middleware:Unicore/50/server
Contents |
UNICORE server v.5.0
Prepare
- Operating system
- Scientific Linux version 5.1 64 bit
Optimizing the configuration:
Use minimal operating system installation without firewall. To verify installed packages use the command
-
rpm -qa | grep package_name
Install the following additional packages:
-
yum -y install wget yum rpm make gcc gcc-c++ tar sed zlib openssl
After the installation is complete, turn off any unnecessary services (like gpm, sendmail, cups, haldaemon, messagebus, pcmcia, anacron, atd) with the following command:
-
chkconfig <SERVICE> off
Configure the following settings for the server:
- Additional software packages
- Torque and maui client
- Sun Java Runtime Environment version > 1.5.0
- Perl version 5.4
- Firewall configuration
The UNICORE frontend runs NJS + TSI + UUDB services (how to open port in firewall).
| Service | Incoming ports (TCP) | Change to default configuration |
| NJS + TSI + UUDB | 1128 | Yes |
The NJS service listen at port 1128 for gateway connections.
administrator's script: prepare.sh
#!/bin/bash# prepare# create directory for the grid host certificatesmkdir /etc/grid-security/
# after copy the host certificate and host key into /etc/grid-security/
Install
It is important that the password for the NJS-Certificate is blocked. There are also two possibilities:
- Insert the password in the file /opt/unicore/njs_4.6.2_build_1/conf/njs.properties (njs.ssl_password = geheim)
- The file /opt/unicore/njs_4.6.2_build_1/conf/password contains the passwords
administrator's script: install.sh
#!/bin/bash# install unicore 5# Set BASE_URL linkBASE_URL="http://mirror.scc.kit.edu/downloads/src"
# Make sure that you are logged in as 'root'.su -# it is recommended to install Unicore in /opt directory.cd /opt
PACKAGE_VERSION="referenz"
wget ${BASE_URL}/unicore/2009.1/unicore_${PACKAGE_VERSION}.tgz
### It contains the NJS, the Torque TSI, the DN-UUDB and the Certificates of all currently available NJSs# adapted to the conditions on the D-Grid reference installation.##tar xzvf unicore_referenz.tgz# Optionaly, remove the unicore tarball.rm unicore_referenz.tgz
Configure
WARNING: Rights
- Make sure that no users except the NJS administrator have write or execute rights on the NJS files.
- Only root and no other users can write or execute on the TSI files. The exception is the script TorqueTSI/tsi_ls which for all Unicore users must be executed.
- The NJS must have access to respond to the UUDB
- The FILESPACE directory must have for all UNICORE users rights to read, write and execute. In this directory for each job used a sub directory with the name of the created job user, so that each user have an access only to its own files.
There are different configuration procedures for different Unicore components:
- Users and directories
- NJS
- You need to set or change variables in files:
- njs/conf/njs.properties
- njs/conf/njs.idb
- njs/bin/njs_admin
- Additional information can be found in the NJS TSI Manual or IDB Manual.
- TSI
- The TSI is already in use with torque. He expects torque commands (qsub, qstat, ...) usually in /usr/bin. So set/change or verify variables in:
- tsi/conf/tsi.properties - $njs_machine
- tsi/tsi - $pbs_bin_dir
- Additional information can be found: NJS TSI Manual
- UUDB
- The UUDB contains already all the NJSs entries that are currently registered in the D-Grid. This is important so that the user can send data between different V-sites. The UUDB must now be filled with users and possibly incoming NJSs. Additional information provided in the file: uudb/README.txt. For automatically generation of UUDB, the script dgridmap is used. It is recommended that the script run regularly (e.g. via cron at least every 24 hours), in order to update the UUDB.
administrator's script: configure.sh
#!/bin/bash# configure unicore 5# Users and directories#Change to Unicore HOME Direcotry.cd /opt/unicore/
#Create users to start NJS and run PBS commandsadduser njsadmin -d /home/njsadmin
adduser pbsadmin -d /home/pbsadmin
# Change permissions in /opt/unicorechown njsadmin.njsadmin start_njs.shchown njsadmin.njsadmin stop_njs.shchown -R njsadmin.njsadmin njs_4.6.2_build_1/
# Create links in /opt/unicore, because there are hard coded paths in scripts.ln -s TorqueTSI tsi
ln -s dn_uudb.1.0 uudb
ln -s njs_4.6.2_build_1 njs
# NJS# 1.1. in the njs/conf/njs.properties# FQDNnjs.my_address = dgiref-unicore.fzk.de
# name of your sitenjs.vsite_name = FZK-DGIREF-NJS
# password for host certificatenjs.ssl_password = pass_of_your_certificate
# location of host-certificate (full path)njs.njs_cert_loc = /etc/grid-security/hostcert.p12
# location of unicore valid certificatesnjs.unicore_ca_loc=/opt/unicore/certs/dfn-cacert_grid_root_ca.pem:/opt/unicore/certs/dfn-ca-cert.pem: \
/opt/unicore/certs/dfn-ca-server-cert.pem:/opt/unicore/certs/gridka-ca.pem: \
/opt/unicore/certs/projects-ca-fz-juelich.pem
## 1.2. in njs/conf/njs.idb# Define the target system which is interfaced by the TSI:NAME FZK-DGIREF-NJS
SOURCE dgiref-unicore.fzk.de 1131 1130
QSTAT_XLOGIN pbsadmin
GENERAL
# Where the NJS places the Uspaces of the executing AJOs.USPACE_ROOT /opt/unicore/FILESPACE
# Where the NJS places the outcome of the executing AJOs.OUTCOME_ROOT /opt/unicore/FILESPACE
# Where the NJS places files spooled by a Spool Task.SPOOL_ROOT /opt/unicore/FILESPACE
## 1.3. in ''njs/bin/njs_admin''$njs_machine = "dgiref-unicore.fzk.de";
# TSI## in tsi/conf/tsi.properties$njs_machine = "dgiref-unicore.fzk.de";
## in tsi/tsimy $pbs_bin_dir = "/usr/bin";
# UUDB# all entries list in the UUDB:cd /opt/unicore/uudb/
./uudb_admin list# optionally: manually add new user:cd /opt/unicore/uudb/
./uudb_admin add -x <xlogin> -s <DN>
# optionally: manually add new NJS:cd /opt/unicore/uudb/
./uudb_admin add -x <xlogin> -s <DN> -r NJS
Proceed
WARNING: Don't run ./install.sh, because it doesn't configure all necessary variables. There are different scripts to start or stop NJS and TSI in the /opt/unicore/ directory.
An example of how the UNICORE components can be started as automatic init is in the script unicore.sh. Copy this script to /etc/init.d and adjust the name of the NJS administrator.
To start the Gateway as user 'unicore'. You should see the single line response Gateway started. User 'unicore' should see as a response to ps x that a job
java com.fujitsu.arcon.gateway.Gateway . gateway.prop
is running. In the directory /usr/local/unicore/gateway/conf/logs you should see a new file named GatewayLog... and an empty file startup.log (if the default logging level was not changed). At the end of the GatewayLog file, you should see the text Initialisation complete.
administrator's script: proceed.sh
#!/bin/bash# start/ stop unicore 5su unicore# start the gate by using exactly the following two lines:cd /usr/local/unicore/gateway/conf
../bin/start_gateway
# Stop the gate way usingcd /usr/local/unicore/gateway/conf
../bin/stop_gateway
# To start NJS, as NJS-administrator, execute (should provide a Server-Certificate password. NJS should work NOT as root!)./start_njs.sh# Stop NJS./stop_njs.sh# State (with the following commands it is possible to see if the startup is in order)ps -ef | grep njs
# start TSI ( TSI should work as root in order to execute jobs with the user names!)su root./start_tsi.sh# Stop TSI./stop_tsi.sh# TSI state (with the following commands it is possible to see if the startup is in order)ps -ef | grep tsi
Initial test
There is no information currently.
administrator's script: test.sh
#!/bin/bash# test
Update
To remove Unicore 5 from your system just use:
administrator's script: update.sh
#!/bin/bash# update procedures for unicore 5# Remove the UNICORE Client Installation and $HOME/.unicore directoriesrm -r /opt/unicore/
