Project

General

Profile

NetDRMS 8.12 Installation

Preliminary note

In the following sections, when there is a command line :

#
means that command is executed into root user
$
means that command is executed into production user

Environment

Server : DELL PowerEdge R730
RAM : 64.00GB
CPU : 32 CPUs Intel(R) Xeon(R) CPU E5-2630 v3 @ 2.40GHz

Storage Configuration :
  • 264 GB mounted in / (2 X 278.88 GB SAS 12G disks in RAID1)
  • 1,7 TB mounted in /var/lib/postgresql (7 X 278.88 GB SAS 12G disks in RAID5 configuration)
  • 1 global spare for both RAID
  • DDP storage mounted in /SUM*

Guest OS : Debian 8.4
Kernel : Linux sdo-new 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-1 (2016-03-06) x86_64 GNU/Linux

Requirements

Configuring production environment

Adding user production

# adduser production
# addgroup ias
# adduser production ias

Configure /home/production/.profile

Adding environment variables

#Modif Herve.B Pablo.A 12/05/2016

PATH="/usr/local/netdrms_current/bin/linux_x86_64:$PATH" 
PATH="/usr/local/netdrms_current/scripts:$PATH" 
PATH="/usr/local/jmd/bin:$PATH" 
PATH="/usr/local/jmd/scripts:$PATH" 
#The following is not needed as installed with 'apt-get install' 
#PATH="/usr/local/pgsql/bin:$PATH" 
PATH="/usr/local/netdrms-tools/scripts:$PATH" 
#2014-12-17 Avec Herve et Pablo on pense que la ligne suivante est intutile as it is f.. install in /usr/local/lib
PATH="/usr/local/cfitsio:$PATH" 
#Done

DERBY_HOME=/usr/local/jmd/databases/derby/derbyBD
export DERBY_HOME

export CVSROOT=:pserver:anonymous@solarch.tuc.noao.edu:2401/vtarc1/vso/cvsroot

Configure /varl/lib/postgres/.profile

Add to $PATH so postgres can exeute command like initdb

#Modif Herve.B Pablo.A 19/05/2016
PATH="/usr/lib/postgresql/9.4/bin:$PATH" 

Setting privileges for SUMS_MANAGER

Please modify file /etc/sudoers so user 'production' will be able to execute 'sum_chown' that we will located in : /usr/local/bin . See below

Add to /etc/sudoers the following line :
production host=NOPASSWD:/usr/local/bin/sum_chmown

Set passwords file for db postgres

Please create file .pgpass with the following information for user 'production" so he will be able to connect without password as 'production' or 'postgres' to 2 db that we will create later ias_sdo and ias_sdo_sums.

.pgpass content :

    #hostname:5432:ias_sdo:production: 
    #hostname:5434:ias_sdo_sums:production: 
    #hostname:5436:ias_sdo_monitor:production:
    #hostname:5432:ias_sdo:postgres: 
    #hostname:5434:ias_sdo_sums:postgres
    #hostname:5436:ias_sdo_monitor:postgres:

where #hostname is the name of your server

WARNING : change hostname when migrate sdo-new to sdo

Install missing libraries

  • libreadline-dev (but already installed with postgresql)
  • libssl-dev
  • libpam0g-dev
  • libperl-dev
  • libnet-ssh-perl
  • libstring-shellquote-perl
  • libdbi-perl
  • libdbd-pg-perl

NB : Already done in Debian 8.4 Jessy

# apt-get install $library_name

where
$library_name is the name of library

Then to update path on libraries, please type :

# ldconfig

Reconfigure locale

# dpkg-reconfigure locales

select fr_FR.UTF8 UTF8 and unselect en_US.UTF-8

localedef -i en_US -f UTF-8 en_US.UTF-8

(see here : [[http://www.thomas-krenn.com/en/wiki/Perl_warning_Setting_locale_failed_in_Debian]])

Install gfortran packages

# apt-get install gfortran swig

Installation of cfitsio library

In /usr/local dir

Version 3.39 (currently on sdo : 3.24)

