FinalSteps

From Begrid Wiki
Jump to navigationJump to search


Final steps

We assume that the templates build successfully and you have committed them to the central repository.

On the quattor client

  • Assuming that svncheck is already configured, if not go there, run:
cd /opt/cb/svncheck/
./runcheck
  • Prepare the KickStart and the PXE files and add an entry in the DHCP, all this with:
aii-shellfe --configure <fullhostname>
  • The necessary SINDES steps are integrated with AII
    • the sindes window is opened by the aii-shellfe --boot commandm which runs automatically at the end of the anaconda install
    • so after the reboot of anaconda, there is a 30 minute window to fetch the certificate
    • if for some reason, it dodn't work, you can reopen the window with aii-shellfe --boot or use the explicit sindes commands
    • warning: the revocation of certificates is now coupled to aii-shellfe --remove
    • so when you run aii-shellfe --remove, the machine is completely cleaned up
    • detailed/more SINDES useful commnads
  • Flag the machine for install:
aii-shellfe --install <fullhostname>

After runcheck all the files can be retrieved on the folder: 

/opt/cb/tmp

On node side

  • Boot your node, the installation will start automatically (no manual intervention is needed)

For nodes requiring certificates

  • Update the new certificate in the corresponding server template locate in the private section of your local BEgrid client

e.g. less /opt/CB5/private/belnet-glite-31/private/ce01.begrid.be.tpl 

template private/ce01.begrid.be;

include components/filecopy/config;

## certificate here
variable CONTENTS = <<EOF;

Bag Attributes
    friendlyName: ce01.begrid.be's BELNET ID
    localKeyID: A5 83 DB 57 41 8A 3B 05 C2 1C 96 43 81 03 B7 B4 2E 6A 37 D2
subject=/C=BE/O=BEGRID/OU=BEgrid/OU=BELNET/CN=ce01.begrid.be
issuer=/C=BE/O=BELNET/OU=BEGrid/CN=BEGrid CA/emailAddress=gridca@belnet.be
-----BEGIN CERTIFICATE-----



'''copy the hostcert.pem HERE'''



-----END CERTIFICATE-----
EOF
"/software/components/filecopy/services" =
  npush(escape("/etc/grid-security/hostcert.pem"),
        nlist("config",CONTENTS,
              "restart","ls -l /etc/grid-security/hostcert.pem",
              "perms","0644"));

variable CONTENTS = <<EOF;
Bag Attributes
    friendlyName: ce01.begrid.be's BELNET ID
    localKeyID: A5 83 DB 57 41 8A 3B 05 C2 1C 96 43 81 03 B7 B4 2E 6A 37 D2
Key Attributes: <No Attributes>
-----BEGIN RSA PRIVATE KEY-----


'''copy the hostkey.pem HERE'''


-----END RSA PRIVATE KEY-----
EOF
"/software/components/filecopy/services" =
  npush(escape("/etc/grid-security/hostkey.pem"),
        nlist("config",CONTENTS,
              "restart","ls -l /etc/grid-security/hostkey.pem",
              "perms","0400"));
  • Run "runcheck"

Check that all went well Error messages in /var/log/ncm-cdispd.log

Run 

ccm-fetch

Then 

ncm-ncd --co --all


Back to BEgrid_And_Quattor page


Template:TracNotice

Retrieved from "https://wiki.begrid.be/index.php?title=FinalSteps&oldid=36"