Context Navigation

Changes between Version 64 and Version 65 of Download/SCDB

Timestamp:: Nov 3, 2008, 8:56:31 PM (16 years ago)
Author:: /DC=es/DC=irisgrid/O=uam/CN=luisf-munnoz
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

Download/SCDB

-                      v64
+                      v65
 [[TOC(inline)]]
+''Note : the installation process described below is as generic as possible, but does also contains a set of commands that have been tested only on Scientific Linux version 4. They may need to be modified for other plateforms.''
+''Note : the installation process described below is as generic as
+possible, but does also contains a set of commands that have been
+tested only on Scientific Linux version 4. They may need to be
+modified for other platforms.''
 == OS Installation ==
+Quattor server requires a machine installed with a default server installation of any RH-based Linux distro. There is no specific requirements for the OS configuration itself. The server can be installed by any mean available at the site (CD-Rom, Kickstart, imaging...). When Quattor server is readyn it will be possible to manage the server itself with Quattor, except for OS upgrades.
+Quattor server requires a machine installed with a default server
+installation of any RH-based Linux distro. There is no specific
+requirements for the OS configuration itself. The server can be
+installed by any mean available at the site (CD-Rom, Kickstart,
+imaging...). When Quattor server is readyn it will be possible to
+manage the server itself with Quattor, except for OS upgrades.
 == Web Server Installation ==
+The Quattor server needs to run a Web server to serve profiles, kickstart configuration files and execute the CGI script at end of installation to change PXE boot to local disk. In addition, it is recommended (but not necessary) to use this Web server for serving RPMs.
+Web server installation requires nothing specific, just the configuration of a document root with enough space if you plan to serve RPMs and the configuration of CGIs. This Web server can be shared with other usages and you can use a specific virtual host instead of a dedicated server.
+Apache is the recommended Web server (installation instructions here refer to Apache) and it can be installed from the OS distribution. Note that for subversion http mode, Apache version 2 or above is needed.
+The Quattor server needs to run a Web server to serve profiles,
+kickstart configuration files and execute the CGI script at end of
+installation to change PXE boot to local disk. In addition, it is
+recommended (but not necessary) to use this Web server for serving
+RPMs.
+Web server installation requires nothing specific, just the
+configuration of a document root with enough space if you plan to
+serve RPMs and the configuration of CGIs. This Web server can be
+shared with other usages and you can use a specific virtual host
+instead of a dedicated server.
+Apache is the recommended Web server (installation instructions here
+refer to Apache) and it can be installed from the OS
+distribution. Note that for subversion http mode, Apache version 2 or
+above is needed.
 === Apache Recommended Settings ===
+SCDB has no strong requirement concerning Apache configuration. It generally uses 3 distinct URLs for 3 different purposes :
+ * Profiles : machine profiles are served by one specific URL shared by all machines. The files there are XML files produces by the PAN compiler when executing `ant deploy`.
+ * Kickstart configuration files : this URL is used to store the Kickstart configuration file for each machines. These files are produced by `aii-shellfe --configure`.
+ * RPM packages : RPMs are grouped in repositories, each repository has its own URL. This is a common setting to have one common parent URL for all repositories but this is not at all a requirement.
+SCDB has no strong requirement concerning Apache configuration. It
+generally uses 3 distinct URLs for 3 different purposes :
+ * Profiles : machine profiles are served by one specific URL shared
+   by all machines. The files there are XML files produces by the PAN
+   compiler when executing `ant deploy`.
+ * Kickstart configuration files : this URL is used to store the
+   Kickstart configuration file for each machines. These files are
+   produced by `aii-shellfe --configure`.
+ * RPM packages : RPMs are grouped in repositories, each repository
+   has its own URL. This is a common setting to have one common parent
+   URL for all repositories but this is not at all a requirement.
 Recommended setting for these 3 areas are :
+ * Restrict access to profile and Kickstart configuration to IP adresses (or subnets) matching Quattor clients, as these files may contain sensitive information like encrypted passwords or MySQL passwords (cleartext).
