Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "HOWTO03 Site Certification GIIS Check"

From EGIWiki
Jump to navigation Jump to search
Line 316: Line 316:
Go to [[SiteCertMan/Grid_manual_tests]]
Go to [[SiteCertMan/Grid_manual_tests]]


Back to Resource Centre registration and certification procedure [https://wiki.egi.eu/wiki/PROC09#Resource Centre certification PROC09]
Back to Resource Centre registration and certification procedure [https://wiki.egi.eu/wiki/PROC09#Resource_Centre_certification PROC09]


= Revision history =
= Revision history =

Revision as of 13:55, 22 June 2011

Main EGI.eu operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security


Documentation menu: Home Manuals Procedures Training Other Contact For: VO managers Administrators


How to test a Resource Centre during certification

Be sure that its GIIS url is contained in the BDII you use for certification

Check the consistency of the published information

These are the main branches of the LDAP tree:

  • GlueSiteUniqueID
  • GlueSubClusterUniqueID
  • GlueCEUniqueID
  • GlueCESEBind
  • GlueSEUniqueID
  • GlueServiceUniqueID

It is recommended to use a LDAP browser, although in this page the ldapsearch queries are shown.

Under the branch GlueSiteUniqueID check the values of the following fields:

  • GlueSiteName
  • GlueSiteUserSupportContact
  • GlueSiteSysAdminContact
  • GlueSiteSecurityContact
  • GlueSiteOtherInfo


EXAMPLE:

$ ldapsearch -x -LLL -H ldap://sibilla.cnaf.infn.it:2170 -b mds-vo-name=INFN-CNAF,o=grid 'objectClass=GlueSite' \
> GlueSiteName GlueSiteUserSupportContact GlueSiteSysAdminContact GlueSiteSecurityContact GlueSiteOtherInfo

dn: GlueSiteUniqueID=INFN-CNAF,Mds-Vo-name=INFN-CNAF,o=grid
GlueSiteSecurityContact: mailto:grid-sec@cnaf.infn.it
GlueSiteSysAdminContact: mailto:sitemanager@cnaf.infn.it
GlueSiteName: INFN-CNAF
GlueSiteUserSupportContact: mailto:sitemanager@cnaf.infn.it
GlueSiteOtherInfo: CONFIG=yaim
GlueSiteOtherInfo: EGEE_ROC=Italy
GlueSiteOtherInfo: EGEE_SERVICE=prod
GlueSiteOtherInfo: GRID=WLCG
GlueSiteOtherInfo: GRID=EGEE

Under the branch GlueSubClusterUniqueID check the values of the following fields:


EXAMPLE:

$ ldapsearch -x -LLL -H ldap://virgo-ce.roma1.infn.it:2170 -b mds-vo-name=resource,o=grid 'objectClass=GlueSubCluster' GlueHostProcessorOtherDescription

dn: GlueSubClusterUniqueID=virgo-ce.roma1.infn.it,GlueClusterUniqueID=virgo-ce.roma1.infn.it,Mds-Vo-name=resource,o=grid
GlueHostProcessorOtherDescription: Cores=4, Benchmark=7.83-HEP-SPEC06


Under the branch GlueCEUniqueID check the values of the following fields:

  • GlueCEInfoTotalCPUs: Check that the value is higher than 0.
  • GlueCEStateWaitingJobs: If there is a “44444”, the information providers are not working properly.
  • GlueCEInfoLRMSType: any supported batch system (sge, pbs, lsf...)
  • GlueCEStateStatus: Production, Draining, Queuing or Closed are accepted values.
  • GlueCEAccessControlBaseRule: VOs enabled on the queue
  • GlueCECapability


EXAMPLE:

$ ldapsearch -x -LLL -H ldap://virgo-ce.roma1.infn.it:2170 -b mds-vo-name=INFN-ROMA1-VIRGO,o=grid 'objectClass=GlueCE' \
> GlueCEInfoTotalCPUs GlueCEInfoJobManager GlueCEImplementationName

dn: GlueCEUniqueID=virgo-ce.roma1.infn.it:2119/jobmanager-lcgpbs-theophys,Mds-Vo-name=INFN-ROMA1-VIRGO,o=grid
GlueCEImplementationName: LCG-CE
GlueCEInfoJobManager: lcgpbs
GlueCEInfoTotalCPUs: 8

