-- MarcoVerlato - 2011-12-16

Quick gLite Middleware Deployment HOW-TO for CYCLOPS

Grid Elements deployment

CYCLOPS sites willing to deploy gLite services (CE, SE, UI, WN) might consider to follow the installation/configuration instructions of the INFNGRID release gLite 3.1/SL4 guide.

Commodity PCs are typically enough powerful to run the majority of the grid services. A minimal hardware configuration can be the following: a biprocessor machine with 1GB/core of RAM and 80GB SATA of HD. Most recent machines with 2-CPU quad-core and 2GB/core RAM can even be virtualized to host 4 different grid services with minimal loss of performances.

The most relevant grid elements you may want to deploy at your site have recently migrated (18/1/2008) to gLite 3.1 version on Scientific Linux 4 (x86_32 version). Some grid elements needed at your grid site (e.g. the MON box) are still gLite 3.0 on Scientific Linux CERN 3, and have to be deployed according to the following glite 3.0/SL3 guide; The plan for migrating all of the other grid elements to SL4 (32 and 64 bits versions) is available here.

Most of grid services needs a X509 certificate issued by a | IGTF recognized Certification Authority (e.g. LIP CA, GRID-FR CA, INFN CA, LCG catch-all,...). European sites should identify here their national CA and verify if their Institute is already a Registration Authority (RA) of that CA. If not, they should ask the CA to become a qualified RA, in order to be able to issue both host and personal certificates needed for grid operations.

Be sure that the administrative network domain hosting the gLite services to be deployed is configured in order to allow communications with external hosts and ports as described in the document available here. In particular:

  • most of the grid services has to be run on hosts with '''public IP address''', and only the WNs can run under NAT with an appropriate configuration;
  • you need '''DNS Reverse Name Resolution''' to make Grid Security Infrastructure (GSI) to work properly;
  • time syncronisation (within minutes) among interacting grid elements is also required by GSI. The use of Network Time Protocol (NTP) is reccomended;

As an example, for the UI you should make sure that the following ports are open for communication with the cyclops VO services:

from port to port service
localhost >1023 prod-wms-01.pd.infn.it 7443 WMProxy
localhost >1023 prod-wms-01.pd.infn.it 2811 gridFTP Server
localhost >1023 prod-lb-01.pd.infn.it 9000 LB
localhost >1023 prod-lb-01.pd.infn.it 9003 LB
localhost >1023 voms2.cnaf.infn.it 15011 VOMS Server

This INFNGRID Release is 100% compatible with gLite 3.x release, but has some additional advanced accounting and monitoring features (see here for more details). Furthermore it allows you to automatically enable the '''cyclops VO''' at your site. The updates of INFNGRID Release are very frequent and important, please pay attention to them checking periodically the link.

The release is of course fully supported by the Italian ROC (Regional Operation Centre in EGEE terminology) with a ticketing system, a knowledge base, and 4 people a day weekly rotating on duty covering 11 hours during the working days (11x5).

More infos are available at http://grid-it.cnaf.infn.it/

cyclops VO service configuration

At the link https://voms2.cnaf.infn.it:8443/voms/cyclops/Configuration.do you'll find the data needed to configure the Grid services you might want to deploy at your site.

If you are using the INFNGRID Release, you can automatically enable the cyclops VO in your gLite services using ig-yaim. In particulary, the file /opt/glite/yaim/examples/ig-site-info.def already contains the needed lines:

VO_CYCLOPS_SW_DIR=$VO_SW_DIR/cyclops
VO_CYCLOPS_DEFAULT_SE=$CLASSIC_HOST
VO_CYCLOPS_STORAGE_DIR=$CLASSIC_STORAGE_DIR/cyclops
VO_CYCLOPS_VOMS_SERVERS="'vomss://voms2.cnaf.infn.it:8443/voms/cyclops?/cyclops' 'vomss://voms-02.pd.infn.it:8443/voms/cyclops?/cyclops'"
VO_CYCLOPS_VOMSES="'cyclops voms2.cnaf.infn.it 15011 /C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it cyclops' 'cyclops voms-02.pd.infn.it 15011 /C=IT/O=INFN/OU=Host/L=Padova/CN=voms-02.pd.infn.it cyclops'"

while 20 pool accounts + 3 sgmcyclop00* are included in the relevant files /opt/glite/yaim/etc/ig-users.conf and /opt/glite/yaim/etc/ig-groups.conf

