fix: docs fixes for server installation

fstagni · fstagni · commit 0113712c2b74 · 2026-02-19T15:56:31.000+01:00
diff --git a/docs/source/AdministratorGuide/ServerInstallations/InstallingDiracServer.rst b/docs/source/AdministratorGuide/ServerInstallations/InstallingDiracServer.rst
@@ -195,6 +195,12 @@ Couple notes:
 * SAN in your certificates: if you are contacting a machine using its aliases, make sure that all the aliases are in the SubjectAlternativeName (SAN) field of the certificates
 * FQDN in the configuration: SAN normally contains only FQDN, so make sure you use the FQDN in the CS as well (e.g. ``mymachine.cern.ch`` and not ``mymachine``)
 
+
+User (admin) certificate
+------------------------
+
+The user installing the server should have their own certificate: it will be used for administration.
+
 .. _using_own_CA:
 
 -----------------
@@ -266,41 +272,31 @@ be taken based on the Python version you wish to install.
         #  it can be used to cover more than one VO in the grid sense.
         #  If you are going to setup DIRAC as a multi-VO instance, remove the VirtualOrganization parameter.
         VirtualOrganization = Name of your VO
-        #  Site name
+        #  Server name
         SiteName = DIRAC.HostName.ch
 
         #  Flag to skip download of CAs, on the first Server of your installation you need to get CAs
-        #  installed by some external means
+        #  installed by some external means, so do not change this flag.
         SkipCADownload = yes
-        #  Flag to use the server certificates
+        #  Flag to use the server certificates. Do not change this flag.
         UseServerCertificate = yes
-        #  Configuration Server URL (This should point to the URL of at least one valid Configuration
-        #  Service in your installation, for the primary server it should not used )
-        #  ConfigurationServer = dips://myprimaryserver.name:9135/Configuration/Server
-        #  Configuration Name
-        ConfigurationName = MyConfiguration
-        #
-        #   These options define the DIRAC components to be installed on "this" DIRAC server.
-        #
-        #
-        #  The next options should only be set for the primary server,
-        #  they properly initialize the configuration data
-        #
-        #  Name of the Admin user (default: None )
-        AdminUserName = adminusername
-        #  DN of the Admin user certificate (default: None )
+        #  Name of the Admin user (default: None)
+        #  This should be the nickname as appears in your identity provider (normally: first letter of your name followed by surname)
+        AdminUserName =
+        #  DN of the Admin user certificate (default: None)
         #  In order the find out the DN that needs to be included in the Configuration for a given
         #  host or user certificate the following command can be used::
         #
         #          openssl x509 -noout -subject -enddate -in <certfile.pem>
         #
-        AdminUserDN = /DC=ch/aminDN
-        #  Email of the Admin user (default: None )
-        AdminUserEmail = adminmail@provider
-        #  Name of the Admin group (default: dirac_admin )
-        AdminGroupName = dirac_admin
-        #  DN of the host certificate (*) (default: None )
-        HostDN = /DC=ch/DC=country/OU=computers/CN=computer.dn
+        AdminUserDN =
+        #  Email of the Admin user (default: None)
+        AdminUserEmail =
+        #  DN of the host certificate (*) (default: None)
+        HostDN =
+        #
+        #   These options define the DIRAC components to be installed on "this" DIRAC server (do not change).
+        #
         # Define the Configuration Server as Master for your installations
         ConfigurationMaster = yes
         # List of Systems to be installed - by default all services are added
@@ -351,14 +347,13 @@ be taken based on the Python version you wish to install.
         }
       }
 
-  or You can download the full server installation from::
+  or you can download the full server installation from::
 
     $ curl -L https://github.com/DIRACGrid/DIRAC/raw/integration/src/DIRAC/Core/scripts/install_full.cfg -o install.cfg
 
 - Run ``install_site.sh`` giving the edited configuration file as the argument. The configuration file must have
-  .cfg extension (CFG file). While not strictly necessary, it's advised that a version is added with the '-v' switch
-  (pick the most recent one, see `here<https://pypi.org/project/DIRAC/#history>`).
-  In the same way, extensions have to be added with the '-e' switch (the name of the extension should be complete). Finally,
+  .cfg extension (CFG file).
+  Extensions can be added with the '-e' switch (the name of the extension should be complete). Finally,
   further pip packages (e.g. WebAppDIRAC) can follow with the '-p' switch, which can be repeated multiple times::
 
