FinalSteps

From Begrid Wiki
Revision as of 09:12, 9 June 2021 by Maintenance script (talk | contribs) (Created page with " === Final steps === We assume that the templates build successfully and you have committed them to the central repository. ==== On the quattor client ==== *Assuming...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search


Final steps

We assume that the templates build successfully and you have committed them to the central repository.

On the quattor client

  • Assuming that svncheck is already configured, if not go there, run:
cd /opt/cb/svncheck/
./runcheck
  • Prepare the KickStart and the PXE files and add an entry in the DHCP, all this with:
aii-shellfe --configure <fullhostname>
  • The necessary SINDES steps are integrated with AII
    • the sindes window is opened by the aii-shellfe --boot commandm which runs automatically at the end of the anaconda install
    • so after the reboot of anaconda, there is a 30 minute window to fetch the certificate
    • if for some reason, it dodn't work, you can reopen the window with aii-shellfe --boot or use the explicit sindes commands
    • warning: the revocation of certificates is now coupled to aii-shellfe --remove
    • so when you run aii-shellfe --remove, the machine is completely cleaned up
    • detailed/more SINDES useful commnads
  • Flag the machine for install:
aii-shellfe --install <fullhostname>

After runcheck all the files can be retrieved on the folder: 

/opt/cb/tmp

On node side

  • Boot your node, the installation will start automatically (no manual intervention is needed)

For nodes requiring certificates

  • Update the new certificate in the corresponding server template locate in the private section of your local BEgrid client

e.g. less /opt/CB5/private/belnet-glite-31/private/ce01.begrid.be.tpl 

template private/ce01.begrid.be;

include components/filecopy/config;

## certificate here
variable CONTENTS = <<EOF;

Bag Attributes
    friendlyName: ce01.begrid.be's BELNET ID
    localKeyID: A5 83 DB 57 41 8A 3B 05 C2 1C 96 43 81 03 B7 B4 2E 6A 37 D2
subject=/C=BE/O=BEGRID/OU=BEgrid/OU=BELNET/CN=ce01.begrid.be
issuer=/C=BE/O=BELNET/OU=BEGrid/CN=BEGrid CA/emailAddress=gridca@belnet.be
-----BEGIN CERTIFICATE-----



'''copy the hostcert.pem HERE'''



-----END CERTIFICATE-----
EOF
"/software/components/filecopy/services" =
  npush(escape("/etc/grid-security/hostcert.pem"),
        nlist("config",CONTENTS,
              "restart","ls -l /etc/grid-security/hostcert.pem",
              "perms","0644"));

variable CONTENTS = <<EOF;
Bag Attributes
    friendlyName: ce01.begrid.be's BELNET ID
    localKeyID: A5 83 DB 57 41 8A 3B 05 C2 1C 96 43 81 03 B7 B4 2E 6A 37 D2
Key Attributes: <No Attributes>
-----BEGIN RSA PRIVATE KEY-----


'''copy the hostkey.pem HERE'''


-----END RSA PRIVATE KEY-----
EOF
"/software/components/filecopy/services" =
  npush(escape("/etc/grid-security/hostkey.pem"),
        nlist("config",CONTENTS,
              "restart","ls -l /etc/grid-security/hostkey.pem",
              "perms","0400"));
  • Run "runcheck"

Check that all went well Error messages in /var/log/ncm-cdispd.log

Run 

ccm-fetch

Then 

ncm-ncd --co --all


Back to BEgrid_And_Quattor page


Template:TracNotice

Retrieved from "https://wiki.begrid.be/index.php?title=FinalSteps&oldid=36"