# wget ftp://heasarc.gsfc.nasa.gov/software/fitsio/c/cfitsio3390.tar.gz

Untar and decompression
# tar -xzvf cfitsio3390.tar.gz

Go into /usr/local and type

su - root and :

# ./configure --prefix=/usr/local
# make 
# make install

Installation des libraries libtar-dev, libcurl3-dev et libecpg-dev

apt-get install libtar libtar-dev

Note, selecting 'libcurl4-openssl-dev' instead of 'libcurl3-dev'
libcurl4-openssl-dev is already the newest version

apt-get install libcurl3-dev

apt-get install libecpg-dev

Installation of apache2 and lib perl

# apt-get install apache2

# apt-get install libjson-perl

# apt-get install libapache2-mod-perl2

Installation of postgresql

Into 'root'

apt-get install postgresql-9.4 postgresql-client-9.4 

Installation of python3

Into 'root'

apt-get install python3 

Add some modules psycopg2 (postgres connector) and pySmartDL (Download manager)

apt-get install python3-psycopg2

Add python3-pip for modules within python3

apt-get install python3-pip
pip3 install pySmartDL

Both python2.7 and 3.4 versions are installed on the system.
By default, the python2.7 is used.

Update alternatives table

update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1 
update-alternatives --install /usr/bin/python python /usr/bin/python3.4 2

In order to change in 3.4 by default, type and choose 3.4 typying :

update-alternatives --config python

Installation of sdo_scripts

Install monitoring scripts for sdo into 'production'

sdo_scripts
cd ..
production@sdo1:~/netdrms-tools$ git clone https://git.ias.u-psud.fr/palinger/sdoscripts.git -b prod-sdo1

lib64 symbolic link

Creating lib64 link (lib64 does not exist on debian 8)

# cd /usr
# ln -s lib/ lib64

NetDRMS databases

into /var/lib/postgresql (hard mount point separated, 7 disks 15000 tr/min in raid5 in order to distribute read and write)

# cd /var/lib/postgresql
# mkdir data  data_sums data_monitor
# chown -R postgres:postgres * 

Initialize 3 servers data, data_sums, data_monitor

Into postgres

# su - postgres

$ initdb --locale=C -D data -A md5 -W
(no password)

Success. You can now start the database server using:

    postgres -D data
or
    pg_ctl -D data -l logfile start

$ initdb --locale=C -D data_sums -A md5 -W
(no password)

Success. You can now start the database server using:

    postgres -D data_sums
or
    pg_ctl -D data_sums -l logfile start

$ initdb --locale=C -D data_monitor -A md5 -W
(no password)

Success. You can now start the database server using:

    postgres -D data_monitor
or
    pg_ctl -D data_monitor -l logfile start

Edition des fichiers postgresql.conf pour configurer les bons ports d'écoute :
listen_addresses = '*'
data -> port 5432
data_sums -> port 5434
data_monitor -> port 5436

Edit files data*/pg_hba.conf : replace 'md5' by 'trust'

#"local" 
local   all             all                                     trust
#"IPv4" 
host   all             all                                     trust

Tunning postgres

In file postgres.conf ( according to https://www.qwant.com/?q=Tunning+postgres+server+9.4+&client=firefox )

shared_buffer=4096MB So 1/12 of the total RAM memory available

work_mem = 24MB

maintenance_work_mem = 4096MB

wal_buffers = 16MB

checkpoint_segments = 32

checkpoint_completion_target = 0.9

random_page_cost = 1.0

effective_cache_size = 16384MB so 1/4 of the max memory

#log
logging_collector = on
log_directory = 'pg_log'
log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern,
log_truncate_on_rotation = on # If on, an existing log file with the
log_rotation_age = 1d # Automatic rotation of logfiles will
client_min_messages = error
log_min_messages = error
log_min_duration_statement = 0

log_connections = on
log_disconnections = on
log_duration = off
log_hostname = on
log_line_prefix = '%t [%p]: %u@%h - %d :'

track_counts = on
autovacuum = on

extra_float_digits = 3

Start the 3 databases :

# su - postgres
$ cd /var/lib/postgresql
$ pg_ctl -D data  start
$ pg_ctl -D data_sums start
$ pg_ctl -D data_monitor start

Create the 3 databases :

Into user 'postgres'

  • createdb --locale C -E LATIN1 -T template0 ias_sdo
  • createdb --locale C -E LATIN1 -T template0 -p 5434 ias_sdo_sums
  • createdb --locale C -E LATIN1 -T template0 -p 5436 ias_sdo_monitor

Automatic startup

Add following lines in the /etc/rc.local file :

su -l -c "/usr/lib/postgresql/9.4/bin/pg_ctl -D /var/lib/postgresql/data start" postgres
su -l -c "/usr/lib/postgresql/9.4/bin/pg_ctl -D /var/lib/postgresql/data_sums start" postgres
su -l -c "/usr/lib/postgresql/9.4/bin/pg_ctl -D /var/lib/postgresql/data_monitor start" postgres

Install additional modules

We need dblink for triggers between db so let's install postgresql-contrib-9.4

root@sdo-new:~# apt-get install postgresql-contrib-9.4

Create extension dblink for each db
ias_sdo

root@sdo-new:$ psql ias_sdo -p5432 -U postgres
psql (9.4.6)
Type "help" for help.

ias_sdo=# CREATE EXTENSION dblink ;
CREATE EXTENSION

ias_sdo_sums

root@sdo-new:$ psql ias_sdo -p5434 -U postgres
psql (9.4.6)
Type "help" for help.

ias_sdo=# CREATE EXTENSION dblink ;
CREATE EXTENSION

ias_sdo_monitor

root@sdo-new:$ psql ias_sdo -p5436 -U postgres
psql (9.4.6)
Type "help" for help.

ias_sdo=# CREATE EXTENSION dblink ;
CREATE EXTENSION

To check the list of installed extensions type :

ias_sdo=\dx
                                 List of installed extensions
  Name   | Version |   Schema   |                         Description                          
---------+---------+------------+--------------------------------------------------------------
 dblink  | 1.1     | public     | connect to other PostgreSQL databases from within a database
 plpgsql | 1.0     | pg_catalog | PL/pgSQL procedural language
(2 rows)

System tuning

Current configuration :

# sysctl -a

In the following file :

# vi /etc/sysctl.conf

we change some values (default values are commented with '#')

(resources links here)

# Semaphore is a object that is used to control utilization of a particular process.
# kernel.sem = SEMMSL SEMMNS SEMOPM SEMMNI
# SEMMSL        maximum number of semaphores per array  (min 128)
# SEMMNS        maximum semaphores system-wide  
# SEMOPM        maximum operations per semop call       
# SEMMNI        maximum arrays 
#semop incresed from 32 (default value)operation to 100 (3rd value )
# kernel.sem = 250      32000   32      128
kernel.sem = 250 32000 100 128

In order to  apply changes :#This sets the  OS receive buffer size for all types of connections (default value 212992)
#net.core.rmem_default = 212992
#net.core.rmem_max = 212992
net.core.rmem_default = 33554432
net.core.rmem_max = 33554432

#This is the OS send buffer size for all types of connections (212992 default value) 
#net.core.wmem_default = 212992
#net.core.wmem_max = 212992
net.core.wmem_default = 33554432
net.core.wmem_max = 33554432

#TCP Autotuning setting. "The first value tells the kernel the minimum receive buffer for each TCP connection, and this buffer is always
# allocated to a TCP socket, even under high pressure on the system. ... The second value specified tells the kernel the default receive
# buffer allocated for each TCP socket. This value overrides the /proc/sys/net/core/rmem_default value used by other protocols. ...
# The third and last value specified in this variable specifies the maximum receive buffer that can be allocated for a TCP socket." 
#net.ipv4.tcp_rmem = 4096       87380   6291456
net.ipv4.tcp_rmem = 10240 87380 33554432

#TCP Autotuning setting. "This variable takes 3 different values which holds information on how much TCP sendbuffer memory space
# each TCP socket has to use. Every TCP socket has this much buffer space to use before the buffer is filled up. Each of the three 
#values are used under different conditions. ... The first value in this variable tells the minimum TCP send buffer space available
# for a single TCP socket. ... The second value in the variable tells us the default buffer space allowed for a single TCP socket to use. ... 
#The third value tells the kernel the maximum TCP send buffer space." 
#net.ipv4.tcp_wmem = 4096       16384   4194304
net.ipv4.tcp_wmem = 10240 87380 33554432

#Disable cache metrics so the initial conditions of the closed connections will not be saved to be used in near future connections
#net.ipv4.tcp_no_metrics_save = 0
net.ipv4.tcp_no_metrics_save = 1

# Increase number of incoming connections backlog
# net.core.netdev_max_backlog = 1000
net.core.netdev_max_backlog = 5000

# The tcp_mem variable defines how the TCP stack should behave when it comes to memory usage. ... 
#The first value specified in the tcp_mem variable tells the kernel the low threshold. 
#Below this point, the TCP stack do not bother at all about putting any pressure on the memory usage by different TCP sockets. ... 
#The second value tells the kernel at which point to start pressuring memory usage down. ... The final value tells the kernel how many
# memory pages it may use maximally
# net.ipv4.tcp_mem = 1543347    2057796 3086694
net.ipv4.tcp_mem = 786432 1048576 26777216

# local port range that is used by TCP and UDP traffic to choose the local port. You will see in the parameters of this file two numbers:
# The first number is the first local port allowed for TCP and UDP traffic on the server, the second is the last local port number.
# net.ipv4.ip_local_port_range = 32768  61000
net.ipv4.ip_local_port_range = 1024 65535

# maximum number of sockets in TIME-WAIT to be held simultaneously.
# net.ipv4.tcp_max_tw_buckets = 262144
net.ipv4.tcp_max_tw_buckets = 360000

Then we run the following command to make our change take effect:

# sysctl -p

JMD Installation

Download new JMD package build by Niles Oien 2016-04-07 following thoses actions :

cd /urs/local

[oien@spsc-nso19-12 ~]$ ftp gong2.nso.edu
Name (gong2.nso.edu:oien): anonymous
Password: <---------------- use your email as the password
ftp> cd outgoing/oien
ftp> get pablo_jmd.tar.gz
ftp> quit

Install new JMD package following thoses actions

[oien@spsc-nso19-12 ~]$ gunzip -vf pablo_jmd.tar.gz
pablo_jmd.tar.gz:      8.3% -- replaced with pablo_jmd.tar
[oien@spsc-nso19-12 ~]$ tar xf pablo_jmd.tar
[oien@spsc-nso19-12 ~]$ cd pablo_jmd
[oien@spsc-nso19-12 pablo_jmd]$ less README.txt
cd ..
mv jmd jmd_old
mv pablo_jmd jmd 

url provided by jsoc to download last JMD version http://vso.tuc.noao.edu/VSO/downloads/JMD

Apache Configuration for JMD

Configure webserver to request jsoc_fetch
(following the mail from )

WARNING : change hostname when migrate sdo-new to sdo

config d 'apache2 fichier sdo-new.ias.u-psud.fr


<VirtualHost *:80>
        ServerName sdo-new.ias.u-psud.fr
        ServerAdmin pablo.alingery@ias.u-psud.fr
        #ErrorLog /var/log/apache2/error.log
        DocumentRoot /var/www

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel debug

        #CustomLog /var/log/apache2/VSO/access.log combined

        Alias /VSO/DRMS/cgi-bin/ "/home/production/netdrms-tools/scripts/cgi-bin/" 

