If you need to update an existing CREAM CE installation:

* Update the RPMs via yum

* Follow what is reported below under “Cream CE configuration” and “Blparser configuration” sections

Please also refer to these gLite official guides:

• Generic Installation and Configuration Guide for gLite 3.1
• Use of JPackage for gLite 3.1 Release
• YAIM 4 guide for sysadmins

A standard SL4 distribution is supposed to be properly installed.

It is highly suggested not to use SLC4 because otherwise you will have problems with java and tomcat installation (this is because in SL4, jdk is in the sl-base repo and java-1.6.0-sun-compat in in the sl-errata repo, and this helps in avoiding conflicts during installation).

ATTENTION: If you plan to use LSF batch system you have to install it manually.
With YAIM you can automatically configure only torque batch system.

Set the repositories needed by cream CE installation:

• cream-CE:

wget http://grid-deployment.web.cern.ch/grid-deployment/glite/repos/3.1/glite-CREAM.repo -O /etc/yum.repos.d/glite-CREAM.repo

• LRMS specific repositories:

If your CE runs Torque:

wget http://grid-deployment.web.cern.ch/grid-deployment/glite/repos/3.1/glite-TORQUE_utils.repo -O /etc/yum.repos.d/glite-TORQUE_utils.repo

If your CE is also Torque master:

wget http://grid-deployment.web.cern.ch/grid-deployment/glite/repos/3.1/glite-TORQUE_server.repo -O /etc/yum.repos.d/glite-TORQUE_server.repo

If your CE runs LSF:

wget http://grid-deployment.web.cern.ch/grid-deployment/glite/repos/3.1/glite-LSF_utils.repo -O /etc/yum.repos.d/glite-TORQUE_utils.repo

• Jpackage

To avoid problems in java and tomcat installations, it is suggested to use the jPackage repo suggested by INFN-GRID:

wget http://grid-it.cnaf.infn.it/mrepo/repos/jpackage.repo -O /etc/yum.repos.d/jpackage.repo

instead of the one suggested in the official gLite installation:

wget http://grid-deployment.web.cern.ch/grid-deployment/glite/repos/3.1/jpackage.repo -O /etc/yum.repos.d/jpackage.repo

The difference is setting enabled = 0 in the non-free repo.

• CA certificates

wget http://grid-it.cnaf.infn.it/mrepo/repos/lcg-ca.repo -O /etc/yum.repos.d/lcg-ca.repo

Prepare the environment with:

yum clean all
yum update

Install java and tomcat before installing the metapackage. You can try the following:

yum install java-1.6.0-sun-compat tomcat5

Install tomcat5:

yum install tomcat5

Install CAs:

yum install lcg-CA

Copy to /etc/grid-security your host certificate and key

scp hostcert.pem root@<cream_CE>:/etc/grid-security/
scp hostkey.pem root@<cream_CE>:/etc/grid-security

On cream CE host set the right permissions

chmod 600 /etc/grid-security/hostcert.pem
chmod 400 /etc/grid-security/hostkey.pem

Remember to install all the needed VOMS server certificates of the VOs you want to support. They must be installed in /etc/grid-security/vomsdir.

Prepare your customized <site-info.def> (and save it in a secure location, <site-info.def_dir>) using the template provided by glite-yaim-core (/opt/glite/yaim/examples/siteinfo/site-info.def).
If you already have a <site-info.def> for your site installation, you may use vimdiff for a careful side-by-side comparison:

vimdiff /opt/glite/yaim/examples/siteinfo/site-info.def <site-info.def>

See this page to see which variables are relevant for the CREAM CE

Configure cream CE profile using YAIM. If ig-yaim is installed (or was installed), before proceeding with the configuration, do the following:

rm /opt/glite/yaim/functions/local/config_cream*
rm  /opt/glite/yaim/defaults/creamce.pre

To configure the CREAM CE do the following:

• For Torque (if the CREAM CE is Torque master):

/opt/glite/yaim/bin/yaim -c -s <site-info.def> -n creamCE -n TORQUE_server -n TORQUE_utils

• For Torque (if the CREAM CE is NOT Torque master):

/opt/glite/yaim/bin/yaim -c -s <site-info.def> -n creamCE -n TORQUE_utils

• For LSF :

/opt/glite/yaim/bin/yaim -c -s <site-info.def> -n creamCE -n LSF_utils

After having configured CREAM, it is necessary to also configure the BLAH Blparser.

The blparser must be installed on a machine where the batch system log files are available (let's call this host 'blparser host'). So the blparser host can be the batch system master or a different machine where the log files are available (e.g. they have been exported via NFS).

There are two possible layouts:

• the blparser host (BLPARSER_HOST) is the CREAM CE host (CE_HOST)

• the blparser host (BLPARSER_HOST) is different than the CREAM CE host

1) If your configuration satisfies the first layout, you need simply configure the blparser on your CREAM CE running:

/opt/glite/yaim/bin/yaim -r -s <site-info.def> -n creamCE -f config_cream_blparser

Then restart tomcat:

service tomcat5 restart

2) If instead your layout is the second one, you need to perform the instructions reported here on the blparser node (BLPARSER_HOST) and then restart tomcat on the creamce node

service tomcat5 restart

If the blparser has to serve multiple CREAM CEs, please follow the instructions reported here

CREAM supports two types of authorization (AuthZ) mechanisms: one AuthZ is VOMS based while the other AuthZ is specified by Grid User DNs (via the gridmapPDP). So if you want to also enable specific user DNs, list them in the /etc/grid-security/grid-mapfile, e.g.:

"/C=IT/O=INFN/OU=Personal Certificate/L=Padova/CN=X Y/Email=x.y@pd.infn.it" .egee
"/C=IT/O=INFN/OU=Personal Certificate/L=Padova/CN=W Z/Email=w.z@pd.infn.it" .egee

It is possible to choose a value to be published as GlueCeState instead of Production. This is managed by the yaim variable CREAM_CE_STATE. Its default (set in /opt/glite/yaim/defaults/glite-creamce.pre) is “Special”

See this page for some checks/tests that you can do on the new installed CREAM CE. In particular you can perform the automatic checks reported here to control some parts of the configuration