Commit 893a03ed authored by Steven Murray's avatar Steven Murray
Browse files

Added a new section the cta documentation that explains how to install a local EOS instance

parent 6ed45586
......@@ -276,10 +276,351 @@ For most commands there is a short version and a long one. Due to the limited nu
\chapter{Getting the prototype up and running}
This chapter describes what you need in order to setup the CTA prototype and to get its components running.
This chapter explains how to install the CTA prototype together with a local
EOS instance on a single local development box.
\section{Make sure EOS is installed and running}
While installing EOS is out of the scope of this section, you should make sure to have a version of EOS which uses xroot version 4.0 or later. This is for example the case of EOS version 0.4.6.
\section{Install a local EOS instance}
The CTA project requires xroot version 4 or higher. EOS depends on xroot and
therefore the EOS version used must also be compatible with xroot version 4 or
higher. An example combination of EOS and xroot versions compatible with the
CTA project are EOS version 0.4.6 Citrine together with xroot version 4.2.3-1.
\subsection{Configure yum to be able to find the correct EOS and xroot rpms}
For the EOS rpms create the \texttt{/etc/yum.repos.d/eos.repo} file with the
following contents.
\begin{verbatim}
[eos-citrine]
name=EOS 0.3 Version
baseurl=http://eos.cern.ch/rpms/eos-citrine/slc-6-x86_64/
gpgcheck=0
enabled=1
\end{verbatim}
For the xroot rpms create the \texttt{/etc/yum.repos.d/eos.repo} file with the
following contents.
\begin{verbatim}
[epel]
name=UNSUPPORTED: Extra Packages for Enterprise Linux add-ons, no formal support from CERN
baseurl=http://linuxsoft.cern.ch/epel/6/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1
enabled=1
protect=0
\end{verbatim}
\begin{verbatim}
[epel-debug]
name=UNSUPPORTED: Extra Packages for Enterprise Linux add-ons, no formal support from CERN - debug RPMs
baseurl=http://linuxsoft.cern.ch/epel/6/$basearch/debug/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1
enabled=0
protect=0
\end{verbatim}
\begin{verbatim}
[epel-source]
name=UNSUPPORTED: Extra Packages for Enterprise Linux add-ons, no formal support from CERN - source RPMs
baseurl=http://linuxsoft.cern.ch/epel/6/SRPMS/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1
enabled=0
protect=0
\end{verbatim}
\begin{verbatim}
[epel-testing]
name=UNSUPPORTED: Extra Packages for Enterprise Linux add-ons, no formal support from CERN - testing
baseurl=http://linuxsoft.cern.ch/epel/testing/6/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1
enabled=0
protect=0
\end{verbatim}
\begin{verbatim}
[epel-testing-debug]
name=UNSUPPORTED: Extra Packages for Enterprise Linux add-ons, no formal support from CERN - testing debug RPMs
baseurl=http://linuxsoft.cern.ch/epel/testing/6/$basearch/debug/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1
enabled=0
protect=0
\end{verbatim}
\begin{verbatim}
[epel-testing-source]
name=UNSUPPORTED: Extra Packages for Enterprise Linux add-ons, no formal support from CERN - testing source RPMs
baseurl=http://linuxsoft.cern.ch/epel/testing/6/SRPMS/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1
enabled=0
protect=0
\end{verbatim}
\subsection{Install the EOS and \texttt{xrootd} rpms}
Install the rpms using yum.
\begin{verbatim}
sudo yum install eos-client eos-server xrootd-client xrootd-debuginfo xrootd-server
\end{verbatim}
Here is an example list of succesfully installed EOS and \texttt{xrootd} rpms.
\begin{verbatim}
rpm -qa | egrep 'eos|xrootd' | sort
eos-client-0.4.6-citrine.slc6.x86_64
eos-server-0.4.6-citrine.slc6.x86_64
xrootd-4.2.3-1.el6.x86_64
xrootd-client-4.2.3-1.el6.x86_64
xrootd-client-devel-4.2.3-1.el6.x86_64
xrootd-client-libs-4.2.3-1.el6.x86_64
xrootd-debuginfo-4.1.1-1.slc6.x86_64
xrootd-devel-4.2.3-1.el6.x86_64
xrootd-libs-4.2.3-1.el6.x86_64
xrootd-private-devel-4.2.3-1.el6.noarch
xrootd-python-4.2.3-1.el6.x86_64
xrootd-selinux-4.2.3-1.el6.noarch
xrootd-server-4.2.3-1.el6.x86_64
xrootd-server-devel-4.2.3-1.el6.x86_64
xrootd-server-libs-4.2.3-1.el6.x86_64
\end{verbatim}
\subsection{Setup the EOS \texttt{sysconfig} file}
Create the \texttt{/etc/syconfig/eos} file based on the example installed by the
\texttt{eos-server} rpm:
\begin{verbatim}
sudo cp /etc/sysconfig/eos.example /etc/sysconfig/eos
\end{verbatim}
Reduce the \texttt{xrootd} daemon roles to the bare minimum of just \texttt{mq},
\texttt{mgm} and \texttt{fst}. This means there will be a total of three
\texttt{xrootd} daemons running for EOS on the local development box.
