Project

General

Profile

Set up a samweb instance for a new experiment

Again, using 'hypot' example experiment.

Get database

  • put in a ticket with database group requesting one (for example RITM0602109)
  • get a passworded account in it 'samdbs'

Initial database content for new instances

  • Schema creation with the initial load is now performed by create_schema.sh. The script is in sam-misc under the ddl directory.

create_schema.sh -d <databaseName> -h <host> -p <port>
Creates a SAM schema loaded with the required initial values and adds developers to the persons table.
Note:
1) You must have a Kerberos Postgresql account to the database as it will be used for logging in.
2) Your Postgresql account must be able to set role to the table owning role.

  • example:
    create_schema.sh -d sam_hypot_prd -h cspgsprd2.fnal.gov -p 5432 
    
  • Log files will be created under /tmp/$USER/databaseName

Setup config files

  • setup a samweb config:
    sed -e 's/gm2/hypot/g' < gm2.conf > hypot.conf
  • pick a port number (don't get thrown by the registry.conf one...)
    grep server.socket_port *.conf | sort -n -k 3
  • edit hypot.conf and fill in port number from above, and database connection info from previous section in [database] section
  • setup a uwsgi config for your instance: just cp uwsgi_gm2.ini uwsgi_sbnd.ini

setup supervisord

  • Add a supervisord.conf stanza for your instance
    [program:hypot]
    
    command = /home/sam/bin/samwebserverctl --uwsgi-config /home/sam/config/uwsgi_%(program_name)s.ini --unix=/var/tmp/uwsgi %(program_name)s.sock current %(program_name)s start
    stdout_logfile = /home/sam/logs/sam_web_%(program_name)s/stdouterr.log
    redirect_stderr = true
    autorestart = true
    
  • have supervisord read in new config
    source $HOME/products/setups
    setup supervisor
    supervisorctl update
    

configure nginx to route to it

  • cd ~/nginx/conf
  • add your experiment name to the (uboone|lariat|...|seaquest) line in sam_servers.conf
  • do $HOME/nginx/sbin/nginx -s reload

check it

add certificates

  • go to https://samweb.fnal.gov:8483/sam/hypot/admin/users/
  • click on the "sam" user
  • add the following grid subjects:
    /DC=com/DC=DigiCert-Grid/O=Open Science Grid/OU=Services/CN=sam/samwebgpvm03.fnal.gov
    /DC=com/DC=DigiCert-Grid/O=Open Science Grid/OU=Services/CN=sam/samwebgpvm01.fnal.gov
    /DC=com/DC=DigiCert-Grid/O=Open Science Grid/OU=Services/CN=samweb.fnal.gov
    
  • add "hypotpro" account, and add the certificate DN for their production proxy so production jobs can declare files, etc.
    /DC=org/DC=opensciencegrid/O=Open Science Grid/OU=Services/CN=hypotpro/hypotgpvm01.fnal.gov/
    
  • add "poms" account and add the POMS service certificate DN
    /DC=org/DC=opensciencegrid/O=Open Science Grid/OU=Services/CN=poms/pomsgpvm01.fnal.gov

    so POMS can make dataset declarations, etc.

add users, and configure to update users

  • update /home/sam/scripts/update_sam_users.shh by adding VO of this experiment (i.e. fermilab/hypot) to the long comma-separated list of VO's to update from
  • run /home/sam/scripts/update_sam_users.sh
  • check output, and check https://samweb.fnal.gov:8483/sam/hypot/admin/users/ for new users

Now you're ready to Set up a new station