(OUTDATED) How to join, enable and configure igi.italiangrid.it VO (OUTDATED)

VO igi.italiangrid.it

The goal of the VO is to provide access to the existing computing and storage resources of the Italian Grid Infrastructure to individuals or groups who are new to the Grid, or whose experiment haven't an own VO yet. The VO identity card is available HERE

Users

How to join the VO igi.italiangrid.it How to deploy software for the VO igi.italiangrid.it
Users can join the VO at the HERE To distribute users software to Grid sites supporting the VO igi.italiangrid.it, please send an email to info@lists.italiangrid.it

Sites

Supporting igi.italiangrid.it VO at your site means that:
  1. Grid services must be configured to accept users of igi.italiangrid.it VO.
  2. The software supported by the igi.italiangrid.it VO is distributed through CVMFS, so:
    1. the cvmfs reporsitory for igi.italiangrid.it VO must be configure on all WNs.
    2. a local squid server should be installed and configure. In case you don't want or can't install a local squid server, please send an email to info@lists.italiangrid.it to use a remote squid server.

How to configure Grid services to accept users of igi.italiangrid.it VO at your site

site-info.def

  • Add igi.italiangrid.it to VOS variable in your site-info.def. For example:
VOS="igi.italiangrid.it comput-er.it dteam glast.org infngrid ops gridit enmr.eu"

  • Add igi.italiangrid.it to the related queue settings inside the GROUP_ENABLE variable in your site-info.def. For example (we suppose to use ''prod'' queue):
PROD_GROUP_ENABLE="comput-er.it gridit igi.italiangrid.it

  • Create vo.d/igi.italiangrid.it file inside your site configuration directory.
$ cat <confdir>/vo.d/igi.italiangrid.it
SW_DIR=/cvmfs/igi.italiangrid.it
DEFAULT_SE=$SE_HOST
STORAGE_DIR=$CLASSIC_STORAGE_DIR/igi
VOMS_SERVERS="'vomss://vomsmania.cnaf.infn.it:8443/voms/igi.italiangrid.it?/igi.italiangrid.it'"
VOMSES="'igi.italiangrid.it vomsmania.cnaf.infn.it 15003 /C=IT/O=INFN/OU=Host/L=CNAF/CN=vomsmania.cnaf.infn.it igi.italiangrid.it'"
VOMS_CA_DN="'/C=IT/O=INFN/CN=INFN CA'"

users.conf

Add to your users.conf the users for the igi.italiangrid.it fitting your site's policy in users management (range of uid and gid). To find your users.conf:
# grep USERS_CONF site-info.def
site-info.def:USERS_CONF=/root/igi-siteinfo/ig-users.conf

As example, here a list of pool account:

# grep italiangrid /root/igi-siteinfo/ig-users.conf
3601:igi001:7400:igi:igi.italiangrid.it::
3602:igi002:7400:igi:igi.italiangrid.it::
3603:igi003:7400:igi:igi.italiangrid.it::
3604:igi004:7400:igi:igi.italiangrid.it::
3605:igi005:7400:igi:igi.italiangrid.it::
3606:igi006:7400:igi:igi.italiangrid.it::
3607:igi007:7400:igi:igi.italiangrid.it::
3608:igi008:7400:igi:igi.italiangrid.it::
3609:igi009:7400:igi:igi.italiangrid.it::
3610:igi010:7400:igi:igi.italiangrid.it::
3611:igi011:7400:igi:igi.italiangrid.it::
3612:igi012:7400:igi:igi.italiangrid.it::
3613:igi013:7400:igi:igi.italiangrid.it::
3614:igi014:7400:igi:igi.italiangrid.it::
3615:igi015:7400:igi:igi.italiangrid.it::
3616:igi016:7400:igi:igi.italiangrid.it::
3617:igi017:7400:igi:igi.italiangrid.it::
3618:igi018:7400:igi:igi.italiangrid.it::
3619:igi019:7400:igi:igi.italiangrid.it::
3620:igi020:7400:igi:igi.italiangrid.it::
3621:igi021:7400:igi:igi.italiangrid.it::
3622:igi022:7400:igi:igi.italiangrid.it::
3623:igi023:7400:igi:igi.italiangrid.it::
3624:igi024:7400:igi:igi.italiangigi:it::
3625:igi025:7400:igi:igi.italiangrid.it::
10161:sgmigi001:7450,7400:sgmigi,igi:igi.italiangrid.it:sgm:
10162:sgmigi002:7450,7400:sgmigi,igi:igi.italiangrid.it:sgm:
10163:sgmigi003:7450,7400:sgmigi,igi:igi.italiangrid.it:sgm:
10164:sgmigi004:7450,7400:sgmigi,igi:igi.italiangrid.it:sgm:
10165:sgmigi005:7450,7400:sgmigi,igi:igi.italiangrid.it:sgm:
Some useful informations are available in /opt/glite/yaim/examples/users.conf.README

