NetDRMS Installation » History » Version 309
« Previous -
Version 309/369
(diff) -
Next » -
Current version
Pablo Alingery, 10/06/2016 15:12
- Table of contents
- NetDRMS Installation
- Preliminary note
- Requirements
- Configuring production environment
- Configure /home/production/.profile
- Configure /varl/lib/postgres/.profile
- Setting privileges for SUMS_MANAGER
- Set passwords file for db postgres
- Install missing libraries
- Reconfigure locale
- Install gfortran packages
- Installation of cfitsio library
- Installation des libraries libtar-dev, libcurl3-dev et libecpg-dev
- Installation of apache2 and lib perl
- Installation of postgresql
- Installation of python3
- Installation of sdo_scripts
- NetDRMS databases
- System tuning
- JMD Installation
- Apache Configuration for JMD
- JMD configuration
- NetDRMS tool Install
- SSH-HPN install
- Private key Public key generation
- NetDRMS Replication Config
- Correction
- TO BE DONE BEFORE MIGRATION
NetDRMS Installation¶
Preliminary note¶
In the following sections, when there is a command line :
#\ means that command is executed into root user
$\ means that command is executed into production user
Requirements¶
Configuring production environment¶
Adding user production
# adduser production # addgroup ias # adduser production ias
Configure /home/production/.profile¶
Adding environment variables
#Modif Herve.B Pablo.A 12/05/2016 PATH="/usr/local/netdrms_current/bin/linux_x86_64:$PATH" PATH="/usr/local/netdrms_current/scripts:$PATH" PATH="/usr/local/jmd/bin:$PATH" PATH="/usr/local/jmd/scripts:$PATH" #The following is not needed as installed with 'apt-get install' #PATH="/usr/local/pgsql/bin:$PATH" PATH="/usr/local/netdrms-tools/scripts:$PATH" #2014-12-17 Avec Herve et Pablo on pense que la ligne suivante est intutile as it is f.. install in /usr/local/lib PATH="/usr/local/cfitsio:$PATH" #Done DERBY_HOME=/usr/local/jmd/databases/derby/derbyBD export DERBY_HOME export CVSROOT=:pserver:anonymous@solarch.tuc.noao.edu:2401/vtarc1/vso/cvsroot
Configure /varl/lib/postgres/.profile¶
Add to $PATH so postgres can exeute command like initdb
#Modif Herve.B Pablo.A 19/05/2016 PATH="/usr/lib/postgresql/9.4/bin:$PATH"
Setting privileges for SUMS_MANAGER¶
Please modify file /etc/sudoers so user 'production' will be able to execute 'sum_chown' that we will locate in the dir : /usr/local/bin . See below
Add to /etc/sudoers the following line :
production host=NOPASSWD:/usr/local/bin/sum_chmown
Set passwords file for db postgres¶
Please create file .pgpass with the following information for user 'production" so he will be able to connect without password as 'production' or 'postgres' to 2 db that we will create later ias_sdo and ias_sdo_sums.
.pgpass content :
#hostname:5432:ias_sdo:production: #hostname:5434:ias_sdo_sums:production: #hostname:5432:ias_sdo:postgres: #hostname:5434:ias_sdo_sums:postgres
where #hostname is the name of your server
WARNING : change hostname when migrate sdo-new to sdo
Install missing libraries¶
- libreadline-dev (but already installed with postgresql)
- libssl-dev
- libpam0g-dev
- libperl-dev
- libnet-ssh-perl
- libstring-shellquote-perl
- libdbi-perl
- libdbd-pg-perl
NB : Already done in Debian 8.4 Jessy
# apt-get install $library_name
where
$library_name is the name of library
Then to update path on libraries, please type :
# ldconfig
Reconfigure locale¶
# dpkg-reconfigure locales
select fr_FR.UTF8 UTF8 and unselect en_US.UTF-8
localedef -i en_US -f UTF-8 en_US.UTF-8
(see here : [[http://www.thomas-krenn.com/en/wiki/Perl_warning_Setting_locale_failed_in_Debian]])
Install gfortran packages¶
# apt-get install gfortran swig
Installation of cfitsio library¶
In /usr/local dir
Version 3.39 (currently on sdo : 3.24)
# wget ftp://heasarc.gsfc.nasa.gov/software/fitsio/c/cfitsio3390.tar.gz
Untar and decompression
# tar -xzvf cfitsio3390.tar.gz
Go into /usr/local and type
su - root and :
# ./configure --prefix=/usr/local # make # make install
Installation des libraries libtar-dev, libcurl3-dev et libecpg-dev¶
apt-get install libtar libtar-dev
Note, selecting 'libcurl4-openssl-dev' instead of 'libcurl3-dev'
libcurl4-openssl-dev is already the newest version
apt-get install libcurl3-dev
apt-get install libecpg-dev
Installation of apache2 and lib perl¶
# apt-get install apache2 # apt-get install libjson-perl # apt-get install libapache2-mod-perl2
Installation of postgresql¶
Into 'root'
apt-get install postgresql-9.4 postgresql-client-9.4
Installation of python3¶
Into 'root'
apt-get install python3
Add some modules psycopg2 (postgres connector) and pySmartDL (Download manager)
apt-get install python3-psycopg2
apt-get install python3-psycopg2
Add python3-pip for modules within python3
apt-get install python3-pip
pip3 install pySmartDL
Both python2.7 and 3.4 versions are installed on the system.
By default, the python2.7 is used.
In order to change in 3.4 by default, type :
update-alternatives --config python
Installation of sdo_scripts¶
Install monitoring scripts for sdo
rsync -av scripts production@sdo-new:/home/production/netdrms-tools/
NetDRMS databases¶
into /var/lib/postgresql (hard mount point separated, 7 disks 15000 tr/min in raid5 in order to distribute read and write)
# cd /var/lib/postgresql # mkdir data data_sums data_monitor # chown -R postgres:postgres *
Initialize 3 servers data, data_sums, data_monitor¶
Into postgres
# su - postgres $ initdb --locale=C -D data -A md5 -W (no password) Success. You can now start the database server using: postgres -D data or pg_ctl -D data -l logfile start $ initdb --locale=C -D data_sums -A md5 -W (no password) Success. You can now start the database server using: postgres -D data_sums or pg_ctl -D data_sums -l logfile start $ initdb --locale=C -D data_monitor -A md5 -W (no password) Success. You can now start the database server using: postgres -D data_monitor or pg_ctl -D data_monitor -l logfile start
Edition des fichiers postgresql.conf pour configurer les bons ports d'écoute :
listen_addresses = '*'
data -> port 5432
data_sums -> port 5434
data_monitor -> port 5436
Edit files data*/pg_hba.conf : replace 'md5' by 'trust'
#"local" local all all trust #"IPv4" host all all trust
Tunning postgres¶
In file postgres.conf ( according to https://www.qwant.com/?q=Tunning+postgres+server+9.4+&client=firefox )
shared_buffer=4096MB So 1/12 of the total RAM memory available
work_mem = 24MB
maintenance_work_mem = 4096MB
wal_buffers = 16MB
checkpoint_segments = 32
checkpoint_completion_target = 0.9
random_page_cost = 1.0
effective_cache_size = 16384MB so 1/4 of the max memory
#log
logging_collector = on
log_directory = 'pg_log'
log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern,
log_truncate_on_rotation = on # If on, an existing log file with the
log_rotation_age = 1d # Automatic rotation of logfiles will
client_min_messages = error
log_min_messages = error
log_min_duration_statement = 0
log_connections = on
log_disconnections = on
log_duration = off
log_hostname = on
log_line_prefix = '%t [%p]: %u@%h - %d :'
track_counts = on
autovacuum = on
extra_float_digits = 3
Start the 3 databases :¶
# su - postgres $ cd /var/lib/postgresql $ pg_ctl -D data start $ pg_ctl -D data_sums start $ pg_ctl -D data_monitor start
Create the 3 databases :¶
Into user 'postgres'
- createdb --locale C -E LATIN1 -T template0 ias_sdo
- createdb --locale C -E LATIN1 -T template0 -p 5434 ias_sdo_sums
- createdb --locale C -E LATIN1 -T template0 -p 5436 ias_sdo_monitor
Automatic startup¶
Add following lines in the /etc/rc.local file :
su -l -c "/usr/lib/postgresql/9.4/bin/pg_ctl -D /var/lib/postgresql/data start" postgres su -l -c "/usr/lib/postgresql/9.4/bin/pg_ctl -D /var/lib/postgresql/data_sums start" postgres su -l -c "/usr/lib/postgresql/9.4/bin/pg_ctl -D /var/lib/postgresql/data_monitor start" postgres
System tuning¶
Current configuration :
# sysctl -a
In the following file :
# vi /etc/sysctl.conf
we change some values (default values are commented with '#')
(resources links here)
# Semaphore is a object that is used to control utilization of a particular process. # kernel.sem = SEMMSL SEMMNS SEMOPM SEMMNI # SEMMSL maximum number of semaphores per array (min 128) # SEMMNS maximum semaphores system-wide # SEMOPM maximum operations per semop call # SEMMNI maximum arrays #semop incresed from 32 (default value)operation to 100 (3rd value ) # kernel.sem = 250 32000 32 128 kernel.sem = 250 32000 100 128 In order to apply changes :#This sets the OS receive buffer size for all types of connections (default value 212992) #net.core.rmem_default = 212992 #net.core.rmem_max = 212992 net.core.rmem_default = 33554432 net.core.rmem_max = 33554432 #This is the OS send buffer size for all types of connections (212992 default value) #net.core.wmem_default = 212992 #net.core.wmem_max = 212992 net.core.wmem_default = 33554432 net.core.wmem_max = 33554432 #TCP Autotuning setting. "The first value tells the kernel the minimum receive buffer for each TCP connection, and this buffer is always # allocated to a TCP socket, even under high pressure on the system. ... The second value specified tells the kernel the default receive # buffer allocated for each TCP socket. This value overrides the /proc/sys/net/core/rmem_default value used by other protocols. ... # The third and last value specified in this variable specifies the maximum receive buffer that can be allocated for a TCP socket." #net.ipv4.tcp_rmem = 4096 87380 6291456 net.ipv4.tcp_rmem = 10240 87380 33554432 #TCP Autotuning setting. "This variable takes 3 different values which holds information on how much TCP sendbuffer memory space # each TCP socket has to use. Every TCP socket has this much buffer space to use before the buffer is filled up. Each of the three #values are used under different conditions. ... The first value in this variable tells the minimum TCP send buffer space available # for a single TCP socket. ... The second value in the variable tells us the default buffer space allowed for a single TCP socket to use. ... #The third value tells the kernel the maximum TCP send buffer space." #net.ipv4.tcp_wmem = 4096 16384 4194304 net.ipv4.tcp_wmem = 10240 87380 33554432 #Disable cache metrics so the initial conditions of the closed connections will not be saved to be used in near future connections #net.ipv4.tcp_no_metrics_save = 0 net.ipv4.tcp_no_metrics_save = 1 # Increase number of incoming connections backlog # net.core.netdev_max_backlog = 1000 net.core.netdev_max_backlog = 5000 # The tcp_mem variable defines how the TCP stack should behave when it comes to memory usage. ... #The first value specified in the tcp_mem variable tells the kernel the low threshold. #Below this point, the TCP stack do not bother at all about putting any pressure on the memory usage by different TCP sockets. ... #The second value tells the kernel at which point to start pressuring memory usage down. ... The final value tells the kernel how many # memory pages it may use maximally # net.ipv4.tcp_mem = 1543347 2057796 3086694 net.ipv4.tcp_mem = 786432 1048576 26777216 # local port range that is used by TCP and UDP traffic to choose the local port. You will see in the parameters of this file two numbers: # The first number is the first local port allowed for TCP and UDP traffic on the server, the second is the last local port number. # net.ipv4.ip_local_port_range = 32768 61000 net.ipv4.ip_local_port_range = 1024 65535 # maximum number of sockets in TIME-WAIT to be held simultaneously. # net.ipv4.tcp_max_tw_buckets = 262144 net.ipv4.tcp_max_tw_buckets = 360000
Then we run the following command to make our change take effect:
# sysctl -p
JMD Installation¶
Download new JMD package build by Niles Oien 2016-04-07 following thoses actions :
cd /urs/local [oien@spsc-nso19-12 ~]$ ftp gong2.nso.edu Name (gong2.nso.edu:oien): anonymous Password: <---------------- use your email as the password ftp> cd outgoing/oien ftp> get pablo_jmd.tar.gz ftp> quit
Install new JMD package following thoses actions
