Difference between revisions of "NDPF GS environment"

From PDP/Grid Wiki
Jump to navigationJump to search
Line 41: Line 41:
 
== EUGridPMA and IGTF ==
 
== EUGridPMA and IGTF ==
  
For the EUGridPMA and IGTF
+
For the EUGridPMA and IGTF web sites, also Anders Waananen (NBI, DK) has the access rights and methods to get into it. He could potentially also do the system swap in DNS with ENOM, but had never tried that one yet.
 +
 
 +
These web sites *really* have a high profile, so please take care of them for me. Mails sent to the EUGridPMA Operations email address get forwarded to the grid sysadmin list as well.
 +
 
 +
== DutchGrid CA ==
 +
 
 +
The Dutchgrid CA has, besides its off-line signing system, 2 (two) on-line systems: the 'RA' box that serves the internal web management console that Djuhaeri, Andre and Dennis can use; and the 'public' box that serves the web site for user requests, as well as the CRL download location. This latter function (CRL downloads) is *really* critical and gets noticed by each and every site in the grid. Please keep it running, and look for complaints sent to ca@dutchgrid.nl. Dennis, Djuhaeri and Andre get these mails.
 +
 
 +
Neither of the two boxes has a redundant power supply, but they do have redundant RAID-1 disks (on a 3ware controller)
 +
 
 +
== DutchGrid web site, BiG Grid and the VL-e PoC ==
 +
 
 +
These web sites have (just!) been migrated to mestkar.nikhef.nl, a VM(Xen,PV) hosted on the first blade top-left in the new chassis, on a host called rakel. This machine also does the CVS service for now.
 +
New here: the uids are taken from the NDPF LDAP, and no longer follow the ikonet assignments.
 +
 
 +
The only service that was NOT yet migrated away from beerput is the ADSM backup. Even more: mestkar is now backed-up TO beerput on a daily basis.
  
 
= Decommissioned services =
 
= Decommissioned services =

Revision as of 14:12, 5 June 2009

The Grid Services environment contains nodes and virtual machines that run special or dedicated services for grid and grid-related work: web servers, the EUGridPMA Repository, the CA and RA systems, et cetera. These service nodes are ‘one-off’ systems, not under quattor control, installed separately, and updating themselves using yum or apt. They do not even all run the same OS version or flavour.

They mostly live on a separate network (194.171.96.64/28), and at the Remote Housing Location.

Machine overview

Machine (real or virtual) overview
machine responsible Level Tasks Comments
rooier sveng low web server for EGEE Security SSCs
beerput davidg medium rsync backup service with ADSM client and backup
gierput davidg low no useful purpose left spare for beerput
sikkel davidg high NDPF subversion service
zeis davidg critical www.eugridpma.org web site (with dynamic content) a hot spare is available on dodo, re-point the DNS (hosted at https://access.enom.com/) in case it really does not come back
weikuip davidg critical dist.eugridpma.info web (IGTF CA distribution) a hot spare is available on lama, re-point the DNS (hosted at https://access.enom.com/) in case it really does not come back
keerder davidg critical physical host system serves: zeis, weikuip, rooier, sikkel
hek davidg high DutchGrid CA 'internal' system ra.dutchgrid.nl, used by the CA admins
kaasvat davidg critical ca.dutchgrid.nl (DutchGrid CRL distribution) a hot spare is available on vink, re-point the DNS for ca.dutchgrid.nl, ask PaulKS
rakel davidg high physical host system Blade #1 (top left, in c15). Hosts: mestkar
mestkar davidg high web server for dutchgrid (and some NDPF stats)
rijf davidg medium NDPF mirror service stalkaars-02, in 2nd valentine rack
salado davidg high network management host in cabinet of deel. Makes the cricket graphs. Warning: disk is NOT raided!

Web sites

EUGridPMA and IGTF

For the EUGridPMA and IGTF web sites, also Anders Waananen (NBI, DK) has the access rights and methods to get into it. He could potentially also do the system swap in DNS with ENOM, but had never tried that one yet.

These web sites *really* have a high profile, so please take care of them for me. Mails sent to the EUGridPMA Operations email address get forwarded to the grid sysadmin list as well.

DutchGrid CA

The Dutchgrid CA has, besides its off-line signing system, 2 (two) on-line systems: the 'RA' box that serves the internal web management console that Djuhaeri, Andre and Dennis can use; and the 'public' box that serves the web site for user requests, as well as the CRL download location. This latter function (CRL downloads) is *really* critical and gets noticed by each and every site in the grid. Please keep it running, and look for complaints sent to ca@dutchgrid.nl. Dennis, Djuhaeri and Andre get these mails.

Neither of the two boxes has a redundant power supply, but they do have redundant RAID-1 disks (on a 3ware controller)

DutchGrid web site, BiG Grid and the VL-e PoC

These web sites have (just!) been migrated to mestkar.nikhef.nl, a VM(Xen,PV) hosted on the first blade top-left in the new chassis, on a host called rakel. This machine also does the CVS service for now. New here: the uids are taken from the NDPF LDAP, and no longer follow the ikonet assignments.

The only service that was NOT yet migrated away from beerput is the ADSM backup. Even more: mestkar is now backed-up TO beerput on a daily basis.

Decommissioned services

The following services have been decommissioned:

  • VO LDAP services at grid-vo.nikhef.nl
  • SecureGrid.org web site

Also, all running services that used to run on beerput.nikhef.nl, except for the ADSM backup have been migrated to "mestkar.nikhef.nl".

Older documentation

For the non-migrated services (mainly the DutchGrid CA and the rsync-based backup service, the attached document (PDF) is still valid! File:Grid-Service-Systems-Guide-20070518.pdf