Version 33 (modified by mmamonski, 11 years ago) (diff)

--

Version 3.0.0 of the QCG-Computing service introduced some major changes in files and configuration layout, namely:

  • the layout of the directories adheres now general packages guidances, i.e. service is not installed anymore in /opt/plgrid but in standard paths (whit a few minor exceptions):
    • configuration is now stored in /etc/qcg/qcg-comp/,
    • logs can be found in /var/log/qcg/qcg-comp/,
    • the service and client binaries can be found in /usr/sbin/ and /usr/bin respectively.
  • the 5.X Globus packages from EPEL/IGE repository are used (instead of providing it qcg-dep packaged),
  • the service can use the host certificate and key from standard location (i.e. /etc/grid-security),
  • the service can listen on standard 443 (HTTPs port),
  • optional integration with VOMS infrastructure.

This guide aims to help with migration from 2.X version.

Step 0 - Do a backup of configuration files

cp -r /opt/plgrid/qcg/etc/ /opt/plgrid/qcg/etc.backup
cp -r /opt/plgrid/var/run/qcg-acc/ /opt/plgrid/var/run/qcg-acc.backup

Stop the services

/etc/init.d/qcg-compd stop
/etc/init.d/qcg-ntfd stop

Install EPEL repository (needed for VOMS libraries)

yum install epel-release

Update the qcg-comp packges

yum clean all
yum update qcg-comp qcg-comp-client qcg-comp-logrotate qcg-gridmapfilegenerator

Update database schema =

psql qcg-comp qcg-comp -h localhost -f /usr/share/qcg-comp/db/qcg-comp-migrate-2.X-to-3.0-psql.sql

where qcg-comp and qcg-comp is the name of the QCG-Computing database and database user (look into qcg-compd.xml for refernce).

Update GridFTP to Globus 5.X

  1. Remove the old packages:
    yum erase qcg-dep qcg-dep-gridftp-server
    
  2. Install new one using this instruction as reference.

Update configuration file

Upon update the old configuration files should be stored as .rpmsave files. Instead of configuring the service from scratch its easier to copy old configuration files and modify just paths in order to adjust to the new directory layout:

  • archive and copy
    #save dist file for reference
    cp /etc/qcg/qcg-comp/qcg-compd.xml /etc/qcg/qcg-comp/qcg-compd.xml.dist
    cp /etc/qcg/qcg-comp/qcg-comp.xml /etc/qcg/qcg-comp/qcg-comp.xml.dist
    #copy old configuration files
    cp /opt/plgrid/qcg/etc/qcg-comp/qcg-compd.xml.rpmsave /etc/qcg/qcg-comp/qcg-compd.xml 
    cp /opt/plgrid/qcg/etc/qcg-comp/qcg-comp.xml.rpmsave /etc/qcg/qcg-comp/qcg-comp.xml 
    cp /opt/plgrid/qcg/etc/qcg-comp/application_mapfile.rpmsave /etc/qcg/qcg-comp/application_mapfile
    cp /opt/plgrid/qcg/etc/qcg-comp/sysconfig/qcg-compd.rpmsave /etc/sysconfig/qcg-compd 
    
  • modify /etc/qcg/qcg-comp/qcg-compd.xml by replacing:
                    <sm:ModuleManager>
                            <sm:Directory>/opt/plgrid/qcg/lib/qcg-core/modules/</sm:Directory>
                            <sm:Directory>/opt/plgrid/qcg/lib/qcg-comp/modules/</sm:Directory>
                    </sm:ModuleManager>
    ...
                            <sm:Logger>
                                    <sm:Filename>/opt/plgrid/var/log/qcg-comp/qcg-compd.log</sm:Filename>
                                    <sm:Level>INFO</sm:Level>
                            </sm:Logger>
    ...
                            <sm:Module xsi:type="sm:atc_transport_gsi.service">
                                    <sm:X509CertFile>/opt/plgrid/qcg/etc/qcg-comp/certs/qcgcert.pem</sm:X509CertFile>
                                    <sm:X509KeyFile>/opt/plgrid/qcg/etc/qcg-comp/certs/qcgkey.pem</sm:X509KeyFile>
                            </sm:Module>
    ...
                            <sm:Module xsi:type="application_mapper">
                                    <ApplicationMapFile>/opt/plgrid/qcg/etc/qcg-comp/application_mapfile</ApplicationMapFile>
                            </sm:Module>
    ...
    
  • with:
                    <sm:ModuleManager>
                            <sm:Directory>/usr/lib64/qcg-core/modules/</sm:Directory>
                            <sm:Directory>/usr/lib64/qcg-comp/modules/</sm:Directory>
                    </sm:ModuleManager>
    ...
                            <sm:WorkingDirectory>/var/log/qcg/qcg-comp/</sm:WorkingDirectory>
                            <sm:Logger>
                                    <sm:Filename>/var/log/qcg/qcg-comp/qcg-compd.log</sm:Filename>
                                    <sm:Level>INFO</sm:Level>
                            </sm:Logger>
    ...
                            <sm:Module xsi:type="sm:atc_transport_gsi.service">
                                    <sm:X509CertFile>/etc/grid-security/hostcert.pem</sm:X509CertFile>
                                    <sm:X509KeyFile>/etc/grid-security/hostkey.pem</sm:X509KeyFile>
                            </sm:Module>
    ...
                            <sm:Module xsi:type="application_mapper">
                                    <ApplicationMapFile>/etc/qcg/qcg-comp/application_mapfile</ApplicationMapFile>
                            </sm:Module>
    ...
    
  • also replace all occurrences of /opt/qcg/lib/qcg-comp/modules/python/ with /usr/lib64/qcg-comp/modules/python, e.g. in VIM it can be done by issuing the following command:
    :%s/\/opt\/plgrid\/qcg\/lib\/qcg-comp\/modules\/python/\/usr\/lib64\/qcg-comp\/modules\/python/g
    
  • you may want to edit the /etc/sysconfig/qcg-compd and remove all export keywords (there are not needed anymore) and leave just key=value pairs
  • now you are ready to start the service
    /etc/init.d/qcg-compd start
    
  • now edit /etc/qcg/qcg-comp/qcg-comp.xml and replace
    <sm:ModuleManager>
       <sm:Directory>/opt/plgrid/qcg/lib/qcg-core/modules/</sm:Directory>
       <sm:Directory>/opt/plgrid/qcg/lib/qcg-comp/modules/</sm:Directory>
    </sm:ModuleManager>
    
  • with
    <sm:ModuleManager>
       <sm:Directory>/usr/lib64/qcg-core/modules/</sm:Directory>
       <sm:Directory>/usr/lib64/qcg-comp/modules/</sm:Directory>
    </sm:ModuleManager>
    

Updating other components

Listening on 443 port

We advice you to reconfigure service to add another HTTPS compilant endpoint listening on standard 443 port (this would allow   QCG-Icon users to access resources even from networks where outgoing traffic is restricted only to standard ports (howto).

VOMS support

if you plan to offer resources via QCG for the external VO that manages membership using VOMS infrastructure then you should read this guide.