dn: GlueCEUniqueID=virgo-ce.roma1.infn.it:2119/jobmanager-lcgpbs-cert,Mds-Vo-name=INFN-ROMA1-VIRGO,o=grid
GlueCEImplementationName: LCG-CE
GlueCEInfoJobManager: lcgpbs
GlueCEInfoTotalCPUs: 8

dn: GlueCEUniqueID=virgo-ce.roma1.infn.it:2119/jobmanager-lcgpbs-virgoglong,Mds-Vo-name=INFN-ROMA1-VIRGO,o=grid
GlueCEImplementationName: LCG-CE
GlueCEInfoJobManager: lcgpbs
GlueCEInfoTotalCPUs: 8

dn: GlueCEUniqueID=virgo-ce.roma1.infn.it:2119/jobmanager-lcgpbs-argo,Mds-Vo-name=INFN-ROMA1-VIRGO,o=grid
GlueCEImplementationName: LCG-CE
GlueCEInfoJobManager: lcgpbs
GlueCEInfoTotalCPUs: 8

dn: GlueCEUniqueID=virgo-ce.roma1.infn.it:2119/jobmanager-lcgpbs-virgogshort,Mds-Vo-name=INFN-ROMA1-VIRGO,o=grid
GlueCEImplementationName: LCG-CE
GlueCEInfoJobManager: lcgpbs
GlueCEInfoTotalCPUs: 8


EXAMPLE:

$ ldapsearch -x -LLL -H ldap://cmsrm-bdii.roma1.infn.it:2170 -b mds-vo-name=INFN-ROMA1-CMS,o=grid 'objectclass=GlueCE' GlueCECapability

dn: GlueCEUniqueID=cmsrm-ce01.roma1.infn.it:2119/jobmanager-lcglsf-cmsgcert,Mds-Vo-name=INFN-ROMA1-CMS,o=grid
GlueCECapability: CPUScalingReferenceSI00=1515
GlueCECapability: Share=cms:100

dn: GlueCEUniqueID=cmsrm-ce01.roma1.infn.it:2119/jobmanager-lcglsf-cmsglong,Mds-Vo-name=INFN-ROMA1-CMS,o=grid
GlueCECapability: CPUScalingReferenceSI00=1515
GlueCECapability: Share=cms:100

dn: GlueCEUniqueID=cmsrm-ce01.roma1.infn.it:2119/jobmanager-lcglsf-cmsgshort,Mds-Vo-name=INFN-ROMA1-CMS,o=grid
GlueCECapability: CPUScalingReferenceSI00=1515
GlueCECapability: Share=cms:100

dn: GlueCEUniqueID=cmsrm-ce02.roma1.infn.it:2119/jobmanager-lcglsf-cmsglong,Mds-Vo-name=INFN-ROMA1-CMS,o=grid
GlueCECapability: CPUScalingReferenceSI00=1515
GlueCECapability: Share=cms:100

dn: GlueCEUniqueID=cmsrm-ce02.roma1.infn.it:2119/jobmanager-lcglsf-cmsgcert,Mds-Vo-name=INFN-ROMA1-CMS,o=grid
GlueCECapability: CPUScalingReferenceSI00=1515
GlueCECapability: Share=cms:100

dn: GlueCEUniqueID=cmsrm-ce02.roma1.infn.it:2119/jobmanager-lcglsf-cmsgshort,Mds-Vo-name=INFN-ROMA1-CMS,o=grid
GlueCECapability: CPUScalingReferenceSI00=1515
GlueCECapability: Share=cms:100


For each SE, on the CEs the following values must be present:

  • GueCESEBindSEUniqueID.
    • GlueCESEBindCEAccesspoint and GlueCESEBindMountInfo.

EXAMPLE:

$ ldapsearch -x -LLL -H ldap://cremino.cnaf.infn.it:2170 -b mds-vo-name=resource,o=grid 'objectClass=GlueCESEBind' \
> GlueCESEBindSEUniqueID GlueCESEBindCEUniqueID GlueCESEBindMountInfo
 
dn: GlueCESEBindSEUniqueID=sunstorm.cnaf.infn.it,GlueCESEBindGroupCEUniqueID=cremino.cnaf.infn.it:8443/cream-pbs-cert,Mds-Vo-name=resource,o=grid
GlueCESEBindSEUniqueID: sunstorm.cnaf.infn.it
GlueCESEBindMountInfo: n.a
GlueCESEBindCEUniqueID: cremino.cnaf.infn.it:8443/cream-pbs-cert

dn: GlueCESEBindSEUniqueID=sunstorm.cnaf.infn.it,GlueCESEBindGroupCEUniqueID=cremino.cnaf.infn.it:8443/cream-pbs-prod,Mds-Vo-name=resource,o=grid
GlueCESEBindSEUniqueID: sunstorm.cnaf.infn.it
GlueCESEBindMountInfo: n.a
GlueCESEBindCEUniqueID: cremino.cnaf.infn.it:8443/cream-pbs-prod


Under the branch GlueSEUniqueID check the values of the following fields:

  • GlueSALocalID: VO information
  • GlueSEAccessProtocolLocalID : rfio, srm_v2, gsiftp, gsidcap
  • GlueSEImplementationName (deprecated)
  • GlueSEArchitecture
  • GlueSAStateUsedSpace
  • GlueSAStateAvailableSpace
  • GlueSACapability


EXAMPLE:

$ ldapsearch -x -LLL -H ldap://grid-se.pv.infn.it:2170 -b mds-vo-name=resource,o=grid 'objectclass=GlueSE'

dn: GlueSEUniqueID=grid-se.pv.infn.it,Mds-Vo-name=resource,o=grid
GlueSEImplementationVersion: 1.7.4
GlueSETotalOnlineSize: 8795
GlueSEStatus: Production
objectClass: GlueTop
objectClass: GlueSE
objectClass: GlueKey
objectClass: GlueSchemaVersion
GlueSETotalNearlineSize: 0
GlueSEArchitecture: multidisk
GlueSESizeTotal: 8795
GlueSESizeFree: 5458
GlueSEName: INFN-PAVIA DPM server
GlueSchemaVersionMinor: 3
GlueSEUsedNearlineSize: 0
GlueForeignKey: GlueSiteUniqueID=INFN-PAVIA
GlueSEUsedOnlineSize: 3336
GlueSchemaVersionMajor: 1
GlueSEImplementationName: DPM
GlueSEUniqueID: grid-se.pv.infn.it


$ ldapsearch -x -LLL -H ldap://grid-se.pv.infn.it:2170 -b mds-vo-name=resource,o=grid 'objectclass=GlueSA' \
> GlueSAAccessControlBaseRule GlueSACapability

dn: GlueSALocalID=storage:replica:online,GlueSEUniqueID=grid-se.pv.infn.it,Mds-Vo-name=resource,o=grid
GlueSAAccessControlBaseRule: VO:atlas
GlueSAAccessControlBaseRule: VO:dteam
GlueSAAccessControlBaseRule: VO:infngrid
GlueSAAccessControlBaseRule: VO:ops
GlueSACapability: InstalledOnlineCapacity=8258
GlueSACapability: InstalledNearlineCapacity=0

dn: GlueSALocalID=ATLASHOTDISK:SR:replica:online,GlueSEUniqueID=grid-se.pv.infn.it,Mds-Vo-name=resource,o=grid
GlueSAAccessControlBaseRule: VOMS:/atlas/Role=production
GlueSACapability: InstalledOnlineCapacity=536
GlueSACapability: InstalledNearlineCapacity=0


$ ldapsearch -x -LLL -H ldap://grid-se.pv.infn.it:2170 -b mds-vo-name=resource,o=grid '(&(objectclass=GlueSA)(GlueSALocalID=storage:replica:online))' \
> GlueSAReservedNearlineSize GlueSAFreeNearlineSize GlueSATotalNearlineSize GlueSAUsedNearlineSize GlueSACapability GlueSATotalOnlineSize GlueSAFreeOnlineSize \
> GlueSAReservedOnlineSize GlueSAStateAvailableSpace GlueSAUsedOnlineSize GlueSAStateUsedSpace

dn: GlueSALocalID=storage:replica:online,GlueSEUniqueID=grid-se.pv.infn.it,Mds-Vo-name=resource,o=grid
GlueSATotalNearlineSize: 0
GlueSAFreeOnlineSize: 4921
GlueSAUsedNearlineSize: 0
GlueSAFreeNearlineSize: 0
GlueSAReservedNearlineSize: 0
GlueSAStateAvailableSpace: 4921376492
GlueSAReservedOnlineSize: 0
GlueSAUsedOnlineSize: 3336
GlueSAStateUsedSpace: 3336991982
GlueSATotalOnlineSize: 8258
GlueSACapability: InstalledOnlineCapacity=8258
GlueSACapability: InstalledNearlineCapacity=0


