The following sections lists some required packages or necessary configurations that has to be checked or done before installing StoRM components.
All the StoRM components are certified to work on:
There are no specific minimum hardware requirements but it is advisable to have at least 4GB of RAM on Backend host.
NTP service must be installed.
yum install ntp
systemctl enable ntpd
systemctl start ntpdyum install ntp
chkconfig ntpd on
service ntpd startYou can also use a Puppet module to install and configure NTP service. Install the NTP Puppet module:
puppet module install puppetlabs-ntpAnd apply the following manifest.pp:
include ntpHostname must be a Fully Qualified Domain Name (FQDN).
To check if your hostname is a FQDN, run:
hostname -f
The command must return the host FQDN.
If you need to correct it and you are using bind or NIS for host lookups, you can change the FQDN and the DNS domain name, which is part of the FQDN, in the /etc/hosts file.
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 MYHOSTNAME.MYDOMAIN MYHOSTNAME localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
Set your own MYHOSTNAME and MYDOMAIN and restart the network service:
service network restart
Hosts participating to the StoRM-SE which run services such as StoRM Frontend, StoRM Backend, StoRM WebDAV or StoRM Globus GridFTP must be configured with X.509 certificates signed by a trusted Certification Authority (CA).
Usually, the hostcert.pem and hostkey.pem certificate and private key are located in the /etc/grid-security directory. They must have permission 0644 and 0400 respectively:
ls -l /etc/grid-security/hostkey.pem
-r-------- 1 root root 887 Mar 1 17:08 /etc/grid-security/hostkey.pem
ls -l /etc/grid-security/hostcert.pem
-rw-r--r-- 1 root root 1440 Mar 1 17:08 /etc/grid-security/hostcert.pem
Check if your certificate is expired as follow:
openssl x509 -checkend 0 -in /etc/grid-security/hostcert.pem
To change permissions, if necessary:
chmod 0400 /etc/grid-security/hostkey.pem
chmod 0644 /etc/grid-security/hostcert.pem
StoRM uses the ACLs on files and directories to implement the security model. In so doing, StoRM uses the native access to the file system. Therefore in order to ensure a proper running, ACLs need to be enabled on the underlying file-system (sometimes they are enabled by default) and work properly.
If the getfacl and setfacl commands are not available on your host you have to install acl package:
yum install acl
To check if all works properly, try to set an acl to a test file as follow:
touch test
setfacl -m u:storm:rw test
Note: storm user must exist.
getfacl test
Should return the following values:
# file: test
# owner: root
# group: root
user::rw-
user:storm:rw-
group::r--
mask::rw-
other::r--
To enable ACLs (if needed), you must add the acl property to the relevant file system in your /etc/fstab file.
For example:
/dev/hda3 /storage ext3 defaults, acl 1 2
Then you need to remount the affected partitions as follows:
mount -o remount /storage
This is valid for different file system types (i.e., ext3, xfs, gpfs and others).
StoRM uses the Extended Attributes (EA) on files to store some metadata related to the file (e.g. the checksum value); therefore in order to ensure a proper running, the EA support needs to be enabled on the underlying file system and work properly.
If the getfattr and setfattrl commands are not available on your host, install attr package:
yum install attr
To check if all properly works, try to set an extendend attribute to a test file:
touch testfile
setfattr -n user.testea -v test testfile
getfattr -d testfile
It should return:
# file: testfile
user.testea="test"
To enable EA (if needed) you must add the user_xattr property to the relevant file systems in your /etc/fstab file.
For example:
/dev/hda3 /storage ext3 defaults,acl,user_xattr 1 2
Then you need to remount the affected partitions as follows:
mount -o remount /storage