Difference between revisions of "NDPF GS environment"
m |
|||
Line 86: | Line 86: | ||
Also, all running services that used to run on <tt>beerput.nikhef.nl</tt>, '''except for the ADSM backup''' have been migrated to "mestkar.nikhef.nl". | Also, all running services that used to run on <tt>beerput.nikhef.nl</tt>, '''except for the ADSM backup''' have been migrated to "mestkar.nikhef.nl". | ||
− | = Older documentation = | + | = Older documentation that still has validity = |
For the non-migrated services (mainly the DutchGrid CA and the rsync-based backup service, the attached document (PDF) is still valid! | For the non-migrated services (mainly the DutchGrid CA and the rsync-based backup service, the attached document (PDF) is still valid! | ||
[[Image:Grid-Service-Systems-Guide-20070518.pdf||Grid Service Guide]] | [[Image:Grid-Service-Systems-Guide-20070518.pdf||Grid Service Guide]] |
Revision as of 14:17, 5 June 2009
The Grid Services environment contains nodes and virtual machines that run special or dedicated services for grid and grid-related work: web servers, the EUGridPMA Repository, the CA and RA systems, et cetera. These service nodes are ‘one-off’ systems, not under quattor control, installed separately, and updating themselves using yum or apt. They do not even all run the same OS version or flavour.
They mostly live on a separate network (194.171.96.64/28), and at the Remote Housing Location.
Machine overview
Machine (real or virtual) overview | ||||
---|---|---|---|---|
machine | responsible | Level | Tasks | Comments |
rooier | sveng | low | web server for EGEE Security SSCs | |
beerput | davidg | medium | rsync backup service | with ADSM client and backup |
gierput | davidg | low | no useful purpose left | spare for beerput |
sikkel | davidg | high | NDPF subversion service | |
zeis | davidg | critical | www.eugridpma.org web site (with dynamic content) | a hot spare is available on dodo, re-point the DNS (hosted at https://access.enom.com/) in case it really does not come back |
weikuip | davidg | critical | dist.eugridpma.info web (IGTF CA distribution) | a hot spare is available on lama, re-point the DNS (hosted at https://access.enom.com/) in case it really does not come back |
keerder | davidg | critical | physical host system | serves: zeis, weikuip, rooier, sikkel |
hek | davidg | high | DutchGrid CA 'internal' system | ra.dutchgrid.nl, used by the CA admins |
kaasvat | davidg | critical | ca.dutchgrid.nl (DutchGrid CRL distribution) | a hot spare is available on vink, re-point the DNS for ca.dutchgrid.nl, ask PaulKS |
rakel | davidg | high | physical host system | Blade #1 (top left, in c15). Hosts: mestkar |
mestkar | davidg | high | web server for dutchgrid (and some NDPF stats) | |
rijf | davidg | medium | NDPF mirror service | stalkaars-02, in 2nd valentine rack |
salado | davidg | high | network management host | in cabinet of deel. Makes the cricket graphs. Warning: disk is NOT raided! |
Web sites
EUGridPMA and IGTF
For the EUGridPMA and IGTF web sites, also Anders Waananen (NBI, DK) has the access rights and methods to get into it. He could potentially also do the system swap in DNS with ENOM, but had never tried that one yet.
These web sites *really* have a high profile, so please take care of them for me. Mails sent to the EUGridPMA Operations email address get forwarded to the grid sysadmin list as well.
DutchGrid CA
The Dutchgrid CA has, besides its off-line signing system, 2 (two) on-line systems: the 'RA' box that serves the internal web management console that Djuhaeri, Andre and Dennis can use; and the 'public' box that serves the web site for user requests, as well as the CRL download location. This latter function (CRL downloads) is *really* critical and gets noticed by each and every site in the grid. Please keep it running, and look for complaints sent to ca@dutchgrid.nl. Dennis, Djuhaeri and Andre get these mails.
Neither of the two boxes has a redundant power supply, but they do have redundant RAID-1 disks (on a 3ware controller)
DutchGrid web site, BiG Grid and the VL-e PoC
These web sites have (just!) been migrated to mestkar.nikhef.nl, a VM(Xen,PV) hosted on the first blade top-left in the new chassis, on a host called rakel. This machine also does the CVS service for now. New here: the uids are taken from the NDPF LDAP, and no longer follow the ikonet assignments.
The only service that was NOT yet migrated away from beerput is the ADSM backup. Even more: mestkar is now backed-up TO beerput on a daily basis.
CVS
The CVS service, using ssh access only, is now provided from mestkar (was: beerput)
SVN
The SVN service runs on sikkel, a VM(Xen,PV) on keerder.
ADSM and backup
The rsync backup service runs on beerput. In /export/data/backups/FQDN/ you find the mos recent backup. The time stamp of the top-level directory is the time the backup last ran.
This area is again backed-up through ADSM to SARA on a daily basis, with 100 days history. In case of trouble with ADSM, contact Ton.
The Real Hosts
Most of the grid services run off 2 (two) physical hosts: keerder, a PE1950-III with a software-raid-1 serup from the HA-GRID series systems; the other is rakel, a M600e blade with hardware raid-1 over SATA in position 1 of the enclosure. Physical hosts left are: beerput, gierput, hek, kaasvat, rijf/stalkaars-02.
Decommissioned services
The following services have been decommissioned:
- VO LDAP services at grid-vo.nikhef.nl
- SecureGrid.org web site
Also, all running services that used to run on beerput.nikhef.nl, except for the ADSM backup have been migrated to "mestkar.nikhef.nl".
Older documentation that still has validity
For the non-migrated services (mainly the DutchGrid CA and the rsync-based backup service, the attached document (PDF) is still valid! File:Grid-Service-Systems-Guide-20070518.pdf