Tags:
,
view all tags
-- Main.MarcoVerlato - 2011-12-16 ---+ Quick gLite Deployment Guide for [[http://www.wenmr.eu][WeNMR]] grid site managers This page provides support on the following topics: 1. Grid elements deployment 2. enmr.eu VO service configuration 3. enmr.eu VO dedicated gLite services ---++ Grid Elements deployment [[http://www.wenmr.eu][WeNMR]] sites willing to deploy gLite services (CE, SE, UI, WN) might consider to follow the installation/configuration instructions of the INFNGRID release [[http://igrelease.forge.cnaf.infn.it/doku.php?id=doc:guides:install-3_1][gLite 3.1/SL4 guide]] or [[http://igrelease.forge.cnaf.infn.it/doku.php?id=doc:guides:install-3_2][gLite 3.2/SL5 guide]]. Commodity PCs are typically enough powerful to run the majority of the grid services. A minimal hardware configuration can be the following: a biprocessor machine with 1GB/core of RAM and 80GB SATA of HD. Most recent machines with 2-CPU quad-core and 2GB/core RAM can even be virtualized to host 4 different grid services with minimal loss of performances. Quite all of the grid elements you may want to deploy at your site are gLite 3.2 version on [[https://www.scientificlinux.org/distributions/5x/][Scientific Linux 5]]/x86_64. The plan for migrating the few grid elements still with gLite 3.1 [[https://www.scientificlinux.org/distributions/4x/][Scientic Linux 4]]/ x86 to gLite 3.2 is available [[https://twiki.cern.ch/twiki//bin/view/EGEE/SL5Planning][here]]. Most of grid services needs a X509 certificate issued by a [[http://www.igtf.net/][IGTF]] recognized Certification Authority (e.g. DutchGrid CA, GridKa CA, INFN CA, LCG catch-all,...). European sites should identify [[http://eugridpma.org/members/worldmap/][here]] their national CA and verify if their Institute is already a Registration Authority (RA) of that CA. If not, they should ask the CA to become a qualified RA, in order to be able to issue both host and personal certificates needed for grid operations. *Be sure* that the administrative network domain hosting the gLite services to be deployed is configured in order to allow communications with external hosts and ports as described in the document available [[https://twiki.cern.ch/twiki/bin/view/LCG/LCGPortTable#The_middleware_port_list][here]]. In particular: * most of the grid services has to be run on hosts with *public IP address*, and only the WNs can run under NAT with an appropriate configuration; * you need '''DNS Reverse Name Resolution''' to make Grid Security Infrastructure (GSI) to work properly; * time synchronisation (within minutes) among interacting grid elements is also required by GSI. The use of Network Time Protocol (NTP) is reccomended; As an example, for the UI you should make sure that the following ports are open for communication with the enmr.eu VO services | *from* | *port* | *to* | *port* | *service* | | localhost | >1023 | wms-enmr.cerm.unifi.it | 7443 | WMProxy | | localhost | >1023 | wms-enmr.cerm.unifi.it | 2811 | GridFTP server | | localhost | >1023 | lb-enmr.cerm.unifi.it | 9000 | LB | | localhost | >1023 | lb-enmr.cerm.unifi.it | 9003 | LB | | localhost | >1023 | voms2.cnaf.infn.it | 15014 | VOMS server | The INFNGRID Release is 100% compatible with gLite 3.x release, but has some additional advanced accounting and monitoring features. Furthermore it allows you to automatically enable the '''enmr.eu VO''' at your site. The [[http://igrelease.forge.cnaf.infn.it/doku.php?id=doc:updates:start][updates]] of INFNGRID Release are very frequent and important, please pay attention to them checking periodically the [[http://igrelease.forge.cnaf.infn.it/doku.php?id=doc:updates:start][link]]. The release is of course fully supported by the Italian NGI with a ticketing system, aknowledge base, and 4 people a day weekly rotating on duty covering 11 hours during the working days (11x5). More infos are available at the [[http://www.italiangrid.it/][IGI portal]]. ---++ enmr.eu VO service configuration At the link https://voms2.cnaf.infn.it:8443/voms/enmr.eu/configuration/configuration.action you'll find the data needed to configure the Grid services you might want to deploy at your site. If you are using the INFNGRID Release, you can automatically enable the enmr.eu VO in your gLite services using ig-yaim. Particularly the file /opt/glite/yaim/examples/siteinfo/vo.d/enmr.eu already contains the needed lines: SW_DIR=$VO_SW_DIR/enmr<br/> DEFAULT_SE=$CLOSE_SE_HOST<br/> STORAGE_DIR=$CLASSIC_STORAGE_DIR/enmr<br/> VOMS_SERVERS="'vomss://voms2.cnaf.infn.it:8443/voms/enmr.eu?/enmr.eu' 'vomss://voms-02.pd.infn.it:8443 /voms/enmr.eu?/enmr.eu'"<br/> VOMSES="'enmr.eu voms2.cnaf.infn.it 15014 /C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it enmr.eu' 'enmr.eu voms-02.pd.infn.it 15014 /C=IT/O=INFN/OU=Host/L=Padova/CN=voms-02.pd.infn.it enmr.eu'"<br/> VOMS_CA_DN="'/C=IT/O=INFN/CN=INFN CA' '/C=IT/O=INFN/CN=INFN CA'"<br/> while 20 pool accounts + sgmenmr are included in the relevant files /opt/glite/yaim/examples/ig-users.conf and /opt/glite/yaim/examples/ig-groups.conf When installing e.g. a Computing Element with ig-yaim then automatically you get the VOMS mapping like: [root@prod-ce-01 root]# cat /etc/grid-security/grid-mapfile<br/> ...<br/> "/enmr.eu/Role=SoftwareManager/Capability=NULL" .sgmenmr<br/> "/enmr.eu/Role=SoftwareManager" .sgmenmr<br/> "/enmr.eu/*/Role=NULL/Capability=NULL" .enmr<br/> "/enmr.eu/*" .enmr<br/> "/enmr.eu/Role=NULL/Capability=NULL" .enmr<br/> "/enmr.eu" .enmr<br/> INFNGRID release is adopting DGAS as accounting system. If you want to enable DGAS accounting on your CE, and use the INFNGRID-Release you can have a look at the item DGAS services on CE (CE LCG, CE CREAM) in the gLite 3.1/SL4 (or gLite3.2/SL5) guide and define the variable DGAS_HLR_RESOURCE="hlr-enmr.pd.infn.it" in your ig-site-info.def. More details are available on the DGAS guide.<br/> If you are not using the INFNGRID-Release, to enable the DGAS sensors on your CEs, you have to do the following steps: * download the last versions available for: * ig-yaim * glite-dgas-common * glite-dgas-hlr-clients from http://igi-01.pd.infn.it/mrepo/ig_sl4-i386/RPMS.3_1_0/ (for gLite 3.1) or from http://igi-01.pd.infn.it/mrepo/ig_sl5-x86_64/RPMS.3_2_0/ (for gLite 3.2); * read the [[http://igrelease.forge.cnaf.infn.it/doku.php?id=doc:guides:dgas][DGAS guide]] to be able to proper define the required variables in your-site-info.def file; * configure your CE, using: /opt/glite/yaim/bin/ig_yaim -d 6 -r -s <your-site-info.def> -n <your_CE_type> -f config_dgas_ce Notice that DGAS since version 3.4.0 has introduced the parameter: DGAS_VO_TO_PROCESS="vo1;vo2;vo3..." to be set optionally in the your-site-info.def file. It allows you now to select the VOs for which you were requested/authorized to send accounting records to the Padova HLR, being not more forced to send the whole site accounting records. If you are not using INFNGRID-Release, e.g. you are just re-configuring a previous existing pure LCG/gLite site, you'll need to install the enmr.eu VOMS server certificate, which is not included in the gLite official rpms. You can download the latest released certificate packed in a rpm from [[http://igi-01.pd.infn.it/mrepo/ig_sl4-i386/RPMS.3_1_0/ig-vomscerts-all-latest.noarch.rpm][here]]. In addition, be sure that in your yaim groups.conf file you have the following lines: "/enmr.eu/ROLE=SoftwareManager":::sgm:<br/> "/enmr.eu/*"::::<br/> "/enmr.eu"::::<br/> For enmr.eu VO a specific structure is needed for sgm pool accounts. To fit these requirements *some manual steps* have to be performed in the software area exported to WNs. Assuming that the directory $VO_ENMR_EU_SW_DIR is already present with sgmenmr001.sgmenmr ownership, the following commands have to be issued: mkdir $VO_ENMR_EU_SW_DIR/BCBR $VO_ENMR_EU_SW_DIR/BMRZ $VO_ENMR_EU_SW_DIR/CIRMMP<br/> chown sgmenmr001.sgmenmr $VO_ENMR_EU_SW_DIR/BCBR; chmod g+w $VO_ENMR_EU_SW_DIR/BCBR<br/> chown sgmenmr001.sgmenmr $VO_ENMR_EU_SW_DIR/BMRZ; chmod g+w $VO_ENMR_EU_SW_DIR/BMRZ<br/> chown sgmenmr001.sgmenmr $VO_ENMR_EU_SW_DIR/CIRMMP; chmod g+w $VO_ENMR_EU_SW_DIR/CIRMMP<br/> ---++ enmr.eu VO dedicated gLite services Some high-level gLite services have been set-up at INFN-CNAF and CIRMMP. These are: * a glite-WMS hosted at wms-enmr.cerm.unifi.it * a glite-LB hosted at lb-enmr.cerm.unifi.it * a Top-BDII hosted at bdii-wenmr.pd.infn.it * a [[http://grid-monitor.pd.infn.it:50080/gstat/summary/VO/enmr.eu/][Gstat]] server * a [[https://grid-monitor03.pd.infn.it:50080/nagios/][Nagios]] server * a [[https://wmsmonitor.pd.infn.it:50080/wmsmon/main/main.php][WMSmonitor]] * a [[https://voms2.cnaf.infn.it:8443/voms/enmr.eu/][glite-VOMS]] server * a gLite-LFC catalogue hosted at lfcserver.cnaf.infn.it * a DGAS 1st level HLR server hosted at hlr-enmr.pd.infn.it * a VO 2nd level HLR server hosted at grid-2lhlr-01.pd.infn.it * a [[https://hlrmon-01.pd.infn.it:50080/hlrmon/][HLRMon]] server Users members of enmr.eu VO can exploit the glite-WMS to submit jobs to Computing Elements of the test-bed (see [[QuickGliteHowToForWeNMRUsers][here]] how to become an enmr.eu VO member). Up to now several CEs have been enabled enmr.eu VO, as you can see running from your UI the following command using a simple JDL file: =$ glite-wms-job-list-match -a [[http://www.wenmr.eu/files/files/test.jdl][test.jdl]]=<br/> Connecting to the service https://wms-enmr.cerm.unifi.it:7443/glite_wms_wmproxy_server<br/> ==========================================================================<br/> COMPUTING ELEMENT IDs LIST<br/> The following CE(s) matching your job requirements have been found:<br/> CEId<br/> - ce-enmr.chem.uu.nl:2119/jobmanager-lcgpbs-long<br/> - ce-enmr.chem.uu.nl:2119/jobmanager-lcgpbs-medium<br/> - ce-enmr.chem.uu.nl:2119/jobmanager-lcgpbs-short<br/> - ce-enmr.chem.uu.nl:2119/jobmanager-lcgpbs-verylong<br/> - ce-cr-02.ts.infn.it:8443/cream-lsf-grid<br/> - ce-enmr.chemie.uni-frankfurt.de:2119/jobmanager-lcgpbs-long<br/> - ce-enmr.chemie.uni-frankfurt.de:2119/jobmanager-lcgpbs-medium<br/> - ce-enmr.chemie.uni-frankfurt.de:2119/jobmanager-lcgpbs-short<br/> - ce-enmr.chemie.uni-frankfurt.de:2119/jobmanager-lcgpbs-verylong<br/> - ce.cp.di.uminho.pt:2119/jobmanager-lcgpbs-enmr.eu<br/> - ce01.eela.if.ufrj.br:2119/jobmanager-lcgpbs-enmr<br/> - ce02.eela.if.ufrj.br:8443/cream-pbs-enmr<br/> - cream-ce-2.ba.infn.it:8443/cream-pbs-infinite<br/> - cream-ce-2.ba.infn.it:8443/cream-pbs-long<br/> - cream-ce-2.ba.infn.it:8443/cream-pbs-short<br/> - cream01.iihe.ac.be:8443/cream-pbs-enmr.eu<br/> - gazon.nikhef.nl:2119/jobmanager-pbs-medium<br/> - gazon.nikhef.nl:2119/jobmanager-pbs-short<br/> - grid-ce-01.ba.infn.it:2119/jobmanager-lcgpbs-infinite<br/> - grid-ce-01.ba.infn.it:2119/jobmanager-lcgpbs-long<br/> - grid-ce-01.ba.infn.it:2119/jobmanager-lcgpbs-short<br/> - grid001.cecalc.ula.ve:2119/jobmanager-lcgpbs-enmr<br/> - grid001.ts.infn.it:2119/jobmanager-lcglsf-grid<br/> - gridce.ilc.cnr.it:8443/cream-pbs-grid<br/> - juk.nikhef.nl:8443/cream-pbs-medium<br/> - juk.nikhef.nl:8443/cream-pbs-short<br/> - kg-ce01.cc.kuleuven.be:2119/jobmanager-pbs-enmr.eu<br/> - pbs-enmr.cerm.unifi.it:8443/cream-pbs-long<br/> - pbs-enmr.cerm.unifi.it:8443/cream-pbs-medium<br/> - pbs-enmr.cerm.unifi.it:8443/cream-pbs-short<br/> - pbs-enmr.cerm.unifi.it:8443/cream-pbs-verylong<br/> - prod-ce-01.pd.infn.it:8443/cream-lsf-grid<br/> - prod-ce-02.pd.infn.it:2119/jobmanager-lcglsf-grid<br/> - t2-ce-01.lnl.infn.it:2119/jobmanager-lcglsf-enmr1<br/> - t2-ce-02.lnl.infn.it:2119/jobmanager-lcglsf-enmr1<br/> - t2-ce-03.lnl.infn.it:2119/jobmanager-lcglsf-enmr1<br/> - t2-ce-04.lnl.infn.it:2119/jobmanager-lcglsf-enmr1<br/> - t2-ce-05.lnl.infn.it:8443/cream-lsf-enmr1<br/> - t2-ce-06.lnl.infn.it:8443/cream-lsf-enmr1<br/> - trekker.nikhef.nl:2119/jobmanager-pbs-medium<br/> - trekker.nikhef.nl:2119/jobmanager-pbs-short<br/> - deimos.htc.biggrid.nl:2119/jobmanager-pbs-long<br/> - deimos.htc.biggrid.nl:2119/jobmanager-pbs-medium<br/> - deimos.htc.biggrid.nl:2119/jobmanager-pbs-medium32<br/> - deimos.htc.biggrid.nl:2119/jobmanager-pbs-medium64<br/> - deimos.htc.biggrid.nl:2119/jobmanager-pbs-short<br/> - phoebe.htc.biggrid.nl:8443/cream-pbs-long<br/> - phoebe.htc.biggrid.nl:8443/cream-pbs-medium<br/> - phoebe.htc.biggrid.nl:8443/cream-pbs-medium32<br/> - phoebe.htc.biggrid.nl:8443/cream-pbs-medium64<br/> - phoebe.htc.biggrid.nl:8443/cream-pbs-short<br/> - grid012.ct.infn.it:2119/jobmanager-lcglsf-infinite<br/> - grid012.ct.infn.it:2119/jobmanager-lcglsf-long<br/> - grid012.ct.infn.it:2119/jobmanager-lcglsf-short<br/> - ce01.dur.scotgrid.ac.uk:2119/jobmanager-lcgpbs-q1d<br/> - ce01.dur.scotgrid.ac.uk:2119/jobmanager-lcgpbs-q2d<br/> - ce01.dur.scotgrid.ac.uk:2119/jobmanager-lcgpbs-q30m<br/> - ce01.dur.scotgrid.ac.uk:2119/jobmanager-lcgpbs-q3d<br/> - ce01.dur.scotgrid.ac.uk:2119/jobmanager-lcgpbs-q6h<br/> - ce02.dur.scotgrid.ac.uk:2119/jobmanager-lcgpbs-q1d<br/> - ce02.dur.scotgrid.ac.uk:2119/jobmanager-lcgpbs-q2d<br/> - ce02.dur.scotgrid.ac.uk:2119/jobmanager-lcgpbs-q30m<br/> - ce02.dur.scotgrid.ac.uk:2119/jobmanager-lcgpbs-q3d<br/> - ce02.dur.scotgrid.ac.uk:2119/jobmanager-lcgpbs-q6h<br/> ==========================================================================<br/> When other sites will to join the test-bed, they will be match-ables by the glite-WMS, as soon as they'll send us the LDAP address of their site-BDII. This is a string like: ldap://prod-bdii-02.pd.infn.it:2170/mds-vo-name=INFN-PADOVA,o=grid and it allows us to include your site to our Top-BDII bdii-wenmr.pd.infn.it If you have any problems please contact us [[http://www.wenmr.eu/wenmr/contact][here]].
Edit
|
Attach
|
PDF
|
H
istory
:
r3
<
r2
<
r1
|
B
acklinks
|
V
iew topic
|
More topic actions...
Topic revision: r2 - 2011-12-16
-
MarcoVerlato
Home
Site map
CEMon web
CREAM web
Cloud web
Cyclops web
DGAS web
EgeeJra1It web
Gows web
GridOversight web
IGIPortal web
IGIRelease web
MPI web
Main web
MarcheCloud web
MarcheCloudPilotaCNAF web
Middleware web
Operations web
Sandbox web
Security web
SiteAdminCorner web
TWiki web
Training web
UserSupport web
VOMS web
WMS web
WMSMonitor web
WeNMR web
WeNMR Web
Create New Topic
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
View
Raw View
Print version
Find backlinks
History
More topic actions
Edit
Raw edit
Attach file or image
Edit topic preference settings
Set new parent
More topic actions
Account
Log In
Edit
Attach
Copyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki?
Send feedback