AliceBox

A discussion on setting up the ALICE VOBox at Birmingham.

Introduction

The aim is to configure our grid resources at Birmingham to allow ALICE production jobs to run. The intention is to eventually support user analysis jobs as well. Instructions on how to setup a generic VOBox are available on the GOC Twiki, and specific instructions for ALICE are available on the AliEn Twiki.

VOBox Installation

Machine Installation

The VOBox has been deployed as a 64 bit virtual machine running SL 5.3. It has the name epgr03.ph.bham.ac.uk and the DN epgr03.ph.bham.ac.uk/emailAddress=lcg-site-admin@hep.ph.bham.ac.uk. The machine is configured using cfengine (known as the class alice_vobox, with configuration files stored in the repo/alice_vobox on epgmo1). The command yum -y update was issued before any further installation commenced.

The machine has been configured to use ntpd.

gLite Installation

Installation proceed by first downloading the lcg-CA and glite-VOBOX yum repo config files. The repos sl-contrib, sl-srpms and dag were also enabled.

The packages lcg-CA and lcg-VOBOX were installed using yum. alpine and zsh were also installed as standard.

Firewall settings

In addition to the normal Birmingham-enabled ports (ssh, cfengine etc), the following ports have been enabled:

Port Function Restricted to
1975 GSISSH Global
2170 BDII Global
2811 GridFTP? Global
2119 Globus Gatekeeper Global
1093 Proofd Global
1094 Xrootd Global
8082 Storage Adapter Global
8084 Site Computing Agent Global
9991 PackMan? Global
8884 MonALISA? Global
20000-25000 Globus TCP Port Range Global

These ports have been explicitly enabled as INPUTs in the iptables definition. The following ports were also added to /etc/hosts.allow:

slapd: 127.0.0.1
sshd: 137.138.
sshd: 128.142.
nrpe: 147.188.46.55
sshd: gridppnagios.physics.ox.ac.uk

Software Areas

Only the ALICE local cluster software area is available at the moment, NFS mounted to epgr03:/egee/soft/alice. NOTE! This area is owned by sgmali01:alicesgm on epgsr1, and this user does not exist on epgr03!

Yaim Configuration

Users

Only one ALICE user has been configured on the VOBox:

  • yaim-conf/users.conf
          1001:alicesgm:1002,1000:alicesgm,alice:alice:sgm:
    

  • yaim-conf/groups.conf
          "/VO=alice/GROUP=/alice/ROLE=lcgadmin":::sgm:
          "/VO=alice/GROUP=/alice/ROLE=production":::prd:
          "/VO=alice/GROUP=/alice"::::
    

Online the vo.d/alice config file has been transferred to the VOBox by cfengine. In addition, the normal compliment of Ops VO users were created, in order to pass the nagios tests.

site-info.def

The normal list of site level variables were included in the site-info.def file. In addition, the following VOBox specific variables were also included:

LB_HOST=lcgrb01.gridpp.rl.ac.uk
PX_HOST=myproxy.cern.ch
RB_HOST=lcgrb01.gridpp.rl.ac.uk
WMS_HOST=lcgwms01.gridpp.rl.ac.uk
VOBOX_HOST=epgr03.ph.bham.ac.uk
VOBOX_PORT=1975
GSSKLOG="no"

Yaim was then executed, with the command /opt/glite/yaim/bin/yaim -c -s /root/yaim-conf/site-info.def -n lcg-VOBOX.

Backup Policy

The standard list of log files are backed up from this node, including gridftp log files. In addition, the file /opt/vobox/alice/log/events.log is also included in the backup rules.

Testing

Port Availability

Tested with telnet (ie telnet epgr03.ph.bham.ac.uk 1975 etc). Comparing with port availability on vobox.egee.cesga.es.

Port Example Box Bham Box
1975 DONE DONE
2811 DONE DONE

GSISSH

  1. Edit /etc/grid-security/grid-mapfile and map DN to alicesgm (ie add line "/C=UK/O=eScience/OU=Birmingham/L=ParticlePhysics/CN=christopher curtis" alicesgm)
  2. Log onto node using gsissh: gsissh -p 1975 epgr03.ph.bham.ac.uk
  3. $X509_USER_PROXY variable should be set after successful log in.

GridFTP?

The command edg-gridftp-ls gsiftp://epgr03.ph.bham.ac.uk/tmp may be used to check the globus-gridftp service is running.

Myproxy Retrieval

On lxplus, register a proxy certificate with the command myproxy-init -s myproxy.cern.ch -d -n -t 48 -c 900. Log onto the VOBox using gsissh and retrieve the proxy with the command /opt/lcg/bin/vobox-proxy --vo atlas --proxy-safe 10000 --myproxy-safe 20000 ---voms alice:/alice/Role=lcgadmin -email cjc@hep.ph.bham.ac.uk register

This test fails at the moment because the VOBox has not been registered properly in the myproxy server at CERN. Emailed px.support@cern.ch for advice!

Site BDII

The VOBox has been entered into the site BDII information by adding the line:
BDII_VOBOX_URL="ldap://epgr03.ph.bham.ac.uk:2170/mds-vo-name=resource,o=grid"

to the site_bdii/site-info.def file. Yaim has been re-run on the site BDII.

Storage Element

ALICE require xrootd to be installed on the Storage Element.

-- ChristopherCurtis - 29 Jul 2009

Topic revision: r9 - 31 Aug 2010 - 12:32:08 - ChristopherCurtis
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback