Hello Ian,
In case you don't get a quick reply from someone more knowledgeable, I'll
answer what I can, based on what I have learned while installing our own
(UCL) grid machines. I have not attempted to answer questions I know I
cannot answer, but I welcome corrections from others to what I have
written.
> 1) Where do the root passwords come from on the various node machines?
In the LCFG instructions, under "configure node profiles" there is a line
"+auth.rootpwd 56hk?8\$%=kjl" to be appended to each node profile. The
string "56hk?8\$%=kjl" should be replaced with your desired root password,
encrypted with openssl.
> this from some previous install? I thought LCFG allowed installation of
> other nodes "from scratch" requiring only PXE, a boot disk, and a PXE boot
> server which knows what name that machine should be given. LCFG then
> matches this up with a profile and installs whatever is required. I think
> some part of this understanding must be wrong.
I have not tried to use PXE booting, only booted from an LCFG boot disk,
so I don't know what difference this makes to any of my answers.
> 2) Where do nodes get their certificates and keys from? How does LCFG
> know where to get these to plonk them into the right location?
These are not installed by LCFG but plonked in by hand in the "post LCFG"
stage. See under "host certificates" in the "post LCFG" instructions.
Their locations must match those given in the site-cfg.h file. Look for
SITE_DEF_HOST_CERT, which will probably point to
/etc/grid-security/hostcert.pem unless you have changed it, and
SITE_DEF_HOST_KEY.
> 3) Where do user passwords come from?
If you just follow the instructions from the GridPP web site, the nodes
will have no user accounts. You can add some by including a few extra
lines in the profiles. At UCL we have added
#include "ucl/Users-ucl-cfg.h"
to the node profiles, and the included file contains something like the
following:
/* Users */
EXTRA(auth.users) pdm waugh
auth.usercomment_pdm Paul D Mealor
auth.userhome_pdm /home/pdm
auth.usergroup_pdm users
auth.userpwd_pdm encryptedpwdhere
auth.usershell_pdm /bin/bash
auth.useruid_pdm 402
auth.usercomment_waugh Ben Waugh
[...]
> 5) The v1.2.0 setup put in a "gatekeeper" machine. I don't understand
> what the purpose of this machine is. I see that it also acts as the UI
> for us, but don't know what _else_ being the "gatekeeper" implies.
As I understand it (I think) the "gatekeeper" is the machine the rest of
the world sees as the CE. CE seems to be used to mean two things: either
just the gatekeeper, or the gatekeeper plus the worker nodes.
> 6) Is it correct that UI machines are tied in to LCFG just like any other
> -- with a configuration file in the /var/obj/conf/profile/source?
They can be, but at UCL we have chosen to install the UI without using
LCFG, as the EDG software needs to coexist with other software on the
machine we use.
I hope this is some help.
Cheers,
Ben
--
Dr Ben Waugh Tel. +44 (0)20 7679 3783
Dept of Physics and Astronomy Internal: 33783
University College London
London WC1E 6BT
|