MyProxy Changeover

Description

Move and upgrade MyProxy service (from v3.6 to v4.2) onto a new machine, change to ARCS domain/host name.

NOTE: Backwards Compatible

Estimated Duration

4 days (over a weekend) - no actual downtime expected.

DNS TTL 30min

Systems/Services Affected

Grid submission hosts and tools (Grisu/Grix) run by end users.

User might upload a proxy to old server, DNS records then change and when they go to download the proxy it's not there (as on the old box).

Staff Responsible

SamMorrison, ANU (Jonathan)

Detailed Instructions

Stage 1

• Set up myproxy2.arcs.org.au
• Test
• Set up a cron job to copy all proxies from the old machine onto the new machine
• Change APAC DNS records shown below
• Change ARCS DNS records to point myproxy.arcs.org.au, myproxy1.arcs.org.au to -> myproxy2.arcs.org.au
• Test

Stage 2 - To happen at a later date

• set up myproxy1.arcs.org.au at Queensland ?
• Test
• Set up unison to sync the data dirs
• Test
• Change ARCS DNS records as shown below

DNS Changes

INITIAL ARCS RECORDS (Stage 1)

myproxy         A          202.158.218.233
myproxy1       A          202.158.218.233
myproxy2       A          202.158.218.233

Final ARCS DNS RECORDS (stage 2)

myproxy         A          IP ADDRESS 1
                     A          202.158.218.233
myproxy1       A          IP ADDRESS 1
myproxy2       A          202.158.218.233

APAC DNS RECORDS

myproxy       CNAME    myproxy.arcs.org.au
myproxy1     CNAME    myproxy1.arcs.org.au
myproxy2     CNAME    myproxy2.arcs.org.au

Things that Grid Admins need to do

Can be changed any time and are not absolutely necessary yet. A separate Change Note will be created before the old addresses are eventually removed.

Command line clients

Command line client - myproxy-logon etc. uses an environment variable to determine the server to speak to. You can check this by doing:

env | grep MYPROXY

This needs to be myproxy.arcs.org.au and is normally set by scripts in /opt/vdt/post-setup loaded by /etc/profile.d/vdt_setup.{sh,csh}.

Other tools that use MyProxy

Need to change the host in their code. Already done for Grisu, but not Grix (30/6/08).

Testing Procedures

Try and create/get a myproxy proxy using command line tools.

Run the following on command line :-

• make sure myproxy env is set as stated above

myproxy-init
myproxy-logon
myproxy-info

Back-out Procedures

• Leave the old myproxy machines running after the change
• Change the DNS records back

Review

30/06/08 Daniel - minor changes to explanation, would be nice to have actual IP addresses listed above and details of upgrade versions inc host ...

15/07/08 Joel - Tested with new myproxy server (myproxy2.arcs.org.au), everything works fine

17/07/08 Daniel - confirm possible problems with DNS changing on a user once created a proxy

Schedule/Notification

30/06/08 Announcement to techstaff@ and developers@ by Sam

Tracking completion

10/06/08 Successfully tested creating a proxy on old myproxy, copying it to new one and downloading

17/07/08 Ticket 1585 - problems with CSIRO firewall and new address!

State of Play

myproxy2.arcs.org.au given the old myproxy servers IP address to address firewall issues. New server running fine, need to start thinking about stage 2 and building another myproxy server.

Change Control

This document used for ARCS ChangeControl Policy. The contents of this section comes from ChangeNoteInclude.

This topic is under document control. Last APPROVED on 17 Jul 2008 - 14:37: revision 12

You are permitted to change the status of this document:

State: APPROVED - This change has been approved.

History:

WAITING	SamMorrison	30 Jun 2008 - 15:17
PLANNING	DanielCox	30 Jun 2008 - 15:28
WAITING	SamMorrison	30 Jun 2008 - 15:31
PLANNING	DanielCox	30 Jun 2008 - 15:37
WAITING	SamMorrison	30 Jun 2008 - 16:17
APPROVED	DanielCox	17 Jul 2008 - 14:11
PLANNING	DanielCox	17 Jul 2008 - 14:37
WAITING	DanielCox	17 Jul 2008 - 14:37
APPROVED	DanielCox	17 Jul 2008 - 14:37