TWiki
>
Computing Web
>
CAGE
(revision 3) (raw view)
Edit
Attach
---+ Birmingham CAGE Test Bench A description of Cream ce /Argus/Glexec_wn/lcg-cE (CAGE) test installation at Birmingham. %TOC% ---++ Context ALICE have requested Birmingham install a CreamCE, which should be able to submit jobs to all WNs supporting the ALICE VO. ATLAS does not support CreamCE submission yet, so the same WNs also need to accept jobs from a conventional lcg-CE. ATLAS does support multi-user pilot jobs though, so the WNs must be able to execute glexec. Other GridPP sites have tested this functionality in the context of an SCAS server. This test bench makes use of ARGUS to decide on authentication requests. ---++ Installation Installation of all test nodes is managed by the cfengine server on epgmo1. Below are instructions for completing the installation manually. ---+++ GLEXEC_wn * Setup the [[http://grid-deployment.web.cern.ch/grid-deployment/glite/repos/3.2/glite-ARGUS.repo][glite-ARGUS]], [[http://grid-deployment.web.cern.ch/grid-deployment/glite/repos/3.2/glite-WN.repo][glite-WN]], [[http://grid-deployment.web.cern.ch/grid-deployment/glite/repos/3.2/glite-GLEXEC_wn.repo][glite-GLEXEC_wn]], [[http://grid-deployment.web.cern.ch/grid-deployment/glite/repos/3.2/glite-TORQUE_client.repo][glite-TORQUE_client]] and [[http://grid-deployment.web.cern.ch/grid-deployment/glite/repos/3.2/lcg-CA.repo][lcg-CA]] yum repos. * Install the following: <verbatim> yum -y install lcg-CA yum -y groupinstall glite-WN yum -y glite-GLEXEC_wn yum -y install glite-TORQUE_client yum -y install glite-authz-pep-c yum -y install glite-authz-pep-c-cli </verbatim> * In order to get glexec working properly with lcmaps, you will also need to download and install [[http://etics-repository.cern.ch:8080/repository/download/registered/org.glite/org.glite.security.lcmaps-plugins-c-pep/0.0.7/sl5_x86_64_gcc412/glite-security-lcmaps-plugins-c-pep-0.0.7-2.sl5.x86_64.rpm][glite-security-lcmaps-plugins-c-pep]] * If ATLAS jobs are to be supported, all the normal additional libraries should also be installed. * The node is configured with the yaim command =/opt/glite/yaim/bin/yaim -c -s /root/yaim-conf/site-info.def -n WN -n GLEXEC_wn -n TORQUE_client=. The relevant yaim variables can be found [[https://twiki.cern.ch/twiki/bin/view/LCG/Site-info_configuration_variables][here]]. * The files =/opt/glite/etc/glexec.conf=, =/opt/glite/etc/lcmaps/lcmaps-glexec.db= and =/opt/glite/etc/lcas/lcas-glexec.db= are not properly set by yaim-core 4.0.11 and should be updated manually to reflect the settings detailed [[https://twiki.cern.ch/twiki/bin/view/EGEE/AuthZPEPgLExecConfig][here]]. * In addition to all the normal glite-WN communication ports, the GLEXEC_wn also requires access (both INPUT and OUTPUT) on port 8154 to the ARGUS server. ---+++ ARGUS * Setup the [[http://grid-deployment.web.cern.ch/grid-deployment/glite/repos/3.2/glite-ARGUS.repo][glite-ARGUS]] and [[http://grid-deployment.web.cern.ch/grid-deployment/glite/repos/3.2/lcg-CA.repo][lcg-CA]] yum repos. * Install the following: <verbatim> yum -y install lcg-CA yum -y install jpackage-utils yum -y install glite-ARGUS </verbatim> * The node is configured with the yaim command =/opt/glite/yaim/bin/yaim -c -s /root/yaim-conf/site-info.def -n ARGUS_server=. The relevant yaim variables can be found [[https://twiki.cern.ch/twiki/bin/view/LCG/Site-info_configuration_variables][here]]. * In order for dteam to use glexec, the appropriate policies have to be defined. Full details can be found [[https://twiki.cern.ch/twiki/bin/view/EGEE/AuthorizationFramework][here]]. A simple policy could be: <verbatim> resource "http://authz-interop.org/xacml/resource/resource-type/wn" { action "http://authz-interop.org/xacml/action/action-type/execute-now" { rule permit { vo = dteam } } } </verbatim> which, if stored in the file =dteam_policy=, can be loaded using the command =pap-admin apf dteam_policy=. * The ARGUS server should be able to communicate with itself (ie localhost) on ports 8150-8153 (INPUT only), and any node requesting authentication services on 8154 (INPUT only). ---+++ Cream CE * Setup the [[http://grid-deployment.web.cern.ch/grid-deployment/glite/repos/3.2/glite-CREAM.repo][glite-CREAM]], [[http://grid-deployment.web.cern.ch/grid-deployment/glite/repos/3.2/glite-TORQUE_server.repo][glite-TORQUE_server]], [[http://grid-deployment.web.cern.ch/grid-deployment/glite/repos/3.2/glite-TORQUE_utils.repo][glite-TORQUE_utils]] and [[http://grid-deployment.web.cern.ch/grid-deployment/glite/repos/3.2/lcg-CA.repo][lcg-CA]] yum repos. * Install the following: <verbatim> yum -y install lcg-CA yum -y install xml-commons-apis yum -y --enablerepo=dag install glite-CREAM yum -y install glite-TORQUE_server yum -y install glite-TORQUE_utils </verbatim> * The node is configured with the yaim command =/opt/glite/yaim/bin/yaim -c -s /root/yaim-conf/site-info.def -n creamCE -n glite-TORQUE_server -n glite-TORQUE_utils=. The relevant yaim variables can be found [[https://twiki.cern.ch/twiki/bin/view/LCG/Site-info_configuration_variables][here]]. * After configuring with yaim, the blparser must be configured with the command =/opt/glite/yaim/bin/yaim -r -s /root/yaim-conf/site-info.def -n creamCE -f config_cream_blparser=. The =tomcat5= service should then be restarted. * A full list of ports used by the CreamCE can be found [[http://grid.pd.infn.it/cream/field.php?n=Main.PortsUsedInACREAMCE][here]]. ---+++ lcg-CE ---++ Testing ---+++ Dteam Job Submission ---+++ ATLAS Job Submission ---+++ GLExec Functionality ---+++ Renaming pool accounts -- Main.ChristopherCurtis - 24 Mar 2010
Edit
|
Attach
|
Watch
|
P
rint version
|
H
istory
:
r7
|
r5
<
r4
<
r3
<
r2
|
B
acklinks
|
V
iew topic
|
Raw edit
|
More topic actions...
Topic revision: r3 - 25 Mar 2010
-
_47C_61UK_47O_61eScience_47OU_61Birmingham_47L_61ParticlePhysics_47CN_61christopher_32curtis
?
Computing
Log In
Computing Web
Create New Topic
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
Webs
ALICE
ATLAS
BILPA
CALICE
Computing
General
LHCb
LinearCollider
Main
NA62
Publish
Sandbox
TWiki
Welcome
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki?
Send feedback