     $ ./install_site.sh -i /opt/dirac [-v <x.y.z>] [-e <extension>] [-p <extra-pip-install>] /home/dirac/DIRAC/install.cfg
@@ -376,11 +371,13 @@ of the status of running DIRAC services, e.g.::
                                 Name : Runit    Uptime    PID
                 Configuration_Server : Run          41    30268
        Framework_SystemAdministrator : Run          21    30339
+       Framework_ComponentMonitoring : Run          21    30341
+       ResourceStatus_ResourceStatus : Run          21    30349
                      Tornado_Tornado : Run          11    30340
 
 
-Now the basic services - Configuration, SystemAdministrator, TornadoComponentMonitoring and TornadoResourceStatus - are installed,
-or at least their DBs should be installed, and their services up and running.
+Now the basic services - Configuration, SystemAdministrator, ComponentMonitoring and ResourceStatus - are installed,
+or at least their DBs should be installed, and the services connecting to them up and running.
 
 There are anyway a couple more steps that should be done to fully activate the ComponentMonitoring and the ResourceStatus.
 These steps can be found in the respective administration sessions of this documentation:
@@ -390,8 +387,7 @@ These steps can be found in the respective administration sessions of this docum
 
 but, no hurry: you can do it later.
 
-The rest of the installation can proceed using the DIRAC Administrator interface,
-either command line (System Administrator Console) or using Web Portal (eventually, not available yet).
+The rest of the installation can proceed using the DIRAC Administrator interface CLI.
 
 It is also possible to include any number of additional systems, services, agents and databases to be installed by ``install_site.sh``.
 
@@ -407,11 +403,22 @@ It is also possible to include any number of additional systems, services, agent
       killall runsv svlogd
       killall runsvdir
 
+
+Now it is time to add the necessary services for a minimal installation. In order to do so:
+
+- install a client as described in the users' guide. Remember to use the same user certificate that you defined as "AdminUser".
+- get a proxy using `dirac-proxy-init -g dirac_admin --no-upload`
+- start the `dirac-admin-sysadmin-cli --host=$your_server_host` and inside install the services "Framework/BundleDelivery", "Framework/ProxyManager" (see instructions on the use of this CLI below)
+- exit the CLI, and simply run `dirac-proxy-init`
+
+
 .. _install_additional_server:
 
 Additional server installation
 ------------------------------
 
+Additional servers can be installed for redundacy purposes. This operation can always be done later, so for now the suggestion is to skip to the next session.
+
 To add a new server to an already existing DIRAC Installation the procedure is similar to the one above.
 You should perform all the preliminary steps to prepare the host for the installation. One additional
 operation is the registration of the new host in the already functional Configuration Service.
@@ -444,8 +451,6 @@ operation is the registration of the new host in the already functional Configur
         #  Service in your installation, for the primary server it should not used)
         ConfigurationServer = https://myprimaryserver.name:9135/Configuration/Server
         ConfigurationServer += https://localhost:8443/Tornado/Tornado
-        #  Configuration Name
-        ConfigurationName = MyConfiguration
 
         #
         #   These options define the DIRAC components being installed on "this" DIRAC server.
diff --git a/docs/source/UserGuide/GettingStarted/InstallingClient/index.rst b/docs/source/UserGuide/GettingStarted/InstallingClient/index.rst
@@ -55,7 +55,7 @@ At this point you need a proxy, so you should issue the command::
    $ dirac-proxy-init
 
 This command will also embed a token in the proxy, in order to talk to DiracX.
-You can see which file is your proxy certificate using the `dirac-proxy-info` command. 
+You can see which file is your proxy certificate using the `dirac-proxy-info` command.
 
 Updating client
 ===============
diff --git a/src/DIRAC/Core/scripts/install_full.cfg b/src/DIRAC/Core/scripts/install_full.cfg
@@ -29,7 +29,7 @@ LocalInstallation
   #  Service in your installation, for the primary server it should not used )
   #  ConfigurationServer = dips://myprimaryserver.name:9135/Configuration/Server
   #  Configuration Name
-  ConfigurationName = Dirac-Production
+  ConfigurationName = central_config
   #
   #   These options define the DIRAC components to be installed on "this" DIRAC server.
   #
@@ -48,8 +48,6 @@ LocalInstallation
   AdminUserDN = /DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=jdoe/CN=123467/CN=John Doe
   #  Email of the Admin user (default: None )
   AdminUserEmail = john.doe@example.invalid
-  #  Name of the Admin group (default: dirac_admin )
-  AdminGroupName = dirac_admin
   #  DN of the host certificate (*) (default: None )
   HostDN = /DC=ch/DC=cern/OU=computers/CN=lbcertifdirac7.cern.ch
   # Define the Configuration Server as Master for your installations
diff --git a/src/DIRAC/FrameworkSystem/Client/ComponentInstaller.py b/src/DIRAC/FrameworkSystem/Client/ComponentInstaller.py
@@ -36,7 +36,7 @@
 
 If a Controller Configuration Server is being installed the following Options can be used::
 
-  /LocalInstallation/ConfigurationName: Name of the Configuration (default: Setup )
+  /LocalInstallation/ConfigurationName: Name of the Configuration (default: central_config )
   /LocalInstallation/AdminUserName:  Name of the Admin user (default: None )
   /LocalInstallation/AdminUserDN:    DN of the Admin user certificate (default: None )
   /LocalInstallation/AdminUserEmail: Email of the Admin user (default: None )
@@ -45,6 +45,7 @@
   /LocalInstallation/VirtualOrganization: Name of the main Virtual Organization (default: None)
 
 """
+
 import glob
 import importlib
 import importlib.util
@@ -1302,7 +1303,7 @@ def setupSite(self, scriptCfg, cfg=None):
         setupWeb = self.localCfg.getOption(cfgInstallPath("WebPortal"), False)
         setupConfigurationController = self.localCfg.getOption(cfgInstallPath("ConfigurationMaster"), False)
         setupPrivateConfiguration = self.localCfg.getOption(cfgInstallPath("PrivateConfiguration"), False)
-        setupConfigurationName = self.localCfg.getOption(cfgInstallPath("ConfigurationName"), "DIRAC-Prod")
+        setupConfigurationName = self.localCfg.getOption(cfgInstallPath("ConfigurationName"), "central_config")
         setupAddConfiguration = self.localCfg.getOption(cfgInstallPath("AddConfiguration"), True)
 
         for serviceTuple in setupServices:
@@ -1673,7 +1674,7 @@ def installComponent(self, componentType, system, component, extensions, compone
                         textwrap.dedent(
                             f"""#!/bin/bash
 
-                            rcfile={os.path.join(self.instancePath, 'bashrc')}
+                            rcfile={os.path.join(self.instancePath, "bashrc")}
                             [[ -e ${{rcfile}} ]] && source ${{rcfile}}
                             #
                             export DIRAC_USE_TORNADO_IOLOOP=Yes
@@ -1883,7 +1884,7 @@ def installPortal(self):
                         textwrap.dedent(
                             f"""#!/bin/bash
 
-                            rcfile={os.path.join(self.instancePath, 'bashrc')}
+                            rcfile={os.path.join(self.instancePath, "bashrc")}
                             [[ -e $rcfile ]] && source $rcfile
                             #
                             exec 2>&1
@@ -2299,7 +2300,7 @@ def installTornado(self):
                     textwrap.dedent(
                         f"""#!/bin/bash
 
-                        rcfile={os.path.join(self.instancePath, 'bashrc')}
+                        rcfile={os.path.join(self.instancePath, "bashrc")}
                         [ -e $rcfile ] && source $rcfile
                         #
                         export DIRAC_USE_TORNADO_IOLOOP=Yes
diff --git a/tests/Jenkins/dirac_ci.sh b/tests/Jenkins/dirac_ci.sh
@@ -66,8 +66,6 @@ INSTALL_CFG_FILE="${TESTCODE}/DIRAC/tests/Jenkins/install.cfg"
 # shellcheck source=tests/Jenkins/utilities.sh
 source "${TESTCODE}/DIRAC/tests/Jenkins/utilities.sh"
 
