Much of the
VOMS configuration from the system perspective follows the MyProxy configuration (
PxWlcg).
It consists of Linux-HA sharing the prod-voms address with lemon sensors for voms load and status.
Certificate request
Only a certificate for the prod-voms and vom101 was requested. There was no need for voms102 and voms103 since they are in high availability configuration.
Lemon monitoring
A lemon sensor for
VOMS availability is set up using
voms status
. This reports to lemon metrics 808 and 809.
The same procedure as the
EGEE.BDII was followed.
Testing
Reinstallation
The reinstallation of a
VOMS machine is semi-automatic. Run
PrepareInstall vomsXXX and reboot the machine. This will reinstall the machine.
After the reinstallation has successfully finished, log in to the machine as root (You may have to renew your Kerberos ticket), and initiate the backup again by running:
dsmc i
Just type return for the user name and enter the password. This command will do an incremental backup automatically afterwards.
To restore the data of /opt and /var from before the reinstallation, type the following commands:
dsmc
restore -pitd="date of last backup before the reinstall in the format mm/dd/yyyy" -pitt=00:00:00 -sub=yes /opt/
restore -pitd="date of last backup before the reinstall in the format mm/dd/yyyy" -pitt=00:00:00 -sub=yes /var/
quit
Don't forget to put the machine in maintenance state before this operation, or it is possibly already put in this state by the Operator/SysAdmins. Afterwards you have to put it in production again:
sms clear vomsXXX
User Setup
Login to lxplus
source /afs/cern.ch/project/gd/LCG-share/sl3/etc/profile.d/grid_env.csh
Create file
~/.edg/vomses/test-voms102.cern.ch
with content (ONE line):
"test" "prod-voms.cern.ch" "15010" "/C=CH/O=CERN/OU=GRID/CN=host/lcg-voms.cern.ch" "test"
If you want the proxy to be successful you 'll have to register in the VO
'test' by opening
https://voms102.cern.ch:8443/vo/test/vomrs
We will approve you.
You don't need to repeat the registration for voms103 as they share the
same db.
Testing
Running voms-proxy-init to create a new proxy
$ voms-proxy-init -voms test
Your identity: /C=CH/O=CERN/OU=GRID/CN=Tim Bell 6176
Enter GRID pass phrase:
Creating temporary proxy ............................ Done
Contacting voms102.cern.ch:15010 [/C=CH/O=CERN/OU=GRID/CN=host/lcg-voms.cern.ch] "test" Done
Creating proxy .................................................................... Done
Your proxy is valid until Wed Apr 5 03:08:19 2006
If you get the message
Contacting voms102.cern.ch:15010 [/C=CH/O=CERN/OU=GRID/CN=host/lcg-voms.cern.ch] "test"
Warning: test: User unknown to this VO. Error: VERR_SERVERCODE Failed.
Failed to contact servers for test.
If you get
Error: VERR_NOSOCKET Failed.
, the server is down.
Standby testing
Check that
- vomrs is up on master tested using
vomrs status
# /usr/lib/heartbeat/hb_standby
check
- vomrs has stopped on master (using
vomrs status
showning not running)
- vomrs starts on slave (using
vomrs status
)
Reboot testing
Check that the master is running using
vomrs status
and then reboot the master.
The slave should automatically detect the problem and become master.
The
vomrs status
command and the
voms-proxy-init
should work.
On the rebooted machine, check that
vomrs status
shows down. Check
voms-ping
shows up.
Related Documents
--
TimBell - 24 Mar 2006