When installing e.g. a Computing Element with ig-yaim then automatically you get the VOMS mapping like:

[root@prod-ce-01 root]# cat /opt/edg/etc/lcmaps/gridmapfile
...
"/VO=cyclops/GROUP=/cyclops/ROLE=SoftwareManager/Capability=NULL" .sgmcyclops
"/VO=cyclops/GROUP=/cyclops/ROLE=SoftwareManager" .sgmcyclops
"/VO=cyclops/GROUP=/cyclops/Role=NULL/Capability=NULL" .cyclops
"/VO=cyclops/GROUP=/cyclops" .cyclops

If you are not using INFNGRID, e.g. you are just re-configuring a previous existing pure LCG/gLite site, you'll need to install the cyclops VOMS server certificate, which is not included in the gLite official rpms. You can download it from http://grid-it.cnaf.infn.it/mrepo/ig_sl4-i386/RPMS.3_1_0/ig-vomscerts-all-1.0-7.noarch.rpm

cyclops VO enabled gLite services

Some high-level gLite services of the production INFN-GRID infrastructure have been enabled with the cyclops VO, these are:

  • a glite-WMS hosted by prod-wms-01.pd.infn.it
  • a glite-LB hosted by prod-lb-01.pd.infn.it
  • a glite-BDII hosted by prod-bdii-01.pd.infn.it
  • a glite-VOMS server (https://voms2.cnaf.infn.it:8443/voms/cyclops/)
  • a gLite-LFC catalogue hosted by lfcserver.cnaf.infn.it

Users members of cyclops VO can exploit the glite-WMS to submit jobs to Computing Elements of the test-bed (see here how to become an cyclops VO member).

Up to now 16 CEs have been enabled cyclops VO, as you can see running from your UI the following command using a simple JDL file:

$ glite-wms-job-list-match -a echo.jdl

Connecting to the service https://prod-wms-01.pd.infn.it:7443/glite_wms_wmproxy_server

======================================================================

COMPUTING ELEMENT IDs LIST

The following CE(s) matching your job requirements have been found:

CEId

- ce.cp.di.uminho.pt:2119/jobmanager-lcgpbs-cyclops
- ce.egee.di.uminho.pt:2119/jobmanager-lcgpbs-cyclops
- egee-ce.datagrid.jussieu.fr:2119/jobmanager-lcgpbs-esr
- grid001.ts.infn.it:2119/jobmanager-lcglsf-grid
- grid003.roma2.infn.it:2119/jobmanager-lcgpbs-grid
- gridce.ilc.cnr.it:2119/jobmanager-lcgpbs-grid
- gridce.pi.infn.it:2119/jobmanager-lcglsf-grid4
- gridce.sns.it:2119/jobmanager-lcgpbs-grid
- prod-ce-01.pd.infn.it:2119/jobmanager-lcglsf-cyclops
- prod-ce-02.pd.infn.it:2119/jobmanager-lcglsf-cyclops
- gridba2.ba.infn.it:2119/jobmanager-lcgpbs-infinite
- gridba2.ba.infn.it:2119/jobmanager-lcgpbs-long
- gridba2.ba.infn.it:2119/jobmanager-lcgpbs-short
- ce02.lip.pt:2119/jobmanager-lcgsge-cyclopsgrid
- gridce2.pi.infn.it:2119/jobmanager-lcglsf-grid4
- grid002.ca.infn.it:2119/jobmanager-lcglsf-grid

======================================================================

When other '''EGEE Production Grid''' sites will enable the cyclops VO, these will be match-ables by the above WMS. For those sites not yet part of EGEE willing to join the infrastructure, a dedicated WMS, LB and TOP BDII will be set up at one of the CYCLOPS Project partner's sites. These dedicated grid services will made accessible both the EGEE Production and the new resources. The latter will be included as soon as the LDAP address of their site-BDII will be provided. This is a string like:

ldap://prod-ce-01.pd.infn.it:2170/mds-vo-name=INFN-PADOVA,o=grid

and it allows us to include your site to our dedicated TOP BDII.

Topic revision: r1 - 2011-12-16 - MarcoVerlato
 
This site is powered by the TWiki collaboration platformCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback