Installation and configuration of a top BDII Alfonso Pardo EPIKH School, System Admin Tutorial Beijing, 2010 August 30th – 2010 September 3th

gLite Information System(s)‏ To collect information about the status of resources All pieces of information are published according to a well known data model Used for: resource discovery workload management monitoring More than one implementation BDII (Berkeley DB Information Index)‏ R-GMA (Relational Grid Monitoring Architecture)‏

Overview of BDII Adopted by gLite as production IS Based on LDAP (Light Direct Access Protocol) servers Several layers: a GRIS (Grid Resource Information Server) on each Grid element (CE, SE, RB ...) that collects static and dynamic information about that element a GIIS (Grid Index Information Server) (or site BDII) on each Grid site to collect information by all GRISes present in that site a top BDII (the BDII Server), as central service, to collect information from all GIISes

The BDII Server It consists of two or more standard LDAP databases that are populated by an updating process (2171,2172,2173 ports) Port forwarding is used to enable one database to publish data while the other is refreshing. Options exist to update the list of GIIS LDAP URLs from a web page and to use an LDIF file from a web page

Scenario Site BDII Site BDII Web administrator Write and update the web page ldapsearch queries WEB Server - Configuration file for BDII 2171,2172,2173 ports write LDAP databases TOP BDII read and write LDAP URLs file BDII query ldapsearch -x –h <top_bdii_hostname> -p 2170 –b mds-vo-name=local,o=grid

Configuration: bdii-update.conf Line format: <Site name> ldap://<site_bdii_hostname>:2170/mds-vo- name=<site name>,o=grid Example: IHEP-BDII ldap://gilda14.ihep.ac.cn:2170/mds-vo- name=ihep-beijing,o=grid [...]

/opt/bdii/etc/bdii.conf example BDII_PORT_READ=2170 BDII_PORTS_WRITE="2171 2172 2173" BDII_USER=edguser BDII_BIND=mds-vo-name=local,o=grid BDII_PASSWD=ru3hg5y BDII_SEARCH_FILTER='(|(objectClass=GlueSchemaVersion)(obj ectClass=GlueTop))' BDII_SEARCH_TIMEOUT=30 BDII_BREATHE_TIME=60 BDII_AUTO_UPDATE=yes BDII_AUTO_MODIFY=no BDII_DIR=/opt/bdii/ BDII_UPDATE_URL=http://gilda14.ihep.ac.cn/fileadmin/bdii/glite- bdii-update.conf BDII_UPDATE_LDIF=http://goc.grid- support.ac.uk/gridsite/bdii/BDII/www/bdii-update.ldif SLAPD=/usr/sbin/slapd SLAPADD=/usr/sbin/slapadd

Top BDII Installation Pre-requisites: a machine with Scientific Linux 5.X on board and following rpm package groups: X Window System Editors X Software Development Text-based Internet Server Configuration Tools Development Tools Administration Tools System Tools Legacy Software Development for 64-bit machines you need also these package groups: Compatibility Arch Support Compatibility Arch Development Support

Firewall settings Port 2170 TCP has to be open to outside world: # vi /etc/sysconfig/iptables-config -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2170 -j ACCEPT # service iptables restart

Repository settings The default software package manager used by SL5 is YUM In order to use right repositories we need to set a temporary variable: # REPOS=”lcg-ca ig glite-bdii dag” and then get repositories files using this command: # for name in $REPOS; do wget http://grid- it.cnaf.infn.it/mrepo/repos/sl5/x86_64/$name.repo -O /etc/yum.repos.d/$name.repo; done wget http://grid018.ct.infn.it/mrepo/repos/gilda.repo -O /etc/yum.repos.d/gilda.repo Wget http://grid-it.cnaf.infn.it/mrepo/repos/jpackage.repo -O /etc/yum.repos.d/jpackage.repo

Installing Java Install JDK 1.6.0 before the installation of middleware metapackages: # yum install java-1.6.0-sun-compat # yum install jdk

Metapackages Installation To install all middleware packages required you only need to run: # yum -y install ig_BDII Then we need to install Certification Authorities's CRLs: # yum -y install lcg-CA and finally GILDA's CA and VOMS certificate: # yum -y install gilda_utils

Customization of site-info.def To configure gLite middleware you need to edit a site-info.def file for your machine: # cp /opt/glite/yaim/examples/siteinfo/ig-site-info.def /opt/glite/yaim/etc/gilda/<your_site-info.def> then edit it setting right values for following variables: JAVA_LOCATION="/usr/java/jdk1.6.0_20” (we can find with locate command) BDII_HTTP_URL="http://gilda14.ihep.ac.cn/fileadmin/bdii/glite-bdii- update.conf" #BDII_FCR=http://lcg-fcr.cern.ch:8083/fcr-data/exclude.ldif

Nodetype Configuration To configure your node as a top BDII you only need to run: # /opt/glite/yaim/bin/ig_yaim -c -s /opt/glite/yaim/etc/gilda/<your_site-info.def> -n glite-BDII_top Post-configuration steps: disable YUM autoupdate: # /opt/glite/yaim/etc/gilda/disable_yum.sh set autoupdate of CAs: # /opt/glite/yaim/etc/gilda/set_CAs_autoupdate.sh

BDII Testing Try to query the BDII server: # ldapsearch -x -h <your_BDII_FQDN> -p 2170 -b mds-vo- name=local,o=grid Log into a User Interface and use Information System tools: $ LCG_GFAL_INFOSYS=<your_BDII_FQDN>:2170 $ lcg-infosites --vo gilda ce $ lcg-info --vo gilda --list-ce

Troubleshooting If a query to the BDII doesn't show information about a site, you have to look at log files and check for errors: # less /opt/bdii/var/bdii.log [...] GILDA-ROMA3: ldap_bind: Can't contact LDAP server [...] in this case contact the site administrator to check if site BDII is up and running and there are no connection issues (firewall, TCP wrapper, etc.)

Troubleshooting If in BDII logs you get an error Time for searches: 31 s current port: 32912 - OK [...] ldap_bind: Can't contact LDAP server (-1) Time to load DB: 61 s probably you have some troubles about slapd access from localhost: check TCP wrappers.

References GILDA site: installation and configuration of glite 3.2 on SL5 User guide https://grid.ct.infn.it/twiki/bin/view/GILDA/GILDASiteInstall BDII documentation https://twiki.cern.ch/twiki//bin/view/EGEE/BDII https://twiki.cern.ch/twiki/bin/view/LCG/BdiiNotes

Questions …