Document use cta:cta user instead of stage:st

aa0cfcc3 · Michael Davis · 83cdf2f3 · aa0cfcc3 · aa0cfcc3
Commit aa0cfcc3 authored 7 years ago by Michael Davis
--- a/doc/latex/CTA_Admin_EOS.tex
+++ b/doc/latex/CTA_Admin_EOS.tex
@@ -101,23 +101,27 @@ ktutil:  @@quit@@

 \section{Create a Simple Shared Secret \texttt{keytab} file}

+\begin{alertbox}
+The \texttt{cta} user must exist before creating the SSS keys. This should be done automatically when the CTA RPMs are
+installed.
+\end{alertbox}
+
 The EOS \texttt{mgm} and \texttt{fst} nodes authenticate to each other using the Simple Shared Secret (SSS) mechanism.
 The \texttt{xrdsssadmin} tool is used to create a keytab containing the Tape Server key and EOS instance key:
 \begin{lstlisting}
-# xrdsssadmin -k cta-taped -u stage -g st add /etc/eos.keytab
+# xrdsssadmin -k cta-taped -u cta -g cta add /etc/eos.keytab
 xrdsssadmin: Keyfile '/etc/eos.keytab' does not exist. Create it? (y | n): y
 xrdsssadmin: 1 key out of 1 kept (0 expired).
 # xrdsssadmin -k eosdev -u daemon -g daemon add /etc/eos.keytab
 xrdsssadmin: 2 keys out of 2 kept (0 expired).
 # chown daemon:daemon /etc/eos.keytab
 \end{lstlisting}
-Then create a second keytab containing only the Tape Server key. This should be done after installing the Tape Server
-(to ensure that the \texttt{stage} user exists).
+Then create a second keytab containing only the Tape Server key.
 \begin{lstlisting}
 # cp /etc/eos.keytab /etc/cta-taped.keytab
 # xrdsssadmin -k eosdev del /etc/cta-taped.keytab
 xrdsssadmin: 1 key out of 2 kept (0 expired).
-# chown stage:st /etc/cta-taped.keytab
+# chown cta:cta /etc/cta-taped.keytab
 \end{lstlisting}
 Note that XRoot clients which parse a multi-line SSS keytab file use the last line in the file as their key.


--- a/doc/latex/CTA_Admin_Install.tex
+++ b/doc/latex/CTA_Admin_Install.tex
@@ -86,41 +86,18 @@ If EOS has not been installed, follow the instructions in Appendix~\ref{install_
 \section{Install CTA RPMs}
 \label{install_cta_rpms}

-To install CTA from previously-built artifacts:
+To install CTA:
 \begin{lstlisting}
-# yum-config-manager --enable cta-artifacts
-# yum -y install cta-catalogueutils cta-debuginfo cta-doc cta-frontend \
+# yum -y install cta-catalogueutils cta-debuginfo cta-frontend \
    cta-objectstore-tools mt-st mtx lsscsi sg3_utils
 # yum clean packages
 \end{lstlisting}

-\begin{alertbox}
-When I follow the above instructions installed from pre-built artifacts, some packages were missing. This needs to be
-fixed. For now the workaround is to build these packages from source as described in
-Section~\ref{install_cta_compile_cta_from_source}
-
-\begin{lstlisting}
-# yum-config-manager --enable cta-artifacts
-Loaded plugins: fastestmirror, kernel-module, priorities, protectbase, versionlock
-# yum -y install cta-catalogueutils cta-debuginfo cta-doc cta-frontend \
-    cta-objectstore-tools mt-st mtx lsscsi sg3_utils
-Loaded plugins: changelog, fastestmirror, kernel-module, priorities, protectbase, tsflags, versionlock
-Loading mirror speeds from cached hostfile
-461 packages excluded due to repository priority protections
-0 packages excluded due to repository protections
-No package cta-catalogueutils available.
-No package cta-debuginfo available.
-No package cta-doc available.
-No package cta-frontend available.
-No package cta-objectstore-tools available.
-\end{lstlisting}
-\end{alertbox}
-
 \section{[Optional] Compile CTA from Source}
 \label{install_cta_compile_cta_from_source}

-Usually the CTA RPMs will be pre-built as artifacts (see Section~\ref{install_cta_rpms}). If the correct version of the
-required CTA RPM artifacts is not available, they can be built from source as described in this section.
+If the correct version of the required CTA RPMs is not available, they can be built from source as described in this
+section.

 First, build the source RPM of the CTA project by running \texttt{cmake} against the CTA sources that were
 installed in Section~\ref{install_cta_get_cta_repo}:
@@ -559,12 +536,6 @@ TID="431" MSG="Subprocess handler requested forking" SubprocessName="garbageColl

 \section{Start the XRoot daemon with CTA Front End plugin}

-\begin{alertbox}
-Before starting the xroot server we need to change the VFS backend permissions again (because new files have been created with the \texttt{stage:st} user by the tapeserver daemon). Example:
-\begin{lstlisting}
-$ chmod -R 0777 /tmp/jobStoreVFSOKJCjW
-\end{lstlisting}
-\end{alertbox}
 Start the XRoot daemon, specifying the name of the XRoot instance (\texttt{-n}), the name of the configuration file we
 just created (\texttt{-c}), use IPv4 protocol (\texttt{-I v4}), run in the background (\texttt{-b}) and where to put the
 log file (\texttt{-l})\footnote{For full documentation of command line options, see
@@ -688,14 +659,3 @@ This REALLY helps a human to read the logs! I would propose to simply order
 all keys alphabetically and that's it.
 \end{alertbox}

-\subsection{What users should be created?}
-\begin{alertbox}
-What users should be created on:
-\begin{enumerate}
-\item EOS machines (stage:st ?)
-\item CTA frontend machine (eos:XX)?
-\item tape servers (nothing special?)
-\end{enumerate}
-Please describe.
-\end{alertbox}
-