VOMS Setup

Much of the VOMS configuration from the system perspective follows the MyProxy configuration (PxWlcg).

It consists of Linux-HA sharing the prod-voms address with lemon sensors for voms load and status.

Certificate request

Only a certificate for the prod-voms and vom101 was requested. There was no need for voms102 and voms103 since they are in high availability configuration.

Lemon monitoring

A lemon sensor for VOMS availability is set up using voms status. This reports to lemon metrics 808 and 809.

The same procedure as the EGEE.BDII was followed.

Testing

Reinstallation

The reinstallation of a VOMS machine is semi-automatic. Run PrepareInstall vomsXXX and reboot the machine. This will reinstall the machine.

After the reinstallation has successfully finished, log in to the machine as root (You may have to renew your Kerberos ticket), and initiate the backup again by running:

dsmc i

Just type return for the user name and enter the password. This command will do an incremental backup automatically afterwards.

To restore the data of /opt and /var from before the reinstallation, type the following commands:

dsmc
restore -pitd="date of last backup before the reinstall in the format mm/dd/yyyy" -pitt=00:00:00 -sub=yes /opt/
restore -pitd="date of last backup before the reinstall in the format mm/dd/yyyy" -pitt=00:00:00 -sub=yes /var/
quit

Don't forget to put the machine in maintenance state before this operation, or it is possibly already put in this state by the Operator/SysAdmins. Afterwards you have to put it in production again:

sms clear vomsXXX

User Setup

source /afs/cern.ch/project/gd/LCG-share/sl3/etc/profile.d/grid_env.csh

Create file ~/.edg/vomses/test-voms102.cern.ch with content (ONE line):

"test" "prod-voms.cern.ch" "15010" "/C=CH/O=CERN/OU=GRID/CN=host/lcg-voms.cern.ch" "test"

If you want the proxy to be successful you 'll have to register in the VO 'test' by opening https://voms102.cern.ch:8443/vo/test/vomrs We will approve you.

You don't need to repeat the registration for voms103 as they share the same db.

Testing

Running voms-proxy-init to create a new proxy

$ voms-proxy-init -voms test
Your identity: /C=CH/O=CERN/OU=GRID/CN=Tim Bell 6176
Enter GRID pass phrase:
Creating temporary proxy ............................ Done
Contacting  voms102.cern.ch:15010 [/C=CH/O=CERN/OU=GRID/CN=host/lcg-voms.cern.ch] "test" Done
Creating proxy .................................................................... Done
Your proxy is valid until Wed Apr  5 03:08:19 2006

Contacting  voms102.cern.ch:15010 [/C=CH/O=CERN/OU=GRID/CN=host/lcg-voms.cern.ch] "test"
Warning: test: User unknown to this VO. Error: VERR_SERVERCODE Failed.
Failed to contact servers for test.

If you get Error: VERR_NOSOCKET Failed., the server is down.

Standby testing

- vomrs is up on master tested using vomrs status

# /usr/lib/heartbeat/hb_standby

check

- vomrs has stopped on master (using vomrs status showning not running) - vomrs starts on slave (using vomrs status)

Reboot testing

Check that the master is running using vomrs status and then reboot the master.

The slave should automatically detect the problem and become master.

The vomrs status command and the voms-proxy-init should work.

On the rebooted machine, check that vomrs status shows down. Check voms-ping shows up.

Related Documents

Link	Description
VomsStartStopCheck	Start/Stop check for VOMS
vomrs	VOMRS Documentation
voms	VOMS Guide
voms-admin	VOMS-Admin component Guide