-- MarcoVerlato - 2011-12-16

Quick gLite Deployment Guide for WeNMR grid site managers

This page provides support on the following topics:

  1. Grid elements deployment
  2. enmr.eu VO service configuration
  3. enmr.eu VO dedicated gLite services

Grid Elements deployment

WeNMR sites willing to deploy gLite services (CE, SE, UI, WN) might consider to follow the installation/configuration instructions of the INFNGRID release gLite 3.1/SL4 guide or gLite 3.2/SL5 guide.

Commodity PCs are typically enough powerful to run the majority of the grid services. A minimal hardware configuration can be the following: a biprocessor machine with 1GB/core of RAM and 80GB SATA of HD. Most recent machines with 2-CPU quad-core and 2GB/core RAM can even be virtualized to host 4 different grid services with minimal loss of performances. Quite all of the grid elements you may want to deploy at your site are gLite 3.2 version on Scientific Linux 5/x86_64. The plan for migrating the few grid elements still with gLite 3.1 Scientic Linux 4/ x86 to gLite 3.2 is available here.

Most of grid services needs a X509 certificate issued by a IGTF recognized Certification Authority (e.g. DutchGrid CA, GridKa CA, INFN CA, LCG catch-all,...). European sites should identify here their national CA and verify if their Institute is already a Registration Authority (RA) of that CA. If not, they should ask the CA to become a qualified RA, in order to be able to issue both host and personal certificates needed for grid operations.

Be sure that the administrative network domain hosting the gLite services to be deployed is configured in order to allow communications with external hosts and ports as described in the document available here. In particular:

  • most of the grid services has to be run on hosts with public IP address, and only the WNs can run under NAT with an appropriate configuration;
  • you need '''DNS Reverse Name Resolution''' to make Grid Security Infrastructure (GSI) to work properly;
  • time synchronisation (within minutes) among interacting grid elements is also required by GSI. The use of Network Time Protocol (NTP) is reccomended;

As an example, for the UI you should make sure that the following ports are open for communication with the enmr.eu VO services

from port to port service
localhost >1023 wms-enmr.cerm.unifi.it 7443 WMProxy
localhost >1023 wms-enmr.cerm.unifi.it 2811 GridFTP server
localhost >1023 lb-enmr.cerm.unifi.it 9000 LB
localhost >1023 lb-enmr.cerm.unifi.it 9003 LB
localhost >1023 voms2.cnaf.infn.it 15014 VOMS server

The INFNGRID Release is 100% compatible with gLite 3.x release, but has some additional advanced accounting and monitoring features. Furthermore it allows you to automatically enable the '''enmr.eu VO''' at your site. The updates of INFNGRID Release are very frequent and important, please pay attention to them checking periodically the link.

The release is of course fully supported by the Italian NGI with a ticketing system, aknowledge base, and 4 people a day weekly rotating on duty covering 11 hours during the working days (11x5). More infos are available at the IGI portal.

enmr.eu VO service configuration

At the link https://voms2.cnaf.infn.it:8443/voms/enmr.eu/configuration/configuration.action you'll find the data needed to configure the Grid services you might want to deploy at your site.

If you are using the INFNGRID Release, you can automatically enable the enmr.eu VO in your gLite services using ig-yaim. Particularly the file /opt/glite/yaim/examples/siteinfo/vo.d/enmr.eu already contains the needed lines:

SW_DIR=$VO_SW_DIR/enmr
DEFAULT_SE=$CLOSE_SE_HOST
STORAGE_DIR=$CLASSIC_STORAGE_DIR/enmr
VOMS_SERVERS="'vomss://voms2.cnaf.infn.it:8443/voms/enmr.eu?/enmr.eu' 'vomss://voms-02.pd.infn.it:8443 /voms/enmr.eu?/enmr.eu'"
VOMSES="'enmr.eu voms2.cnaf.infn.it 15014 /C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it enmr.eu' 'enmr.eu voms-02.pd.infn.it 15014 /C=IT/O=INFN/OU=Host/L=Padova/CN=voms-02.pd.infn.it enmr.eu'"
VOMS_CA_DN="'/C=IT/O=INFN/CN=INFN CA' '/C=IT/O=INFN/CN=INFN CA'"

while 20 pool accounts + sgmenmr are included in the relevant files /opt/glite/yaim/examples/ig-users.conf and /opt/glite/yaim/examples/ig-groups.conf

When installing e.g. a Computing Element with ig-yaim then automatically you get the VOMS mapping like:

[root@prod-ce-01 root]# cat /etc/grid-security/grid-mapfile
...
"/enmr.eu/Role=SoftwareManager/Capability=NULL" .sgmenmr
"/enmr.eu/Role=SoftwareManager" .sgmenmr
"/enmr.eu/*/Role=NULL/Capability=NULL" .enmr
"/enmr.eu/*" .enmr
"/enmr.eu/Role=NULL/Capability=NULL" .enmr
"/enmr.eu" .enmr

INFNGRID release is adopting DGAS as accounting system. If you want to enable DGAS accounting on your CE, and use the INFNGRID-Release you can have a look at the item DGAS services on CE (CE LCG, CE CREAM) in the gLite 3.1/SL4 (or gLite3.2/SL5) guide and define the variable DGAS_HLR_RESOURCE="hlr-enmr.pd.infn.it" in your ig-site-info.def. More details are available on the DGAS guide.

If you are not using the INFNGRID-Release, to enable the DGAS sensors on your CEs, you have to do the following steps:

  • download the last versions available for:
    • ig-yaim
    • glite-dgas-common
    • glite-dgas-hlr-clients

from http://igi-01.pd.infn.it/mrepo/ig_sl4-i386/RPMS.3_1_0/ (for gLite 3.1) or from http://igi-01.pd.infn.it/mrepo/ig_sl5-x86_64/RPMS.3_2_0/ (for gLite 3.2);

  • read the DGAS guide to be able to proper define the required variables in your-site-info.def file;
  • configure your CE, using:

/opt/glite/yaim/bin/ig_yaim -d 6 -r -s <your-site-info.def> -n -f config_dgas_ce

Notice that DGAS since version 3.4.0 has introduced the parameter:

DGAS_VO_TO_PROCESS="vo1;vo2;vo3..."

to be set optionally in the your-site-info.def file. It allows you now to select the VOs for which you were requested/authorized to send accounting records to the Padova HLR, being not more forced to send the whole site accounting records.

If you are not using INFNGRID-Release, e.g. you are just re-configuring a previous existing pure LCG/gLite site, you'll need to install the enmr.eu VOMS server certificate, which is not included in the gLite official rpms.

You can download the latest released certificate packed in a rpm from here.

In addition, be sure that in your yaim groups.conf file you have the following lines:

"/enmr.eu/ROLE=SoftwareManager":::sgm:
"/enmr.eu/*"::::
"/enmr.eu"::::

For enmr.eu VO a specific structure is needed for sgm pool accounts. To fit these requirements some manual steps have to be performed in the software area exported to WNs. Assuming that the directory $VO_ENMR_EU_SW_DIR is already present with sgmenmr001.sgmenmr ownership, the following commands have to be issued:

mkdir $VO_ENMR_EU_SW_DIR/BCBR $VO_ENMR_EU_SW_DIR/BMRZ $VO_ENMR_EU_SW_DIR/CIRMMP
chown sgmenmr001.sgmenmr $VO_ENMR_EU_SW_DIR/BCBR; chmod g+w $VO_ENMR_EU_SW_DIR/BCBR
chown sgmenmr001.sgmenmr $VO_ENMR_EU_SW_DIR/BMRZ; chmod g+w $VO_ENMR_EU_SW_DIR/BMRZ
chown sgmenmr001.sgmenmr $VO_ENMR_EU_SW_DIR/CIRMMP; chmod g+w $VO_ENMR_EU_SW_DIR/CIRMMP

enmr.eu VO dedicated gLite services

Some high-level gLite services have been set-up at INFN-CNAF and CIRMMP. These are:

  • a glite-WMS hosted at wms-enmr.cerm.unifi.it
  • a glite-LB hosted at lb-enmr.cerm.unifi.it
  • a Top-BDII hosted at bdii-wenmr.pd.infn.it
  • a Gstat server
  • a Nagios server
  • a WMSmonitor
  • a glite-VOMS server
  • a gLite-LFC catalogue hosted at lfcserver.cnaf.infn.it
  • a DGAS 1st level HLR server hosted at hlr-enmr.pd.infn.it
  • a VO 2nd level HLR server hosted at grid-2lhlr-01.pd.infn.it
  • a HLRMon server

Users members of enmr.eu VO can exploit the glite-WMS to submit jobs to Computing Elements of the test-bed (see here how to become an enmr.eu VO member).

Up to now several CEs have been enabled enmr.eu VO, as you can see running from your UI the following command using a simple JDL file:

