== Verification of dpm.dpm.centos7.x86_64-1.9.0 == === Ticket assigned === * [Ticket https://rt.egi.eu/rt/Ticket/Display.html?id=12282] === Install UMD4 repos === NOTE: EPEL already installed {{{ [root@verification ~]# LC_ALL=C yum install yum-priorities [.....] Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: yum-plugin-priorities noarch 1.1.31-40.el7 base 27 k Transaction Summary ================================================================================ Install 1 Package Total download size: 27 k Installed size: 28 k Is this ok [y/d/N]: [.....] Installed: yum-plugin-priorities.noarch 0:1.1.31-40.el7 Complete! [root@verification ~]# LC_ALL=C yum install http://repository.egi.eu/sw/production/umd/4/centos7/x86_64/base/umd-release-4.0.0-1.el7.noarch.rpm [.....] Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: umd-release noarch 4.0.0-1.el7 /umd-release-4.0.0-1.el7.noarch 14 k Transaction Summary ================================================================================ Install 1 Package Total size: 14 k Installed size: 14 k Is this ok [y/d/N]: [.....] Installed: umd-release.noarch 0:4.0.0-1.el7 Complete! [root@verification ~]# LC_ALL=C yum update umd-release [.....] Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Updating: umd-release noarch 4.1.3-1.el7.centos UMD-4-updates 11 k Transaction Summary ================================================================================ Upgrade 1 Package Total download size: 11 k Is this ok [y/d/N]: [.....] Fingerprint: ac82 01b1 dd50 6f4d 649e dffc 27b3 331e df9e 12ef From : http://emisoft.web.cern.ch/emisoft/dist/EMI/3/RPM-GPG-KEY-emi Is this ok [y/N]: y Retrieving key from http://repo-rpm.ige-project.eu/RPM-GPG-KEY-IGE Importing GPG key 0xB4D025B3: Userid : "Initiative for Globus in Europe - short (IGE) " Fingerprint: ee45 79c5 bdb7 6540 3555 7cb2 e1eb 6726 b4d0 25b3 From : http://repo-rpm.ige-project.eu/RPM-GPG-KEY-IGE Is this ok [y/N]: y Retrieving key from http://repository.egi.eu/sw/production/umd/UMD-RPM-PGP-KEY Importing GPG key 0x96B71B07: Userid : "Kostas Koumantaros (UMD Release Manager) " Fingerprint: 32ad 8d80 fa5a 89b5 3dc5 de93 6799 de16 96b7 1b07 From : http://repository.egi.eu/sw/production/umd/UMD-RPM-PGP-KEY Is this ok [y/N]: y Retrieving key from http://www.qoscosgrid.org/qcg-packages/sl5/RPM-GPG-KEY-QCG Importing GPG key 0xBA42F9BA: Userid : "Bartosz Bosak (QCG) " Fingerprint: 049b 1bcf b742 658c f414 f0b0 21c4 d863 ba42 f9ba From : http://www.qoscosgrid.org/qcg-packages/sl5/RPM-GPG-KEY-QCG Is this ok [y/N]: y Retrieving key from http://download.nordugrid.org/RPM-GPG-KEY-nordugrid Importing GPG key 0x240A5DB2: Userid : "NorduGrid " Fingerprint: b5c7 542a 1a17 4fb4 f5dc 80a4 6da5 cebb 240a 5db2 From : http://download.nordugrid.org/RPM-GPG-KEY-nordugrid Is this ok [y/N]: y Retrieving key from http://fedoraproject.org/static/0608B895.txt Importing GPG key 0x0608B895: Userid : "EPEL (6) " Fingerprint: 8c3b e96a f230 9184 da5c 0dae 3b49 df2a 0608 b895 From : http://fedoraproject.org/static/0608B895.txt Is this ok [y/N]: y Running transaction check Running transaction test Transaction test succeeded Running transaction Updating : umd-release-4.1.3-1.el7.centos.noarch 1/2 Cleanup : umd-release-4.0.0-1.el7.noarch 2/2 Verifying : umd-release-4.1.3-1.el7.centos.noarch 1/2 Verifying : umd-release-4.0.0-1.el7.noarch 2/2 Updated: umd-release.noarch 0:4.1.3-1.el7.centos Complete! }}} === Install repos for packages to verify === {{{ [root@verification yum.repos.d]# pwd /etc/yum.repos.d [root@verification yum.repos.d]# wget http://admin-repo.egi.eu/sw/unverified/umd-4.dpm.dpm.centos7.x86_64/1/9/0/repofiles/DPM.dpm.centos7.x86_64.repo [root@verification yum.repos.d]# cat DPM.dpm.centos7.x86_64.repo # EGI Software Repository - REPO META (releaseId,repositoryId,repofileId) - (12282,2256,2206) [DPM.dpm.centos7.x86_64] name=DPM.dpm.centos7.x86_64 baseurl=http://admin-repo.egi.eu/sw/unverified/umd-4.dpm.dpm.centos7.x86_64/1/9/0/ enabled=1 protect=1 priority=1 gpgcheck=1 gpgkey=http://emisoft.web.cern.ch/emisoft/dist/EMI/3/RPM-GPG-KEY-emi }}} === Install packages to verify === {{{ [root@verification ~]# LC_ALL=C yum install dpm mariadb-server dpm-server-mysql dpm-name-server-mysql globus-proxy-utils lcg-CA [.....] Dependencies Resolved ====================================================================================================== Package Arch Version Repository Size ====================================================================================================== Installing: dpm x86_64 1.9.0-1.el7 DPM.dpm.centos7.x86_64 188 k dpm-name-server-mysql x86_64 1.9.0-1.el7 DPM.dpm.centos7.x86_64 119 k dpm-server-mysql x86_64 1.9.0-1.el7 DPM.dpm.centos7.x86_64 122 k globus-proxy-utils x86_64 6.19-1.el7 epel 53 k lcg-CA noarch 1.80-1 EGI-trustanchors 2.0 k mariadb-server x86_64 1:5.5.52-1.el7 base 11 M Installing for dependencies: MySQL-python x86_64 1.2.5-1.el7 base 90 k ca-policy-egi-core noarch 1.80-1 EGI-trustanchors 9.6 k ca-policy-lcg noarch 1.80-1 EGI-trustanchors 9.8 k ca_AAACertificateServices noarch 1.80-1 EGI-trustanchors 5.4 k [.....] ca_policy_igtf-slcs noarch 1.80-1 EGI-trustanchors 3.1 k ca_seegrid-ca-2013 noarch 1.80-1 EGI-trustanchors 4.9 k dpm-libs x86_64 1.9.0-1.el7 DPM.dpm.centos7.x86_64 141 k finger x86_64 0.17-52.el7 base 25 k globus-callout x86_64 3.15-1.el7 epel 21 k globus-common x86_64 16.9-1.el7 epel 126 k globus-gsi-callback x86_64 5.13-1.el7 epel 42 k globus-gsi-cert-utils x86_64 9.16-1.el7 epel 22 k globus-gsi-credential x86_64 7.11-1.el7 epel 36 k globus-gsi-openssl-error x86_64 3.8-1.el7 epel 19 k globus-gsi-proxy-core x86_64 8.6-1.el7 epel 37 k globus-gsi-proxy-ssl x86_64 5.10-1.el7 epel 19 k globus-gsi-sysconfig x86_64 6.11-1.el7 epel 30 k globus-gss-assist x86_64 10.21-1.el7 epel 35 k globus-gssapi-gsi x86_64 12.13-1.el7 epel 64 k globus-openssl-module x86_64 4.8-1.el7 epel 17 k lcgdm-libs x86_64 1.9.0-1.el7 DPM.dpm.centos7.x86_64 110 k libaio x86_64 0.3.109-13.el7 base 24 k libtool-ltdl x86_64 2.4.2-21.el7_2 base 49 k libxslt x86_64 1.1.28-5.el7 base 242 k mariadb x86_64 1:5.5.52-1.el7 base 8.7 M perl-Compress-Raw-Bzip2 x86_64 2.061-3.el7 base 32 k perl-Compress-Raw-Zlib x86_64 1:2.061-4.el7 base 57 k perl-DBD-MySQL x86_64 4.023-5.el7 base 140 k perl-DBI x86_64 1.627-4.el7 base 802 k perl-Data-Dumper x86_64 2.145-3.el7 base 47 k perl-Env noarch 1.04-2.el7 base 16 k perl-IO-Compress noarch 2.061-2.el7 base 260 k perl-Net-Daemon noarch 0.48-5.el7 base 51 k perl-PlRPC noarch 0.2020-14.el7 base 36 k python-lxml x86_64 3.2.1-4.el7 base 758 k voms x86_64 2.0.14-1.el7 epel 161 k Transaction Summary ====================================================================================================== Install 6 Packages (+131 Dependent packages) Total download size: 24 M Installed size: 115 M Is this ok [y/d/N]: [.....] Total 1.9 MB/s | 24 MB 00:00:12 Retrieving key from http://repository.egi.eu/sw/production/cas/1/GPG-KEY-EUGridPMA-RPM-3 Importing GPG key 0x3CDBBC71: Userid : "EUGridPMA Distribution Signing Key 3 " Fingerprint: d12e 9228 22be 64d5 0146 188b c32d 99c8 3cdb bc71 From : http://repository.egi.eu/sw/production/cas/1/GPG-KEY-EUGridPMA-RPM-3 Is this ok [y/N]: y [...] Complete! }}} (!) Time to put valid hostcert.pem/hostkey.pem files in /etc/grid-security === Configuring packages to verify === Ref.: [https://svnweb.cern.ch/trac/lcgdm/wiki/Dpm/Admin/Configuration/Manual] ==== daemon: ==== {{{ [root@verification ~]# groupadd -g 151 dpmmgr [root@verification ~]# useradd -c "DPM manager" -g dpmmgr -u 151 -r -m dpmmgr [root@verification ~]# mkdir /etc/grid-security/dpmmgr [root@verification ~]# cp -a /etc/grid-security/hostcert.pem /etc/grid-security/dpmmgr/dpmcert.pem [root@verification ~]# cp -a /etc/grid-security/hostkey.pem /etc/grid-security/dpmmgr/dpmkey.pem [root@verification ~]# chown -R dpmmgr.dpmmgr /etc/grid-security/dpmmgr [root@verification ~]# mkdir /etc/grid-security/gridmapdir [root@verification ~]# touch /etc/grid-security/grid-mapfile [root@verification ~]# chmod 1774 /etc/grid-security/gridmapdir/ [root@verification ~]# chown dpmmgr.dpmmgr /etc/grid-security/gridmapdir/ [root@verification ~]# mkdir /etc/grid-security/vomsdir/ops/ [root@verification ~]# vim /etc/grid-security/vomsdir/ops/voms2.cern.ch.lsc /DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch /DC=ch/DC=cern/CN=CERN Grid Certification Authority [root@verification ~]# vim /etc/grid-security/vomsdir/ops/lcg-voms2.cern.ch.lsc /DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch /DC=ch/DC=cern/CN=CERN Grid Certification Authority [root@verification ~]# cp -a /usr/lib64/dpm-mysql/NSCONFIG.templ /etc/NSCONFIG [root@verification ~]# chown root.dpmmgr /etc/NSCONFIG [root@verification ~]# chmod 640 /etc/NSCONFIG [root@verification ~]# vim /etc/NSCONFIG dpm/dpmpass@test27.egi.cesga.es [root@verification ~]# cp -a /usr/lib64/dpm-mysql/DPMCONFIG.templ /etc/DPMCONFIG [root@verification ~]# vim /etc/DPMCONFIG dpm/dpmpass@test27.egi.cesga.es [root@verification ~]# chown root.dpmmgr /etc/DPMCONFIG [root@verification ~]# chmod 640 /etc/DPMCONFIG [root@verification ~]# mkdir /var/log/dpm [root@verification ~]# touch /var/log/dpm/log [root@verification ~]# chown -R dpmmgr.dpmmgr /var/log/dpm [root@verification ~]# mkdir /var/log/dpns [root@verification ~]# touch /var/log/dpns/log [root@verification ~]# chown -R dpmmgr.dpmmgr /var/log/dpns [root@verification ~]# vim /etc/shift.conf RFIOD TRUST test27.egi.cesga.es RFIOD WTRUST test27.egi.cesga.es RFIOD RTRUST test27.egi.cesga.es RFIOD XTRUST test27.egi.cesga.es RFIOD FTRUST test27.egi.cesga.es DPM TRUST test27.egi.cesga.es DPNS TRUST test27.egi.cesga.es [root@verification ~]# chown dpmmgr.dpmmgr /etc/shift.conf [root@verification ~]# chmod 640 /etc/shift.conf }}} {{{ [root@verification ~]# groupadd -g 30001 ops [root@verification ~]# for i in $(seq -w 001 005); do useradd -u "30$i" -g 30001 "ops$i"; done }}} === Database setup (MySQL/MariaDB): ==== {{{ [root@verification ~]# systemctl enable mariadb Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service [root@verification ~]# systemctl start mariadb [root@verification ~]# mysql -u root < /usr/share/lcgdm/create_dpns_tables_mysql.sql [root@verification ~]# mysql -u root < /usr/share/lcgdm/create_dpm_tables_mysql.sql [root@verification ~]# vim /etc/sysconfig/dpnsdaemon NB_THREADS=20 NSCONFIGFILE=/etc/NSCONFIG DPNSDAEMONLOGFILE=/var/log/dpns/log [root@verification ~]# vim /etc/sysconfig/dpm NB_FTHREADS=20 NB_STHREADS=20 DPMCONFIGFILE=/etc/DPMCONFIG [root@verification ~]# mysql -u root MariaDB [(none)]> use mysql MariaDB [mysql]> GRANT ALL PRIVILEGES ON cns_db.