Difference: ARGUSandGLEXECInstallations (1 vs. 5)

Revision 52014-02-13 - AlessandroPaolini

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
Line: 119 to 119
  Briefly the steps are the following:
Changed:
<
<
  • Installation: yum install glexec-wn
>
>
  • Installation: yum install glexec-wn yaim-glexec-wn
 
  • Configuration: set at least the mandatory variables (and in case some of the default ones if you need a different value for them)
tipically set the following in services/glite-glexec_wn:

Revision 42013-10-25 - AlessandroPaolini

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
Line: 51 to 51
 

1 - Install an ARGUS server

Changed:
<
<
We recommend to install the EMI Argus.
>
>
We recommend to install the EMI-3 Argus.
 
Changed:
<
<

EMI Case

>
>
Use the following repository settings, from the EMI-3 generic installation and configuration guide; there is also an Argus specific installation guide that you may follow to install and configure this service
 
Changed:
<
<
Use the following repository settings, instead in the EMI-1 generic installation and configuration guide you can find an Argus specific installation guide that you may follow to install and configure this service

The Mandatory genral variables are the following

>
>
The Mandatory general variables are the following
 
  • USERS_CONF
  • GROUPS_CONF
Line: 80 to 78
 
  • Yaim: /opt/glite/yaim/bin/yaim -c -s site-info.def -n ARGUS_server
Changed:
<
<
  • At this point, the Argus services (PAP, PDP and PEP Server) must be configured, up and running
>
>
# pap-admin lp
 
Changed:
<
<

gLite Case

>
>
default (local):
 
Changed:
<
<
In case you want to install the ARGUS server on gLite, follow this guide plus the specific guide: the yaim variables are the same
>
>
resource "http://cnaf.infn.it/igi-bologna" { obligation "http://glite.org/xacml/obligation/local-environment-map" { }

action ".*" { rule permit { vo="ops" } rule permit { vo="dteam" } rule permit { vo="infngrid" } rule permit { vo="comput-er.it" } rule permit { vo="gridit" } rule permit { vo="igi.italiangrid.it" } rule permit { vo="drihm.eu" } rule deny { vo="enmr.eu" } } }

resource "http://authz-interop.org/xacml/resource/resource-type/wn" { obligation "http://glite.org/xacml/obligation/local-environment-map" { }

action "http://glite.org/xacml/action/execute" { rule permit { fqan="/ops/Role=pilot" } } }

 

2 - Install and configure gLexec on your WNs

Changed:
<
<
We recommend to install the EMI version of gLexec (and obviously EMI WN!). So that plan the migration to EMI of your farm
>
>
We suggest you upgrade the WNs to EMI-3 so you install the latest gLExec version.

Briefly the steps are the following:

  • Installation: yum install glexec-wn

  • Configuration: set at least the mandatory variables (and in case some of the default ones if you need a different value for them)
tipically set the following in services/glite-glexec_wn: GLEXEC_WN_SCAS_ENABLED="no"

GLEXEC_WN_ARGUS_ENABLED="yes"

GLEXEC_WN_OPMODE="setuid"

 
Changed:
<
<

EMI Case

You may have a look at the following notes to see how to install gLexec on your WNs. If you have lsf as batch system or the WNs already installed, please focus your attention on the gLexec part of those notes
>
>
  • Yaim: (example of WN with torque and MPI) /opt/glite/yaim/bin/yaim -c -s site-info.def -n MPI_WN -n WN -n TORQUE_client -n GLEXEC_wn
 
Deleted:
<
<

gLite Case

follow this guide in order to install the ig_GLEXEC_wn metapackage: the configuration files and the yaim variables to set are the same
 

3 - properly configure your CREAM

Line: 117 to 153
 # In case ARGUS is to be used the following should be set # The ARGUS service PEPD endpoints as a space separated list: #ARGUS_PEPD_ENDPOINTS="http://pepd.example.org:8154/authz"
Changed:
<
<
ARGUS_PEPD_ENDPOINTS="https://vgrid06.cnaf.infn.it:8154/authz"
>
>
ARGUS_PEPD_ENDPOINTS="https://arguto.cnaf.infn.it:8154/authz"
  # ARGUS resource identities: The resource ID can be set # for the cream CE, WMS and other nodes respectively.
Line: 126 to 162
 # CREAM_PEPC_RESOURCEID=urn:mysitename.org:resource:ce # WMS_PEPC_RESOURCEID=urn:mysitename.org:resource:wms # GENERAL_PEPC_RESOURCEID=urn:mysitename.org:resource:other
Changed:
<
<
CREAM_PEPC_RESOURCEID="http://cnaf.infn.it/cremino"
>
>
CREAM_PEPC_RESOURCEID="http://cnaf.infn.it/igi-bologna"
 

Don't forget to set in CE_CAPABILITY the glexec parameter, for example:

Line: 137 to 173
  Then reconfigure with yaim your CREAM as usual
Changed:
<
<

*4 - enable gLexec monitoring

>
>

4 - enable gLexec monitoring

 
Changed:
<
<
go on https://gocdb4.esc.rl.ac.uk/portal/ and add the service endpoint "gLExec" to your CREAM
>
>
go on https://goc.egi.eu/portal/index.php and add the service endpoint "gLExec" to your CREAM
 
Deleted:
<
<
-- AlessandroPaolini - 2012-02-24
 \ No newline at end of file
Added:
>
>
-- AlessandroPaolini - 2013-10-25

Revision 32012-03-08 - AlessandroPaolini

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
Line: 84 to 84
 

gLite Case

Changed:
<
<
In case you want to install the ARGUS server on gLite, follow this guide; the yaim variables are the same
>
>
In case you want to install the ARGUS server on gLite, follow this guide plus the specific guide: the yaim variables are the same
 

2 - Install and configure gLexec on your WNs

Revision 22012-02-29 - AlessandroPaolini

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
Line: 70 to 70
 
  • ARGUS_HOST Hostname of the Argus node
  • PAP_ADMIN_DN User certificate DN of the user that will be the PAP administrator
Changed:
<
<
Moreover, have a look at the Administrators guide in order to see how to create and manage the authorization policies (an example will be provided soon).
>
>
Moreover, have a look at the Administrators guide ore here in order to see how to create and manage the authorization policies (an example will be provided soon).
  Briefly the steps are the following:

Revision 12012-02-24 - AlessandroPaolini

Line: 1 to 1
Added:
>
>
META TOPICPARENT name="WebHome"

A guideline on how to deploy ARGUS and gLexec on own grid site

<--/twistyPlugin twikiMakeVisibleInline-->
Dear site admins,
this message is relevant for sites supporting one or more LHC experiments,
i.e. any of the VOs "alice", "atlas", "cms" or "lhcb".

These VOs submit Multi User Pilot Jobs that are foreseen to make use of
the "glexec" utility to run payloads of individual users.

Deployment
----------

Please proceed with the deployment of gLExec as detailed on this page:

    https://twiki.cern.ch/twiki/bin/view/LCG/GlexecDeployment

Monitoring
----------

The glexec setup of any EGI partner site can be monitored by the SAM-Nagios
instance of the site's NGI or ROC:

1. The NGI/ROC needs to run SAM-Nagios Update-10 or later and configure it
   to run glexec tests (e.g. apply for "pilot" role in "ops" VO).

2. The _site_ should declare its CEs with the "gLExec" type in the GOC DB.

These matters are further explained here:

https://twiki.cern.ch/twiki/bin/view/LCG/GlexecDeployment#Monitoring_of_gLExec_tests

Please apply the necessary configurations such that your CEs appear on the
MyWLCG gLExec summary page (the link marked "NEW" on that page).
<--/twistyPlugin-->

thereby all the sites that belong to WLCG federation should install gLexec on their farm and make monitor it. Here you can see how to do it

1 - Install an ARGUS server

We recommend to install the EMI Argus.

EMI Case

Use the following repository settings, instead in the EMI-1 generic installation and configuration guide you can find an Argus specific installation guide that you may follow to install and configure this service

The Mandatory genral variables are the following

  • USERS_CONF
  • GROUPS_CONF
  • VOS List of supported VO names
  • VO_<vo-name>_VOMS_CA_DN VOMS CA DN for each VO name listed in VOS
  • VO_<vo-name>_VOMSES VOMS definition for each VO name listed in VOS

The mandatory service specific variables can be found in /opt/glite/yaim/examples/siteinfo/services/glite-authz_server

  • ARGUS_HOST Hostname of the Argus node
  • PAP_ADMIN_DN User certificate DN of the user that will be the PAP administrator

Moreover, have a look at the Administrators guide in order to see how to create and manage the authorization policies (an example will be provided soon).

Briefly the steps are the following:

  • Installation: yum install emi-argus

  • Configuration create a site.def with only the mandatory variables (and in case some of the default ones if you need a different value for them)

  • Yaim: /opt/glite/yaim/bin/yaim -c -s site-info.def -n ARGUS_server

  • At this point, the Argus services (PAP, PDP and PEP Server) must be configured, up and running

gLite Case

In case you want to install the ARGUS server on gLite, follow this guide; the yaim variables are the same

2 - Install and configure gLexec on your WNs

We recommend to install the EMI version of gLexec (and obviously EMI WN!). So that plan the migration to EMI of your farm

EMI Case

You may have a look at the following notes to see how to install gLexec on your WNs. If you have lsf as batch system or the WNs already installed, please focus your attention on the gLexec part of those notes

gLite Case

follow this guide in order to install the ig_GLEXEC_wn metapackage: the configuration files and the yaim variables to set are the same

3 - properly configure your CREAM

You have to properly set 3 yaim variable in the site.def related to CREAM/ARGUS interaction

  • USE_ARGUS
  • ARGUS_PEPD_ENDPOINTS
  • CREAM_PEPC_RESOURCEID

Here an exeample on how to set them:

#########################################
# ARGUS authorisation framework control #
#########################################

# Set USE_ARGUS to yes to enable the configuration of ARGUS
USE_ARGUS=yes

# In case ARGUS is to be used the following should be set
# The ARGUS service PEPD endpoints as a space separated list:
#ARGUS_PEPD_ENDPOINTS="http://pepd.example.org:8154/authz"
ARGUS_PEPD_ENDPOINTS="https://vgrid06.cnaf.infn.it:8154/authz"

# ARGUS resource identities: The resource ID can be set
# for the cream CE, WMS and other nodes respectively.
# If a resource ID is left unset the ARGUS configuration
# will be skipped on the associated node.
# CREAM_PEPC_RESOURCEID=urn:mysitename.org:resource:ce
# WMS_PEPC_RESOURCEID=urn:mysitename.org:resource:wms
# GENERAL_PEPC_RESOURCEID=urn:mysitename.org:resource:other
CREAM_PEPC_RESOURCEID="http://cnaf.infn.it/cremino"

Don't forget to set in CE_CAPABILITY the glexec parameter, for example:

CE_CAPABILITY="CPUScalingReferenceSI00=1039 glexec"

Then reconfigure with yaim your CREAM as usual

*4 - enable gLexec monitoring

go on https://gocdb4.esc.rl.ac.uk/portal/ and add the service endpoint "gLExec" to your CREAM

-- AlessandroPaolini - 2012-02-24

 
This site is powered by the TWiki collaboration platformCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback