== Verification of dpm.dpm.sl6.x86_64-1.9.0 == === Ticket assigned === * [Ticket https://rt.egi.eu/rt/Ticket/Display.html?id=12281] === Install UMD4 repos === NOTE: EPEL already installed {{{ [root@test27 yum.repos.d]# pwd /etc/yum.repos.d [root@test27 yum.repos.d]# wget http://repository.egi.eu/sw/production/umd/4/repofiles/sl6/UMD-4-base.repo [root@test27 yum.repos.d]# wget http://repository.egi.eu/sw/production/umd/4/repofiles/sl6/UMD-4-updates.repo [root@test27 yum.repos.d]# wget http://repository.egi.eu/sw/production/cas/1/current/repo-files/EGI-trustanchors.repo [root@test27 ~]# rpm --import http://download.nordugrid.org/RPM-GPG-KEY-nordugrid [root@test27 ~]# rpm --import http://repository.egi.eu/sw/production/umd/UMD-RPM-PGP-KEY }}} {{{ [root@test27 yum.repos.d]# cat UMD-4-base.repo [UMD-4-base] name=UMD 4 base (SL6) baseurl=http://repository.egi.eu/sw/production/umd/4/sl6/$basearch/base protect=1 enabled=1 # To use priorities you must have yum-priorities installed priority=1 gpgcheck=1 gpgkey=http://emisoft.web.cern.ch/emisoft/dist/EMI/3/RPM-GPG-KEY-emi http://repo-rpm.ige-project.eu/RPM-GPG-KEY-IGE http://repository.egi.eu/sw/production/umd/UMD-RPM-PGP-KEY http://www.qoscosgrid.org/qcg-packages/sl5/RPM-GPG-KEY-QCG http://download.nordugrid.org/RPM-GPG-KEY-nordugrid http://fedoraproject.org/static/0608B895.txt [root@test27 yum.repos.d]# cat UMD-4-updates.repo [UMD-4-updates] name=UMD 4 updates (SL6) baseurl=http://repository.egi.eu/sw/production/umd/4/sl6/$basearch/updates protect=1 enabled=1 # To use priorities you must have yum-priorities installed priority=1 gpgcheck=1 gpgkey=http://emisoft.web.cern.ch/emisoft/dist/EMI/3/RPM-GPG-KEY-emi http://repo-rpm.ige-project.eu/RPM-GPG-KEY-IGE http://repository.egi.eu/sw/production/umd/UMD-RPM-PGP-KEY http://www.qoscosgrid.org/qcg-packages/sl5/RPM-GPG-KEY-QCG http://download.nordugrid.org/RPM-GPG-KEY-nordugrid http://fedoraproject.org/static/0608B895.txt }}} === Install repos for packages to verify === {{{ [root@test27 yum.repos.d]# wget http://admin-repo.egi.eu/sw/unverified/umd-4.dpm.dpm.sl6.x86_64/1/9/0/repofiles/DPM.dpm.sl6.x86_64.repo [root@test27 yum.repos.d]# cat DPM.dpm.sl6.x86_64.repo # EGI Software Repository - REPO META (releaseId,repositoryId,repofileId) - (12281,2255,2205) [DPM.dpm.sl6.x86_64] name=DPM.dpm.sl6.x86_64 baseurl=http://admin-repo.egi.eu/sw/unverified/umd-4.dpm.dpm.sl6.x86_64/1/9/0/ enabled=1 protect=1 priority=1 gpgcheck=1 gpgkey=http://emisoft.web.cern.ch/emisoft/dist/EMI/3/RPM-GPG-KEY-emi }}} === Install packages to verify === {{{ [root@test27 ~]# LC_ALL=C yum install dpm-argus [.....] Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: dpm-argus x86_64 1.8.10-1.el6 UMD-4-updates 20 k Installing for dependencies: argus-pep-api-c x86_64 2.3.0-2.el6.centos UMD-4-updates 49 k dpm-libs x86_64 1.9.0-1.el6 DPM.dpm.sl6.x86_64 138 k dpm-name-server-mysql x86_64 1.9.0-1.el6 DPM.dpm.sl6.x86_64 117 k finger x86_64 0.17-40.el6 sl 21 k globus-callout x86_64 3.14-1.el6 UMD-4-updates 19 k globus-common x86_64 16.4-1.el6 UMD-4-updates 118 k globus-gsi-callback x86_64 5.8-1.el6 UMD-4-updates 39 k globus-gsi-cert-utils x86_64 9.12-1.el6 UMD-4-updates 21 k globus-gsi-credential x86_64 7.9-1.el6 UMD-4-updates 34 k globus-gsi-openssl-error x86_64 3.5-2.el6 UMD-4-updates 17 k globus-gsi-proxy-core x86_64 7.9-1.el6 UMD-4-updates 34 k globus-gsi-proxy-ssl x86_64 5.8-1.el6 UMD-4-updates 18 k globus-gsi-sysconfig x86_64 6.9-1.el6 UMD-4-updates 29 k globus-gss-assist x86_64 10.15-1.el6 UMD-4-updates 33 k globus-gssapi-gsi x86_64 12.1-1.el6 UMD-4-updates 61 k globus-openssl-module x86_64 4.6-2.el6 UMD-4-updates 15 k lcgdm-libs x86_64 1.9.0-1.el6 DPM.dpm.sl6.x86_64 106 k libtool-ltdl x86_64 2.2.6-15.5.el6 sl 43 k mysql x86_64 5.1.73-7.el6 sl 894 k mysql-libs x86_64 5.1.73-7.el6 sl 1.2 M voms x86_64 2.0.14-1.el6 UMD-4-updates 139 k Transaction Summary ================================================================================ Install 22 Package(s) Total download size: 3.1 M Installed size: 9.0 M Is this ok [y/N]: [.....] Complete! }}} {{{ [root@test27 ~]# LC_ALL=C yum install mysql-server [.....] Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: mysql-server x86_64 5.1.73-7.el6 sl 8.6 M Installing for dependencies: perl-DBD-MySQL x86_64 4.013-3.el6 sl 133 k Transaction Summary ================================================================================ Install 2 Package(s) Total download size: 8.7 M Installed size: 25 M Is this ok [y/N]: [.....] Complete! }}} {{{ [root@test27 ~]# LC_ALL=C yum install dpm globus-proxy-utils [.....] Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: dpm x86_64 1.9.0-1.el6 DPM.dpm.sl6.x86_64 159 k globus-proxy-utils x86_64 6.15-1.el6 UMD-4-updates 48 k Transaction Summary ================================================================================ Install 2 Package(s) Total download size: 207 k Installed size: 811 k Is this ok [y/N]: [.....] Complete! [root@test27 ~]# LC_ALL=C yum install dpm-server-mysql [.....] Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: dpm-server-mysql x86_64 1.9.0-1.el6 DPM.dpm.sl6.x86_64 122 k Installing for dependencies: MySQL-python x86_64 1.2.3-0.3.c1.1.el6 sl 85 k python-lxml x86_64 2.2.3-1.1.el6 sl 2.0 M Transaction Summary ================================================================================ Install 3 Package(s) Total download size: 2.2 M Installed size: 22 M Is this ok [y/N]: [.....] Complete! [root@test27 ~]# LC_ALL=C yum install lcg-CA [.....] Complete! }}} === Configuring packages to verify === Ref.: [https://svnweb.cern.ch/trac/lcgdm/wiki/Dpm/Admin/Configuration/Manual] ==== daemon: ==== {{{ [root@test27 ~]# groupadd -g 151 dpmmgr [root@test27 ~]# useradd -c "DPM manager" -g dpmmgr -u 151 -r -m dpmmgr [root@test27 ~]# mkdir /etc/grid-security/dpmmgr [root@test27 ~]# cp -a /etc/grid-security/hostcert.pem /etc/grid-security/dpmmgr/dpmcert.pem [root@test27 ~]# cp -a /etc/grid-security/hostkey.pem /etc/grid-security/dpmmgr/dpmkey.pem [root@test27 ~]# chown -R dpmmgr.dpmmgr /etc/grid-security/dpmmgr [root@test27 ~]# mkdir /etc/grid-security/gridmapdir [root@test27 ~]# touch /etc/grid-security/grid-mapfile [root@test27 ~]# chmod 1774 /etc/grid-security/gridmapdir/ [root@test27 ~]# chown dpmmgr.dpmmgr /etc/grid-security/gridmapdir/ [root@test27 ~]# mkdir /etc/grid-security/vomsdir/ops/ [root@test27 ~]# vim /etc/grid-security/vomsdir/ops/voms2.cern.ch.lsc /DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch /DC=ch/DC=cern/CN=CERN Grid Certification Authority [root@test27 ~]# vim /etc/grid-security/vomsdir/ops/lcg-voms2.cern.ch.lsc /DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch /DC=ch/DC=cern/CN=CERN Grid Certification Authority [root@test27 ~]# cp -a /usr/lib64/dpm-mysql/NSCONFIG.templ /etc/NSCONFIG [root@test27 ~]# chown root.dpmmgr /etc/NSCONFIG [root@test27 ~]# chmod 640 /etc/NSCONFIG [root@test27 ~]# vim /etc/NSCONFIG dpm/dpmpass@test27.egi.cesga.es [root@test27 ~]# cp -a /usr/lib64/dpm-mysql/DPMCONFIG.templ /etc/DPMCONFIG [root@test27 ~]# vim /etc/DPMCONFIG dpm/dpmpass@test27.egi.cesga.es }}} {{{ [root@test27 ~]# groupadd -g 30001 ops [root@test27 ~]# for i in $(seq -w 001 005); do useradd -u "30$i" -g 30001 "ops$i"; done }}} Database setup (MySQL): ==== {{{ [root@test27 ~]# LC_ALL=C /etc/init.d/mysqld start [.....] Starting mysqld: [ OK ] [root@test27 ~]# mysql -u root < /usr/share/lcgdm/create_dpns_tables_mysql.sql [root@test27 ~]# mysql -u root < /usr/share/lcgdm/create_dpm_tables_mysql.sql [root@test27 ~]# mysql -u root mysql> use mysql mysql> GRANT ALL PRIVILEGES ON cns_db.* TO 'dpm'@test27.egi.cesga.es IDENTIFIED BY 'dpmpass' WITH GRANT OPTION; mysql> GRANT ALL PRIVILEGES ON dpm_db.* TO 'dpm'@test27.egi.cesga.es IDENTIFIED BY 'dpmpass' WITH GRANT OPTION; mysql> GRANT ALL PRIVILEGES ON cns_db.* TO 'dpm'@localhost IDENTIFIED BY 'dpmpass' WITH GRANT OPTION; mysql> GRANT ALL PRIVILEGES ON dpm_db.* TO 'dpm'@localhost IDENTIFIED BY 'dpmpass' WITH GRANT OPTION; }}} ==== Starting dpns service: ==== {{{ [root@test27 ~]# /etc/init.d/dpnsdaemon start Starting dpnsdaemon: [ OK ] [root@test27 ~]# /etc/init.d/dpm start Starting dpm: [ OK ] [root@test27 ~]# cat /var/log/dpns/log 01/24 12:13:51.609 11636 Cns_serv: started (DPNS 1.9.0-1) 01/24 12:13:51.611 11636 Cns_serv: Eff. DB connections: 20, Multiplied thread pool: 100 [root@test27 ~]# cat /var/log/dpm/log 01/25 14:07:40.150 4025 dpm_serv: started (DPM 1.9.0-1) 01/25 14:07:40.150 4025 dpm_serv: Fast threads: 20, Slow threads: 20 01/25 14:07:40.151 4025 dpm_serv: Local host: test27.egi.cesga.es 01/25 14:07:40.151 4025 dpm_serv: Eff. DB connections: 20, Multiplied thread pool: 100 01/25 14:07:40.151 4025 dpm_serv: DPNS_HOST = test27.egi.cesga.es 01/25 14:07:40.152 4025 dpm_serv: Supported protocols are: rfio gsiftp 01/25 14:07:40.156 4025 dpm_serv: DB connection looks OK. 01/25 14:07:40.205 4025 dpm_getpoolconf: getting existing disk pool configuration from the DB 01/25 14:07:40.206 4025 dpm_serv: Recovering queue... 01/25 14:07:40.206 4025 dpm_recover_queue: Recovering the queue of pending requests 01/25 14:07:40.206 4025 dpm_serv: Finished recovering queue. 01/25 14:07:40.206 4025 dpm_reallocate_space: Reallocating the space needed by reservespace requests 01/25 14:07:40.206 4025 dpm_reallocate_space: Reallocating the space needed by pending requests 01/25 14:07:40.215 4025,1 msthread: calling Cpool_next_index_timeout_ext 01/25 14:07:40.215 4025,1 msthread: thread 0 selected 01/25 14:07:40.215 4025,1 msthread: calling Cthread_mutex_lock_ext 01/25 14:07:40.215 4025,1 msthread: reqctr = 0 01/25 14:07:40.236 4025 dpm_serv: DB looks sane. Pools created. }}} ==== Creating directory structure ==== Root access to DPNS can be done by using server certificates as credentials. {{{ [root@test27 ~]# grid-proxy-init -debug -verify -certdir /etc/grid-security/certificates/ -cert /etc/grid-security/hostcert.pem -key /etc/grid-security/hostkey.pem User Cert File: /etc/grid-security/hostcert.pem User Key File: /etc/grid-security/hostkey.pem Trusted CA Cert Dir: /etc/grid-security/certificates/ Output File: /tmp/x509up_u0 Your identity: /DC=es/DC=irisgrid/O=cesga/CN=host/test27.egi.cesga.es Creating proxy .++++++ ........................++++++ Done Proxy Verify OK Your proxy is valid until: Thu Jan 26 01:45:51 2017 [root@test27 ~]# DPNS_HOST=test27.egi.cesga.es dpns-entergrpmap --group ops [root@test27 ~]# DPNS_HOST=test27.egi.cesga.es dpns-mkdir -p /dpm/egi.cesga.es/home/ops [root@test27 ~]# DPNS_HOST=test27.egi.cesga.es dpns-chmod 775 /dpm/egi.cesga.es/home/ops [root@test27 ~]# DPNS_HOST=test27.egi.cesga.es dpns-chown root:ops /dpm/egi.cesga.es/home/ops [root@test27 ~]# DPNS_HOST=test27.egi.cesga.es dpns-setacl -m d:u::7,d:g::7,d:o:5 /dpm/egi.cesga.es/home/ops }}} === Finding world-writable files in the packages contents === {{{ [root@test27 ~]# rpm -qalv | egrep "^[-d]([-r][-w][-xs]){2}[-r]w" drwxrwxrwt 2 root root 0 jul 20 2011 /tmp drwxrwxrwt 2 root root 0 jul 20 2011 /var/tmp }}} === Checking DPNS service === Ref.: [https://www.gridpp.ac.uk/wiki/DPM_DPNS_Test] {{{ [rdiez@ui ~]$ voms-proxy-init -voms ops Enter GRID pass phrase for this identity: Contacting lcg-voms2.cern.ch:15009 [/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch] "ops"... Remote VOMS server contacted succesfully. Created proxy in /tmp/x509up_u50003. Your proxy is valid until Thu Jan 26 22:09:59 CET 2017 [rdiez@ui ~]$ DPNS_HOST=test27.egi.cesga.es dpns-ls /dpm/egi.cesga.es/home/ops [rdiez@ui ~]$ DPNS_HOST=test27.egi.cesga.es dpns-mkdir /dpm/egi.cesga.es/home/ops/testdir [rdiez@ui ~]$ DPNS_HOST=test27.egi.cesga.es dpns-ls /dpm/egi.cesga.es/home/ops testdir [rdiez@ui ~]$ DPNS_HOST=test27.egi.cesga.es dpns-ls -l /dpm/egi.cesga.es/home/ops drwxrwxr-x 0 101 101 0 Jan 26 10:11 testdir [rdiez@ui ~]$ DPNS_HOST=test27.egi.cesga.es dpns-rename /dpm/egi.cesga.es/home/ops/testdir /dpm/egi.cesga.es/home/ops/testdir_renamed [rdiez@ui ~]$ DPNS_HOST=test27.egi.cesga.es dpns-ls -l /dpm/egi.cesga.es/home/ops drwxrwxr-x 0 101 101 0 Jan 26 10:11 testdir_renamed [rdiez@ui ~]$ DPNS_HOST=test27.egi.cesga.es dpns-rm -rf /dpm/egi.cesga.es/home/ops/testdir_renamed [rdiez@ui ~]$ DPNS_HOST=test27.egi.cesga.es dpns-ls -l /dpm/egi.cesga.es/home/ops }}}