* TO 'dpm'@test27.egi.cesga.es IDENTIFIED BY 'dpmpass' WITH GRANT OPTION; MariaDB [mysql]> GRANT ALL PRIVILEGES ON dpm_db.* TO 'dpm'@test27.egi.cesga.es IDENTIFIED BY 'dpmpass' WITH GRANT OPTION; MariaDB [mysql]> GRANT ALL PRIVILEGES ON cns_db.* TO 'dpm'@localhost IDENTIFIED BY 'dpmpass' WITH GRANT OPTION; MariaDB [mysql]> GRANT ALL PRIVILEGES ON dpm_db.* TO 'dpm'@localhost IDENTIFIED BY 'dpmpass' WITH GRANT OPTION; }}} ==== Starting dpns service: ==== {{{ [root@verification ~]# systemctl start dpnsdaemon.service [root@verification ~]# systemctl start dpm.service ==== Creating directory structure ==== Root access to DPNS can be done by using server certificates as credentials. {{{ [root@verification ~]# grid-proxy-init -debug -verify -certdir /etc/grid-security/certificates/ -cert /etc/grid-security/hostcert.pem -key /etc/grid-security/hostkey.pem User Cert File: /etc/grid-security/hostcert.pem User Key File: /etc/grid-security/hostkey.pem Trusted CA Cert Dir: /etc/grid-security/certificates/ Output File: /tmp/x509up_u0 Your identity: /DC=es/DC=irisgrid/O=cesga/CN=host/test27.egi.cesga.es Creating proxy ..........++++++ ..........................................................++++++ Done Proxy Verify OK Your proxy is valid until: Tue Feb 7 16:14:36 2017 [root@verification ~]# DPNS_HOST=test27.egi.cesga.es dpns-entergrpmap --group ops [root@verification ~]# DPNS_HOST=test27.egi.cesga.es dpns-mkdir -p /dpm/egi.cesga.es/home/ops [root@verification ~]# DPNS_HOST=test27.egi.cesga.es dpns-chmod 775 /dpm/egi.cesga.es/home/ops [root@verification ~]# DPNS_HOST=test27.egi.cesga.es dpns-chown root:ops /dpm/egi.cesga.es/home/ops [root@verification ~]# DPNS_HOST=test27.egi.cesga.es dpns-setacl -m d:u::7,d:g::7,d:o:5 /dpm/egi.cesga.es/home/ops }}} === Finding world-writable files in the packages contents === {{{ [root@verification ~]# rpm -qalv | egrep "^[-d]([-r][-w][-xs]){2}[-r]w" drwxrwxrwt 2 root root 0 nov 5 11:38 /tmp drwxrwxrwt 2 root root 0 nov 5 11:38 /var/tmp }}} === Checking DPNS service === Ref.: [https://www.gridpp.ac.uk/wiki/DPM_DPNS_Test] {{{ [rdiez@ui ~]$ voms-proxy-init -voms ops Enter GRID pass phrase for this identity: Contacting lcg-voms2.cern.ch:15009 [/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch] "ops"... Remote VOMS server contacted succesfully. Created proxy in /tmp/x509up_u50003. Your proxy is valid until Wed Feb 08 03:57:14 CET 2017 [rdiez@ui ~]$ DPNS_HOST=test27.egi.cesga.es dpns-ls /dpm/egi.cesga.es/home/ops [rdiez@ui ~]$ DPNS_HOST=test27.egi.cesga.es dpns-mkdir /dpm/egi.cesga.es/home/ops/testdir [rdiez@ui ~]$ DPNS_HOST=test27.egi.cesga.es dpns-ls /dpm/egi.cesga.es/home/ops testdir [rdiez@ui ~]$ DPNS_HOST=test27.egi.cesga.es dpns-ls -l /dpm/egi.cesga.es/home/ops drwxrwxr-x 0 102 101 0 Feb 07 15:57 testdir [rdiez@ui ~]$ DPNS_HOST=test27.egi.cesga.es dpns-rename /dpm/egi.cesga.es/home/ops/testdir /dpm/egi.cesga.es/home/ops/testdir_renamed [rdiez@ui ~]$ DPNS_HOST=test27.egi.cesga.es dpns-ls -l /dpm/egi.cesga.es/home/ops drwxrwxr-x 0 102 101 0 Feb 07 15:57 testdir_renamed [rdiez@ui ~]$ DPNS_HOST=test27.egi.cesga.es dpns-rm -rf /dpm/egi.cesga.es/home/ops/testdir_renamed [rdiez@ui ~]$ DPNS_HOST=test27.egi.cesga.es dpns-ls -l /dpm/egi.cesga.es/home/ops }}}