        <Location /VSO/DRMS/cgi-bin>
                SetHandler perl-script
                PerlResponseHandler ModPerl::Registry
                PerlOptions +ParseHeaders
                Options +ExecCGI
                Order allow,deny
                Allow from all
        </Location>
</VirtualHost>

Activate the new virtualhost and disable the default one :

# a2ensite sdo-new.ias.u-psud.fr.conf
# a2dissite 000-default.conf
# service apache2 restart

Allow symlink for the cgi scripts dierctory in apache2.conf :

<Directory /home/production/netdrms-tools/scripts/>
        Options FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>

# service apache2 restart

To be added futher to test cgi
Execution test cgi with URL :

make sure my $hostname=in the cgi file vso_jsoc_fetch.cgi is correct and test
http://sdo-new.ias.u-psud.fr/VSO/DRMS/cgi-bin/vso_jsoc_fetch.cgi

expected result :

{
   "wait" : 0,
   "requestid" : "",
   "data" : {},
   "method" : "url_quick",
   "size" : 0,
   "errormsg" : "Empty query",
   "protocol" : "as-is",
   "status" : 1,
   "space_ratio" : 0.1,
   "load_ratio" : 0.066875,
   "dir" : "",
   "count" : 0
}

JMD configuration

Modify the file /usr/local/jmd/cfg/JMD.cfg

Warning : when migrate production server, change sdo-new by sdo

NetDRMS tool Install

The following installed is based on : [[http://inf-redmine.ias.u-psud.fr/redmine/attachments/download/114/Netdrms_First_Install.odt]]

The sources are in : http://jsoc.stanford.edu/netdrms/dist/
Locally on sdo-new in : /home/production/sources

Symbolic link created 'netdrms_current' that corresponds to the last release

ln -s netdrms_8.12/ netdrms_current 

Edit file config.local and make sure that resource exist

for example :

#   defaults
#     PostgreSQL API headers (must contain libpq-fe.h)
POSTGRES_INCS:X86_64    /usr/include/postgresql
POSTGRES_INCS:AVX       /usr/include/postgresql

#     the location of the PostgreSQL libs; likely to be either
#     /usr/lib or /usr/lib64 or /usr/local/pgsql/lib
POSTGRES_LIBS:X86_64    /usr/lib/postgresql/9.4/lib
POSTGRES_LIBS:AVX       /usr/lib/postgresql/9.4/lib

So make sure /usr/include/postgresql does exist and is the location of libpq-fe.h for example (see in config.local comments about POSTGRES API headers )

cp config.local.template config.local

Warning WEB_DBUSER apache we think that it should value www maybe , to be checked testing the cgi
So check the cgi to figure out which user is used to connect to bd

Create 2 followings dirs :

mkdir /usr/local/netdrms_8.12/logs/SUM -p
mkdir /usr/local/netdrms_8.12/logs/slony -p

Warning config.local from line 150 =>222 Remote config to provide data, series to externals
To be checked for PLATO

Création d'un alias netdrms dans /root/.bashrc

alias netdrms='cd /usr/local/netdrms_current'

Prepare compiling

Into production profile
Replace all " $? !=0 " by " $status !=0 " in file configure then tape

$ ./configure

Again in netdrms_9.0

Modification du fichier /usr/local/netdrms_current/build/jsoc_machine.csh (Same issue in NetDrms 8.11 )

ligne 28 :

case "x86_64":
echo linux_x86_64
breaksw

Again in netdrms_9.0

Overwriting the existing files in the right place (base/sums/libs/pg) & modif in jsoc_machine.csh
=> the command 'make' works well.