[oien@spsc-nso19-12 ~]$ gunzip -vf pablo_jmd.tar.gz pablo_jmd.tar.gz: 8.3% -- replaced with pablo_jmd.tar [oien@spsc-nso19-12 ~]$ tar xf pablo_jmd.tar [oien@spsc-nso19-12 ~]$ cd pablo_jmd [oien@spsc-nso19-12 pablo_jmd]$ less PABLO_README.txt cd .. mv jmd jmd_old mv pablo_jmd jmd
Apache Configuration for JMD¶
Configure webserver to request jsoc_fetch
(following the mail from nilesoien@gmail.com)
WARNING : change hostname when migrate sdo-new to sdo
config d 'apache2 fichier sdo-new.ias.u-psud.fr
<VirtualHost *:80> ServerName sdo-new.ias.u-psud.fr ServerAdmin pablo.alingery@ias.u-psud.fr #ErrorLog /var/log/apache2/error.log DocumentRoot /var/www # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel debug #CustomLog /var/log/apache2/VSO/access.log combined Alias /VSO/DRMS/cgi-bin/ "/home/production/netdrms-tools/scripts/cgi-bin/" <Location /VSO/DRMS/cgi-bin> SetHandler perl-script PerlResponseHandler ModPerl::Registry PerlOptions +ParseHeaders Options +ExecCGI Order allow,deny Allow from all </Location> </VirtualHost>
Activate the new virtualhost and disable the default one :
# a2ensite sdo-new.ias.u-psud.fr.conf # a2dissite 000-default.conf # service apache2 restart
Allow symlink for the cgi scripts dierctory in apache2.conf :
<Directory /home/production/netdrms-tools/scripts/> Options FollowSymLinks AllowOverride None Require all granted </Directory>
# service apache2 restart
To be added futher to test cgi
Execution test cgi with URL :
make sure my $hostname=in the cgi file vso_jsoc_fetch.cgi is correct and test
http://sdo-new.ias.u-psud.fr/VSO/DRMS/cgi-bin/vso_jsoc_fetch.cgi
expected result :
{ "wait" : 0, "requestid" : "", "data" : {}, "method" : "url_quick", "size" : 0, "errormsg" : "Empty query", "protocol" : "as-is", "status" : 1, "space_ratio" : 0.1, "load_ratio" : 0.066875, "dir" : "", "count" : 0 }
JMD configuration¶
Modify the file /usr/local/jmd/cfg/JMD.cfg
Warning : when migrate production server, change sdo-new by sdo
NetDRMS tool Install¶
The following installed is based on : [[http://inf-redmine.ias.u-psud.fr/redmine/attachments/download/114/Netdrms_First_Install.odt]]
The sources are in : http://jsoc.stanford.edu/netdrms/dist/
Locally on sdo-new in : /home/production/sources
Symbolic link created 'netdrms_current' that corresponds to the last release
ln -s netdrms_8.11/ netdrms_current
Edit file config.local
cp config.local.template config.local
Warning WEB_DBUSER apache We think that it should value www maybe , to be checked testing the cgi
So check the cgi to figure out which user is used to connect to bd
Create 2 followings dirs :
mkdir /usr/local/netdrms_8.11/logs/SUM mkdir /usr/local/netdrms_8.11/logs/slony
Warning config.local from line 150 =>222 Remote config to provide data, series to externals
To be checked for PLATO
Création d'un alias netdrms dans /root/.bashrc
alias netdrms='cd /usr/local/netdrms_current'
Prepare compiling¶
Into production profile
$ ./configure
Compilation¶
Creating lib64 link (lib64 does not exist on debian 8)
# cd /usr # ln -s lib/ lib64
$ make $ make sums
SSH-HPN install¶
Intallation de openssh 7.2p2 car le dernier patch hpn dispo est 7.2hpn14.V10
web site for open ssh : http://ftp2.fr.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.2p2.tar.gz
patch hpn : https://sourceforge.net/projects/hpnssh/files/HPN-SSH%2014v10%207.2p2/openssh-7_2_P2-hpn-14.10.diff
In the dir /home/production/sources into 'root'
# tar -xzvf openssh-7.2p2.tar.gz # cd openssh-7.2p2/ # cat ../openssh-7_2_P2-hpn-14.10.diff |patch -p1 # ./configure --prefix=/usr/local/hpn-ssh --with-pam --with-md5-passwords --without-zlib-version-check --with-tcp-wrappers # make # make install
Depuis sdo :
# cd /usr/local/hpn-ssh/etc/ # rsync -av *key* production@sdo-new:/home/production/
Following the link : http://vso.stanford.edu/netdrms/rmtsums.html
$ cd /home/production/ $ ssh-agent -c > ~/.ssh-agent_rs
NB : correct file ~/.ssh-agent_rs it should look like :
#!/bin/csh export SSH_AUTH_SOCK=/tmp/ssh-9POrTXobhLR4/agent.74272; export SSH_AGENT_PID=74273; echo Agent pid 74273;
$ source ~/.ssh-agent_rs $ ssh-add ~/.ssh/id_rsa
Sur sdo-new :
# mv /home/production/*key* /usr/local/hpn-ssh/etc/
We have to configure the port number to 55000
# vi ssh_config
and add :
#Port 22 Port 55000
We configure also the server hpn (even we don't use it yet)
# vi sshd_config
and add :
#Port 22 Port 55000 #PidFile /var/run/sshd.pid PidFile /var/run/sshd.55000.pid # allow the use of the none cipher #NoneEnabled no NoneEnabled yes
In order to force the use of SSH-hpn by JMD :
$ vi /usr/local/jmd/cfg/JMD.cfg
and replace the path of scp binary :
SCPCommand=/usr/local/hpn-ssh/bin/scp -o NoneSwitch=yes -o NoneEnabled=yes
Private key Public key generation¶
JSOC need your public key to directly connect to your netdrms server. In order to generate your RSA public/private key pair :
$ ssh-keygen -t rsa
Not necessary in our case cause we recover the ssh keys of the current server 'sdo'.
However, we have to retrieve the private key of production account on sdo-new
From sdo :
rsync -av id_rsa production@sdo-new:/home/production/.ssh/
In order to test the connection :
$ ssh jsocexp@jsocport.stanford.edu -p55000
Note : the IP of the server has to be declared to the jsoc
NetDRMS Replication Config¶
To prevent from deleting files
cd logs/SUM ; scp production@sdo:/usr/local/netdrms/install-config-files/sum_rm.cfg .
Create tmp dir in netdrms working directory (/usr/local/netdrms_current)
# mkdir tmp
Create config file from template
# cd base/drms/replication/etc cp repclient.template.cfg into ias.subscribe_list.cfg
Define node in file : /usr/local/netdrms_current/base/drms/replication/etc/ias.repclient.cfg
In our case :
node=IAS
Correction¶
Modification du fichier ias.repclient.cfg¶
Copier le template existant repclient.template.cfg dans le répertoire [netdrms_current]/base/drms/replication/etc
production@sdo3:/usr/local/netdrms_current/base/drms/replication/etc$ cp repclient.template.cfg ias.repclient.cfg
Nouveau / netdrms2.4
# Apps kRSPerl=<path to Perl binary to use when Perl scripts are executed>
TO BE DONE BEFORE MIGRATION¶
configure sytem nbr de fichier ouvert en meme temps
configure sytem taille buffer
swap désactivé ? discussion Stephane et Gilles
Test ssh connection to JSOC , NSO CFA before subcription and just after name sdo-new into sdo
Modification du fichir config.local pour la souscription au jsoc¶
# NetDRMS users can request subdirectories from the Stanford proj directories # (e.g., JSOC/proj/util). These users will need to contact Stanford and obtain # the source subdirectories desired. They will then place these subdirectories # in the JSOC/proj directory of their NetDRMS release. To properly build # targets in these subdirectories, using the JSOC make system, the user needs # to add entries to this configuration file - one entry for each subdirectory # that contains source code to be compiled. Each entry is a space-separated pair # of strings: the string "PROJDIR" followed by a subdirectory (of the proj # directory). For example: # # PROJDIR util/apps # PROJDIR util/libs # # NOTE: It is not sufficient to list only a parent directory, like util. Source code # in child directories will not automatically be compiled.