6 | | * '''Packages requirements'''. |
7 | | All packages required by QCG-Broker client will be automatically instaled by YUM during the installation of qcg-broker-client package. |
8 | | * '''Java (>= 1.5)'''\\ |
9 | | {{{ |
10 | | #!div style="font-size: 90%" |
11 | | For SL5.x |
12 | | {{{#!sh |
13 | | yum install java-1.6.0-sun-compat.x86_64 |
14 | | }}} |
15 | | }}} |
16 | | * '''Apache Ant''' (>= 1.6) ("Optional tasks for ant" are required. For SL5.x the ''ant-nodeps.x86_64'' package must be installed) |
17 | | {{{ |
18 | | #!div style="font-size: 90%" |
19 | | For SL5.x |
20 | | {{{#!sh |
21 | | yum install ant.x86_64 ant-nodeps.x86_64 |
22 | | }}} |
23 | | }}} |
24 | | * '''xml-commons-apis''' - installation of this package is not mandatory, but is recommended to avoid confusing information about not important errors. |
25 | | {{{ |
26 | | #!div style="font-size: 90%" |
27 | | For SL5.x |
28 | | {{{#!sh |
29 | | yum install xml-commons.x86_64 xml-commons-apis.x86_64 |
30 | | }}} |
31 | | }}} |
32 | | * '''trusted CA certificates''' |
33 | | To enable secure communication between client and QCG-Broker service set of trusted CA certificates must be copied either into `/etc/grid-security/certificates` directory or configured for every user. |
34 | | |
35 | | For the PL-Grid project: Install Polish Grid and PL-Grid Simpla-CA certificates: |
36 | | {{{ |
37 | | #!div style="font-size: 90%" |
38 | | {{{#!sh |
39 | | wget https://dist.eugridpma.info/distribution/igtf/current/accredited/RPMS/ca_PolishGrid-1.42-1.noarch.rpm |
40 | | wget http://software.plgrid.pl/packages/general/ca_PLGRID-SimpleCA-1.0-2.noarch.rpm |
41 | | wget https://dist.eugridpma.info/distribution/util/fetch-crl/fetch-crl-2.8.5-1.noarch.rpm |
42 | | |
43 | | rpm -i ca_PolishGrid-1.40-1.noarch.rpm |
44 | | rpm -i ca_PLGRID-SimpleCA-1.0-2.noarch.rpm |
45 | | |
46 | | #install certificate revocation list fetching utility |
47 | | rpm -i fetch-crl-2.8.5-1.noarch.rpm |
48 | | |
49 | | #get fresh CRLs now |
| 9 | * '''Packages requirements''' - all packages required by the QCG-Broker Nagios probe will be automatically installed by the YUM during the installation of qcg-broker-nagios-probe package. |
| 10 | * ''qcg-broker-client'' - the probe depends on the qcg-broker client |
| 11 | |
| 12 | = Mandatory steps = |
| 13 | The installation and configuration of the Nagios probe consists of two mandatory steps: |
| 14 | * installation of the set of trusted Certificate Authorities certificates, |
| 15 | * installation of the probe itself and all packages it depends on. |
| 16 | |
| 17 | == Certificate authorities == |
| 18 | To enable mutual authentication and secure communication between the client (which is used by the probe) and the QCG-Broker service set of trusted CA certificates must be copied either into the /etc/grid-security/certificates directory or configured individually for the test user. |
| 19 | |
| 20 | === EGI IGTF CAs === |
| 21 | Install EGI Accepted CA certificates (this also install the Polish Grid CA) |
| 22 | * Add appropriate YUM repository |
| 23 | {{{ |
| 24 | #!div style="font-size: 90%" |
| 25 | {{{#!sh |
| 26 | cat > /etc/yum.repos.d/egi-trustanchors.repo << EOF |
| 27 | [EGI-trustanchors] |
| 28 | name=EGI-trustanchors |
| 29 | baseurl=http://repository.egi.eu/sw/production/cas/1/current/ |
| 30 | gpgkey=http://repository.egi.eu/sw/production/cas/1/GPG-KEY-EUGridPMA-RPM-3 |
| 31 | gpgcheck=1 |
| 32 | enabled=1 |
| 33 | EOF |
| 34 | }}} |
| 35 | }}} |
| 36 | |
| 37 | * Install certificates |
| 38 | {{{ |
| 39 | #!div style="font-size: 90%" |
| 40 | {{{#!sh |
| 41 | yum install ca-policy-egi-core |
| 42 | }}} |
| 43 | }}} |
| 44 | |
| 45 | The above instruction is based on this [https://wiki.egi.eu/wiki/EGI_IGTF_Release manual] |
| 46 | |
| 47 | === PL-Grid Simpla-CA certificate (PL-Grid only) === |
| 48 | * Add appropriate YUM repository |
| 49 | {{{ |
| 50 | #!div style="font-size: 90%" |
| 51 | {{{#!sh |
| 52 | cat > /etc/yum.repos.d/plgrid.repo << EOF |
| 53 | [PLGRID-general] |
| 54 | name=PLGRID general packages repository |
| 55 | baseurl=http://software.plgrid.pl/packages/general/ |
| 56 | enabled=1 |
| 57 | metadata_expire=300 |
| 58 | gpgcheck=0 |
| 59 | EOF |
| 60 | }}} |
| 61 | }}} |
| 62 | |
| 63 | * Install certificates |
| 64 | {{{ |
| 65 | #!div style="font-size: 90%" |
| 66 | {{{#!sh |
| 67 | yum install ca_PLGRID-SimpleCA |
| 68 | }}} |
| 69 | }}} |
| 70 | |
| 71 | |
| 72 | === Certificate Revocation List - CLR === |
| 73 | Configure the system to periodically update the information about revoked certificates. |
| 74 | |
| 75 | * Add appropriate YUM repository |
| 76 | {{{ |
| 77 | #!div style="font-size: 90%" |
| 78 | {{{#!sh |
| 79 | cat > /etc/yum.repos.d/fetch-crl.repo << EOF |
| 80 | [EUGRIDPMA-fetch-crl] |
| 81 | name=EUGRIDPMA fetch-crl repository |
| 82 | baseurl=https://dist.eugridpma.info/distribution/util/fetch-crl3/ |
| 83 | enabled=1 |
| 84 | metadata_expire=300 |
| 85 | gpgcheck=0 |
| 86 | EOF |
| 87 | }}} |
| 88 | }}} |
| 89 | |
| 90 | * Install certificate revocation list fetching utility |
| 91 | {{{ |
| 92 | #!div style="font-size: 90%" |
| 93 | {{{#!sh |
| 94 | yum install fetch-crl |
| 95 | }}} |
| 96 | }}} |
| 97 | |
| 98 | * Get fresh CRLs now |
| 99 | {{{ |
| 100 | #!div style="font-size: 90%" |
| 101 | {{{#!sh |
98 | | |
99 | | '''qcg-nagios -H host [-p port] -n dn -x proxy [-t timeout -v -V -j jobdesc]''' |
100 | | '''qcg-nagios -u url -n dn -x proxy [-t timeout -v -V -j jobdesc]''' |
101 | | |
102 | | '''-v - verbose''' |
103 | | |
104 | | '''-V - help''' |
| 185 | {{{#!sh |
| 186 | USAGE: |
| 187 | |
| 188 | qcg-broker-probe [-H host] [-p port] [-l url] -n dn -x proxy [-m max] [-i interval] [-t type] [-j jobdesc] [-v] [-V] |
| 189 | -H host - QCG-Broker host |
| 190 | -p port - port which QCG-Broker is listening on (default 8443) |
| 191 | -l url - full URL to the QCG-Broker. If set overwrites the HOST and PORT settings. If not set is build based on HOST and PORT |
| 192 | -n dn - Distinguished Name of the QCG-Broker |
| 193 | -x proxy - path to the proxy certificate |
| 194 | -m max - maximum number of status checks (default 5) |
| 195 | -i interval - time interval in seconds between next status checks (default 10) |
| 196 | -j jobdesc - path to the job description (default /usr/libexec/grid-monitoring/probes/org.qoscosgrid/broker/nagios-test.qcg) |
| 197 | -t type - type of the job description: S for qcg Simple, J for JSDL, X for QCG-JobProfile (default X) |
| 198 | -v - verbose |
| 199 | -V - help |
| 200 | |
| 201 | }}} |