GOCDB/Input System User Documentation

From EGIWiki
< GOCDB
Revision as of 14:53, 24 August 2010 by Gmathieu (talk | contribs) (Created page with '= Introduction = This user documentation is about the GOCDB4 Input System, which is either: * The regionally deployed instance of GOCDB, containing local information * The centr…')
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Contents

Introduction

This user documentation is about the GOCDB4 Input System, which is either:

  • The regionally deployed instance of GOCDB, containing local information
  • The centrally hosted instance that allows users of non regionalised NGIs to update their information

For GOCDB4 Visualisation portal please browse GOCDB Visualisation Portal User Documentation

This documentation is meant to be useful and accurate. If you think it is not, please send us any improvement suggestions through our Savannah support tracker


GOCDB version supported in this documentation: 4.0 (August 2010)


Quick Orientation guide

GOCDB access

To access GOCDB web interface (known as GOC portal), you need an X509 digital certificate installed in your browser (Any user certificate generated by an LCG-recognised CA will work).

* Obtain a X509 digital certificate
* Enter GOC portal at https://goc.gridops.org

You can access GOCDB as soon as you have a recognised X509 certificate, but some of the information is only available if you register. Additionally, if you are involved in EGEE or WLCG you may apply for a role that will allow you to retrieve specific information and eventually update it. More information about roles and associated permission is available in the "Users and roles" section.

All roles applications need to be validated by parent roles or administrators. Once this is done, you can access/modify relevant information according to the role you have been granted. You can learn more on roles and user accounts by reading the "Users and roles" section of this documentation.

* Register - Create a user account
* Apply for a role in GOCDB

How is the information organised?

Most of the information stored in GOCDB can be organised into 7 main groups:

* Sites and related information
* Nodes and related information
* Services types
* Users and related information
* Downtimes and related information
* Grid topology and groups 
* Site/project security information

The GOC portal links this information together and provides lists, summaries and snapshots of information (e.g. site administrators details for a given site, list of downtimes per region, etc.)

Other documentation and help

If you want (or need) to know more about GOCDB, here are the actions you can follow:

* browse GOCDB public homepage
* Read this user documentation carefuly
* [:GOCDB Technical Documentation:View GOCDB technical documentation]
* Go to GOC portal and try out by yourself
* Contact GOCDB support helpdesk

BR



Users and roles

Understanding and manipulating user accounts

Registering a new user account

Any new users that wish a GOCDB account have to follow this procedure. Already registered users cannot add other users.

Having a grid certificate installed in your browser is enough to have read-only access to all the public features of GOCDB. If you need to edit data in GOCDB, or if you wish to register for alerts, you will need to fill in the registration form. The registration process is straightforward. The form will attempt to fill in your name and email address (if present) based on your certificate DN. Once you have filled in your details, click "Register".

Please note the timezone setting. This defaults to UTC. In order to have GOCDB convert all times into your local timezone, please change this option. If you pick a city-based timezone (e.g. Europe/Paris), the system will automatically add and remove daylight savings time.

* fill in the registration form (New users only - this link will not work if you already have an account in GOCDB)

Editing your user account

The editing process is the same as the registration process. To edit your use account, simply click "Edit your account details" link in the "my Status" panel on the sidebar.

Note: if you need to update your certificate DN because your certificate has been renewed, please follow the steps described in the Changing your certificate DN section below.

Viewing users

Each user account has its own user details page which is accessible to anyone. However, in order to view the user's contact details, you must have the correct security permission.

There is currently no facility for listing all users in the database. List of users that have a role on a given site appears on site details pages (see section about sites). It is also possible to search for a user's account using the search page.

Deactivating a user account

Obsolete user accounts must be deactivated. There is currently no mean to do this directly through the web interface. For any deregistration, pleaseContact GOCDB support helpdesk

Understanding and manipulating roles

Roles definition

Registered users with a user account will need at least one role in order to perform any useful tasks. Main roles available in GOCDB are:

* __At site level__
 * Site Administrator - person responsible of maintaining a grid site and associated information in GOCDB
 * Security officer - official security contact point at site/region level
* __At regional level__
 * Regional (ROC) Manager and deputy Regional (ROC) manager - people that officially carry on ROC/federation management
 * Regional (ROC) staff - staff involved in ROC activities such as user/operations support
 * Regional (ROC) First Line Supporter - staff doing 1st line support as defined in EGEE operations procedure manual
 * Country representative - The equivalent of ROC manager down to country level (used in multi-countries federations)
* __At project level__
 * CIC staff - staff doing CIC-on-duty (COD) work as defined in EGEE operations procedure manual
 * C-COD staff - Central-COD staff, as defined in EGEE-III new operational model
 * C-COD administrator - People administrating Central COD roles

Permissions associated to roles

Each role has a set of associated permissions which apply on the role's scope (site, country, region or project). Main permissions are summarised in the table below ||<tablewidth="90%" tableheight="839px"style="vertical-align: top;"> ||<style="vertical-align: top;">Site admin ||<style="vertical-align: top;">Security Officer ||<style="vertical-align: top;">ROC manager ||<style="vertical-align: top;">Deputy ROC manager ||<style="vertical-align: top;">ROC Staff ||<style="vertical-align: top;">ROC 1st line supporter ||<style="vertical-align: top;">Country rep ||<style="vertical-align: top;">CIC staff ||<style="vertical-align: top;">C-COD staff ||<style="vertical-align: top;">C-COD admin || ||Edit other user accounts ||<bgcolor="#99ff99" style="text-align: center;">'X ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<style="text-align: center;">' ||<style="text-align: center;">' || ||Approve users ||<bgcolor="#99ff99" style="text-align: center;">'X ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X || ||Deactivate/reactivate users ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<style="text-align: center;">' ||<style="text-align: center;">' || ||Add new sites ||<style="text-align: center;">' ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">'X ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<style="text-align: center;">' ||<style="text-align: center;">' || ||Edit site information ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<style="text-align: center;">' ||<style="text-align: center;">' || ||Deactivate/reactivate sites ||<style="text-align: center;">' ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">'X ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<style="text-align: center;">' ||<style="text-align: center;">' || ||View site security information ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<style="text-align: center;">' ||<style="text-align: center;">' || ||Edit site status ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' || ||Add new nodes ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<style="text-align: center;">' ||<style="text-align: center;">' || ||Edit node information ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<style="text-align: center;">' ||<style="text-align: center;">' || ||Deactivate/reactivate nodes ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<style="text-align: center;">' ||<style="text-align: center;">' || ||Add new downtimes ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' || ||Edit downtime information ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' || ||Manipulate paths (eg add subgroups) ||<style="text-align: center;">' ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">'X ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<style="text-align: center;">' ||<style="text-align: center;">' || ||Change monitoring status ||<bgcolor="#99ff99" style="text-align: center;">'X ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' || ||View user security information ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<style="text-align: center;">' ||<style="text-align: center;">' || ||Edit user security information ||<bgcolor="#99ff99" style="text-align: center;">'X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<style="text-align: center;">' ||<style="text-align: center;">' || ||Edit site security information ||<bgcolor="#99ff99" style="text-align: center;">'X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<style="text-align: center;">' ||<style="text-align: center;">' || ||Approve user roles ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<style="text-align: center;">' ||<style="text-align: center;">' || ||Add new resource groupings ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<style="text-align: center;">' ||<style="text-align: center;">' || ||Edit resource groupings ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<style="text-align: center;">' ||<style="text-align: center;">' ||<style="text-align: center;">' ||


Requesting roles for your account

A role request page, allows you to request a role. The process is simple. First, select the role you wish to be granted, then select the target of the role (e.g. your home site, or a ROC). Your role request will be approved by someone having the proper rights to do so (see below).

* go to the role request page

Approving/revoking accounts, roles and other actions

Changing your certificate DN

If you change your certificate, it is possible that the certificate's distinguished name (DN) has also changed. This is what GOCDB uses to identify your user account. When you enter GOCDB with your new certificate, it will be as if you have no user account. To change your certificate DN, click the "Request certificate DN change" link in the user info box.

You will need to enter your OLD certificate DN and your email address as registered in GOCDB. If you supplied a correct DN and email address, the system will email you a confirmation code to ensure that you are the owner of the account. Simply follow the link in the email to confirm your DN change request. Once you have confirmed your request, an administrator must approve the change.

If for any reason you were unable to complete these steps (e.g. mail confirmations problems) please do not register a new user account, but contact the GOCDB support helpdesk instead (address at the end of this documentation) with your old and new certificate DNs.

Approving role and change requests

When a registered user applies for a role, the request has to be validated by someone who has the proper permissions to grant such a role.The next tab gives for each "owner" role (rows) the associated grantable roles (columns) ||<tablewidth="90%" tablestyle="text-align: center;">Owner \ granted ||Site admin ||Security Officer ||ROC manager ||Deputy ROC manager ||ROC staff ||ROC 1st line supporter ||Country representative ||CIC staff ||C-COD staff ||C-COD admin || ||Site admin ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X || || || || || || || || || ||Security Officer || ||<bgcolor="#99ff99" style="text-align: center;">X || || || || || || || || || ||ROC manager ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X || || || || ||Deputy ROC manager ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X || ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X || || || || || ||ROC staff || || || || ||<bgcolor="#99ff99" style="text-align: center;">X || || || || || || ||Country representative ||<bgcolor="#99ff99" style="text-align: center;">X || || || || || ||<bgcolor="#99ff99" style="text-align: center;">X || || || || ||CIC staff || || || || || || || ||<bgcolor="#99ff99" style="text-align: center;">X || || || ||C-COD admin || || || || || || || || ||<bgcolor="#99ff99" style="text-align: center;">X ||<bgcolor="#99ff99" style="text-align: center;">X ||


If a user within your scope has requested a role, you will see a message in the "my status" panel of the sidebar.

In order to approve or decline role requests, simply click on the link and you will be presented with a table of roles to approve. For each role, you may either approve it, decline it or take no action. Note that you will be prompted to approve the user's account if it is new. Once you are satisfied with your choices, click the submit button to make the changes.

Approving certificate DN changes

If a user within your scope has requested a certificate DN change, you will see a message in your user info box. You can approve or reject DN change requests in a similar manner to roles.

Revoking roles

If a user within your scope has a role that needs to be revoked, you can do this from the user's page, where user's details are listed along with his/her current roles. To revoke a role, simply click on the user icon with a red cross in front of the role description. The interface asks for confirmation before actually revoking the role. This works for other users within your scope but also for yourself. However just note that if you revoke your own roles you may not have proper permissions to recover them afterwards.

BR



Sites

Definition

A site is a physical location (such as CERN or IN2P3) containing grid resources. GOCDB stores the following information about sites (non exhaustive list):

* A unique site ID
* A unique (short) site name
* An official (long) site name
* A domain name for the site
* The home web URL of the site
* A contact email address and telephone number
* A security contact email address and telephone number
* The hours of operation
* The site timezone
* The site's GIIS URL
* The tier of the site
* Whether or not the site is a primary site
* A description of the site
* The site's latitude and longitude
* The country in which the site is located
* The firewall IP address
* The ID of the user who created the site, and the creation date

Manipulating sites

Viewing sites

A site listing page shows a listing of all the sites in the database, with controls to page through the listing. The table headers can be clicked to set the ordering (ascending or descending). The following controls are provided for each site (some actions may not be active depending on your permissions on that given site):

* View the site's information page
* Edit site information
* Delete the site
* Add downtime
* Add node

Each site also has its own listing page. By clicking the link to view a site, you can see all of the site's information (please note that if you do not have permission to view security information, the site's security contact details wil be hidden from you).

* View sites listing page

Adding a site

The first stage is to select a parent group. This can be a grid or a ROC (for more about group types, see the groups section of this documentation). The second stage is to enter information about the site. If you missed out any required information, you will be taken back to the form. The missing fields will be highlighted in red.

Note: You may not have permission to add a site, depending on your role(s) in GOCDB (only ROC managers, deputy ROC managers and Country representative can). If you just registered as site admin and want your new site to be registered in GOCDB, please contact your ROC or country representative.

* go to the "add a new site" form

Editing site information

The editing process is almost the same as the adding process, except that the parent group does not have to be selected. To edit a site, simply click the "edit site" link in its listing page.

Removing a site

to de-activate a site you have permissions on, simply clic on the "delete" (trash bin) icon in front of the site from the sites listing pages. The interface asks for confirmation before de-activating the site. Note that site entry is not physically removed but simply de-activated. This is for history purpose.

Before deactivating a site, it is good practice to set its certification status to "closed".


"Good practices" and further understanding

Certification statuses

For each site, GOCDB stores and shows information about its certification status. This reflects the different steps of the official SA1 site certification procedure. The different possible certification statuses are:

* Candidate: the site has just been added to GOCDB and information is still not complete.
* Uncertified: site information has been validated by the ROC
* Certified: ROC has verified that the site has all middleware installed, passes the tests and appears stable.
* Suspended: Site does temporarily not conform to EGEE production requirements (e.g. EGEE SLAs, security matters) and requires NGI/ROC attention.
* Closed: Site is definitely no longer operated by EGEE and is only shown for history reasons.

Clarifications:

* The uncertified status would generally be an information that a site is ready to start certification procedure (again). "uncertified" can also be used as a timewise unlimited state for sites having to keep an old version of the middleware for the absolute needs of an important international VO or to flag a site coping with NGIs/ROCs requirements but not with EGI/EGEE availability/reliability thresholds. 
* Suspended is always having a temporary meaning. It is used to flag a site temporarily not coping with with EGI/EGEE availability/reliability thresholds and which should be closed or uncertified by its NGI/ROC within 4 months. When being suspended, sites can express that they want to pass certification again. The suspened status is useful to EGI/EGEE and to the NGIs/ROCs themselves to flag the sites that require attention by the NGIs/ROCs. 
* The closed status should be the terminal one. Suspended is not a terminal state. 

The following site state transitions are allowed:

* suspended -> uncertified -> certified
* certified -> suspended -> closed
* certified -> closed (on site request) 

The following transitions are explictely forbidden:

* suspended -> certified
* candidate -> something else but uncertified and closed
* closed -> anything else 

Going with the definition of the suspended status, NGI/ROC managers have to regularly give their attention to all their suspended sites, so that they are processed within the given maximum time of four months. Sites being in suspended should either be set to closed or brought back in production via the uncertified status.

More information about site certification statuses can be found in SA1 certification and operation procedures documents:

* View site certification procedure on SA1 website
* View EGEE SA1 operational procedures manual

Monitored or not monitored?

Monitoring status of grid resources is now handled at node level, using the following rules:

* All production resources have to be monitored.
* All other resources can be monitored or not following site administrators' choice.

Consequently, monitoring status at site level is no longer relevant. For more details, please read the Production status and monitoring paragraph in the nodes section of this documentation.

. BR


Nodes

Definition

A node is a computer running some type of grid software. GOCDB stores the following information about nodes:

* A unique node ID
* The fully qualified hostname of the node
* The IP address of the node
* The node's host certificate DN
* A description of the node
* Whether or not the node is a core node(see below)
* A list of services running on the node

Manipulating nodes

Viewing nodes

There are different pages in GOCDB where nodes are listed:

* A full node listing page, that shows a listing of all the nodes in the database, with controls to page through the listing. The table headers can be clicked to set the ordering (ascending or descending).
* Site details page, where all the nodes belonging to this site are listed

Anywhere nodes are listed, the following controls are provided:

* View the node's details page
* Edit the node
* Delete (deactivate) the node

Each node also has its own listing page. By clicking the link to view a node, you can see all of the node information, including the services it is running.

* View node listing page

Adding nodes

You may not have permission to add a node, depending on your role(s) in GOCDB.There are two ways of adding nodes in GOCDB:

* from the node listing page, clicking the "add a node" link
* from a site's details page, clicking the "add node to this site" link below the list of nodes already linked to this site

The first stage is to select a parent group. This can be a site or a generic group contained within a site (See the Groups section of this documentation for more information about groups). Please note: If you click the "add node" link on a site's listing page, you will automatically skip this step.

The second stage is to enter information about the node. If you missed out any required information, you will be taken back to the form. The missing fields will be highlighted in red.

* Go to the "add a node" form

Editing node information

The editing process is almost the same as the adding process, except that the parent group does not have to be selected. You can edit a node from the following pages:

* node details page, simply clicking the "edit this node" link
* nodes listing page, clicking the edit icon in front of this node
* site details page of the site this node belongs to, clicking the edit icon in front of this node

Removing a node from a site

to deactivate a node you have permissions on, simply clic on the "delete" (trash bin) icon in front of the node from the sites listing pages. The interface asks for confirmation before deactivating the site.

important notes:

* This action is not a complete node removal: only the link between site and node is removed.
* To avoid caching problems that could result in the node still being monitored for a short period after being removed, you can follow these steps:
 * Set node production status to "non production" (see next section for more details)
 * Set monitoring off for the node
 * Wait for the next scheduled SAM tests and check your node is not in there anymore
 * Deactivate the node

"Good practices" and further understanding

Production status and monitoring

Production status for a node represents the fact that the node delivers a guaranteed production level service to EGEE/WLCG. This is not to be confused with production infrastructure, which shows if the site delivers to EGEE production or pre-production (PPS) infrastructure. Monitoring status of grid resources is handled at node level, using the following rules:

* All production resources have to be monitored.
* All other resources can be monitored or not following site administrators' choice.

it is then possible to change node monitoring status only if these rules allow for it.

Core status of a node

Each node has a flag specifying whether this node is a core node or not. This flag aims to define node criticality in case of downtimes, based on which services are hosted on the node and who supposedly uses them. There are 4 predefined values for this flag:

* Grid: A node is a grid core node if:
 * at least one of the hosted services is used by many sites of various federations
 * the hosted service warranty on the node is assessed for all sites/federations
* Federation: A node is a federation core node if:
 * at least one of the hosted services is only used by sites of your federation
 * the hosted service warranty on the node is assessed for all sites of your federation
* VO: A node is a VO core node if:
 * at least one of the hosted services is used by all VOs
 * the maintenance of hosted service on the node is assessed for all VOs
* No: A node is not a core node if:
 * all hosted services are only available for some specific VOs
 * the hosted service warranty on the node is only assessed for the supported VOs

This configuration is used by CIC portal to build downtime notification targets definition. Any incorrect flag settings can result in some entities not being notified while they should notified, or some other actually being notified while they shouldn't.

BR



Downtimes

Definition

A downtime is a period of time for which a grid resource is declared to be inoperable. Downtimes may be scheduled (e.g. for software/hardware upgrades), or unscheduled (e.g. power outages). GOCDB stores the following information about downtimes:

* A unique downtime ID
* The downtime classification (Scheduled or unscheduled)
* The severity of the downtime
* The user who entered the downtime
* The date at which the downtime was added to GOCDB
* The start and end of the downtime period
* The start and end date of CIC broadcast reminders (optional)
* A description of the downtime
* The entities affected by the downtime

Manipulating downtimes

Viewing downtimes

The full downtime listing can be accessed from the "Downtime Overview" link in the left-hand menu. By default, it shows a listing of all downtimes affecting entities in your scope only (you can chang this from the page itself in order to view all downtimes). For unregistered users, it defaults to showing all the downtimes in the database. The two different downtime severities are:

* At Risk (Resource will probably be working as normal, but may experience problems or run in a degraded mode)
* Outage (Resource will be completely unavailable)

For more information about downtime severities please view the "AT_RISK or OUTAGE?" section just below.


The time slot shown can be one day, one week or one month (default is: current week). The following controls are provided:

* Move to previous/next time slot
* Decrease/increase time slot size

Each downtime also has its own information page, accessible by either clicking the downtime description or the "view" icon on the downtime line. This page shows all downtime information, including links to the listing pages of each affected entity.

* View downtimes listing page

Adding downtimes

You may not have permission to add a downtime, depending on your role(s) in GOCDB. There are 3 ways of adding downtimes in GOCDB:

* from the main menu on the left, by clicking the "add a downtime" link
* from the downtime listing page, clicking the "add a new downtime" link
* from a site's details page, clicking the "add downtime to this site" link below the list of downtimes already declared for this site

The first stage is to select the affected entities. This can be anything in GOCDB. Please note: If you click the "add downtime" link on a site's listing page, you will automatically skip this step. The next step is to select if you want to declare a downtime for the whole site, or on specific nodes only. Then, you are shown the form to enter downtime details. If you missed out any required information, you will be taken back to the form. The missing fields will be highlighted in red.

* Go to the "add a downtime" form

Editing downtime information

To edit a downtime, simply click the "edit downtime" link in its details pag, or the edit icon in front of the downtime line in downtimes listing pages.

Note there are some limitations to downtime edition, especially if it has already started or is completely finished. See section "downtime extensions" for more details.

Removing downtimes

To delete a downtime, simply click the delete icon in front of downtime listing in any page downtimes are listed, or click the "delete downtime" link from this downtime's details page. For integrity reasons, it is only possible to remove downtimes that have not started.

"Good practices" and further understanding

Scheduled or unscheduled?

depending on the planning of the intervention, downtimes can be:

* Scheduled: planned and agreed in advance
* Unscheduled: planned or unplanned, usually triggered by an unexpected failure or at a short term notice

EGEE defines precise rules about what should be declared as scheduled or unscheduled, based on how long in advance the downtime is declared. These rules are described in https://edms.cern.ch/document/1032984 and are enforced as follows:

   * All downtimes declared less than 24h in advance will be automatically classified as UNSCHEDULED
   * All other downtimes will be classified as SCHEDULED

Notes:

* Unscheduled downtimes can be retroactively declared up to 48h in the past. 
* Although 24h in advance is enough for the downtime to be classified as "scheduled", it is good practice to declare it at least 5 working days before it starts.

AT_RISK or OUTAGE?

When declaring a downtime, you will be presented the choice of a "severity", which can be either AT_RISK or OUTAGE. Please consider the following definitions:

* AT_RISK means the resource is considered available, but the quality of service might be degraded. Such downtimes generate notifications, but are not taken into account by monitoring and availability calculation tools. In case of a service failure during the AT RISK period an OUTAGE downtime has to be declared, cancelling the rest of the AT RISK downtime.
* OUTAGE means the resource is considered as unavailable. Such downtimes will be considered as "IN MAINTENANCE" by monitoring and availability calculation tools.


Downtime notifications

The whole downtime notification process is described on a document available in CERN EDMS:

* View documentation about Scheduled Downtime notification procedure

Downtime shortening and extension

Limition rules to downtime extensions are enforced in GOCDB as follows:

* Once created, downtimes can be shortened but not extended
* If for any reason a downtime already declared needs to be extended, the procedure is to add another adjencent downtime, before or after.
* Any downtime can be shortened to any date which is not in the past.


BR



Services and service types

Definition

Services are elements with the smaller granularity stored in GOCDB, and represent a piece of Grid Software that actually provides a service to the Grid Infrastructure. Recognised service types are:

* CE:  [Site service] The LCG Compute Element. Currently the standard CE within the gLite middleware stack. Soon to be replaced by the CREAM CE. 
* gLite-CE:  [OBSOLETE Site service] The gLite Compute Element is now obsolete and is not supported. Please avoid using this middleware service. 
* ARC-CE:  [Site service] The Compute Element within the ARC middleware stack. 
* CREAM-CE:  [Site service] The CREAM Compute Element is the new CE within the gLite middleware stack. 
* APEL:  [Site service] This is a "dummy" Service Type to enable the monitoring tests for APEL accounting. All EGEE sites must have one instance of this Service Type, associated with a CE. 
* MON:  [Site service] The gLite MonBox hosts the site R-GMA services. 
* Site-BDII:  [Site service] This service collects and publishes site's data for the Information System. All sites MUST install one Site-BDII. 
* Top-BDII:  [Central service] This is the "top-level BDII". These collect data from site-BDIIs and publish the data. Only a few instances per region are required. 
* UI:  [User service]  The User Interface. Can be installed by users but more commonly installed by a site. 
* SRM:  [Site service] Storage Resource Manager. Mandatory for all sites running an SRM enabled storage element. 
* Classic-SE:  [OBSOLETE Site service] The Classic Storage Element is now obsolete and is not supported. Please avoid using this middleware service. 
* Central-LFC:  [Central service] An instance of the gLite file catalogue which holds entries for all files owned by a particular VO. NOTE: An LFC can be both Central and Local. 
* Local-LFC:  [Site service] An instance of the gLite file catalogue which holds entries for files owned by a particular VO, at your site. NOTE: An LFC can be both Central and Local. 
* WMS:  [Central service]  gLite Workload Management Service. Acts as the broker for matching user jobs to available computing resources. 
* RB:  [OBSOLETE Central service]  The LCG Resource Broker is now obsolete and is not supported. Please avoid using this middleware service. 
* VOMS:  [Central service]  VO Management System. Part of the authentication and authorization system. This service only needs to be installed on the request of a VO. 
* !MyProxy:  [Central service]  The My Proxy service is part of the authentication and authorization system. Often installed by sites installing the WMS service. 
* LB:  [Central service]  gLite Logging and Bookkeeping. Usually installed by sites running a WMS. One LB service can support several WMS instances. 
* AMGA:  [Central service]  gLite metadata catalogue. This service only needs to be installed on the request of a VO. 
* FTM: [Site service]  gLite File Transfer Monitor. Monitors the FTS service at a site. 
* FTS:  [Central service]  The gLite File Transfer Service manages the transfer of files between sites. This service only needs to be installed on the request of a VO. 
* VO-box:  [Site service]  The gLite VO box allows a VO to run their own services at a site. This service only needs to be installed on the request of a VO. 
* RGMA-IC:  [Central service]  This is the Registry for an R-GMA service. There will only ever be a few of these per grid. 
* MSG-Broker: [Central service] A broker for the EGEE central/backbone messaging system.

Manipulating services

Services can be added or removed from a node by editing this node (see how to do this in the "Nodes/manipulating nodes/Editing node information" section of this documentation). Possible service types cannot be added and must be chosen amongst the proposed list.

BR



Groups

A group is a grouping of resources in GOCDB. Anything which logically groups other resources (but is not itself a resource) is a group. GOCDB stores the following information about groups: * A unique group ID

* A group name
* A description of the group
* A group type

Groups must have a group type to identify their purpose. These are the valid group types: * Generic (A generic grouping of resources)

* Grid (The top-level group for a grid, such as EGEE)
* ROC (A Regional Operations Centre)

Currently GOCDB does not support adding/editing/removing groups.

BR



How to and FAQ

I get an "error 12227" message when accessing GOC portal with Mozilla/Firefox

. This happens when no certificate has been uploaded to your browser. Refer to the "Access to GOCDB" section for more information about GOCDB and X509 certificates.

I am responsible for a site that has recently entered EGEE infrastructure. How do I register it?

. Only registered users with an approved appropriate role can add a new site. If you are the site administrator, the first thing to do is to contact your ROC and ask them to add the site for you. Then, register to GOCDB (see the user account section) and ask for a site admin role for your site (see the requesting a role section). Once your role approved, you will be able to edit and change your site information.  

Why is a node monitored even if it is in downtime?

. EGEE monitoring infrastructure, via SAM, takes downtimes into account. If your node/site is in downtime, it will be tested but the results will show "MAINT" as reutrn status. The value of the monitoring flag does not have to be changed when a node enters a maintenance period. This also allows to properly calculate site availability. 

How do I extend a declared schedule downtime?

. Because of EGEE policies it is not possible to extend a downtime. Tecommended good practice for any downtime extension is to declare a new unscheduled downtime, starting just when the frst one finishes. please refere to the downtimes section of this documentation for more information, especially the "downtime extension" paragraph.

'I have declared a downtime "at risk", and it turns out to be an outage. How can I declare this properly?'

. If you have declared the downtime as being at risk and an outage actually happens half way through, you need to update GOCDB to reflect the fact that your site is now down. There is currently no way of doing this by updating the downtime on the fly without having the system considering the whole downtime as being an outage. The best way to proceed is:
 * Modify end date of your "at risk" downtime, so that it ends in a few minutes
 * Enter a new "outage" downtime, starting when the other ends

How do I switch monitoring on/off for my nodes?

. Monitoring status in GOCDB cannot always be switched off. If a node is declared as delivering a production service, rules apply and the node has to be monitored. If you are running a test node and want to switch monitoring off, follow these steps:
 * Go to the node description page, and click the "edit this node" link.
 * Update field "production node", and set this to "no". Validate changes and come back to node details page.
 * Click the "change status link in front of "monitored? yes". You should now be able to switch monitoring off.


Why nobody has approved my role request yet?

. Someone has to approve any request you make, in order to ensure nobody is trying to get inappropriate roles. If yours is not getting approved, this can either be because your request was not legitimate, or most likely because the people that are supposed to do it forgot about it. Please refer to the Roles permissions definitions section of this documentation to determine who should validate your role, and try to get in touch with them. If you are requesting a site admin role, they are likely to be your ROC managers or country representatives. 


Why can't I revoke my own roles?

. It basically depends on which role you have and which role you are trying to revoke. You can only revoke roles that you are also authorized to grant. For example, if you are ROC 1st line supporter, you are not allowed to grant or revoke any role, including your own. You may want to check the "approving roles and change requests" paragraph in the users and roles section of this documentation for more information.

How do I delete my account from GOCDB?

. User deletion is not implemented in GOCDB web interface. If you need to de-register from GOCDB, please contact GOCDB support helpdesk asking for your account deactivation.


I am not an EGEE user but need access to GOCDB backend to retrieve information for my project. What can I do?

. Accessing GOCDB backend through another way than the GOC portal web interface is out of the scope of this documentation. please [:GOCDB Technical Documentation:refer to the technical documentation] instead.


BR



Queries, contact and support

Send suggestions

. Before you make any request, check this is not already integrated to our development plans. Any suggestion, new feature or improvement request should be submitted to our Savannah support tracker. Suggestions will be discussed within GOCDB developers, GOCDB            Advisory Group, or any political body involved before inclusion into development plans.                 These bodies reserve the right to decline unsuitable requests.
* View GOCDB current development plans
* Access GOCDB Savannah support tracker

Report a bug

. First,  check known bugs to see if this has not                 already been reported. If not, please create a new entry in our Savannah bug tracker, trying to be as precise and concise as possible.
* check known bugs
* Submit a bug in GOCDB bug tracker

Get some support

If you can't find what you are looking for in the documentation, as well as for all other enquiries including general questions, temporary problems reports or support requests, you can contact us using the mail below

* Contact GOCDB support helpdesk