You are here: Home Stock Analysis Application Hydra multiple host installation
Personal tools
Document Actions

Hydra multiple host installation

by Ezio Corso last modified 2008-07-23 14:59

These instructions allow for a Hydra setup where different instances reside on different hosts. It is therefore more secure: no single host administrator has access to the complete encryption/decryption key.

 

To install only one instance of Hydra in a host, proceed as described in Hydra test set-up installation with the following difference:

Prior to launching the configuration of Hydra, make sure the file /opt/glite/etc/glite-data-hydra-service/config.properties contains only the following section, properly adjusted for your setup:

 

HYDRA_INSTANCES="1"

 

HYDRA_DBNAME_1=hydra_db_1

HYDRA_DBUSER_1=hydra1

HYDRA_DBPASSWORD_1=hydra1

HYDRA_CREATE_1=/euindia/Role=NULL/Capability=NULL

HYDRA_ADMIN_1=/euindia/Role=admin

 

WARNING! You may find after installation that you are unable to register a key:

Error during glite_eds_register: glite_eds_put_metadata_single error (createEntry): createEntry: client is not allowed to create a new entry in eds
Error during glite_eds_unregister: glite_eds_unregister_single error: removeEntry: The entry could not be found in the database.

Try changing the HYDRA_CREATE_1 value  to:

HYDRA_CREATE_1=/euindia
 

 

Servers know nothing of each other: it's the clients that know how and where the keys are splitted.

 

 

Remeber to install the Hydra clients as reported in Hydra test set-up installation: do so in the UI for the VO, but also in each CE or each WN! Otherwise jobs that land on WN won't be able to decrypt/encrypt files!

This approach depends on the System Administrator: one possibility is to install the Hydra clients as experiment software in each CE; remember publish a tag as well.  The tag is important since it will be needed by those launching jobs in order to land on CEs that can encrypt/decrypt data files.

In any case, remember that there must be the file: /opt/glite/etc/services.xml with the knowledge of all Hydra instances involved in thesplit key, as for example in the following fragment:

     <service name="hydra-1">
         <parameters>
             <endpoint>https://hydra.ictp.it:9443/1/glite-data-hydra-service/services/Hydra</endpoint>
             <type>org.glite.Metadata</type>
             <version>1.3.1</version>
             <volist><vo>euindia</vo></volist>
         </parameters>
         <associatedservices>
             <name>hydra-2</name>
             <name>hydra-3</name>
         </associatedservices>
     </service>

     <service name="hydra-2">
         <parameters>
             <endpoint>https://hydra.sissa.it:9443/1/glite-data-hydra-service/services/Hydra</endpoint>
             <type>org.glite.Metadata</type>
             <version>1.3.1</version>
             <volist><vo>euindia</vo></volist>
         </parameters>
         <associatedservices>
             <name>hydra-1</name>
             <name>hydra-3</name>
         </associatedservices>
     </service>

     <service name="hydra-3">
         <parameters>
             <endpoint>https://hydra.vecc.cdac.in:9443/1/glite-data-hydra-service/services/Hydra</endpoint>
             <type>org.glite.Metadata</type>
             <version>1.3.1</version>
             <volist><vo>euindia</vo></volist>
         </parameters>
         <associatedservices>
             <name>hydra-1</name>
             <name>hydra-2</name>
         </associatedservices>
     </service>

 

« August 2017 »
Su Mo Tu We Th Fr Sa
12345
6789101112
13141516171819
20212223242526
2728293031
 

Powered by Plone This site conforms to the following standards: