FCR Production installation

The Freedom Of Choice For Resources framework has the following main comonents

• database
  • + bdii2oracle tool (SAM Framework)
• software
  • + cron jobs

FCR DB

As FCR and SAM are basically sharing database, the FCR DB declarations are strongly dependent on SAM tables. Scripts are available in /opt/lcg/FCR/db/ to declare necessary tables and create synonyms for some SAM tables.

Some of the FCR tables are updated by the bdii2oracle tool, which is a part of the SAM framework.

FCR-specific tables:

• ceResource, seResource: CE/SE resources information, obtained from BDII. (Resource means queue, SARoot, etc.).
  • Update: bdii2oracle
  • Located at: SAM DB
• ceResVo, seResVo: binding the above resources to VOs
  • Update: bdii2oracle
  • Located at: SAM DB
• fcrConfAccess: access for VOs, based on user DNs
  • Update: manually
  • Located at: FCR DB
• fcrConfCe, fcrConfSe: black&whitelists defined by the VOs
  • Updated: by FCR portal on interactive modifications
  • Located at: FCR DB
• fcrConfCeHistory, fcrConfSeHistory: archive for changes on the above two
  • Located at: FCR DB

Threre are synonyms to be referred across the 2 DBs in order to have all information available. We're not listing those all here now.

The following triggers make sure that the history tables would be updated with aging information:

• ceResourceInsert, seResourceInsert: selecting next ID from ceIDSeq, seIDSeq before inserting to ceResource, seResource tables whenever new values are inserted
  • Located at: SAM DB
• CeResVoInsert, SeResVoInsert: adding resource with relevant default values to CeResVo, CeResVoInsert
  • Located at: SAM DB
• FCRConfCeInsert, FCRConfSeInsert: updating timestamp for FCRConfCe, FCRConfSe whenever a modification was made
  • Located at: FCR DB
• LogFCRConfCeHistory, LogFCRConfSeHistory: add old data to FCRConfCeHistory, FCRConfSeHistory correspondingly
  • Located at: FCR DB

In the CERN production instance we have 3 DB accounts to use:

• admin account (LCG_FCR): to perform admin operations on the DB (creating, dropping tables, etc.)
• read-write account (LCG_FCR_PORTAL_VO): for the FCR Admin portal, to enable operations performed by VO responsibles (modifications on Critical Test list, black-whitelisting, etc)
• read account (LCG_FCR_PORTAL_USER): for the FCR User portal to query current status of services

Software

FCR software includes the portal's code, and scripts to generate the exclude LDIF file. The software is installed in /opt/lcg/FCR . Configuration (DB connection, etc) has to be defined in /opt/lcg/FCR/conf/fcr.conf (a template is provided as an example).

On the production instance of FCR there are 2 FCR interfaces running

• Production
• PPS

Since FCR RPM installation only supports one instance per node, the /opt/lcg/FCR directory is copied over to /opt/lcg/FCR-PPS after the RPM was installed. Also, the config file has to be changed (site type) accordingly.

Httpd

The FCR web interface requires some configuration in the httpd web server. An example file is available (/opt/lcg/FCR/conf/fcr-httpd.conf.template) to help that.

The FCR interfaces (both the User and the Admin Portal) needs HTTPS access using GRID certificates. However, the exclude LDIF file, that the BDIIs have to download must be available via HTTP. So we need 2 virtual hosts to be defined accordingly.

However, currenty on the production instance of FCR both the Production and the PPS FCR portals are installed. This means 4 virtual hosts, as both instances require 2. The reason for this is because httpd only supports separate perl interpreters for the 2 portal softwares this way. Otherwise it's impossible to force separate libraries to be used by the PPS and Production instance (and they mustn't use the same!).

cron

There is a cron job running every 5 minutes, to update the exclude LDIF file. This is done by invoking wrapper script /opt/lcg/FCR/cron/cron-gen-exclude-ldif.sh (that calles /opt/lcg/FCR/bin/gen-exclude-ldif.pl, the script that does the job). An example file (/opt/lcg/FCR/cron/fcr-exclude-ldif_template) is available to define the cron entry.

-- Main.jnovak - 12 Sep 2007