Apel Upgrade

A blow by blow account of how Birmingham upgraded to Apel 3.2.

Introduction

The upgrade process mainly followed the instructions published by Alessandra on the NorthGrid Blog. These are pretty much all you need to get the system working.

At Birmingham we decided to separate the Apel service from everything else (previously running on our old cfengine/dhcp/ganglia server). Because of this, the new Apel Box has a different IP and machine name to the old MonBox? . I don't think/hope this has been the source of any major problems.

Step 1: Prepare the machine

Install your favourite version of SL5 on a 64 bit machine. Our Apel services are running on a virtual machine at Birmingham. Very Important - don't forget to register the machine in the GOCDB, including the full DN. It should be registered as a glite-APEL service.

We opened ports 443 (RGMA) and 3306 (MySQL? ), in addition to others required for local config (local nagios, ganglia etc).

Step 2: Install and configure MySQL?

Simple:
  yum -y install mysql MySQL-python mysql-server

This was then configured using the passwords etc from the site-info.def file:

/usr/bin/mysqladmin -u root password 'hohoho'
/usr/bin/mysqladmin -u root -h epgr11.ph.bham.ac.uk password 'blahblahblah'
mysql --pass="hohoho" --exec "grant all on accounting.* to 'accounting'@'epgr02.ph.bham.ac.uk' identified by 'hehehe'"

The last line was executed for all lcg-CE and Cream-CEs that connect to the Apel Box.

We did not export the original MySQL? database from the old MonBox? . Our new Apel Box started off with a clean and shiny MySQL? database. We did not lose any accounting data though - the CEs eventually pushed their existing accounting data onto the new Apel Box. This appears to have worked for now, but it might come back to haunt us...

We also made sure at this stage that java was installed (specifically jdk.x86_64-2000:1.6.0_22-fcs).

Step 3: Install glite middleware

Again, simple:
  /usr/bin/wget -T 20 -N -P/etc/yum.repos.d/ http://grid-deployment.web.cern.ch/grid-deployment/glite/repos/3.2/lcg-CA.repo
  /usr/bin/wget -T 20 -N -P/etc/yum.repos.d/ http://grid-deployment.web.cern.ch/grid-deployment/glite/repos/3.2/glite-APEL.repo

  yum -y install lcg-CA
  yum -y install glite-APEL

Step 4: Configure Apel Box

Run yaim:

/opt/glite/yaim/bin/yaim -c -s /root/yaim-conf/site-info.def -n glite-APEL

The existing site-info.def was fine for this - no changes required.

Step 5: Configure everything else

Update the MON_HOST variable on site-info.def files used to configure any and all lcg-CE and CreamCE's. Rerun yaim on these machines.

Step 6: Run apel-publisher

I wanted to test the installation immediately, so I took the commands from /etc/cron.d/glite-apel-publisher:

export APEL_HOME=/opt/glite
/opt/glite/bin/apel-publisher -f /opt/glite/etc/glite-apel-publisher/publisher-config-yaim.xml >> /var/log/apel.log 2>&1

This failed the first time I tried it (I got GGUS help here). The Apel broker can take up to an hour to update its information from the GOCDB, so if it doesn't work at first, try again later.

In the case of Birmingham, we had to edit the DN of our Apel Box in the GOCDB. For some reason, Apel preferred "EMAILADDRESS" over "emailAddress", which is how it appears in the DN embedded in hostcert.pem. Changing to "EMAILADDRESS" in the GOCDB fixed the problem and we were able to publish accounting data.

Outstanding problems

Nagios keeps complaining that the machine is failing the hr.srce.RGMA-CertLifetime test. Not sure what to do about this. Started by opening port 443.

-- ChristopherCurtis - 05 Nov 2010

Topic revision: r2 - 30 Nov 2010 - 11:11:19 - ChristopherCurtis
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback