Version 2 (modified by 15 years ago) (diff) | ,
---|
Updating Trusted CAs and gLite
Table of Contents
In addition to updating QWG templates to the last version to take advantages of new features and fixes, there are 2 occasions where you may need to update templates based on operation constraints driven by EGEE announcements:
- Update the list of trusted CAs: this happens in average every 2 months and a site must update in the 8 days after the announcement before being in CRITICAL state in SAM tests.
- Update to a new gLite update: for most of the updates, there is no need to upgrade urgently (except for security fixes). The easiest is generally to update the templates to the last version available in the corresponding branch but if this is convenient, it is generally possible to include the relevant templates only.
These operations are described in more details in the following sections.
List of Trusted CAs
This involves downloading the template describing the list of CA-related RPMs to install (each trusted CA is described with a separate RPM) and downloading the associated RPMs.
The template is called cas.tpl and is available from QWG repository which contains one directory for each version of the IGTF CA releases. This template must be placed in directory common/security
of every gLite version under grid
directory (this is the same template for each version).
To retrieve the RPMs, you can use as a source either the URL in the EGEE announcement or the GRIF copy available at https://quattorsrv.lal.in2p3.fr/packages/ca. The easiest way to retrieve the RPM is, from the main SCDB directory:
mkdir /dir/to/packages/ca-xxx # Replace xxx by the version number src/utils/misc/rpmUpdates /dir/to/packages/ca-xxx Source_URL # Ignore all the very verbose output rm /dir/to/packages/ca # Or whatever is your current directory for CA repository ln -s /dir/to/packages/ca-xxx /dir/to/packages/ca
Note: if you define the directory for the CA RPMs with a symlink, ensure your Apache configuration allows the use of symlinks. For this option FollowSymlinks
must be enabled for the corresponding directory with something like the following in your Apache configuration:
<Directory "/dir/to/packages/ca"> options +FollowSymlinks </Directory>
gLite Updates
To be written. In the meantime you may have a look to wiki:Download/QWGTemplates/Install.
Keep in mind that the normal and easiest procedure to install a gLite update is to get the last version of the templates from the appropriate branch.