-
-
 #...............................................................................
 #
 # installSite:
@@ -107,11 +105,11 @@ installSite() {
     else
       DIRACOS2_URL="https://github.com/DIRACGrid/DIRACOS2/releases/latest/download/DIRACOS-Linux-x86_64.sh"
     fi
-    curl -L "${DIRACOS2_URL}" > "installer.sh"
+    curl -L "${DIRACOS2_URL}" >"installer.sh"
   fi
   bash "installer.sh"
   rm "installer.sh"
-  echo "source \"$PWD/diracos/diracosrc\"" > "$PWD/bashrc"
+  echo "source \"$PWD/diracos/diracosrc\"" >"$PWD/bashrc"
 
   mkdir -p "${SERVERINSTALLDIR}/diracos/etc/grid-security/certificates/"
 
@@ -176,7 +174,7 @@ installSite() {
     # "Missing mandatory /DiracX/URL configuration"
     # Call findFutureServices and read services into an array
     findFutureServices 'exclude' $DIRACX_DISABLED_SERVICES
-    mapfile -t futureServices < futureServices
+    mapfile -t futureServices <futureServices
 
     # If there are any remaining services, add them to args
     if [[ ${#futureServices[@]} -gt 0 ]]; then
@@ -196,7 +194,6 @@ installSite() {
 
 }
 
-
 #...............................................................................
 #
 # fullInstall:
@@ -226,12 +223,12 @@ fullInstallDIRAC() {
     cat "${SERVERINSTALLDIR}/diracos/etc/dirac.cfg"
   fi
 
-  echo 'Content of etc/Production.cfg (just after installSite):'
-  if [[ -e "${SERVERINSTALLDIR}/etc/Production.cfg" ]]; then
-    cat "${SERVERINSTALLDIR}/etc/Production.cfg"
+  echo 'Content of etc/central_config.cfg (just after installSite):'
+  if [[ -e "${SERVERINSTALLDIR}/etc/central_config.cfg" ]]; then
+    cat "${SERVERINSTALLDIR}/etc/central_config.cfg"
   fi
-  if [[ -e "${SERVERINSTALLDIR}/diracos/etc/Production.cfg" ]]; then
-    cat "${SERVERINSTALLDIR}/diracos/etc/Production.cfg"
+  if [[ -e "${SERVERINSTALLDIR}/diracos/etc/central_config.cfg" ]]; then
+    cat "${SERVERINSTALLDIR}/diracos/etc/central_config.cfg"
   fi
 
   #just add a site
@@ -251,16 +248,15 @@ fullInstallDIRAC() {
     exit 1
   fi
 
-
   findServices 'FrameworkSystem'
-  grep -v 'Tornado' services > disetServices
+  grep -v 'Tornado' services >disetServices
   if [[ "${TEST_HTTPS:-Yes}" = "No" ]]; then
     mv disetServices services
   else
     # construct the list with a mix of Tornado and DISET services
-    grep 'Tornado' services > tornadoServices
-    more tornadoServices | sed s/Tornado//g > tornadoServicesWithoutTornado
-    comm -1 -3 <(sort tornadoServicesWithoutTornado) <(sort disetServices) >> tornadoServices
+    grep 'Tornado' services >tornadoServices
+    more tornadoServices | sed s/Tornado//g >tornadoServicesWithoutTornado
+    comm -1 -3 <(sort tornadoServicesWithoutTornado) <(sort disetServices) >>tornadoServices
     mv tornadoServices services
   fi
   #
@@ -281,8 +277,8 @@ fullInstallDIRAC() {
     exit 1
   fi
 
-  echo 'Content of etc/Production.cfg:'
-  cat "${SERVERINSTALLDIR}/etc/Production.cfg"
+  echo 'Content of etc/central_config.cfg:'
+  cat "${SERVERINSTALLDIR}/etc/central_config.cfg"
 
   echo "==> Restarting Framework services"
   dirac-restart-component Framework '*' -o /DIRAC/Security/UseServerCertificate=True ${DEBUG}
@@ -313,14 +309,14 @@ fullInstallDIRAC() {
   # services (not looking for FrameworkSystem already installed)
   findServices 'exclude' 'FrameworkSystem'
 
-  grep -v 'Tornado' services > disetServices
+  grep -v 'Tornado' services >disetServices
   if [[ "${TEST_HTTPS:-Yes}" = "No" ]]; then
     mv disetServices services
   else
     # construct the list with a mix of Tornado and DISET services
-    grep 'Tornado' services > tornadoServices
-    more tornadoServices | sed s/Tornado//g > tornadoServicesWithoutTornado
-    comm -1 -3 <(sort tornadoServicesWithoutTornado) <(sort disetServices) >> tornadoServices
+    grep 'Tornado' services >tornadoServices
+    more tornadoServices | sed s/Tornado//g >tornadoServicesWithoutTornado
+    comm -1 -3 <(sort tornadoServicesWithoutTornado) <(sort disetServices) >>tornadoServices
     mv tornadoServices services
   fi
 
@@ -333,14 +329,14 @@ fullInstallDIRAC() {
   if [[ "${TEST_HTTPS:-Yes}" = "No" ]]; then
     echo "==> calling dirac-install-component DataManagement MultiVOFileCatalog -m FileCatalog -p Port=9198 -p Database=MultiVOFileCatalogDB -o /DIRAC/Security/UseServerCertificate=True ${DEBUG}"
     if ! dirac-install-component DataManagement MultiVOFileCatalog -m FileCatalog -p Port=9198 -p Database=MultiVOFileCatalogDB -o /DIRAC/Security/UseServerCertificate=True "${DEBUG}"; then
-        echo 'ERROR: dirac-install-component failed' >&2
-        exit 1
+      echo 'ERROR: dirac-install-component failed' >&2
+      exit 1
     fi
   else
     echo "==> calling dirac-install-component DataManagement TornadoMultiVOFileCatalog -m TornadoFileCatalog -p Port=9198 -p Protocol=https -p Database=MultiVOFileCatalogDB -o /DIRAC/Security/UseServerCertificate=True ${DEBUG}"
     if ! dirac-install-component DataManagement TornadoMultiVOFileCatalog -m TornadoFileCatalog -p Port=9198 -p Protocol=https -p Database=MultiVOFileCatalogDB -o /DIRAC/Security/UseServerCertificate=True "${DEBUG}"; then
-        echo 'ERROR: dirac-install-component failed' >&2
-        exit 1
+      echo 'ERROR: dirac-install-component failed' >&2
+      exit 1
     fi
     echo "==> Restarting Tornado Tornado"
     dirac-restart-component Tornado Tornado ${DEBUG}
@@ -409,17 +405,16 @@ fullInstallDIRAC() {
   else
     echo "==> Restarting Tornado Tornado"
     dirac-restart-component Tornado Tornado -o /DIRAC/Security/UseServerCertificate=True ${DEBUG}
-    fi
+  fi
 
-  echo 'Content of etc/Production.cfg:'
-  cat "${SERVERINSTALLDIR}/etc/Production.cfg"
+  echo 'Content of etc/central_config.cfg:'
+  cat "${SERVERINSTALLDIR}/etc/central_config.cfg"
 
   echo "==> Restarting Configuration Server"
   dirac-restart-component Configuration Server -o /DIRAC/Security/UseServerCertificate=True ${DEBUG}
 }
 
-
-clean(){
+clean() {
 
   echo "==> [clean]"
 
diff --git a/tests/Jenkins/install.cfg b/tests/Jenkins/install.cfg
@@ -7,8 +7,6 @@ LocalInstallation
   VirtualOrganization = vo
   SkipCADownload = yes
   UseServerCertificate = yes
-  #  ConfigurationServer = https://myprimaryserver.name:8443/Configuration/Server
-  ConfigurationName = Production
   #LogLevel of the installed components
   LogLevel = DEBUG
 
@@ -21,7 +19,6 @@ LocalInstallation
   #
   AdminUserDN = /C=ch/O=DIRAC/OU=DIRAC CI/CN=ciuser
   AdminUserEmail = lhcb-dirac-ci@cern.ch
-  AdminGroupName = dirac_admin
   #  DN of the host certificate (*) (default: None )
   HostDN = /C=ch/O=DIRAC/OU=DIRAC CI/CN=VAR_HostDN
   ConfigurationMaster = yes
