Storage Resource Broker (SRB) with MCAT Install Notes – For Version 3.x series

CCLRC e-Science Data Management Group

Document History

Current Version: 1.2

Authors:

Date	Author	Revision
April 2004	Ananta Manadhar (a.s.manandhar@dl.ac.uk)	Update 1 – Added additional information for Zones
May 2003	Michael Doherty (m.r.doherty@rl.ac.uk)	Version 1

Storage Resource Broker (SRB) with MCAT Install Note – For Version 3.x series. 2

Document History. 2

1. Overview.. 4

2. Pre-Installation Tasks. 5

2.1 Pre-installation checklist 5

2.2 RDBMS Software. 7

2.3 Create an empty database. 7

2.4 Create the MCAT tablespace in the empty database. 7

2.5 Create the SRB admin group. 8

2.6 Create the SRB User account 8

2.7 Setup Linux SRB User account to access the new database. 9

2.8 Create the MES RDBMS account 9

2.9 Obtain PGP encryption software or openSSL software. 10

2.10 Obtain the SRB source code. 10

2.11 Decrypt and unpack the SRB Server software. 10

2.12 Install the Java Development Kit version 1.4. 11

3. Installation tasks. 12

3.1 Configure the make file. 12

3.2 Build the SRB software. 12

3.3 Configure the SRB Server. 13

3.4 Populate the MCAT database with the SRB data model 14

3.5 Verify results of populating MCAT database. 14

3.6 Recovering from problems populating the MCAT database. 15

3.7 Create a privileged SRB account using the pre-defined 'srb' application user: 15

3.8 Configuring the Linux user for SRB. 16

3.9 Install the SRB Software. 16

3.10 Configuring for Zones. 17

4. Post installation tasks. 18

4.1 Starting the SRB System... 18

4.2 Securing the SRB default account 18

5. Basic SRB administration and Usage. 20

5.1 Create a new location. 20

5.2 Create a new resource. 20

5.3 Create a new user. 22

5.4 InQ.. 23

6. Appendix A: TNSNAMES.ORA and SQLNET.ORA.. 25

6.1 SQLNET.ORA.. 25

6.2 TNSNAMES.ORA.. 25

1. Overview

The SDSC Storage Resource Broker (SRB) provides a software infrastructure to supports access to data distributed across multiple storage repositories. It virtualizes the data space, provides multi user support and aids users in accessing data on multiple geographically dispersed storage space using multiple authentication protocols thus acts as an effective data grid platform for data collaboration between organizations.

An SRB installation with a set of resources and a single MCAT for persistence control is termed as a ‘Zone’ (Previous users will note that an SRB 2.x installation is now termed as a Zone). In order for an SRB Zone to function, it stores persistent metadata information such as file descriptions, resources it handles and user information in a Relational Database Management System (RDBMS). An SRB Zone may be made up of one or more SRB servers of which one of them communicates with the RDBMS. This is known as the MCAT Enabled Server (MES) and is the key to the Zone. From Version 3 onwards, an SRB Zone has the capability to inter-operate with other SRB Zones in creating a ‘SRB Federation’.

The MES server runs a special version of the SRB server software, which enables it to talk directly to the RDBMS. Each server (MES or not) will contain the SRB client libraries, SRB server libraries and other SRB utilities. The MES will have additional software and database scripts over other SRB servers. The MCAT software is a library that interfaces to a database management system.

This document describes an MCAT SRB installation for a Zone that can be made to intercommunicate with other Zones. It describes the installation using Oracle 9i as the RDBMS system for MCAT persistence and Redhat Linux as the operating system.

To build and install an MCAT Enable SRB server, you need complete the following key tasks:

· Install RDBMS software.

· Create an empty database (using RDBMS software)

· Build the MES server software

· Initialize the empty database (Create Tables, Index)

· Install the MES server software

· Configure for Zone

· Setup other SRB servers.

