UpdateToCB5
From Begrid Wiki
Jump to navigationJump to search
Updating from CB4 to CB5
This give you the instruction to update to CB5 without reinstalling a quattor client from scratch. We assume hence that your current setup is running properly. What follows has to be done in the DomU (if you have Xen quattor client setup)
Basics
- Run the following script
wget -O ./backup-quattor.sh "http://quattor.begrid.be/trac/centralised-begrid-v4/attachment/wiki/UpdateToCB5/backup-quattor.sh?format=raw" chmod 755 backup-quattor.sh ./backup-quattor.sh
- Make sure that the backup has been correctly done. It should generate a tarball ~/backup-quattor/backup.tar
- Remove the old CB yum repository
rm -rf /etc/yum.repos.d/cb*
- Install the cb-client-forge rpm:
rpm -Uvh http://quattor.begrid.be/begrid/Central_BEGrid_Repository/i386_homebrew_el5/cb-client-forge-5.0.1-1.sl5.noarch.rpm
- This provides access to a quattor begrid mirror of DAG, quattor and some cb-client homebuild rpms.
- Install basics. Now meta-package for the CB-client installation. It installs
- httpd rpms
- AII rpms
- SINDES rpms
- svncheck rpms
- swrep-soap-client rpms
- ... by just running
yum install cb-client
svncheck
- svncheck is installed through an rpm cb-client-svncheck and is part of the cb-client install
- cleanup old profiles
rm -f /var/www/https/profiles/*
- The new CB5 working place is
/opt/CB5
- copy your old CB4 subversion, keys and private directories to /opt/CB5
- copy config.conf.orig to config.conf
- DON'T reuse the CB4 config.conf
- in config.conf you can specify most needed parameters.
- svn_repos: should point to the trunk of the centralised-begrid-v5 repository. building tags relies on this!
- default should be fine
- cluster_regexp: the ant task to build the cluster without the compile.profiles part.
- it has to start with a ., eg for IIHE this is .iihe-glite
- DON'T FORGET to change the email section
- adapt /opt/CB5/subversion/servers
- namely ssl-client-cert-file and ssl-authority-files variables are to be set correctly (check the path to the files!)
SINDES
- Rpms and files provided by cb-client-sindes rpm and is part of the cb-client install
- httpd config should be in /etc/httpd/conf.d/sindes-ssl.conf.begrid
mv /etc/httpd/conf.d/sindes-ssl.conf /etc/httpd/conf.d/sindes-ssl.conf-orig cp /etc/httpd/conf.d/sindes-ssl.conf.begrid /etc/httpd/conf.d/sindes-ssl.conf
webservice
- Rpms and files provided by cb-client-extra rpm are part of the cb-client install
- Configuration for the reverse proxy + cache will generated by cb-client-extra
- There should be file in /etc/httpd/conf.d/cb-cache.conf with the necessary config settings
- There should also be a cronjob /etc/cron.hourly/htcacheclean-cron.sh to clean up the cache
- restart httpd and watch the output:
service httpd restart
- Output 1: [warn] module <modul name> is already loaded, skipping.
- This means that the modules were already loaded in httpd.conf (or elsewhere). This error can be ignored or cleaned up by removing the duplicate LoadModule entries.
- Output 2: [error] VirtualHost _default_:443 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
- ignore!
- Output 1: [warn] module <modul name> is already loaded, skipping.
AII
- Rpms and files provided by cb-client-aii rpm are part of the cb-client install
- update the cgi acknowledgement script
cp /usr/sbin/aii-installack.cgi /var/www/cgi-bin/aii-installack.cgi
- There should be a basic confguration file at /etc/aii-shellfe.conf generated by cb-client-extra
- move (old) /osinstall to /osinstall-old
- make new one
mkdir -p /osinstall/ks /osinstall/nbp/pxelinux.cfg cp /osinstall-old/nbp/pxelinux.0 /osinstall/nbp cp /osinstall-old/nbp/pxelinux.cfg/localboot.cfg /osinstall/nbp/pxelinux.cfg/localboot.cfg
- verify that /var/www/html/ks still points to (new) /osinstall/ks
- !!! During the upgrade, one needs to also run aii-shellfe --configure to recreate the hexaddresses for pxe
- you can use the wildcards to help with this aii-shellfe --configure .*.<your.domain>
- configure syslinux and tftp-server (last one uses hosts.* for acl):
- download tarball with default images
- untar it in /osinstall/nbp
- check /etc/xinetd.d/tftp for the following options
server_args = -s /osinstall/nbp disable = no
- restart the corresponding service
service xinetd restart
- the default firewall settings of SL5 block tftp traffic (and probably also eg http to port 444 for SINDES).
- Either configure the firewall properly or disbales iptables altogether.
/etc/init.d/iptables stop chkconfig iptables off chkconfig --del iptables
On Eclipse
- Follow the procedure described here