1 / 18

CDB Namespaces, “service templates” and profile structure

CDB Namespaces, “service templates” and profile structure. V é ronique Lef é bure June the 13 th 2008 ELFms Brainstorming meeting. OUTLINE. Namespaces Organisation of templates ACLs Alignment to latest Quattor release Service templates Profile structure Environment variables

komala
Télécharger la présentation

CDB Namespaces, “service templates” and profile structure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CDB Namespaces, “service templates” and profile structure Véronique Lefébure June the 13th 2008 ELFms Brainstorming meeting

  2. OUTLINE • Namespaces • Organisation of templates • ACLs • Alignment to latest Quattor release • Service templates • Profile structure • Environment variables • Configuration tree • MISC • Future PANC, SLC5, security • timeline

  3. Namespaces • Top directories: • test • preprod • prod • usertest • profiles • repository • retired (new, to be populated) stages stages Contain templates

  4. Namespaces • Under any stage: • pan/ • quattor/ • components/ • monitoring/lemon/ • hardware/ • services/ • os/ • site/cern_cc/ • cluster/ • vpd/ • netinfo/ • serialmap/ Quattor base templates Quattor base templates with cern configuration Make use of all above, service per service OS releases (defaults) Make use of all above, site-specific Make use of all above, cluster-specific Machine data (Serial numbers, mac addresses, …)“vital product data”

  5. components/ • components/[component_name]/ • config.tpl • Pkg_add (“ncm-[component_name]”,version,arch) • Default configuration • schema.tpl • [functions.tpl]

  6. monitoring/lemon/ • configuration/ • infrastructure/ • rpms/ • metrics/ • sensors/ • ACLs: monitoring Service Managers only

  7. hardware/ • cards/ • cpus/ • disks/ • memory/ • rams/ • contracts/ • vendors/ • monitoring/ • machines/ • ACLs: procurement team only Make use of /prod/monitoring/* Make use of all above: HW types, ex: “ex_07_3”

  8. Services/ • services/[service_name]/config.tpl • Contains: • Packages (use default versions) • Component(s) • Monitoring • Chkconfig • Iptables config

  9. Service template: ex: afs_client template services/afs_client/config; # # Packages # variable architecture = if (value("/system/architecture") == "i386") { "i686"; } else { value("/system/architecture") }; variable kernelversion = value("/system/kernel/version"); variable openafsversion = "1.4.6-58.SL5"; "/software/packages" = pkg_add("openafs", openafsversion, architecture); "/software/packages" = pkg_add("openafs-client", openafsversion, architecture); "/software/packages" = pkg_add("openafs-kpasswd", openafsversion, architecture); "/software/packages" = pkg_add("openafs-krb5", openafsversion, architecture); "/software/packages"=pkg_add("kernel-module-openafs-"+kernelversion,openafsversion, architecture); # # Start the service # "/software/components/chkconfig/service/afs/on" = "345"; "/software/components/chkconfig/service/afs/add" = true; "/software/components/chkconfig/service/afs/startstop" = true; # # Monitoring # include pro_monitoring_metrics_afs; include pro_monitoring_sensor_afscm; # # Component # include components/afsclt/config;

  10. os/ • i386_slc5/ • x86_64_slc5/ • rpms/ • defaults.tpl

  11. site/ • site/cern_cc/ • configuration/ • no_network/config.tpl • only_monitoring/config.tpl • i386_slc5/ • x86_64_slc5/ • core/config.tpl • minimal/config.tpl • components/ • infrastructure/ • rpms/ • services/ • people_acls/ One of them to be included in the cluster template Used by the above (internal) Smods, sysadmins, etc

  12. “core” and “minimal” • “core” installation: • Aims and PrepareInstall work • Incl. sindes, sms-set-state • Quattor • Console and ssh • “minimal” installation: • = Core configuration + • Lemon monitoring of: hardware, Quattor and “minimal” services • User access (krb5 client) • Sendmail, ntp, nscd, chkconfig • Operator, sysadmins, smods acls

  13. ACL’s : ex: root access for sysadmins template site/cern_cc/people_acls/sysadmins; variable sysadmin_list = list("jjmarin","grossir","bclement","tfabio","obouffet","ebonfill","ccor reia","hroussea","rbernard","dhoang","anovais","lgoguey","cguiller","console"); variable number_of_people = length(sysadmin_list); "/software/components/useraccess/users/root/roles" = { i = 0; result = self; while (i < number_of_people) { name = sysadmin_list[i]; result = push(name); i = i + 1; }; result; }; "/software/components/useraccess/roles/" = { i = 0; result = self; while (i < number_of_people) { name = sysadmin_list[i]; result[name]= nlist ("kerberos5", list(nlist("principal",name,"realm","CERN.CH"))); i = i + 1; }; result; };

  14. cluster/ • cluster/[cluster_name]/config.tpl • Contains • Base configurationinclude site/cern_cc/configuration/x86_64_slc5/minimal/config; • Additionnal servicesinclude services/afs_client/config; • Aclsinclude site/cern_cc/people_acls/sysadmin; • Aob“/system/cluster/usercontact” = “x@cern.ch”;

  15. Cluster example: lxdev template cluster/lxdev/config; include {'site/cern_cc/configuration/'+ELFMS_ARCH+'_'+ELFMS_OS+'/minimal/config'}; "/system/cluster/name" = ELFMS_SVCCLASS; "/system/ccdomain" = "FIO"; "/system/defaultstate" = "maintenance"; "/system/contract" = "E"; "/system/importance" = 5; "/system/cluster/description" = "The development cluster for FIO"; "/system/cluster/usercontact" = "project-elfms@cern.ch"; "/system/accounting/name" = ELFMS_RESOURCE ; "/system/rootmail" = "it-dep-fio-lxdev7-rootmail@cern.ch"; include cluster/lxdev/filepartition; include services/afs_client/config; "/system/cluster/tplname" = "lxdev";

  16. Profile structure • Proposed by FIO/FS object template profile_lxdev30; include stages/prod; include quattor/profile_declarations; variable ELFMS_OS = "slc5"; variable ELFMS_ARCH = "x86_64"; variable ELFMS_SVCCLASS = "lxdev"; variable ELFMS_RESOURCE = "c3"; variable ELFMS_CUSTOMIZATION = undef; include hardware/machines/elonex_2800_64; include vpd/lxdev30; #include monitoring/lemon/hardware/machines/elonex_2800_64; #not ready for slc5 include netinfo_lxdev30; include serial_map_lxc2ri25; "/hardware/rack/name" = "rb46"; include { ‘cluster/’+ELFMS_SVCCLASS+’/config’}; include { if (exists('resources/'+ ELFMS_RESOURCE)) 'resources/'+ ELFMS_RESOURCE }; include quattor/repository_cleanup;

  17. Misc • Future PANC : See new coding rules and syntax on https://twiki.cern.ch/twiki/bin/view/ELFms/NewPanSyntax • SLC5 progress on https://twiki.cern.ch/twiki/bin/view/ELFms/ScientificLinux5Port • Security review for sensors and components: coming ELFms meeting

  18. Timeline • From now on: ALL SLC5 machine profiles have to comply to the new profile content • Beginning of September 2008: update LEAF scripts (used by Remedy/HMS) to support the new profile structure, with backward compatibility • By end of September 2008: ALL SLC5 machines should not include ANY pro_* template anymore • As far as possible, replace the usage of pro_* templates by the new templates everywhere (i.e. not only slc5 but also slc4(3) )

More Related