Note the MES need not be located on the same physical machine as the RDBMS, however many systems do run this way. If your MES is not installed on the same machine as the RDBMS, then you will have to install the RDBMS client software on the MES node. In the case of Oracle it would be the Oracle Client software.

The tasks above are broken down into 3 major categories below Pre-installation, Installation and Post-Installation. Detailed steps are given for each category.

Please note RDBMS configuration is complex and if you have no background in this area, you will require assistance from a Database Administrator (DBA).

2. Pre-Installation Tasks

2.1 Pre-installation checklist

The following table gives the names of various parameters and their description used throughout this script. Please use the table as a point of reference and also to record the various account information, file locations and other variables used your installation.

This first table describes all parameters relevant to the Linux or UNIX environment.

Parameter	Description	Example used	Your value
OS SRB admin group	Linux user group designated for SRB administrators	srbag
OS SRB admin user	Linux user designated for running SRB software.	srb
SRB_ROOT	Linux environment variable representing the location of the top level directory for the SRB source code. Optional.	/home/srb/SRB3_1
ORACLE_HOME	Linux environment variable representing the location of the main directory for the Oracle.	/ora01/app/oracle/product/9.2.0
ORACLE_SID	Linux environment variable representing the name give to the Oracle SID	mcatdb
http_proxy	Linux environment variable representing location you internet proxy server (if used)	http://cache.rl.ac.uk:8888/
SRB install directory	Final location of SRB software used in runtime.	/opt/srb
jdkhome	Input variable to SRB “configure script” Location of the top level directory for the Java 1.4 development kit	/opt/j2sdk1.4.1_02

The following table describes parameters relevant to the Oracle environment.

Parameter	Description	Example used	Your value
SID	Oracle Database System Identifier. Represents name given to instantiation of Oracle database.	mcatdb
Database name	A unique name to represent a data store (IP domain often appended to SID for uniqueness in a distributed environment)	mcatdb.esc.rl.ac.uk
SYSTEM password	Password for the Oracle RDBMS SYSTEM account. SYSTEM is the Oracle account analogous to UNIX root.	system_passwd
db_connect_string	TNS (Transparent Network Substrate) alias for the database. Used by Oracle for network communications	mcatdb.esc.rl.ac.uk
MCAT data tablespace name	Logical unit of the database where MCAT database tables are stored. Maps to one or more physical files	srbmcat
MCAT index tablespace name	Logical unit of the database where MCAT database indexes are stored. Maps to one or more physical files. Used to increase performance.	srbmcat_indx
MCAT Schema	The Oracle RDBMS user under which MCAT data is stored and accessed	MCAT
MCAT password	Password for the Oracle RDBMS MCAT schema	mcat_passwd

This final table describes parameters relevant to the SRB application environment.

Parameter	Description	Example used	Your value
SRB host	The IP name of the machine that will run the SRB server	srbhost.esc.rl.ac.uk
SRB Zone	The unique name given to identify a set of SRB servers connecting to a single MCAT.	srbzone
SRB Domain	The unique name given to identify a set of SRB users	srbdomain
SRB admin user	The SRB username used for application administration	srbadmin
SRB admin password	The SRB password for the SRB admin user	srbpasswd

2.2 RDBMS Software

In the current release of SRB, the following databases are supported:

· Oracle http://www.oracle.com/ip/deploy/database/oracle9i/

· IBM DB2 http://www-3.ibm.com/software/data/db2/

· Sybase http://www.sybase.com/products/databaseservers/ase

· Informix http://www-306.ibm.com/software/data/informix/

· PostgreSQL http://www.postgresql.org/

· mySQL http://www.mySql.com/

Note that only PostgreSQL and mySql are open source. All other RDBMS systems need to be licensed.

Install the RDBMS software prior to any further steps. You must be competent in using this software as failure to do so can result in both installation and operational problems. The subsequent sections describe database setup procedures in Oracle.