\begin{verbatim}
sudo sed -i 's/^XRD_ROLES=.*/XRD_ROLES="mq mgm fst"/' eos
\end{verbatim}
Set the name of the EOS instance.
\begin{verbatim}
sudo sed -i 's/EOS_INSTANCE_NAME=.*/EOS_INSTANCE_NAME=eoscta/' /etc/sysconfig/eos
\end{verbatim}
Replace all of the hostnames with the fully qualified hostname of the local
development box.
\begin{verbatim}
sudo sed -i 's/^XRD_ROLES=.*/XRD_ROLES="mq mgm fst"/' /etc/sysconfig/eos
sudo sed -i 's/localhost\|eos.*cern\.ch/devbox.cern.ch/' /etc/sysconfig/eos
\end{verbatim}
The differences between the example EOS \texttt{sysconfig} file and the newly
created one should look something like this.
\begin{verbatim}
diff /etc/sysconfig/eos.example /etc/sysconfig/eos
36c36
< XRD_ROLES="mq sync mgm fst fed global-mq"
---
> XRD_ROLES="mq mgm fst"
43c43
< export EOS_INSTANCE_NAME=eosdev
---
> export EOS_INSTANCE_NAME=eoscta
49c49
< export EOS_BROKER_URL=root://localhost:1097//eos/
---
> export EOS_BROKER_URL=root://devbox.cern.ch:1097//eos/
55c55
< export EOS_MGM_MASTER1=eosdevsrv1.cern.ch
---
> export EOS_MGM_MASTER1=devbox.cern.ch
58c58
< export EOS_MGM_MASTER2=eosdevsrv2.cern.ch
---
> export EOS_MGM_MASTER2=devbox.cern.ch
61c61
< export EOS_MGM_ALIAS=eosdev.cern.ch
---
> export EOS_MGM_ALIAS=devbox.cern.ch
87c87
< export EOS_FUSE_MGM_ALIAS=eosdev.cern.ch
---
> export EOS_FUSE_MGM_ALIAS=devbox.cern.ch
173c173
< export EOS_FED_MANAGER=eos.cern.ch:1094
---
> export EOS_FED_MANAGER=devbox.cern.ch:1094
198c198
< export EOS_TEST_REDIRECTOR=localhost
---
> export EOS_TEST_REDIRECTOR=devbox.cern.ch
213c213
< # export EOS_VST_BROKER_URL=root://eos.cern.ch:1099//eos/
---
> # export EOS_VST_BROKER_URL=root://devbox.cern.ch:1099//eos/
219c219
< # export EOS_VST_TRUSTED_HOST=eos.cern.ch
---
> # export EOS_VST_TRUSTED_HOST=devbox.cern.ch
\end{verbatim}
\subsection{Create a simple shared secret \texttt{keytab} file}
In order to internally authenticate the \texttt{mgm} and \texttt{fst} nodes
using the simple shared secret mechanism, create a simple shared secret
\texttt{keytab} file.
\begin{verbatim}
xrdsssadmin -k eoscta -u daemon -g daemon add /etc/eos.keytab
\end{verbatim}
\subsection{Create a kerberos \texttt{keytab} file readable by the EOS \texttt{xrootd} daemons}
Create a system \texttt{/etc/krb5.keytab} file if one does not already exist,
for example install the \texttt{cern-get-keytab} rpm if the development box is
at CERN and runs a CERN supported version of linux.
\begin{verbatim}
yum install cern-get-keytab
\end{verbatim}
In order for the EOS \texttt{mgm} to authenticate users using kerberos, create a
kerberos \texttt{keytab} file based on the system one and make it readable by
the EOS \texttt{xrootd} daemons.
\begin{verbatim}
sudo cp /etc/krb5.keytab /etc/krb5.keytab.eos
sudo chown daemon /etc/krb5.keytab.eos
\end{verbatim}
\subsection{Setup the \texttt{/etc/xrd.cf.mgm} configuration file}
Backup the original \texttt{/etc/xrd.cf.mgm} file installed by the
\texttt{eos-server} rpm.
\begin{verbatim}
sudo cp /etc/xrd.cf.mgm /etc/xrd.cf.mgm_ORGINIAL
\end{verbatim}
Disable the unix based authentication mechanism of xroot.
\begin{verbatim}
sudo sed -i 's/^sec.protocol unix.*/# &/' /etc/xrd.cf.mgm
\end{verbatim}
Disable the gsi based authentication mechanism of xroot.
\begin{verbatim}
sudo sed -i 's/^sec.protocol gsi.*/# &/' /etc/xrd.cf.mgm
\end{verbatim}
Configure the kerberos athentication mechanism of xroot to read the EOS
specific kerberos \texttt{keytab} file.