groups.conf

Add to groups.conf the VOMS FQANs for the igi.italiangrid.it VO. To find your groups.conf:
# grep GROUPS_CONF site-info.def
site-info.def:USERS_CONF=/root/igi-siteinfo/ig-groups.conf

# grep italiangrid /root/igi-siteinfo/ig-groups.conf 
"/igi.italiangrid.it/ROLE=SoftwareManager":::sgm:
"/igi.italiangrid.it"::::
"/igi.italiangrid.it/*"::::

Some useful informations are available in ''/opt/glite/yaim/examples/groups.conf.README''.

Storm

  • Backend
$configdir/servcies/se_storm_backend
VOS="compchem ops dteam infngrid gridit igi.italiangrid.it"
...
# **Compulsory** variables
STORM_IGI\.ITALIANGRID\.IT_VONAME=igi.italiangrid.it
STORM_IGI\.ITALIANGRID\.IT_ONLINE_SIZE=100

  • Frontend
$configdir/servcies/se_storm_frontend
VOS="compchem ops dteam infngrid gridit igi.italiangrid.it"

  • Gridftp
$configdir/servcies/se_storm_gridftp
VOS="compchem ops dteam infngrid gridit igi.italiangrid.it"

Configure your nodetypes

In order to enable the newly added "<voname>'' VO on your site you have to run for each nodetype the function you find in the table below. Naturally you can also complete reconfigure your nodetypes but this is a more expensive procedure.

For each nodetype you have to use the following command, properly replacing the profile and function's names:

/opt/glite/yaim/bin/yaim -r -s <confdir>/<your-site-info.def> -n <profile> -f <function>

Profiles Function
BDII Site ''config_newvo_bdii_site''
BDII Top ''config_newvo_bdii_top''
CREAM ''config_newvo_cream''
''config_newvo_cream_lsf''
''config_newvo_cream_torque''
GRIDFTP ''config_newvo_gridftp''
HLR ''config_newvo_hlr''
LB ''config_newvo_lb''
SE_DPM ''config_newvo_se_dpm_disk''
''config_newvo_se_dpm_mysql''
''config_newvo_se_dpm_oracle''
SE StoRM ''config_newvo_se_storm_backend''
''config_newvo_se_storm_frontend''
UI ''config_newvo_ui''
WMS ''config_newvo_wms''
WN ''config_newvo_wn''
''config_newvo_wn_lsf''
''config_newvo_wn_torque''

How to configure the cvmfs reporsitory for igi.italiangrid.it on your WNs and UI at your site

The igi.italiangrid.it repository have a directory for each application and a subdirectory for each version.
reponame 
   |---------- App-01
   |            |-------Version-X
   |            |-------Version-Y
   |-----------App-02
   |            | ------Version-X
   |---------- App-03
                |-------Version-X
                |-------Version-Y       
                |-------Version-Z   

Setup two squid servers

If you setup CernVM-FS on your local cluster, we strongly recommend to setup a Squid forward proxy server as well. This is for two reasons:
  1. it will reduce the latency for the local worker nodes, which is critical for cold cache performance;
  2. it reduces the load on our backend server.
From what we have seen, a Squid server on commodity hardware scales well for at least a couple of hundred worker nodes. The more RAM and hard disk you can devote for caching the better. We have good experience with 4-8GB of memory cache and 50-100GB of hard disk cache. We suggest to setup two identical Squids for reliability and load-balancing (on two WNs could be fine). Some reference about squid configuration here.

In case you don't want or can't install a local squid server, please send an email to info@lists.italiangrid.it to use a remote squid server.

squid installation and setup example
# yum install -y squid

# chkconfig squid on

The file /etc/squid/squid.conf should contain at least the following variable (where 131.154.0.0 in the example is the network of the WNs)

acl MY_network src 131.154.0.0/255.255.0.0
http_access allow MY_network

acl RESTRICT_DEST dstdom_regex ^igi-cvmfs.cnaf.infn.it$

Start the squid service /etc/init.d/squid restart

Check the squid log file while testing cvmfs from a WN (tail -f /var/log/squid/*.log)

Install cvmfs on WN and UI

NB: Skip this step if cvmfs is already installed on your WN and UI
  • installing repository for cvmfs software

# SL5
wget http://cvmrepo.web.cern.ch/cvmrepo/yum/cvmfs/EL/5/x86_64/cvmfs-release-2-2.el5.noarch.rpm
rpm -ivh cvmfs-release-2-2.el5.noarch.rpm

# SL6
wget http://cvmrepo.web.cern.ch/cvmrepo/yum/cvmfs/EL/6.0/x86_64/cvmfs-release-2-2.el6.noarch.rpm

  • cvmfs client installation and setup
# yum install cvmfs-keys cvmfs cvmfs-init-scripts

configure cvmfs on WN and UI

  • cvmfs_config setup
#  cvmfs_config setup
Starting CernVM-FS:                                        [  OK  ]

  • Edit (create if it does not exist) the file /etc/cvmfs/default.local, in particular, add igi.italiangrid.it to CVMFS_REPOSITORIES variable
# cat /etc/cvmfs/default.local
CVMFS_REPOSITORIES=igi.italiangrid.it
# In case of more than one repo, just add igi.italiangrid.it
# CVMFS_REPOSITORIES=atlas.cern.ch,atlas-condb.cern.ch,atlas-nightlies.cern.ch,igi.italiangrid.it

  • Install the public key for igi.italiangrid.it repo:
#cat /etc/cvmfs/keys/igi.italiangrid.it.pub 
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWsi65mtKk2EwXK8wQjW
d8KsUDhpIMQUuX3oYp3oGcjUhh0igyHRTgT5oKtmocqON1Dakk0Am0NDIDC7IbOi
niYAsagLk1qNq1DKX7oXgnPwaxkMYRJelOzLIRTMMocQwrIfuEshC7zjnm0328P0
KsI6XGYOsdceRq/OubK2Z/JAjnE6fKaxx4SB93xkkKS4E0GcmwUXeXYKYOopnhA+
R03zTRTN64wOS+JqyuDcr+njON/Ilze5hYELaQGJ1Yr0kVSOv7O985OoTCYDnl67
a65WuvXH/1yHQamcFVOhwYRdp4+zpGyoBCZ24jJN2s9FBut4AEZyag7sp5ncMt8R
yQIDAQAB
-----END PUBLIC KEY-----

# chmod 444 /etc/cvmfs/keys/igi.italiangrid.it.pub 

  • create the file /etc/cvmfs/config.d/igi.italiangrid.it.conf and start autofs

# cat  /etc/cvmfs/config.d/igi.italiangrid.it.conf
CVMFS_SERVER_URL=http://igi-cvmfs.cnaf.infn.it/cvmfs/igi.italiangrid.it
CVMFS_PUBLIC_KEY=/etc/cvmfs/keys/igi.italiangrid.it.pub
# NB: change squid01.YOUR-DOMAIN and squid01.YOUR-DOMAIN with the local squid servers.
# In case you don't want or can't install a local squid server, please send an email to info@lists.italiangrid.it to use a remote squid server.
CVMFS_HTTP_PROXY="http://squid01.YOUR-DOMAIN:3128|http://squid02.YOUR-DOMAIN:3128"

# /etc/init.d/autofs restart

# chkconfig autofs on
NB: change squid01.YOUR-DOMAIN and squid01.YOUR-DOMAIN with the local squid servers. In case you don't want or can't install a local squid server, please send an email to info@lists.italiangrid.it to use a remote squid server.

test cvmfs on WN and UI

  • cvmfs_config chksetup
# cvmfs_config chksetup
OK

  • cvmfs_config showconfig
# cvmfs_config showconfig

Running /usr/bin/cvmfs_config igi.italiangrid.it:
CVMFS_USER=cvmfs # from /etc/cvmfs/default.conf
CVMFS_NFILES=65536 # from /etc/cvmfs/default.conf
CVMFS_CACHE_BASE=/var/cache/cvmfs2 # from /etc/cvmfs/default.conf
CVMFS_CACHE_DIR=/var/cache/cvmfs2/igi.italiangrid.it
CVMFS_MOUNT_DIR=/cvmfs # from /etc/cvmfs/default.conf
CVMFS_QUOTA_LIMIT=4000 # from /etc/cvmfs/default.conf
CVMFS_SERVER_URL=http://igi-cvmfs.cnaf.infn.it/cvmfs/igi.italiangrid.it # from /etc/cvmfs/config.d/igi.italiangrid.it.conf
CVMFS_OPTIONS=allow_other,entry_timeout=60,attr_timeout=60,negative_timeout=60,use_ino # from /etc/cvmfs/default.conf
CVMFS_DEBUGLOG= 
CVMFS_HTTP_PROXY=DIRECT # from /etc/cvmfs/config.d/igi.italiangrid.it.conf
CERNVM_CDN_HOST= 
CERNVM_GRID_UI_VERSION= 
CVMFS_SYSLOG_LEVEL= 
CVMFS_TRACEFILE= 
CVMFS_DEFAULT_DOMAIN=cern.ch # from /etc/cvmfs/default.conf
CVMFS_TIMEOUT=5 # from /etc/cvmfs/default.conf
CVMFS_TIMEOUT_DIRECT=10 # from /etc/cvmfs/default.conf
CVMFS_PUBLIC_KEY=/etc/cvmfs/keys/igi.italiangrid.it.pub # from /etc/cvmfs/config.d/igi.italiangrid.it.conf
CVMFS_FORCE_SIGNING=yes # from /etc/cvmfs/default.conf
CVMFS_STRICT_MOUNT=yes # from /etc/cvmfs/default.conf
CVMFS_MAX_TTL= 
CVMFS_REPOSITORIES=igi.italiangrid.it # from /etc/cvmfs/default.local

  • service cvmfs probe
# service cvmfs probe
Probing /cvmfs/igi.italiangrid.it                          [  OK  ]

  • Software check
# /cvmfs/igi.italiangrid.it/test/helloworld.sh 
Test cvmfs igi.italiangrid.it

  • cvmfs_config stat
# cvmfs_config stat

Running /usr/bin/cvmfs_config stat igi.italiangrid.it:
VERSION PID UPTIME(M) MEM(K) REVISION EXPIRES(M) NOCATALOGS CACHEUSE(K) CACHEMAX(K) NOFDUSE NOFDMAX NOIOERR NOOPEN HITRATE(%) RX(K) SPEED(K/S) HOST PROXY ONLINE
2.0.13.0 20136 0 13216 3 60 1 13 4096001 0 65024 0 0 n/a 0 n/a http://igi-cvmfs.cnaf.infn.it/cvmfs/igi.italiangrid.it DIRECT 1

-- PaoloVeronesi - 2012-10-31

Edit | Attach | PDF | History: r6 < r5 < r4 < r3 < r2 | Backlinks | Raw View | More topic actions
Topic revision: r6 - 2013-09-12 - PaoloVeronesi
 
This site is powered by the TWiki collaboration platformCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback