Jeffery
From another source this message below came from Paul Anderson
and Jan which I was about to pass onto this list.
Steve
>>>>>> PA (Paul Anderson <[log in to unmask]>) wrote (mixed with my
>>>>>> own reply, and quoting your (forwarded) mail):
>> o Do all the objects mentioned in
>> http://iven.home.cern.ch/iven/lcfg/lcfg-install.html
>> exist. In particular has someone written a obj-xntpd before
>> I go and write one?
PA> Edinburgh LCFG includes an xntpd component which we use here. I
PA> don't think it was included in the EDG bundle, although it probably
PA> should be. If you can't get an EDG version, I can let you have a copy
PA> from here.
obj-xntpd definitively was not included in any EDG release. I suggest
to take the Edinburgh version for now. (BTW, the status report that
you are referencing is fairly ancient..)
>> o I have mkxprof running as a daemon on the server and
>> rdxprof polling on the client. They are doing a fine job
>> updating the local DBM files on each client. This
>> information is currently not being processed into
>> the clients config files other than at boot time
>> when lcfg.init is launched from init.
PA> This depends on the setting of the profile.reconfig resources.
PA> These specify the components and methods that you want to call
PA> when something changes. You probably don't want to reconfig
PA> everything automatically as soon as a change occurs (eg.
PA> repartition the disk :-). Exactly when these things should
PA> happen is a hard question that we are currently trying to
PA> address in the new developments.
>> mkxprof 766 root 4u IPv4 825 UDP *:lcfgack
>> rdxprof 2330 root 5u IPv4 2451 UDP *:lcfg
>>
>> ports open. Are these used when within a polling environment?
PA> There are probably open to receive things ack/notify.
>> o As a stopgap for the lack of a obj-xntpd I have been using
>> the filecopy object to install a ntp.conf for the RAL
>> environment. This is fine but I am not sure if there is
>> a resource that contains a list of init.d services to
>> be started at boot time rather than a list of LCFG objects
>> to be started.
PA> No. With the present boot system, you need to chkconfig yourself
PA> anything which isn't an LCFG component that you want started.
PA> The new boot component will handle this.
(EDG: planned to be released in May... after the integration work.)
>> o Some errors at resource compile time.
PA> Sorry. I don't know anything about the filecopy component. This looks
PA> like it might be a missing or incorrect meta resource in the
PA> filecopy.def file.
Indeed. Please try the following as your
/var/obj/conf/profile/source/filecopy.def:
-------------->8--cut here---
class filecopy
@files dest_$ uri_$ process_$ signal_$
files
dest_$
uri_$
process_$
signal_$
--------------8<--cut-here----
and your configuration then should look like (assuming that
URL_SERVER_CONFIG looks like http://someserver)
/* OBJECT FILECOPY */
filecopy.files xntpd
filecopy.uri_xntpd URL_SERVER_CONFIG/ral-extras/config-files/xntpd/ntp.conf
filecopy.dest_xntpd /etc/ntp.conf
filecopy.process_xntpd
filecopy.signal_xntpd
Please report back (to me) whether this fixes the problem.
>> o I would be interested to know what method people are using for
>> transferring and preserving ssh_keys and gatekeeper keys during LCFG
>> installation and possibly reinstallation.
PA> We regenerate new ssh keys when we reinstall. (not ideal, I know)
PA> Hope this is some use.
PA> Paul
Best regards
Jan
-----Original Message-----
From: Jeffrey Templon [mailto:[log in to unmask]]
Sent: Monday, February 11, 2002 3:52 PM
To: Traylen, SM (Steve)
Cc: [log in to unmask];
[log in to unmask]
Subject: LCFG, A number of questions.
Hi:
Traylen, SM (Steve) writes:
>
> I am just in the process of setting up LCFG to control
> some boxes and have a number of questions about
> things I am presently unsure of. There are quite a few
> questions here I am afraid.
>
> o Do all the objects mentioned in
> http://iven.home.cern.ch/iven/lcfg/lcfg-install.html
> exist. In particular has someone written a obj-xntpd before
> I go and write one?
I have requested this several times, but never got an answer. it's
interesting that the following line appears in /etc/dhcpd.conf:
#option time-servers 137.138.16.69;
I think this line was in the CERN version I started from.
> o I have mkxprof running as a daemon on the server and
> rdxprof polling on the client. They are doing a fine job
> updating the local DBM files on each client. This
> information is currently not being processed into
> the clients config files other than at boot time
> when lcfg.init is launched from init. Should I have
> a cron job running or something to process the updated
> DBM files on each client? I had thought I had only
> needed this for rpm updates.
Some things happen automagically, some need an explicit update.
RPM updates seem to happen by themselves. Things like NFS mounting
don't.
You can do this on a client to force things.
/etc/obj/globus run
I wouldn't do a cron script since you might wind up doing something
you don't want to do.
Also, did you discover already that there is usually one crucial file
you must update before a client "sees" that its profile has changed?
mkxprof will run fine oh wait ... you are running mkxprof as a
daemon. That was deprecated a few months ago. Current solution (see
INFN's LCFG page) is to run mkxprof by hand, and run rdxprof as a
daemon.
> o As a stopgap for the lack of a obj-xntpd I have been using
> the filecopy object to install a ntp.conf for the RAL
> environment. This is fine but I am not sure if there is
> a resource that contains a list of init.d services to
> be started at boot time rather than a list of LCFG objects
> to be started.
Nose around in /var/obj/conf/profile/source, you will find lines like
boot.services syslog update auth inet mailng profile nfsmount
make sure xntpd is included.
> o I would be interested to know what method people are using for
> transferring and preserving ssh_keys and gatekeeper keys during LCFG
> installation and possibly reinstallation.
We put our gatekeeper keys in a shared directory on the LCFG server,
and this directory is mounted by all clients that need it. The name
of the key/cert files need to include more info than just
"hostcert.pem", e.g. "CE_hostcert.pem" or "grid001-hostcert.pem" would
work, since there is typically more than one key/cert in this
directory. We haven't got a way to preserve ssh keys yet.
JT
|