Compilation

In file make_basic.mk line 223
look for "GCC_LF_ALL ="
add "-lcrypto"

$ make
$ make sums

SSH-HPN install

Intallation de openssh 7.2p2 car le dernier patch hpn dispo est 7.2hpn14.V10

web site for open ssh : http://ftp2.fr.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.2p2.tar.gz
patch hpn : https://sourceforge.net/projects/hpnssh/files/HPN-SSH%2014v10%207.2p2/openssh-7_2_P2-hpn-14.10.diff

In the dir /home/production/sources into 'root'

# tar -xzvf openssh-7.2p2.tar.gz
# cd openssh-7.2p2/
# cat ../openssh-7_2_P2-hpn-14.10.diff |patch -p1
# ./configure --prefix=/usr/local/hpn-ssh --with-pam --with-md5-passwords --without-zlib-version-check --with-tcp-wrappers
# make
# make install

Depuis sdo :

# cd /usr/local/hpn-ssh/etc/
# rsync -av *key* production@sdo-new:/home/production/

Following the link : http://vso.stanford.edu/netdrms/rmtsums.html

$ cd /home/production/
$ ssh-agent -c > ~/.ssh-agent_rs

NB : correct file ~/.ssh-agent_rs replace 'setenv' by 'export' and add '=' between var and value
#!/bin/csh
export SSH_AUTH_SOCK=/tmp/ssh-9POrTXobhLR4/agent.74272;
export SSH_AGENT_PID=74273;
echo Agent pid 74273;

$ source ~/.ssh-agent_rs
$ ssh-add ~/.ssh/id_rsa

Sur sdo-new :

# mv /home/production/*key* /usr/local/hpn-ssh/etc/

We have to configure the port number to 55000

# vi ssh_config

and add :

#Port 22
Port 55000

We configure also the server hpn (even we don't use it yet)

# vi sshd_config

and add :

#Port 22
Port 55000

#PidFile /var/run/sshd.pid
PidFile /var/run/sshd.55000.pid

# allow the use of the none cipher
#NoneEnabled no
NoneEnabled yes

In order to force the use of SSH-hpn by JMD :

$ vi /usr/local/jmd/cfg/JMD.cfg

and replace the path of scp binary :

SCPCommand=/usr/local/hpn-ssh/bin/scp -o NoneSwitch=yes -o NoneEnabled=yes

Private key Public key generation

JSOC need your public key to directly connect to your netdrms server. In order to generate your RSA public/private key pair :

$ ssh-keygen -t rsa

Not necessary in our case cause we recover the ssh keys of the current server 'sdo'.

However, we have to retrieve the private key of production account on sdo-new

From sdo :

rsync -av id_rsa production@sdo-new:/home/production/.ssh/

In order to test the connection :

$ ssh jsocexp@jsocport.stanford.edu -p55000

Note : the IP of the server has to be declared to the jsoc

NetDRMS Replication Config

To be check if we keep that here or not
To prevent from deleting files

cd logs/SUM ; scp production@sdo:/usr/local/netdrms/install-config-files/sum_rm.cfg .

Create tmp dir in netdrms working directory (/usr/local/netdrms_current)

$ mkdir tmp

Create config file from template

$ cd base/drms/replication/etc
cp repclient.template.cfg ias.repclient.cfg

Define node in file : /usr/local/netdrms_current/base/drms/replication/etc/ias.repclient.cfg

In our case :

node=IASprod

There are 4 new fields in the new version of repclient (see Art mail June 11, 2016)

#kRSBaseURL=<base URL for all Slony services>
kRSBaseURL=http://jsoc.stanford.edu/cgi-bin/ajax
#kSubService=<URL of the subscription service>
kSubService=${kRSBaseURL}/request-subs.py
#kPubListService=<URL of the publication-list service>
kPubListService=${kRSBaseURL}/publist.py
#kSubXfer=<URL of the file transfer directory>
kSubXfer=http://jsoc.stanford.edu/subscription

NetDRMS Subsribe list Config

Create config subscribe file from template

$ cd base/drms/replication/etc
cp subscribe_list.template.cfg ias.subscribe_list.cfg

TO BE DONE BEFORE MIGRATION

configure sytem taille buffer

swap désactivé ? discussion Stephane et Gilles

Test ssh connection to JSOC , NSO CFA before subcription and just after name sdo-new into sdo
Take old counter and place it in the same dir before migration

Before import existing db into postgres dont't forget to drop old one

Install VSO, test cgi to access hmi/aia data