$ glite-wms-job-list-match -a test.jdl
Connecting to the service https://wms-enmr.cerm.unifi.it:7443/glite_wms_wmproxy_server
==========================================================================
COMPUTING ELEMENT IDs LIST
The following CE(s) matching your job requirements have been found:
CEId
- ce-enmr.chem.uu.nl:2119/jobmanager-lcgpbs-long
- ce-enmr.chem.uu.nl:2119/jobmanager-lcgpbs-medium
- ce-enmr.chem.uu.nl:2119/jobmanager-lcgpbs-short
- ce-enmr.chem.uu.nl:2119/jobmanager-lcgpbs-verylong
- ce-cr-02.ts.infn.it:8443/cream-lsf-grid
- ce-enmr.chemie.uni-frankfurt.de:2119/jobmanager-lcgpbs-long
- ce-enmr.chemie.uni-frankfurt.de:2119/jobmanager-lcgpbs-medium
- ce-enmr.chemie.uni-frankfurt.de:2119/jobmanager-lcgpbs-short
- ce-enmr.chemie.uni-frankfurt.de:2119/jobmanager-lcgpbs-verylong
- ce.cp.di.uminho.pt:2119/jobmanager-lcgpbs-enmr.eu
- ce01.eela.if.ufrj.br:2119/jobmanager-lcgpbs-enmr
- ce02.eela.if.ufrj.br:8443/cream-pbs-enmr
- cream-ce-2.ba.infn.it:8443/cream-pbs-infinite
- cream-ce-2.ba.infn.it:8443/cream-pbs-long
- cream-ce-2.ba.infn.it:8443/cream-pbs-short
- cream01.iihe.ac.be:8443/cream-pbs-enmr.eu
- gazon.nikhef.nl:2119/jobmanager-pbs-medium
- gazon.nikhef.nl:2119/jobmanager-pbs-short
- grid-ce-01.ba.infn.it:2119/jobmanager-lcgpbs-infinite
- grid-ce-01.ba.infn.it:2119/jobmanager-lcgpbs-long
- grid-ce-01.ba.infn.it:2119/jobmanager-lcgpbs-short
- grid001.cecalc.ula.ve:2119/jobmanager-lcgpbs-enmr
- grid001.ts.infn.it:2119/jobmanager-lcglsf-grid
- gridce.ilc.cnr.it:8443/cream-pbs-grid
- juk.nikhef.nl:8443/cream-pbs-medium
- juk.nikhef.nl:8443/cream-pbs-short
- kg-ce01.cc.kuleuven.be:2119/jobmanager-pbs-enmr.eu
- pbs-enmr.cerm.unifi.it:8443/cream-pbs-long
- pbs-enmr.cerm.unifi.it:8443/cream-pbs-medium
- pbs-enmr.cerm.unifi.it:8443/cream-pbs-short
- pbs-enmr.cerm.unifi.it:8443/cream-pbs-verylong
- prod-ce-01.pd.infn.it:8443/cream-lsf-grid
- prod-ce-02.pd.infn.it:2119/jobmanager-lcglsf-grid
- t2-ce-01.lnl.infn.it:2119/jobmanager-lcglsf-enmr1
- t2-ce-02.lnl.infn.it:2119/jobmanager-lcglsf-enmr1
- t2-ce-03.lnl.infn.it:2119/jobmanager-lcglsf-enmr1
- t2-ce-04.lnl.infn.it:2119/jobmanager-lcglsf-enmr1
- t2-ce-05.lnl.infn.it:8443/cream-lsf-enmr1
- t2-ce-06.lnl.infn.it:8443/cream-lsf-enmr1
- trekker.nikhef.nl:2119/jobmanager-pbs-medium
- trekker.nikhef.nl:2119/jobmanager-pbs-short
- deimos.htc.biggrid.nl:2119/jobmanager-pbs-long
- deimos.htc.biggrid.nl:2119/jobmanager-pbs-medium
- deimos.htc.biggrid.nl:2119/jobmanager-pbs-medium32
- deimos.htc.biggrid.nl:2119/jobmanager-pbs-medium64
- deimos.htc.biggrid.nl:2119/jobmanager-pbs-short
- phoebe.htc.biggrid.nl:8443/cream-pbs-long
- phoebe.htc.biggrid.nl:8443/cream-pbs-medium
- phoebe.htc.biggrid.nl:8443/cream-pbs-medium32
- phoebe.htc.biggrid.nl:8443/cream-pbs-medium64
- phoebe.htc.biggrid.nl:8443/cream-pbs-short
- grid012.ct.infn.it:2119/jobmanager-lcglsf-infinite
- grid012.ct.infn.it:2119/jobmanager-lcglsf-long
- grid012.ct.infn.it:2119/jobmanager-lcglsf-short
- ce01.dur.scotgrid.ac.uk:2119/jobmanager-lcgpbs-q1d
- ce01.dur.scotgrid.ac.uk:2119/jobmanager-lcgpbs-q2d
- ce01.dur.scotgrid.ac.uk:2119/jobmanager-lcgpbs-q30m
- ce01.dur.scotgrid.ac.uk:2119/jobmanager-lcgpbs-q3d
- ce01.dur.scotgrid.ac.uk:2119/jobmanager-lcgpbs-q6h
- ce02.dur.scotgrid.ac.uk:2119/jobmanager-lcgpbs-q1d
- ce02.dur.scotgrid.ac.uk:2119/jobmanager-lcgpbs-q2d
- ce02.dur.scotgrid.ac.uk:2119/jobmanager-lcgpbs-q30m
- ce02.dur.scotgrid.ac.uk:2119/jobmanager-lcgpbs-q3d
- ce02.dur.scotgrid.ac.uk:2119/jobmanager-lcgpbs-q6h
==========================================================================

When other sites will to join the test-bed, they will be match-ables by the glite-WMS, as soon as they'll send us the LDAP address of their site-BDII. This is a string like:

ldap://prod-bdii-02.pd.infn.it:2170/mds-vo-name=INFN-PADOVA,o=grid

and it allows us to include your site to our Top-BDII bdii-wenmr.pd.infn.it

If you have any problems please contact us here.

Edit | Attach | PDF | History: r3 < r2 < r1 | Backlinks | Raw View | More topic actions
Topic revision: r3 - 2011-12-16 - MarcoVerlato
 
This site is powered by the TWiki collaboration platformCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback