Factory RPM Install

Contents

Instructions

Create gfactory user first, before installing rpms, so it is a real user with login and shell:

useradd gfactory

Install epel and osg repos as outlined:

https://opensciencegrid.github.io/docs/common/yum/#installing-and-configuring-repositories

Install OSG CA certs:

yum install osg-ca-certs

Install fetch-crl, and enable and start fetch-crl-cron:

https://opensciencegrid.github.io/docs/common/ca/#managing-certificate-revocation-lists

Create special factory and condor users (cern only):

# not sure how CERN defines uid / gid but those may need to be explicily set
useradd _condor
useradd _gfactory

Install condor and factory rpms:

yum install condor
yum install condor-cream-gahp
yum install glideinwms-factory-condor
yum install glideinwms-factory

Chown rpm files to correct user (cern only):

for f in `rpm -ql condor`;do if [ `stat -c %U $f` = condor ];then chown _condor:_condor $f;fi;done
for f in `rpm -ql glideinwms-factory-condor`;do if [ `stat -c %U $f` = condor ];then chown _condor:_condor $f;fi;done
for f in `rpm -ql glideinwms-factory`;do if [ `stat -c %U $f` = gfactory ];then chown _gfactory:_gfactory $f;fi;done

Modify factry startup script to use _gfactory (cern only):

sed -i 's/^FACTORY_USER=gfactory/FACTORY_USER=_gfactory/' /etc/init.d/gwms-factory

Use our own schedd and secondary schedd configs instead of what ships with rpm:

cd /etc/condor/config.d
rm 02_gwms_factory_schedds.config
wget --no-check-certificate https://raw.githubusercontent.com/jdost321/factools/master/etc/condor_config/02_gwms_factory_schedds.config
wget --no-check-certificate https://raw.githubusercontent.com/jdost321/factools/master/etc/condor_config/11_gwms_factory_secondary_schedds.config.8.6 -O 11_gwms_factory_secondary_schedds.config

Fix QUEUE_SUPER_USERS (cern only):

sed -i 's/gfactory/_gfactory/' 00_gwms_factory_general.config

Create secondary schedd dirs (non-cern):

for ((i = 1;i <= 9;i++));do
install -o condor -g condor -d /var/lib/condor/schedd_glideins${i}/execute
install -o condor -g condor -d /var/lib/condor/schedd_glideins${i}/lock
install -o condor -g condor -d /var/lib/condor/schedd_glideins${i}/procd_pipe
install -o condor -g condor -d /var/lib/condor/schedd_glideins${i}/spool
done

Create secondary schedd dirs (cern):

for ((i = 1;i <= 9;i++));do
install -o _condor -g _condor -d /var/lib/condor/schedd_glideins${i}/execute
install -o _condor -g _condor -d /var/lib/condor/schedd_glideins${i}/lock
install -o _condor -g _condor -d /var/lib/condor/schedd_glideins${i}/procd_pipe
install -o _condor -g _condor -d /var/lib/condor/schedd_glideins${i}/spool
done

Fix the factory user in /etc/condor/privsep_config (cern only):

valid-caller-uids = _gfactory
valid-caller-gids = _gfactory

Create the FE DN file:

touch /etc/condor/config.d/90_gwms_dns.config

Add our usual 99_local_tweaks.config file and add the needed local settings

Special settings for GOC:

# added IN_ prefix to not limit outgoing connections 2014-08-08 --Jeff
IN_LOWPORT=20000
IN_HIGHPORT=50000

#goc uses nonstandard locations here
GSI_DAEMON_CERT =  /etc/grid-security/host/cert.pem
GSI_DAEMON_KEY  =  /etc/grid-security/host/key.pem

Special settings for CERN:

# added IN_ prefix to not limit outgoing connections 2014-08-08 --Jeff
IN_LOWPORT=20000
IN_HIGHPORT=25000

# change to whatever uid / gid cern actually uses
CONDOR_IDS = 100003.100003

Modify /etc/gwms-factory/glideinWMS.xml as needed. Everything should look like our usual config, except keep the following:

glidein_name="gfactory_instance"
factory_versioning="False"

Factory versioning doesn't make sense for rpm installations.

Also don't modify any of the rpm default path settings.

Host any custom stripts in:

/etc/gwms-factory

Ensure

<entries>
</entries>

http://www.t2.ucsd.edu/twiki2/bin/view/UCSDTier2/SharedFactoryConf

Add the FE user(s) in the usual way:

http://www.t2.ucsd.edu/twiki2/bin/view/UCSDTier2/AddFrontend

Create the glidein tarballs the usual way but note they should now go into /var/lib/gwms-factory/condor:

http://www.t2.ucsd.edu/twiki2/bin/view/UCSDTier2/UpgradeGlideCondor#Create_Stripped_Tarballs

When finished modding glideinWMS.xml, run upgrade (rhel6):

service gwms-factory upgrade

rhel7:

gwms-factory upgrade

Start all services (rhel6):

service httpd start
service condor start
service gwms-factory start

rhel7:

systemctl start httpd
systemctl start condor
systemctl start gwms-factory

Notable Differences in RPM Installation

The factory config file is now located at:

/etc/gwms-factory/glideinWMS.xml

Commands to start, stop, reconfg, etc all use the init.d script, e.g.:

/etc/init.d/gwms-factory start

The factory working directory is now:

/var/lib/gwms-factory/work-dir

The web monitoring url has changed to:

http://hostname/factory/monitor/

Command line tools are now located in

/usr/bin

Some are even renamed without extensions, e.g. cat_StartdLog

-- JeffreyDost - 2014/11/14