\begin{verbatim}
sudo sed -i 's/^sec.protocol krb5.*/sec.protocol krb5 \/etc\/krb5.keytab.eos host\/<host>@CERN.CH/' /etc/xrd.cf.mgm
\end{verbatim}
Set the order of authentication mechanisms to be used to kerberos followed by
simple shared secret.
\begin{verbatim}
sudo sed -i 's/^sec.protbind.*/# &/' /etc/xrd.cf.mgm
sudo sed -i 's/^# sec.protbind \*.*/sec.protbind only krb5 sss/'
\end{verbatim}
The differences between the orginal \texttt{xrd.cf.mgm} file and the newly
created one should look something like this.
\begin{verbatim}
diff /etc/xrd.cf.mgm_ORIGINAL /etc/xrd.cf.mgm
16c16
< sec.protocol unix
---
> #sec.protocol unix
21c21
< sec.protocol krb5 host/<host>@CERN.CH
---
> sec.protocol krb5 /etc/krb5.keytab.eos host/<host>@CERN.CH
26c26
< sec.protocol gsi -crl:0 -cert:/etc/grid-security/daemon/hostcert.pem -key:/etc/grid-security/daemon/hostkey.pem -gridmap:/etc/grid-security/grid-mapfile -d:0 -gmapopt:2 -vomsat:1 -moninfo:1
---
> #sec.protocol gsi -crl:0 -cert:/etc/grid-security/daemon/hostcert.pem -key:/etc/grid-security/daemon/hostkey.pem -gridmap:/etc/grid-security/grid-mapfile -d:0 -gmapopt:2 -vomsat:1 -moninfo:1
29,31c29
< sec.protbind localhost.localdomain unix sss
< sec.protbind localhost unix sss
< sec.protbind * only krb5 gsi sss unix
---
> sec.protbind * only krb5 sss
41c39
< mgmofs.broker root://localhost:1097//eos/
---
> mgmofs.broker root://devbox.cern.ch:1097//eos/
\end{verbatim}
\subsection{Setup the /etc/xrd.cf.fst configuration file}
Backup the original \texttt{/etc/xrd.cf.fst} file installed by the
\texttt{eos-server} rpm.
\begin{verbatim}
sudo cp /etc/xrd.cf.fst /etc/xrd.cf.fst_ORGINIAL
\end{verbatim}
Replace all of the hostnames with the fully qualified hostname of the local
development box.
\begin{verbatim}
sudo sed -i 's/localhost\|eos.*cern\.ch/devbox.cern.ch/' /etc/xrd.cf.fst
\end{verbatim}
The differences between the orginal \texttt{xrd.cd.fst} file and the newly
created one should look something like this:
\begin{verbatim}
diff /etc/xrd.cf.fst_ORIGINAL /etc/xrd.cf.fst
18c18
< all.manager localhost 2131
---
> all.manager devbox.cern.ch 2131
27c27
< fstofs.broker root://localhost:1097//eos/
---
> fstofs.broker root://devbox.cern.ch:1097//eos/
\end{verbatim}
\subsection{Set both the EOS \texttt{mgm} and the EOS \texttt{mq} to be masters}
\begin{verbatim}
sudo service eos master mgm
sudo service eos master mq
\end{verbatim}
\subsection{Create a local directory to be used to store files by the EOS \texttt{fst}}
\begin{verbatim}
sudo mkdir -p /fst
sudo chown daemon:daemon /fst/
\end{verbatim}
\subsection{Start the xrootd daemons that will run the EOS \texttt{mgm}, \texttt{mq} and \texttt{fst} plugins}
\begin{verbatim}
sudo service eos start
\end{verbatim}
\subsection{Enable the kerboos and simple shared secret authentication mechanisms within EOS as opposed to xroot}
\begin{verbatim}
sudo eos vid enable sss
sudo eos vid enable krb5
\end{verbatim}
\subsection{Register the local /fst directory with the default EOS space}
\begin{verbatim}
sudo EOS_MGM_URL="root://devbox.cern.ch" eosfstregister -r /fst default:1
\end{verbatim}
\subsection{Put the EOS fst node on-line}
\begin{verbatim}
sudo eos node set devbox.cern.ch on
\end{verbatim}
\subsection{Enable the default EOS space}
\begin{verbatim}
sudo eos space set default on
\end{verbatim}
\subsection{Create the EOS namespace}
Create the \texttt{/eos} directory within the EOS namespace, map it to the EOS
\texttt{default} space and then set the number of replicas to 1.
\begin{verbatim}
sudo eos mkdir /eos
sudo eos attr -r set default=replica /eos
sudo eos attr -r set sys.forced.nstripes="1" /eos
\end{verbatim}
\section{Set up the objectstore VFS backend}
First we create the new objectstore VFS backend using a simple executable:
......@@ -325,4 +666,4 @@ $ <cta_build_dir>/cmdline/cta ls /
$ <cta_build_dir>/cmdline/cta a "eos://eos/passwd" /cta/file5
\end{verbatim}
\end{document}
\ No newline at end of file
\end{document}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment