are synonyms to be referred across the 2 DBs in order to have all information available. We're not listing those all here now.
The following triggers make sure that the history tables would be updated with aging information:
-
ceResourceInsert
, seResourceInsert
: selecting next ID from ceIDSeq
, seIDSeq
before inserting to ceResource
, seResource
tables whenever new values are inserted
-
CeResVoInsert
, SeResVoInsert
: adding resource with relevant default values to CeResVo
, CeResVoInsert
-
FCRConfCeInsert
, FCRConfSeInsert
: updating timestamp for FCRConfCe
, FCRConfSe
whenever a modification was made
-
LogFCRConfCeHistory
, LogFCRConfSeHistory
: add old data to FCRConfCeHistory
, FCRConfSeHistory
correspondingly
In the CERN production instance we have 3 DB accounts to use:
- admin account (
LCG_FCR
): to perform admin operations on the DB (creating, dropping tables, etc.)
- read-write account (
LCG_FCR_PORTAL_VO
): for the FCR Admin portal, to enable operations performed by VO responsibles (modifications on Critical Test list, black-whitelisting, etc)
- read account (
LCG_FCR_PORTAL_USER
): for the FCR User portal to query current status of services
Software
FCR software includes the portal's code, and scripts to generate the exclude LDIF file.
The software is installed in
/opt/lcg/FCR
. Configuration (DB connection, etc) has
to be defined in
/opt/lcg/FCR/conf/fcr.conf
(a template is provided as an example).
On the production instance of FCR there are 2 FCR interfaces running
Since FCR RPM installation only supports one instance per node, the
/opt/lcg/FCR
directory is
copied over to
/opt/lcg/FCR-PPS
after the RPM was installed. Also, the config file has to be
changed (site type) accordingly.
Httpd
The FCR web interface requires some configuration in the
httpd
web server. An example
file is available (
/opt/lcg/FCR/conf/fcr-httpd.conf.template
) to help that.
The FCR interfaces (both the User and the Admin Portal) needs HTTPS access using GRID
certificates. However, the exclude LDIF file, that the BDIIs have to download must be
available via HTTP. So we need 2 virtual hosts to be defined accordingly.
However, currenty on the production instance of FCR both the Production and the PPS
FCR portals are installed. This means 4 virtual hosts, as both instances require 2.
The reason for this is because
httpd
only supports separate perl interpreters for the
2 portal softwares this way. Otherwise it's impossible to force separate libraries to be
used by the PPS and Production instance (and they mustn't use the same!).
cron
There is a cron job running every 5 minutes, to update the exclude LDIF file. This is done by invoking wrapper script
/opt/lcg/FCR/cron/cron-gen-exclude-ldif.sh
(that calles
/opt/lcg/FCR/bin/gen-exclude-ldif.pl
, the script that does the job).
An example file (
/opt/lcg/FCR/cron/fcr-exclude-ldif_template
) is available to define the
cron
entry.
-- Main.jnovak - 12 Sep 2007