2.3 Create an empty database

How to create the empty database will depend on your RDBMS. If using Oracle, use the Database Configuration Assistant (dbca) is recommended. This should be run from the Linux oracle account. Be very careful to note the System Identifier (SID) and FULL database name you select during the creation of the database. The database name must be 8 characters or less for Oracle and may be appended with the IP domain name to ensure uniqueness in a distributed environment. The SID describes the instantiation of the Oracle database, whereas the database name is a unique name to describe the data store. Typical examples would be:

· Database Name mcatdb.esc.rl.ac.uk

· SID mcatdb

The fully qualified database is not strictly necessary i.e. you could use mcatdb instead of mcatdb.esc.rl.ac.uk for the Database Name. However using this will give you additional Oracle functionality should distributed RDBMS features ever be used. The General Purpose database template is sufficient if creating an Oracle database using dbca. You can then leave all the options at default values.

2.4 Create the MCAT tablespace in the empty database

Now you need to create an empty tablespace to hold the MCAT data. This should be run from the Linux oracle account in order to avoid any database datafile file protection problems.

Using the Linux oracle account, enter the following command

#echo $ORACLE_SID

Confirm this matches the SID for the database you have just created. Now connect to the database using Oracle SQL*Plus as SYSTEM and use the following syntax to create the data tablespace:

#sqlplus SYSTEM/system_passwd

sql> create tablespace srbmcat datafile

'/ora01/app/oracle/oradata/mcatdb/mactdb_srbmcat01.dbf'

size 198M autoextend on NEXT 10240K MAXSIZE UNLIMITED

extent management local online;

It is also recommended that a separate table space is created for indexes on a separate physical volume. Indexes are used to improve RDBMS data access performance.

sql> create tablespace srbmcat_indx datafile

'/ora02/app/oracle/oradata/mcatdb/mactdb_srbmcat_indx01.dbf'

size 198M autoextend on NEXT 10240K MAXSIZE UNLIMITED

extent management local online;

You can replace srbmcat and srbmcat_indx with other names if you prefer.

Line 2 should reflect the path and filename of the new datafile to be created on your system. The syntax used is applicable to Oracle8i and Oracle9i. You can also choose to locate the files to a convenient place on your system, however you should still ensure that data and index tablespaces span different physical volumes.

You can verify the commands were successful with the following SQL syntax:

sql> select tablespace_name from dba_tablespaces;

Then exit SQL*Plus:

sql> exit;

2.5 Create the SRB admin group

On a Linux system where you intend to run the MES, log on as root and create the SRB administration group as follows:

#groupadd srbag

You can change the name of this group as desired.

2.6 Create the SRB User account

This is the operating system account that will actually run the SRB software on you system.

On a Linux system where you intend to run the MES, log on as root and create the account under which the software will run. This can be achieved with following command:

#useradd -d /home/srb -m –g srbag srb

#passwd srb

You can change the name of this account as desired. For security reasons, this account should NOT be part of any dba groups.

You should also create a directory for the SRB software to be installed once you have built it. The default is /usr/local/srb. You should therefore create this directory as follows:

mkdir /usr/local/srb

chown srb.srbag /usr/local/srb

2.7 Setup Linux SRB User account to access the new database.

This step ensure the Linux MES account can successfully connect to the new Oracle database as the MCAT RDBMS account. This assumes the Oracle Optimal Flexible Architecture (OFA) directory structure is in use. The following Linux environment variables must be set in the profile of Linux MES user (.bash_profile in the home directory):

ORACLE_BASE=/ora01/app/oracle

export ORACLE_BASE

ORACLE_HOME=$ORACLE_BASE/product/9.2.0

export ORACLE_HOME

PATH=$PATH:$ORACLE_HOME/bin

ORA_NLS33=$ORACLE_HOME/ocommon/nls/admin/data

export ORA_NLS33

ORACLE_SID=<your SID e.g. mcatdb>

export ORACLE_SID

export http_proxy="http://cache.rl.ac.uk:8888"

LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$ORACLE_HOME/lib

export LD_LIBRARY_PATH

NLS_LANG="english_united kingdom.we8iso8859p1"

export NLS_LANG

Note ORACLE_SID should be changed to whatever your SID was set to when creating the database. http_proxy should only be set if you use a proxy server to connect to the internet. You should contact your network administrator if you are unsure of this.

You should log out and then back in again as srbusr to confirm the variables are picked up correctly.

Setting the above values should allow check that you can connect to the Oracle database as follows:

#sqlplus SYSTEM/system_passwd

#sqlplus SYSTEM/system_passwd@db_connect_string

db_connect_string is the TNS (Transparent Network Substrate) alias for the database. This is almost always the same as the fully qualified database name. The first command checks a local connection to the database and the second checks a network connection. If these generates any errors, please review the profile where you set the environment variables and the following files:

$ORACLE_HOME/network/admin/sqlnet.ora

$ORACLE_HOME/network/admin/tnsnames.ora

See Appendix A for example files.

2.8 Create the MES RDBMS account

You must now create the account (Schema) used by the MES:

Using the Linux srbusr account, log on to Oracle SQL*Plus as SYSTEM and execute the following commands:

#sqlplus SYSTEM/system_passwd

sql> create user MCAT identified by mcat_passwd

default tablespace srbmcat temporary tablespace temp;

sql> alter user MCAT quota unlimited on srbmcat;

sql> alter user MCAT quota unlimited on srbmcat_indx;

sql> grant connect to MCAT;

sql> exit;

You should replace mcat_passwd with a password relevant to your local security policy. However please note that use of special characters such as “@”, “$” etc in the password are likely to cause problems. You are therefore advised to use alphanumeric characters. The default tablespace should be the data tablespace created previously.

2.9 Obtain PGP encryption software or openSSL software

You will need this obtain software to decrypt the files from SDSC. More information can be found at:

http://web.mit.edu/network/pgp.html

You can use a PC version of this software and then copy the decrypted files over to the Linux system if you wish.

Alternatively OpenSSL version of the encrypted SRB tar file can be downloaded and be decrypted using the following openSSL command

# openssl enc –d –bf –cbc –in SRB3_0_1.tar.enc –out SRB3_0_1.tar

2.10 Obtain the SRB source code

SRB is supplied as source code, which you must build for your system. Download the software from

http://www.npaci.edu/dice/srb/tarfiles/main.html

Move the software to a location on the Linux system owned by the srbusr created above.

Note: Contact SDSC at srb@sdsc.edu for requesting a key to decrypt the software. This will be given to you verbally, so please leave a contact number!

At UK, SRB source code may be downloaded from http://www.grid-support.ac.uk/downloads/srb_downloads.htm and decryption key request needs to be sent to support@grid-support.ac.uk .

2.11 Decrypt and unpack the SRB Server software

Using the PGP software or OpenSSL software obtained in 2.9 , decrypt the file from SDSC into a location on the Linux system owned by the srbusr. Once this is done, unpack the software as follows:

#tar xvf SRB3_0_1.tar

This will create an SRB root directory in ./SRB3_0_1 with a structure as follows:

admin	java	proxy
bin	MCAT	readme.dir
COPYRIGHT	mk	src
CVS	NT	tape
data	obj	test
errMsg	preload	utilities

Important directories are listed in bold above. Refer to the readme.dir for any last minute changes

At this stage is it worth setting an environment variable for the location of the top level directory called SRB_ROOT. If you prefer to enter this variable interactively use:

#export SRB_ROOT=/home/srbusr/SRB3_1

Otherwise, edit the .bash_profile and enter the following after the Oracle definitions:

export SRB_ROOT=<srbuser’s home dir>/SRB3_1

SRB_ROOT will be used in the following notes.

2.12 Install the Java Development Kit version 1.4

You need to install the 1.4 version of the Java Development Kit. This can be downloaded from

http://java.sun.com/

Once this is downloaded, install the software as per the instructions supplied. Please note you should edit the scripts in /etc/profile.d on Linux to redefine the versions of Java in use.

3. Installation tasks

3.1 Configure the make file

This version uses the configure script to configure the build. Most of the configurable parameters for building the SRB server and client can be configured using the ./configure script. Run ./configure --help for more information.

All configurable parameters for building the SRB server and the client library, including those set by the configure script, are defined in the $SRB_ROOT/mk/mk.config.in file. (The configure script automatically generates a third file, $SRB_ROOT/mk/mk.config, using $SRB_ROOT/mk/mk.config.in as a template.).

Those parameters that cannot be modified via the configure script (because flags for those parameters have not yet been implemented) are set by directly editing the $SRB_ROOT/mk/mk.config file prior to running. /configure. Comments in the $SRB_ROOT/mk/mk.config file make it clear whether or not a particular parameter can be set through the configure script, and if so, how to do so. An example in HOST_BASED_AUTH, discussed later in this note.

NOTE: The configure script does a number of self tests before the configuration is carried out. One of the test it does is the compiler test which it assumes gcc as the default compiler.

To run ./configure, cd to the main $SRB_ROOT directory. The following syntax will run the ./configure with the appropriate settings for an Oracle build:

#cd $SRB_ROOT

#./configure --enable-oramcat --enable-oraver=920_32bit

--enable-oraconn=mcatdb.esc.rl.ac.uk --enable-oralobj --enable-javagui=yes

--enable-orahome=$ORACLE_HOME

--enable-jdkhome=/opt/j2sdk1.4.1_02

You must change the values above to match those on your system. Specifically change enable-oraconn and enable-jdkhome. enable-oraconn is the db_connect_string described in section 2.1 and is usually the fully qualified database name you used when creating your database. However you may omit esc.rl.ac.uk if the NAMES.DEFAULT_DOMAIN is set in your SQLNET.ORA file (see Section 6).

Note: Should you wish to create a new install directory for the code other than /usr/local/srb, please use the --enable-installdir flag in ./configure above.

3.2 Build the SRB software

To build the SRB software, cd to the $SRB_ROOT directory and type in

#cd $SRB_ROOT

#gmake clean

#gmake

This will build the software under the SRB root directory.

Note: The makefile contains various other options to make and clean all or a subset of the build.

gmake	build all.
gmake clean	clean all.
gmake srb	build only the SRB server and client.
gmake clean_srb	clean only the SRB server and client.
gmake util	build only the utilities (S commands). See README.utilities for more details.
gmake clean_util	clean only the utilities.
gmake browser	build only the java srbBrowser GUI. See README.srbBrowser for more details.
gmake clean_browser	clean only the java srbBrowser

3.3 Configure the SRB Server

With the software now built. You must setup the configuration files for your system. Use vi or your preferred editor to create each file and enter the text supplied matching that relevant to your system.

#cd $SRB_ROOT/data

#vi hostConfig

localhost srbhost srbhost.esc.rl.ac.uk

srbhost should reflect the name of the system you are installing on to (see 2.1).

#vi mcatHost

srbhost.esc.rl.ac.uk

ENCRYPT1

#vi MdasConfig

MDASDBTYPE oracle

MDASSCHEMENAME <name of the schema create above i.e. mcat.>

MDASDBNAME <name of the database created above i.e. mcatdb>

MDASINSERTSFILE <install directory>/data/mdas_inserts>

METADATA_FKREL_FILE metadata.fkrel

DB2INSTANCE <name of the database created above i.e. mcatdb>

DB2PASSWORD <mcat user database password i.e. mcat_passwd>

DB2USER <name of the schema create above i.e. mcat>

DB2LOGFILE <install directory>/data/logfile

DBHOME <$ORACLE_HOME i.e. /ora01/app/oracle/product/9.2.0>

You must change the values above to match your system settings. DBHOME is the location pointed to by the $ORACLE_HOME environment variable. Please consult section 2.1 if you are unsure of any values. Note the “.” character after the MDASSCHEMENAME. This must be included. You must populate parameters referring to DB2, even if this is nocatt in use.

If you wish to use host based authentication to restrict the hosts that can connect to the SRB Server, the hostAuthConfig file must be created. Firstly you must be enable this feature by setting the HOST_BASED_AUTH switch in $SRB_ROOT/mk/mk.config.in. This should be uncommented in the file. You must then rebuild the SRB software after this change (see section 3.2). Create the file as follows:

#vi hostAuthConfig

all 130.246.0.0 0.0.255.255

Note the all line represents the IP domain your system is in. You should change the values to match your network. Please contact your network administrator if you are unsure of any values.

These files have world read access by default. You may wish to consider changing the protection here to prevent passwords being compromised i.e.

#chmod 640 mcatHost

#chmod 640 MdasConfig

#chmod 640 hostAuthConfig

3.4 Populate the MCAT database with the SRB data model

This stage creates all the tables necessary to create the MCAT data model in your empty database. This is achieved by running SQL scripts against the MCAT database. In the Oracle install documented here, we use SQL*Plus to do this.

#cd $SRB_ROOT/MCAT/data

#sqlplus mcat/mcat_passwd@mcatdb @catalog.install.ora >& myinstall.results.ora

This runs SQL*Plus, taking the input commands from catalog.install.ora. After running the SQL*Plus script, please compare the results with the install.results.ora file in the $SRB_ROOT/MCAT/data directory as follows:

#cd $SRB_ROOT/MCAT/data

#diff myinstall.results.ora install.results.ora

This command should show only explainable changes such as version differences in Oracle and timestamps.

3.5 Verify results of populating MCAT database

You must then compare the output from a test script run against the MCAT database to expected results provided by SDSC as follows:

#cd $SRB_ROOT/MCAT

#gmake

#cd bin

#export PATH=$PATH:.

#../data/test.catalog >& ../data/mytest.results.ora

#cd ../data

#diff mytest.results.ora test.results.ora

Make sure the differences are explainable between the 2 results files. Error messages in the results file are normal parts of this test. In fact, the tests are designed to see that correct errors are returned when appropriate. So you can't just look through the results file for errors, but instead must compare it with the provided reference file. To convert error codes to descriptions, use Serror. For example, to explain error code -3219:

#../../utilities/bin/Serror -3219

DATA_SUBCOLLECTION_NOT_UNIQUE: DATA_SUBCOLLECTION_NOT_UNIQUE

So this means that, most likely, one is attempting to insert an item into the database that already exists.

3.6 Recovering from problems populating the MCAT database

If the first command in the previous section failed (test_srb_mdas_create_user), then there is probably a basic communication problem with the RDBMS. Recheck the above setup descriptions and README.databases in $SRB_ROOT/readme.dir.

Note that you cannot run test.catalog script twice and get correct results (unless all commands fail), as some items (such as users) are created and not deleted.

If there was a problem, use the catalog.cleanup.ora file, which provides the necessary SQL statements for dropping the MCAT tables as follows:

#cd $SRB_ROOT/MCAT/data

#sqlplus mcat/mcat_passwd@mcatdb @catalog.cleanup.ora >& myinstall.cleanup.ora

You should review myinstall.cleanup.ora for any major problems. Once this is complete, you are free to redo the steps staring from section 3.4.

3.7 Create a privileged SRB account using the pre-defined 'srb' application user:

This step creates an SRB administration user within the SRB application itself and also the SRB domain. Do not confuse this with the Linux username or database schema.

Choose a domain name for your SRB system (srbdomain below), an Admin user name for your domain (srbadmin below), and a password for the admin account (srbpasswd below).

Then set up environment variables as the srbusr exactly as follows:

#export srbUser=srb

#export srbAuth=CANDO

#export mdasDomainName=sdsc

Now create your domain:

#cd $SRB_ROOT/MCAT/bin

#./ingestToken Domain srbdomain home

Replace srbdomain with the desired name of your SRB domain. home is a pre-defined token that can be used as the parent to create your domain.

Now create the SRB administration user:

#./ingestUser srbadmin srbpasswd srbdomain sysadmin '' '' ''

Replace srbpasswd with the new password for this account. Note you may also change the name of the account by replacing srbadmin. Replace srbdomain with the domain name you entered above. Please consult section 2.1 if you are unsure of any values.

Now create Machine location entry for MCAT

# ./ingestLocation machineName machineIPaddr:NULL.NULL level4 srbadmin srbdomain

Replace machineName with a suitable string for easily identifying string (eg. srbhost.esc.rl.ac.uk) and machineIPaddr with the IP address of the machine.

Modify password for default user srb

# ./modifyUser changePassword srb sdsc newPassword

Finally, unset the environment variables:

#export srbUser=

#export srbAuth=

#export mdasDomainName=

It is also be possible to create this account with the Srb Admin Tool, but the above is easier, since you would then have to start the SRB server using the default privileged account (srb@sdsc), then stop and restart the SRB after creating and changing to the admin user.

3.8 Configuring the Linux user for SRB

The last part of the user admin procedure is to set up the SRB specific environment files for starting SRB. Please use the definitions defined in the previous step to replace srbdom and srbadmin. This is done as follows using the srbusr Linux user:

#mkdir ~/.srb

#cd ~/.srb

#vi .MdasEnv

mdasCollectionHome 'srbZone/home/srbAdmin.srbdomain'

mdasCollectionName 'srbZone/home/srbAdmin.srbdomain'

mdasDomainHome 'srbdomain'

mdasDomainName 'srbdomain'

srbUser 'srbadmin'

srbHost 'srbhost.esc.rl.ac.uk’

defaultResource 'srb-cclrc'

AUTH_SCHEME 'ENCRYPT1'

#vi .MdasAuth

srbpasswd

The srbHost is the IP name of the server that will run as the MES. Note that the value of defaultResource is not important at this time as no resources have been registered. It is possible to use GSI authentication here, in which case the files above would be different. However the approach taken in this note only considers ENCRYPT1 authentication. Consult the SRB documentation for further details.

Please consult section 2.1 for reference when creating the above files.

3.9 Install the SRB Software

All the SRB software is now built and configured. You now have to move it to a permanent location for operational usage. This is the SRB Install Directory and this step places it in either /usr/local/srb or the alternative directory specified by the —enable-installdir in $SRB_ROOT/configure

#cd $SRB_ROOT

#gmake install

The following files are placed under the SRB Install Directory:

bin/runsrb	The script that starts the SRB
bin/srbMaster2_0_0	The front end server.
bin/srbServer	The backend server (forked by the srbMaster1_0 for each client connection)
bin/libSrbClient.a	The client library
data/hostAuthConfig	The optional (needed only if HOST_BASED_AUTH in the mk.config file is set) host based authorization configuration file
data/mcatHost	This file identifies the host on which the MCAT enabled SRB server is running
data/hostConfig	This is the optional SRB host configuration file. It is only needed when you want to add aliases to your local hostname
data/hpssCosConfig	This is the optional HPSS Class of Services configuration file. It is only needed if HPSS in the mk.config file is set
data/hpssNodceAuth	The file contains authentication info for nondce
HPSS	It is only needed if the HPSS and NO_DCE flags in the mk.config file are set
data/MdasConfig	The MDAS configuration file
data/metadata.fkrel	This file defines the foreign key relationship between the MDAS catalog tables and is used internally by the SRB for query generation. This file should not be changed between releases
data/LobjConfig	The database configuration file for the DB Large Object driver. Basically, it contains the userID and password for accessing each database server

After completing this step, the SRB server code is now built and installed.

3.10 Configuring for Zones

For configuring the local SRB installation’s Zone name, set .MdasEnv variables as described in section 3.8, perform

make install for exec – section 3.10

The local SRB installation’s Zone name may now be configured. The preset zone name in the MCAT is ‘demozone’.

To change the preset zone name to your preferred zone, start SRB server process

#cd /usr/local/srb/bin

#./runsrb

(Note if you installed the software somewhere other that /usr/local/bin, please change the location. This command should result in the server stating successfully. A log file called srbLog, can be found in /usr/local/srb/data)

And execute the following command to change the zone name to the preferred zone name

# ./Szone –C demozone srbZone

(Substitute srbZone for the appropriate zone name for the MCAT Zone.)

Modify the Zone properties by executing the following command

# ./Szone –M srbZone srbhost.esc.rl.ac.uk 5544 srbAdmin@srbdomain ‘emailAddress’ ‘comments’

(Substitute port number with port number being used for SRB. Substitute srbhost.esc.rl.ac.uk with appropriate Location identifier string as specified while ingesting Location and substitute other blocked words also as accordingly.)

4. Post installation tasks

4.1 Starting the SRB System

You now are in a position to start the service. You MUST do this from the SRB Install Directort/bin directory. You should do this as follows:

#cd /usr/local/srb/bin

#./runsrb

Note if you installed the software somewhere other that /usr/local/bin, please change the location. This command should result in the server stating successfully. A log file called srbLog, can be found in /usr/local/srb/data

If you want to start the SRB Server using a different IP port for listening (default is 5544), you can change the value for srbPort in the runsrb file. Note you may have to uncomment that line if it is commented out. Also if you want the SRB system to use a set of ports for interacting with the users after establishing connection (by default the ports for the client-server interface are chosen by the OS) please use the following flags when running the configure script

--enable-commports (overrides default port range)

--enable-commstart=64000 (first port in range

--enable-commnum=1255 (number of ports open after the first port)

You will have to build the SRB Server software again after making these changes. Follows from Step 3.1 on.

Note you can test the connection using any of the SRB client tools .

4.2 Securing the SRB default account

Once the SRB server starts up, use the SRB Admin Tool (SAT) to change the password of the user 'srb' (the bootstrap admin user). To do, follow the steps below:

#export DISPLAY=< X server on you PC i.e. mypc.esc.rl.ac.uk:0.0>

#cd $SRB_ROOT/MCAT/java

#gmake run (or alternatively #java –jar mcatAdmin.jar)

Click on Users -> Modify User Info as in diagram.

In the modify user panel, select the sdsc domain and srb user as below:

Change the password as required and click Execute.

You can now use the SAT to create resources, add users and groups, etc. See $SRB_ROOT/readme.dir/README.MCAT.ADMIN. A basic description of usage is given in the next section.

5. Basic SRB administration and Usage

5.1 Create a new location

The step creates a new SRB location. Run the SRB Administration Tool as follows to create a new SRB Location:

#export DISPLAY=< X server on you PC i.e. mypc.esc.rl.ac.uk:0.0>

#cd $SRB_ROOT/MCAT/java

#gmake run

Select Add New Location

Now enter a name for the location (any you like), a parent location (choose home), domain (domain you created i.e. srbdomain ) and user (your SRB admin user i.e. srbadmin) as indicated below:

5.2 Create a new resource

In the step, you will make a directory on the SRB Linux server available for SRB use.

In SAT, select Create Physical Resource

Now fill in details for the Resource Name (any you like), Vault path (Linux directory), Location (from previous step i.e. NCS File System), Resource Type (Linux Unix File System) and Resource Class (chose permanent).

5.3 Create a new user

In this step we create a regular user for using SRB. In SAT select Add New Users

Now create a new user (any name you like ) for your domain (i.e. srbdomain)as below. You can give them a User Type. Chose the most appropriate definition.

You are now ready to use SRB as an end user.

5.4 InQ

InQ is the Microsoft Windows client for SRB. You can downloaded this from

http://www.npaci.edu/dice/srb/tarfiles/main.html

(Note: For SRB version 3.x series use InQ version 3.1)

This is a simple install whereby you extract the files from the zip archive into a relevant directory and click on the executable. Please read the short tutorial file enclosed with the distribution.

The InQ login screen looks as below: