Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "HOWTO03 Site Certification GIIS Check"

From EGIWiki
Jump to navigation Jump to search
Line 29: Line 29:


  '''''$ ldapsearch -x -LLL -H ldap://sibilla.cnaf.infn.it:2170 -b mds-vo-name=INFN-CNAF,o=grid 'objectClass=GlueSite' GlueSiteName GlueSiteUserSupportContact GlueSiteSysAdminContact GlueSiteSecurityContact GlueSiteOtherInfo'''''
  '''''$ ldapsearch -x -LLL -H ldap://sibilla.cnaf.infn.it:2170 -b mds-vo-name=INFN-CNAF,o=grid 'objectClass=GlueSite' GlueSiteName GlueSiteUserSupportContact GlueSiteSysAdminContact GlueSiteSecurityContact GlueSiteOtherInfo'''''
   
  <nowiki>
  dn: GlueSiteUniqueID=INFN-CNAF,Mds-Vo-name=INFN-CNAF,o=grid
  dn: GlueSiteUniqueID=INFN-CNAF,Mds-Vo-name=INFN-CNAF,o=grid
  GlueSiteSecurityContact: mailto:grid-sec@cnaf.infn.it
  GlueSiteSecurityContact: mailto:grid-sec@cnaf.infn.it
  GlueSiteSysAdminContact: mailto:sitemanager@cnaf.infn.it
  GlueSiteSysAdminContact: mailto:sitemanager@cnaf.infn.it
  GlueSiteName: INFN-CNAF
  GlueSiteName: INFN-CNAF
  GlueSiteUserSupportContact: mailto:sitemanager@cnaf.infn.it
  GlueSiteUserSupportContact: mailto:sitemanager@cnaf.infn.it</nowiki>
  GlueSiteOtherInfo: CONFIG=yaim
  GlueSiteOtherInfo: CONFIG=yaim
  GlueSiteOtherInfo: EGEE_ROC=Italy
  GlueSiteOtherInfo: EGEE_ROC=Italy
Line 235: Line 235:


  $ ldapsearch -x -LLL -H ldap://sibilla.cnaf.infn.it:2170 -b mds-vo-name=INFN-CNAF,o=grid 'objectClass=GlueService' GlueServiceType GlueServiceEndpoint GlueServiceName
  $ ldapsearch -x -LLL -H ldap://sibilla.cnaf.infn.it:2170 -b mds-vo-name=INFN-CNAF,o=grid 'objectClass=GlueService' GlueServiceType GlueServiceEndpoint GlueServiceName
   
  <nowiki>
  dn: GlueServiceUniqueID=lfcserver.cnaf.infn.it,Mds-Vo-name=INFN-CNAF,o=grid
  dn: GlueServiceUniqueID=lfcserver.cnaf.infn.it,Mds-Vo-name=INFN-CNAF,o=grid
  GlueServiceEndpoint: lfcserver.cnaf.infn.it
  GlueServiceEndpoint: lfcserver.cnaf.infn.it
Line 300: Line 300:
  GlueServiceName: INFN-CNAF-Monitor
  GlueServiceName: INFN-CNAF-Monitor
  GlueServiceType: org.glite.ce.Monitor
  GlueServiceType: org.glite.ce.Monitor
   
  </nowiki>
  dn: GlueServiceUniqueID=top-bdii01.cnaf.infn.it_bdii_top_1813027130,Mds-Vo-name=INFN-CNAF,o=grid
  dn: GlueServiceUniqueID=top-bdii01.cnaf.infn.it_bdii_top_1813027130,Mds-Vo-name=INFN-CNAF,o=grid
  GlueServiceEndpoint: ldap://egee-bdii.cnaf.infn.it:2170/mds-vo-name=local,o=grid
  GlueServiceEndpoint: ldap://egee-bdii.cnaf.infn.it:2170/mds-vo-name=local,o=grid

Revision as of 12:14, 16 December 2010

How to test a site before putting it into production grid (part 1)

Be sure that its GIIS url is contained in the BDII you use for certification

Check the consistency of the published information

the main branches of the ldap tree are:

  • GlueSiteUniqueID
  • GlueSubClusterUniqueID
  • GlueCEUniqueID
  • GlueCESEBind
  • GlueSEUniqueID
  • GlueServiceUniqueID

Use a browser ldap in order to make easy your work. Anyway, it is shown in this wiki an example ldapsearch command with which check the several information

Under the branch GlueSiteUniqueID check the values of the following parameters:

  • GlueSiteName
  • GlueSiteUserSupportContact
  • GlueSiteSysAdminContact
  • GlueSiteSecurityContact
  • GlueSiteOtherInfo


EXAMPLE:

$ ldapsearch -x -LLL -H ldap://sibilla.cnaf.infn.it:2170 -b mds-vo-name=INFN-CNAF,o=grid 'objectClass=GlueSite' GlueSiteName GlueSiteUserSupportContact GlueSiteSysAdminContact GlueSiteSecurityContact GlueSiteOtherInfo

 dn: GlueSiteUniqueID=INFN-CNAF,Mds-Vo-name=INFN-CNAF,o=grid
 GlueSiteSecurityContact: mailto:grid-sec@cnaf.infn.it
 GlueSiteSysAdminContact: mailto:sitemanager@cnaf.infn.it
 GlueSiteName: INFN-CNAF
 GlueSiteUserSupportContact: mailto:sitemanager@cnaf.infn.it
GlueSiteOtherInfo: CONFIG=yaim
GlueSiteOtherInfo: EGEE_ROC=Italy
GlueSiteOtherInfo: EGEE_SERVICE=prod
GlueSiteOtherInfo: GRID=WLCG
GlueSiteOtherInfo: GRID=EGEE

Under the branch GlueSubClusterUniqueID check the values of the following parameters:

  • Check GlueHostApplicationSoftwareRunTimeEnvironment
    • site name
    • Current version of middleware
    • R-GMA
    • if the site supports mpi jobs, MPICH (ant other related tags)
    • (in case) AFS (and verify WNs mount /afs)
  • GlueHostProcessorOtherDescription (for instance: Cores=2,Benchmark=7.92-HEP-SPEC06 )
  • GlueHostOperatingSystemName (es. ScientificSL)
  • GlueHostOperatingSystemVersion (es. Berillium)
  • GlueHostOperatingSystemRelease (es. 4.5)


EXAMPLE:

$ ldapsearch -x -LLL -H ldap://virgo-ce.roma1.infn.it:2170 -b mds-vo-name=resource,o=grid 'objectClass=GlueSubCluster' GlueHostProcessorOtherDescription

dn: GlueSubClusterUniqueID=virgo-ce.roma1.infn.it,GlueClusterUniqueID=virgo-ce.roma1.infn.it,Mds-Vo-name=resource,o=grid
GlueHostProcessorOtherDescription: Cores=4, Benchmark=7.83-HEP-SPEC06


Under the branch GlueCEUniqueID check the values of the following parameters:

  • GlueCEInfoTotalCPUs: If there is a “0”, you have to worry!!
  • GlueCEStateWaitingJobs: If there is a “44444”, red alarm!!
  • GlueCEInfoLRMSType: pbs or lsf (or sge, …)
  • GlueCEStateStatus: Production or Draining
  • GlueCEAccessControlBaseRule: VOs enabled on the queue
  • GlueCECapability


EXAMPLE:

$ ldapsearch -x -LLL -H ldap://virgo-ce.roma1.infn.it:2170 -b mds-vo-name=INFN-ROMA1-VIRGO,o=grid 'objectClass=GlueCE' GlueCEInfoTotalCPUs GlueCEInfoJobManager GlueCEImplementationName 

dn: GlueCEUniqueID=virgo-ce.roma1.infn.it:2119/jobmanager-lcgpbs-theophys,Mds-Vo-name=INFN-ROMA1-VIRGO,o=grid
GlueCEImplementationName: LCG-CE
GlueCEInfoJobManager: lcgpbs
GlueCEInfoTotalCPUs: 8

dn: GlueCEUniqueID=virgo-ce.roma1.infn.it:2119/jobmanager-lcgpbs-cert,Mds-Vo-name=INFN-ROMA1-VIRGO,o=grid
GlueCEImplementationName: LCG-CE
GlueCEInfoJobManager: lcgpbs
GlueCEInfoTotalCPUs: 8

dn: GlueCEUniqueID=virgo-ce.roma1.infn.it:2119/jobmanager-lcgpbs-virgoglong,Mds-Vo-name=INFN-ROMA1-VIRGO,o=grid
GlueCEImplementationName: LCG-CE
GlueCEInfoJobManager: lcgpbs
GlueCEInfoTotalCPUs: 8

dn: GlueCEUniqueID=virgo-ce.roma1.infn.it:2119/jobmanager-lcgpbs-argo,Mds-Vo-name=INFN-ROMA1-VIRGO,o=grid
GlueCEImplementationName: LCG-CE
GlueCEInfoJobManager: lcgpbs
GlueCEInfoTotalCPUs: 8

dn: GlueCEUniqueID=virgo-ce.roma1.infn.it:2119/jobmanager-lcgpbs-virgogshort,Mds-Vo-name=INFN-ROMA1-VIRGO,o=grid
GlueCEImplementationName: LCG-CE
GlueCEInfoJobManager: lcgpbs
GlueCEInfoTotalCPUs: 8


EXAMPLE:

$ ldapsearch -x -LLL -H ldap://cmsrm-bdii.roma1.infn.it:2170 -b mds-vo-name=INFN-ROMA1-CMS,o=grid 'objectclass=GlueCE' GlueCECapability

dn: GlueCEUniqueID=cmsrm-ce01.roma1.infn.it:2119/jobmanager-lcglsf-cmsgcert,Mds-Vo-name=INFN-ROMA1-CMS,o=grid
GlueCECapability: CPUScalingReferenceSI00=1515
GlueCECapability: Share=cms:100

dn: GlueCEUniqueID=cmsrm-ce01.roma1.infn.it:2119/jobmanager-lcglsf-cmsglong,Mds-Vo-name=INFN-ROMA1-CMS,o=grid
GlueCECapability: CPUScalingReferenceSI00=1515
GlueCECapability: Share=cms:100

dn: GlueCEUniqueID=cmsrm-ce01.roma1.infn.it:2119/jobmanager-lcglsf-cmsgshort,Mds-Vo-name=INFN-ROMA1-CMS,o=grid
GlueCECapability: CPUScalingReferenceSI00=1515
GlueCECapability: Share=cms:100

dn: GlueCEUniqueID=cmsrm-ce02.roma1.infn.it:2119/jobmanager-lcglsf-cmsglong,Mds-Vo-name=INFN-ROMA1-CMS,o=grid
GlueCECapability: CPUScalingReferenceSI00=1515
GlueCECapability: Share=cms:100

dn: GlueCEUniqueID=cmsrm-ce02.roma1.infn.it:2119/jobmanager-lcglsf-cmsgcert,Mds-Vo-name=INFN-ROMA1-CMS,o=grid
GlueCECapability: CPUScalingReferenceSI00=1515
GlueCECapability: Share=cms:100

dn: GlueCEUniqueID=cmsrm-ce02.roma1.infn.it:2119/jobmanager-lcglsf-cmsgshort,Mds-Vo-name=INFN-ROMA1-CMS,o=grid
GlueCECapability: CPUScalingReferenceSI00=1515
GlueCECapability: Share=cms:100


For each SE, on the CEs the following parameters have to be present:

  • GlueCESEBindSEUniqueID
    • GlueCESEBindCEAccesspoint and GlueCESEBindMountInfo

EXAMPLE:

$ ldapsearch -x -LLL -H ldap://cremino.cnaf.infn.it:2170 -b mds-vo-name=resource,o=grid 'objectClass=GlueCESEBind' GlueCESEBindSEUniqueID GlueCESEBindCEUniqueID GlueCESEBindMountInfo
 
dn: GlueCESEBindSEUniqueID=sunstorm.cnaf.infn.it,GlueCESEBindGroupCEUniqueID=cremino.cnaf.infn.it:8443/cream-pbs-cert,Mds-Vo-name=resource,o=grid
GlueCESEBindSEUniqueID: sunstorm.cnaf.infn.it
GlueCESEBindMountInfo: n.a
GlueCESEBindCEUniqueID: cremino.cnaf.infn.it:8443/cream-pbs-cert

dn: GlueCESEBindSEUniqueID=sunstorm.cnaf.infn.it,GlueCESEBindGroupCEUniqueID=cremino.cnaf.infn.it:8443/cream-pbs-prod,Mds-Vo-name=resource,o=grid
GlueCESEBindSEUniqueID: sunstorm.cnaf.infn.it
GlueCESEBindMountInfo: n.a
GlueCESEBindCEUniqueID: cremino.cnaf.infn.it:8443/cream-pbs-prod


Under the branch GlueSEUniqueID check the values of the following parameters:

  • GlueSALocalID: VO information
  • GlueSEAccessProtocolLocalID: rfio, srm_v1, srm_v2, classic, gsiftp, gsidcap
  • GlueSEImplementationName (deprecated)
  • GlueSEArchitecture
  • GlueSAStateUsedSpace
  • GlueSAStateAvailableSpace
  • GlueSACapability


EXAMPLE:

$ ldapsearch -x -LLL -H ldap://grid-se.pv.infn.it:2170 -b mds-vo-name=resource,o=grid 'objectclass=GlueSE'
dn: GlueSEUniqueID=grid-se.pv.infn.it,Mds-Vo-name=resource,o=grid
GlueSEImplementationVersion: 1.7.4
GlueSETotalOnlineSize: 8795
GlueSEStatus: Production
objectClass: GlueTop
objectClass: GlueSE
objectClass: GlueKey
objectClass: GlueSchemaVersion
GlueSETotalNearlineSize: 0
GlueSEArchitecture: multidisk
GlueSESizeTotal: 8795
GlueSESizeFree: 5458
GlueSEName: INFN-PAVIA DPM server
GlueSchemaVersionMinor: 3
GlueSEUsedNearlineSize: 0
GlueForeignKey: GlueSiteUniqueID=INFN-PAVIA
GlueSEUsedOnlineSize: 3336
GlueSchemaVersionMajor: 1
GlueSEImplementationName: DPM
GlueSEUniqueID: grid-se.pv.infn.it


$ ldapsearch -x -LLL -H ldap://grid-se.pv.infn.it:2170 -b mds-vo-name=resource,o=grid 'objectclass=GlueSA' GlueSAAccessControlBaseRule GlueSACapability

dn: GlueSALocalID=storage:replica:online,GlueSEUniqueID=grid-se.pv.infn.it,Mds-Vo-name=resource,o=grid
GlueSAAccessControlBaseRule: VO:atlas
GlueSAAccessControlBaseRule: VO:dteam
GlueSAAccessControlBaseRule: VO:infngrid
GlueSAAccessControlBaseRule: VO:ops
GlueSACapability: InstalledOnlineCapacity=8258
GlueSACapability: InstalledNearlineCapacity=0

dn: GlueSALocalID=ATLASHOTDISK:SR:replica:online,GlueSEUniqueID=grid-se.pv.infn.it,Mds-Vo-name=resource,o=grid
GlueSAAccessControlBaseRule: VOMS:/atlas/Role=production
GlueSACapability: InstalledOnlineCapacity=536
GlueSACapability: InstalledNearlineCapacity=0


$ ldapsearch -x -LLL -H ldap://grid-se.pv.infn.it:2170 -b mds-vo-name=resource,o=grid '(&(objectclass=GlueSA)(GlueSALocalID=storage:replica:online))' GlueSAReservedNearlineSize GlueSAFreeNearlineSize GlueSATotalNearlineSize GlueSAUsedNearlineSize GlueSACapability GlueSATotalOnlineSize GlueSAFreeOnlineSize GlueSAReservedOnlineSize GlueSAStateAvailableSpace GlueSAUsedOnlineSize GlueSAStateUsedSpace

dn: GlueSALocalID=storage:replica:online,GlueSEUniqueID=grid-se.pv.infn.it,Mds-Vo-name=resource,o=grid
GlueSATotalNearlineSize: 0
GlueSAFreeOnlineSize: 4921
GlueSAUsedNearlineSize: 0
GlueSAFreeNearlineSize: 0
GlueSAReservedNearlineSize: 0
GlueSAStateAvailableSpace: 4921376492
GlueSAReservedOnlineSize: 0
GlueSAUsedOnlineSize: 3336
GlueSAStateUsedSpace: 3336991982
GlueSATotalOnlineSize: 8258
GlueSACapability: InstalledOnlineCapacity=8258
GlueSACapability: InstalledNearlineCapacity=0


there is a branch GlueServiceUniqueID for each service published by the site (WMS, LFC, DPM, GRIDICE, LB, MYPROXY, BDII,…): what discriminate the services are the values of GlueServiceType, ex:

  • lcg-file-catalog
  • org.glite.wms.WMProxy
  • org.glite.lb.Server
  • srm_v1, SRM


EXAMPLE:

$ ldapsearch -x -LLL -H ldap://sibilla.cnaf.infn.it:2170 -b mds-vo-name=INFN-CNAF,o=grid 'objectClass=GlueService' GlueServiceType GlueServiceEndpoint GlueServiceName

 dn: GlueServiceUniqueID=lfcserver.cnaf.infn.it,Mds-Vo-name=INFN-CNAF,o=grid
 GlueServiceEndpoint: lfcserver.cnaf.infn.it
 GlueServiceName: INFN-CNAF-lfc
 GlueServiceType: lcg-file-catalog
 
 dn: GlueServiceUniqueID=local-lfcserver.cnaf.infn.it,Mds-Vo-name=INFN-CNAF,o=grid
 GlueServiceEndpoint: lfcserver.cnaf.infn.it
 GlueServiceName: INFN-CNAF-lfc
 GlueServiceType: lcg-local-file-catalog
 
 dn: GlueServiceUniqueID=http://lfcserver.cnaf.infn.it:8085/,Mds-Vo-name=INFN-CNAF,o=grid
 GlueServiceEndpoint: http://lfcserver.cnaf.infn.it:8085/
 GlueServiceName: INFN-CNAF-lfc-dli
 GlueServiceType: data-location-interface
 
 dn: GlueServiceUniqueID=myproxy.cnaf.infn.it_MyProxy_4027652676,Mds-Vo-name=INFN-CNAF,o=grid
 GlueServiceEndpoint: myproxy://myproxy.cnaf.infn.it:7512/
 GlueServiceName: INFN-CNAF-MyProxy
 GlueServiceType: MyProxy
 
 dn: GlueServiceUniqueID=sibilla.cnaf.infn.it_bdii_site_3877936872,Mds-Vo-name=INFN-CNAF,o=grid
 GlueServiceEndpoint: ldap://sibilla.cnaf.infn.it:2170/mds-vo-name=INFN-CNAF,o=grid
 GlueServiceName: INFN-CNAF-bdii_site
 GlueServiceType: bdii_site
 
 dn: GlueServiceUniqueID=local-http://lfcserver.cnaf.infn.it:8085/,Mds-Vo-name=INFN-CNAF,o=grid
 GlueServiceEndpoint: http://lfcserver.cnaf.infn.it:8085/
 GlueServiceName: INFN-CNAF-lfc-dli
 GlueServiceType: local-data-location-interface
 
 dn: GlueServiceUniqueID=mon-it.cnaf.infn.it_Regional-NAGIOS_2937827985,Mds-Vo-name=INFN-CNAF,o=grid
 GlueServiceEndpoint: https://mon-it.cnaf.infn.it:443/nagios
 GlueServiceName: INFN-CNAF-Regional-NAGIOS
 GlueServiceType: Regional-NAGIOS
 
 dn: GlueServiceUniqueID=httpg://sunstorm.cnaf.infn.it:8444/srm/managerv2,Mds-Vo-name=INFN-CNAF,o=grid
 GlueServiceEndpoint: httpg://sunstorm.cnaf.infn.it:8444/srm/managerv2
 GlueServiceName: INFN-CNAF-SRM
 GlueServiceType: SRM
 
 dn: GlueServiceUniqueID=albalonga.cnaf.infn.it_org.glite.lb.server_889826742,Mds-Vo-name=INFN-CNAF,o=grid
 GlueServiceEndpoint: https://albalonga.cnaf.infn.it:9003/
 GlueServiceName: INFN-CNAF-server
 GlueServiceType: org.glite.lb.server
 
 dn: GlueServiceUniqueID=gridit-ce-001.cnaf.infn.it_org.edg.gatekeeper_715226072,Mds-Vo-name=INFN-CNAF,o=grid
 GlueServiceEndpoint: gram://gridit-ce-001.cnaf.infn.it:2119/
 GlueServiceName: INFN-CNAF-gatekeeper
 GlueServiceType: org.edg.gatekeeper
 
 dn: GlueServiceUniqueID=egee-wms-01.cnaf.infn.it_org.glite.wms.WMProxy_2200630265,Mds-Vo-name=INFN-CNAF,o=grid
 GlueServiceEndpoint: https://egee-wms-01.cnaf.infn.it:7443/glite_wms_wmproxy_server
 GlueServiceName: INFN-CNAF-WMProxy
 GlueServiceType: org.glite.wms.WMProxy
 
 dn: GlueServiceUniqueID=cremino.cnaf.infn.it_org.glite.ce.CREAM_860197007,Mds-Vo-name=INFN-CNAF,o=grid
 GlueServiceEndpoint: https://cremino.cnaf.infn.it:8443/ce-cream/services
 GlueServiceName: INFN-CNAF-CREAM
 GlueServiceType: org.glite.ce.CREAM
 
 dn: GlueServiceUniqueID=cremino.cnaf.infn.it_org.glite.ce.Monitor_2670664997,Mds-Vo-name=INFN-CNAF,o=grid
 GlueServiceEndpoint: https://cremino.cnaf.infn.it:8443/ce-monitor/services/CEMonitor
 GlueServiceName: INFN-CNAF-Monitor
 GlueServiceType: org.glite.ce.Monitor
 
dn: GlueServiceUniqueID=top-bdii01.cnaf.infn.it_bdii_top_1813027130,Mds-Vo-name=INFN-CNAF,o=grid
GlueServiceEndpoint: ldap://egee-bdii.cnaf.infn.it:2170/mds-vo-name=local,o=grid
GlueServiceName: INFN-CNAF-bdii_top
GlueServiceType: bdii_top
[...]

Go to SiteCertMan/Grid_manual_tests

Back to SiteCertMan#Site_certification_procedure

Revision history

Version Authors Date Comments
1.0 Alessandro Paolini 2010-12-15 first draft