+ * Configure all these areas to ignore any `index.html` file and auto-indexing. This is particularly important for RPM repositories URLs, as presence of an `index.html` will prevent SCDB tools to get the list of RPMs in the repository.
+Configuration for these areas is normally done by creating a file `/etc/httpd/conf.d/quattor.conf` with directives like the following one for each area (replace `/path/to/area` by your actual directoy name) :
+ * Restrict access to profile and Kickstart configuration to IP
+   adresses (or subnets) matching Quattor clients, as these files may
+   contain sensitive information like encrypted passwords or MySQL
+   passwords (cleartext).
+ * Configure all these areas to ignore any `index.html` file and
+   auto-indexing. This is particularly important for RPM repositories
+   URLs, as presence of an `index.html` will prevent SCDB tools to get
+   the list of RPMs in the repository.
+Configuration for these areas is normally done by creating a file
+`/etc/httpd/conf.d/quattor.conf` with directives like the following
+one for each area (replace `/path/to/area` by your actual directoy
+name) :
 {{{
 <Directory /path/to/area>
 …
 }}}
+It is also better to add the following directive in our `/etc/httpd/conf.d/quattor.conf` to work around a problem in some RPM versions:
+It is also better to add the following directive in our
+`/etc/httpd/conf.d/quattor.conf` to work around a problem in some RPM
+versions:
 {{{
 <IfModule mod_setenvif.c>
 …
 }}}
+''Note: if you are installing a new Apache server, don't forget to edit `DocumentRoot` in `/etc/httpd/conf/httpd.conf` to reflect your local configuration.`
+''Note: even though it is easily redone, it is better to backup `quattor.conf` file.''
+''Note: if you are installing a new Apache server, don't forget to
+edit `DocumentRoot` in `/etc/httpd/conf/httpd.conf` to reflect your
+local configuration.`
+''Note: even though it is easily redone, it is better to backup
+`quattor.conf` file.''
 == Subversion Server ==
+There is no need for a Subversion server dedicated to Quattor. SCDB is just one repository from the Subversion point of view. If you already run a Subversion server, you can skip the installation part and go directly to the configuration part.
+There is no need for a Subversion server dedicated to Quattor. SCDB is
+just one repository from the Subversion point of view. If you already
+run a Subversion server, you can skip the installation part and go
+directly to the configuration part.
 === Subversion Installation and Configuration ===
+There are many possible installation options for a Subversion server. The best is to install it as Apache module, anyway. There is no requirement for the Subversion server to run on a Linux machine, even if it is the installation option documented here. You can even choose to use a Subversion server outside of your site, if you think the network connection is good enough.
+If you need to install a Subversion server, the easiest is to install Apache using YUM. Another option is to retrieve the RPMs for Subversion from [http://subversion.tigris.org/project_packages.html Subversion site]. Don't forget to install the Apache module which is in a separate RPM.
+There are many possible installation options for a Subversion
+server. The best is to install it as Apache module, anyway. There is
+no requirement for the Subversion server to run on a Linux machine,
+even if it is the installation option documented here. You can even
+choose to use a Subversion server outside of your site, if you think
+the network connection is good enough.
+If you need to install a Subversion server, the easiest is to install
+Apache using YUM. Another option is to retrieve the RPMs for
+Subversion from [http://subversion.tigris.org/project_packages.html
+Subversion site]. Don't forget to install the Apache module which is
+in a separate RPM.
 A typical SVN installation with YUM is:
 …
 }}}
+Apache SVN module configuration (`/etc/httpd/conf.d/subversion.conf`) must be edited to configure URL used by SVN. A typical example, based on previously created repository (adjust paths to reflect your configuration) is:
+Apache SVN module configuration (`/etc/httpd/conf.d/subversion.conf`)
+must be edited to configure URL used by SVN. A typical example, based
+on previously created repository (adjust paths to reflect your
+configuration) is:
 {{{
 <Location /svn>
 …
 }}}
+To configuration SVN authentication for SCDB repository, you need to create one or more accounts in `/etc/httpd/security/passwd`. You can use `htpasswd` or `openssl passwd -apr1` to generate an encrypted password.
+You also need to define SVN ACLs in `/etc/httpd/security/svn-repositories-access`. A typical file to start is (it assumes the account you created is called `quattormgr`, if this is a list it must be comma separated):
+To configure SVN authentication for SCDB repository, you need to
+create one or more accounts in `/etc/httpd/security/passwd`. You can
+use `htpasswd` or `openssl passwd -apr1` to generate an encrypted
+password.
+You also need to define SVN ACLs in
+`/etc/httpd/security/svn-repositories-access`. A typical file to start
+is (it assumes the account you created is called `quattormgr`, if this
+is a list it must be comma separated):
 {{{
 [groups]
 …
 }}}
+If you want to share DHCP between Quattor and non Quattor usage, it's probably better to move the last part (`subnet...`) into a separate file, like `/etc/dhcpd/quattor.conf` and replace it in the main configuration file by:
+If you want to share DHCP between Quattor and non Quattor usage, it's
+probably better to move the last part (`subnet...`) into a separate
+file, like `/etc/dhcpd/quattor.conf` and replace it in the main
+configuration file by:
 {{{
 include "/etc/dhcpd/quattor.conf";
 }}}
+See `man dhcpd` and `man dhcpd.conf` for details about DHCP server configuration, in particular to support multiple subnets and other advanced features.
+TFTP server is run by `xinetd`. In the default configuration, it is disabled. Enable it by editing `/etc/xinetd.d/tftp`, modifying `disable` parameter from `yes` to `no`.
+Note that default location for TFTP root in AII configuration files is {{{/osinstall/nbp}}}. It must be explicitly defined if you want to use {{{/tftpboot}}} or another location.
+See `man dhcpd` and `man dhcpd.conf` for details about DHCP server
+configuration, in particular to support multiple subnets and other
+advanced features.
+TFTP server is run by `xinetd`. In the default configuration, it is
+disabled. Enable it by editing `/etc/xinetd.d/tftp`, modifying
+`disable` parameter from `yes` to `no`.
+Note that default location for TFTP root in AII configuration files is
+{{{/osinstall/nbp}}}. It must be explicitly defined if you want to use
+{{{/tftpboot}}} or another location.
 == Quattor Server ==
+In addition to the base system installation, you need to install the following RPMs on a Quattor server where you want to use SCDB :
+In addition to the base system installation, you need to install the
+following RPMs on a Quattor server where you want to use SCDB :
  * Java VM > 1.5.0
 …
  * cdb-sync
  * ncm-template
+ * aii-server
+All but Java and SVN client can be download from http://quattorsrv.lal.in2p3.fr/packages/quattor/sl. Always use the last version, unless explicitly mentionned. You can also use APT or YUM from http://quattorsw.web.cern.ch/quattorsw/software/quattor.
+ * aii-server (2.4 or higher)
+ * ncm-lib-blockdevices (0.18.5 or 0.20)
+ * aii-ks
+ * aii-pxelinux
+All but Java and SVN client can be download from
+http://quattorsrv.lal.in2p3.fr/packages/quattor/sl. Always use the
+last version, unless explicitly mentioned. You can also use APT or YUM
+from http://quattorsw.web.cern.ch/quattorsw/software/quattor.
 == SCDB Initialization ==
+To start with SCDB, you first need to install a [http://subversion.tigris.org Subversion] server, an open source product. The http based repository access '''must''' be used for quattor, the standalone access wont work (limitation of the build script).
+To start with SCDB, you first need to install a
+[http://subversion.tigris.org Subversion] server, an open source
+product. The http based repository access '''must''' be used for
+quattor, the standalone access wont work (limitation of the build
+script).
 After you have a Subversion server installed, you need to :
+ * Create a Subversion repository that will be used for SCDB, if it doesn't exist yet, and associate this repository with a URL (this can involve modifying Apache configuration). There is no need to use a dedicated repository. E.g. : `http://svn.example.org/Quattor`.
+ * Create a branch in this repository where SCDB will be stored, if the repository is not dedicated to SCDB. E.g. : `http://svn.example.org/Quattor/CDB`.
+ * In this branch, create 2 branches `trunk` and `tags` (`tags` is managed by SCDB tools, all the actions you'll do later will be done in `trunk`. You can also create other branches for your conveniences (like `branches` but they are not used by standard tools).
+ * Choose the QWG templates version that suit your needs and import [source:SCDB/tags/pro SCDB base] and QWG templates in directory that will become you working area. See [wiki:Download/QWGTemplates QWG download] for detailed instructions. The easiest is to download and use [source:templates/trunk/tools/check-compile.sh check-compile.sh] (use option `-h` to get the list of available options). For example, assuming you want to create a `cdb` sub-directory of your current directory and download QWG templates gLite-3.0.2-10 :
+ * Create a Subversion repository that will be used for SCDB, if it
+   doesn't exist yet, and associate this repository with a URL (this
+   can involve modifying Apache configuration). There is no need to
+   use a dedicated repository. E.g. :
+   `http://svn.example.org/Quattor`.
+ * Create a branch in this repository where SCDB will be stored, if
+   the repository is not dedicated to SCDB. E.g. :
+   `http://svn.example.org/Quattor/CDB`.
+ * In this branch, create 2 branches `trunk` and `tags` (`tags` is
+   managed by SCDB tools, all the actions you'll do later will be done
+   in `trunk`. You can also create other branches for your
+   conveniences (like `branches` but they are not used by standard
+   tools).
+ * Choose the QWG templates version that suit your needs and import
+   [source:SCDB/tags/pro SCDB base] and QWG templates in directory
+   that will become you working area. See [wiki:Download/QWGTemplates
+   QWG download] for detailed instructions. The easiest is to download
+   and use [source:templates/trunk/tools/check-compile.sh
+   check-compile.sh] (use option `-h` to get the list of available
+   options). For example, assuming you want to create a `cdb`
+   sub-directory of your current directory and download QWG templates
+   gLite-3.0.2-10 :
 {{{
 check-compile.sh -d cdb /templates/tags/gLite-3.0.2-10
 …
 svn co http://svn.example.org/Quattor/CDB/trunk .
 }}}
+ * Configure the repository to ignore some files produced when compiling, using the following command :
+ * Configure the repository to ignore some files produced when
+   compiling, using the following command :
 {{{
 cat > /tmp/ignore <<EOF
 …
 == Site Configuration ==
+After copying the SCDB distribution, you need to create your first site. You can do this by copying `sites/example` directory and customizing a few templates.
+After copying the SCDB distribution, you need to create your first
+site. You can do this by copying `sites/example` directory and
+customizing a few templates.
 === RPM Repositories ===
+To use Quattor, you need to deploy software repositories. Even if you want to customize it later, you are probably better to start with a configuration similar to what is provided in `repository` directory of `sites/example` directory. You can retrieve an initial directory content  for each RPM repository by downloading the contents of the URL specified in comments at the beginning of each repository templates.
+To use Quattor, you need to deploy software repositories. Even if you
+want to customize it later, you are probably better to start with a
+configuration similar to what is provided in `repository` directory of
+`sites/example` directory. You can retrieve an initial directory
+content for each RPM repository by downloading the contents of the URL
+specified in comments at the beginning of each repository templates.
 === Basic System Configuration ===
+Basic system configuration (network parameters, DNS servers, ...) are grouped in template `pro_site_cluster_info.tpl` in `site` directory of your site. Look at comments to understand what you need to modify.
+Basic system configuration (network parameters, DNS servers, ...) are
+grouped in template `pro_site_cluster_info.tpl` in `site` directory of
+your site. Look at comments to understand what you need to modify.
 === Middleware Configuration ===
+Middleware configuration is located in template `pro_lcg2_config_site.tpl` in `site` directory of your site. Look at comments to understand what you need to modify.
+Middleware configuration is located in template
+`pro_lcg2_config_site.tpl` in `site` directory of your site. Look at
+comments to understand what you need to modify.
 == Cluster Configuration ==
+After creating your site, you need to create your first cluster. You can do this by copying `clusters/example` directory and customizing a few templates.
+After creating your site, you need to create your first cluster. You
+can do this by copying `clusters/example` directory and customizing a
+few templates.
 === Hardware description ===
+You need to create a template describing the hardware configuration of your machines. This is generally placed in `hardware`sub-directory of site directory. Look at examples.
+You need to create a template describing the hardware configuration of
+your machines. This is generally placed in `hardware`sub-directory of
+site directory. Look at examples.
 === Adding Machine to pro_site_database.tpl ===
+Before being able to configure the machine, you need to create an entry for the machine name in both tables of  `pro_site_database.tpl`. First entry defines the address associated with the machine name, second entry defines the hardware template associated with the machne.
+Before being able to configure the machine, you need to create an
+entry for the machine name in both tables of
+`pro_site_database.tpl`. First entry defines the address associated
+with the machine name, second entry defines the hardware template
+associated with the machne.
 === Creating Machine Profile ===
+Copy an existing profile in examples corresponding to the machine type you want to create.
+Copy an existing profile in examples corresponding to the machine type
+you want to create.
 == Quattor Server Final configuration ==
+Before being able to deploy the created configuration, there is a last configuration step needed to allow deployment of the configuration after successful compilation. This involves :
+ * Adding a hook script to the Subversion repository to trigger the deployment
+ * Adding a script on the Quattor server that will be launched by the hook script, using ssh
+ * Configuring SSH keys to allow execution of the previous script as root (preferably) from the Apache account
+ * Add a CGI script on Quattor server used at end of installation of a machine to allow next boot from local disk.
+Before being able to deploy the created configuration, there is a last
+configuration step needed to allow deployment of the configuration
+after successful compilation. This involves :
+ * Adding a hook script to the Subversion repository to trigger the
+   deployment
+ * Adding a script on the Quattor server that will be launched by the
+   hook script, using ssh
+ * Configuring SSH keys to allow execution of the previous script as
+   root (preferably) from the Apache account
+ * Add a CGI script on Quattor server used at end of installation of a
+   machine to allow next boot from local disk.
  * Configuration of AII
 === Installation of hook script and server script ===
 …
 === Post-installation CGI Script ===
+At the end of a machine installation, as part of the Kickstart post-intallation script, a CGI script is executed on the Quattor server to change PXE configuration in order for the machine to boot from local disk next time. This allows to set PXE as the first boot device in the BIOS and control re-installation via `aii-shellfe` command.
+This script, `aii-installack.cgi`, can be found in SCDB directory `src/cgis`. It must be placed on the Web server running on the Quattor server, in the directory for CGIs.
+The apache server must be able to run that script as root. Best is to have {{{sudo}}} installed and use {{{visudo}}} to add the following to {{{/etc/sudoers}}}:
+At the end of a machine installation, as part of the Kickstart
+post-intallation script, a CGI script is executed on the Quattor
+server to change PXE configuration in order for the machine to boot
+from local disk next time. This allows to set PXE as the first boot
+device in the BIOS and control re-installation via `aii-shellfe`
+command.
+This script, `aii-installack.cgi`, can be found in SCDB directory
+`src/cgis`. It must be placed on the Web server running on the Quattor
+server, in the directory for CGIs.
+The apache server must be able to run that script as root. Best is to
+have {{{sudo}}} installed and use {{{visudo}}} to add the following to
+{{{/etc/sudoers}}}:
 {{{apache sbgat419.in2p3.fr=(ALL) NOPASSWD: /usr/sbin/aii-shellfe}}}
 …
 This involves 2 separate steps :
  * Customization of `/etc/aii*.conf` files
+ * Customization of `/etc/aii/aii*.conf` files
  * Customization of AII related variables in templates
+To customize AII configuration files, located in `/etc` and named `aii-*.conf`, refer to the comment in each files. Main parameters to customize are the URL to use to download profiles (in `aii-shellfe.conf`) and the directory where to place kickstart configuration files produced by AII (in `aii-osinstall.conf`).
+There are a few variables to customize in site templates to reflect your Quattor and AII configuration, mainly :
+To customize AII configuration files, located in `/etc` and named
+`aii-*.conf`, refer to the comment in each files. Main parameters to
+customize are the URL to use to download profiles (in
+`aii-shellfe.conf`) and the directory where to place kickstart
+configuration files produced by AII (in `aii-osinstall.conf`).
+There are a few variables to customize in site templates to reflect
+your Quattor and AII configuration, mainly :
  * `QUATTOR_PROFILE_URL` : URL to use to download machine profiles.
+ * `AII_OSINSTALL_SRV` : Name of the Web server serving kickstart configuration files and RPMs.
+ * `AII_ACKSRV` : Name of the Web server to use for the post-installation CGI. Defaults to `AII_OSINSTALL_SRV`
+ * `AII_ACKCGI` : post-installation CGI URL. Defaults to `/cgi-bin/aii-installack.cgi`.
+ * `AII_OSINSTALL_TEMPLATE` : name of the Kickstart configuration template to use. Defaults to `i386_sl3_ks.conf`.
+These variables are generally defined site-wide, in the template `pro_site_global_variables.tpl` located in site directory. Look at provided examples, in SCDB distribution.
+ * `AII_OSINSTALL_SRV` : Name of the Web server serving kickstart
+ * configuration files and RPMs.
+ * `AII_ACKSRV` : Name of the Web server to use for the
+   post-installation CGI. Defaults to `AII_OSINSTALL_SRV`
+ * `AII_ACKCGI` : post-installation CGI URL. Defaults to
+   `/cgi-bin/aii-installack.cgi`.
+ * `AII_OSINSTALL_TEMPLATE` : name of the Kickstart configuration
+   template to use. Defaults to `i386_sl3_ks.conf`.
+These variables are generally defined site-wide, in the template
+`pro_site_global_variables.tpl` located in site directory. Look at
+provided examples, in SCDB distribution.
+=== Downloading the distribution's images ===
+If you want to perform network-based installations, you need to
+download the distribution's CDs. They contain the kernel and initrd to
+be used during the installation, which will re-direct to Red Hat's
+installer. This installer is also located on the CD (usually the first
+CD) or DVD of your distribution.
+The easiest way is to download the full DVD of your distro, f.i, SL:
+{{{
+wget http://.../distro-version.iso
+}}}
+Then, mount it somewhere Apache can read to. For instance,
+`/var/www/html/your_platform`:
+{{{
+mount -o bind /path/to/dvd/image /var/www/html/sl520-x86_64
+}}}
+Add it to your fstab, if needed. Next, you'll need to copy the files
+used for PXE somewhere the TFTP server can reach them. Their location
+depends on the distribution, it's usually on a directory called
+pxeboot:
+{{{
+mkdir /osinstall/nbp/<platform>
+cp  /var/www/html/<platform>/.../pxeboot/* /osinstall/nbp/<platform>
+}}}
 == Compiling and Deploying ==
+After the configuration is finished, you can try to compile your first profile, deploy it and install the machine. This involves the following steps :
+After the configuration is finished, you can try to compile your first
+profile, deploy it and install the machine. This involves the
+following steps :
  * In SCDB (working area copy) top level directory :