Apel Upgrade
A blow by blow account of how Birmingham upgraded to Apel 3.2.
Introduction
The upgrade process mainly followed the instructions published by Alessandra on the
NorthGrid Blog. These are pretty much all you need to get the system working.
At Birmingham we decided to separate the Apel service from everything else (previously running on our old cfengine/dhcp/ganglia server). Because of this, the new Apel Box has a different IP and machine name to the old
MonBox? . I don't think/hope this has been the source of any major problems.
Step 1: Prepare the machine
Install your favourite version of SL5 on a 64 bit machine. Our Apel services are running on a virtual machine at Birmingham. Very Important - don't forget to register the machine in the GOCDB, including the full DN. It should be registered as a
glite-APEL
service.
We opened ports 443 (RGMA) and 3306 (
MySQL? ), in addition to others required for local config (local nagios, ganglia etc).
Step 2: Install and configure MySQL?
Simple:
yum -y install mysql MySQL-python mysql-server
This was then configured using the passwords etc from the site-info.def file:
/usr/bin/mysqladmin -u root password 'hohoho'
/usr/bin/mysqladmin -u root -h epgr11.ph.bham.ac.uk password 'blahblahblah'
mysql --pass="hohoho" --exec "grant all on accounting.* to 'accounting'@'epgr02.ph.bham.ac.uk' identified by 'hehehe'"
The last line was executed for all lcg-CE and Cream-CEs that connect to the Apel Box.
We did not export the original
MySQL? database from the old
MonBox? . Our new Apel Box started off with a clean and shiny
MySQL? database. We did not lose any accounting data though - the CEs eventually pushed their existing accounting data onto the new Apel Box. This appears to have worked for now, but it might come back to haunt us...
We also made sure at this stage that java was installed (specifically jdk.x86_64-2000:1.6.0_22-fcs).
Step 3: Install glite middleware
Again, simple:
/usr/bin/wget -T 20 -N -P/etc/yum.repos.d/ http://grid-deployment.web.cern.ch/grid-deployment/glite/repos/3.2/lcg-CA.repo
/usr/bin/wget -T 20 -N -P/etc/yum.repos.d/ http://grid-deployment.web.cern.ch/grid-deployment/glite/repos/3.2/glite-APEL.repo
yum -y install lcg-CA
yum -y install glite-APEL
Step 4: Configure Apel Box
Run yaim:
/opt/glite/yaim/bin/yaim -c -s /root/yaim-conf/site-info.def -n glite-APEL
The existing site-info.def was fine for this - no changes required.
Step 5: Configure everything else
Update the
MON_HOST
variable on site-info.def files used to configure any and all lcg-CE and
CreamCE's. Rerun yaim on these machines.
Step 6: Run apel-publisher
I wanted to test the installation immediately, so I took the commands from
/etc/cron.d/glite-apel-publisher
:
export APEL_HOME=/opt/glite
/opt/glite/bin/apel-publisher -f /opt/glite/etc/glite-apel-publisher/publisher-config-yaim.xml >> /var/log/apel.log 2>&1
This failed the first time I tried it (I got
GGUS help here). The Apel broker can take up to an hour to update its information from the GOCDB, so if it doesn't work at first, try again later.
In the case of Birmingham, we had to edit the DN of our Apel Box in the GOCDB. For some reason, Apel preferred "EMAILADDRESS" over "emailAddress", which is how it appears in the DN embedded in hostcert.pem. Changing to "EMAILADDRESS" in the GOCDB fixed the problem and we were able to publish accounting data.
Outstanding problems
Nagios keeps complaining that the machine is failing the
hr.srce.RGMA-CertLifetime
test. Not sure what to do about this. Started by opening port 443.
--
ChristopherCurtis - 05 Nov 2010