There is a branch GlueServiceUniqueID for each service published by the site (WMS, LFC, DPM, GRIDICE, LB, MYPROXY, BDII, etc): what discriminates the services are the values of GlueServiceType, example:

  • lcg-file-catalog
  • org.glite.wms.WMProxy
  • org.glite.lb.Server
  • srm_v1, SRM


EXAMPLE:

$ ldapsearch -x -LLL -H ldap://sibilla.cnaf.infn.it:2170 -b mds-vo-name=INFN-CNAF,o=grid 'objectClass=GlueService' GlueServiceType GlueServiceEndpoint GlueServiceName

dn: GlueServiceUniqueID=lfcserver.cnaf.infn.it,Mds-Vo-name=INFN-CNAF,o=grid
GlueServiceEndpoint: lfcserver.cnaf.infn.it
GlueServiceName: INFN-CNAF-lfc
GlueServiceType: lcg-file-catalog

dn: GlueServiceUniqueID=local-lfcserver.cnaf.infn.it,Mds-Vo-name=INFN-CNAF,o=grid
GlueServiceEndpoint: lfcserver.cnaf.infn.it
GlueServiceName: INFN-CNAF-lfc
GlueServiceType: lcg-local-file-catalog

dn: GlueServiceUniqueID=http://lfcserver.cnaf.infn.it:8085/,Mds-Vo-name=INFN-CNAF,o=grid
GlueServiceEndpoint: http://lfcserver.cnaf.infn.it:8085/
GlueServiceName: INFN-CNAF-lfc-dli
GlueServiceType: data-location-interface

dn: GlueServiceUniqueID=myproxy.cnaf.infn.it_MyProxy_4027652676,Mds-Vo-name=INFN-CNAF,o=grid
GlueServiceEndpoint: myproxy://myproxy.cnaf.infn.it:7512/
GlueServiceName: INFN-CNAF-MyProxy
GlueServiceType: MyProxy

dn: GlueServiceUniqueID=sibilla.cnaf.infn.it_bdii_site_3877936872,Mds-Vo-name=INFN-CNAF,o=grid
GlueServiceEndpoint: ldap://sibilla.cnaf.infn.it:2170/mds-vo-name=INFN-CNAF,o=grid
GlueServiceName: INFN-CNAF-bdii_site
GlueServiceType: bdii_site

dn: GlueServiceUniqueID=local-http://lfcserver.cnaf.infn.it:8085/,Mds-Vo-name=INFN-CNAF,o=grid
GlueServiceEndpoint: http://lfcserver.cnaf.infn.it:8085/
GlueServiceName: INFN-CNAF-lfc-dli
GlueServiceType: local-data-location-interface

dn: GlueServiceUniqueID=mon-it.cnaf.infn.it_Regional-NAGIOS_2937827985,Mds-Vo-name=INFN-CNAF,o=grid
GlueServiceEndpoint: https://mon-it.cnaf.infn.it:443/nagios
GlueServiceName: INFN-CNAF-Regional-NAGIOS
GlueServiceType: Regional-NAGIOS

dn: GlueServiceUniqueID=httpg://sunstorm.cnaf.infn.it:8444/srm/managerv2,Mds-Vo-name=INFN-CNAF,o=grid
GlueServiceEndpoint: httpg://sunstorm.cnaf.infn.it:8444/srm/managerv2
GlueServiceName: INFN-CNAF-SRM
GlueServiceType: SRM

dn: GlueServiceUniqueID=albalonga.cnaf.infn.it_org.glite.lb.server_889826742,Mds-Vo-name=INFN-CNAF,o=grid
GlueServiceEndpoint: https://albalonga.cnaf.infn.it:9003/
GlueServiceName: INFN-CNAF-server
GlueServiceType: org.glite.lb.server

dn: GlueServiceUniqueID=gridit-ce-001.cnaf.infn.it_org.edg.gatekeeper_715226072,Mds-Vo-name=INFN-CNAF,o=grid
GlueServiceEndpoint: gram://gridit-ce-001.cnaf.infn.it:2119/
GlueServiceName: INFN-CNAF-gatekeeper
GlueServiceType: org.edg.gatekeeper

dn: GlueServiceUniqueID=egee-wms-01.cnaf.infn.it_org.glite.wms.WMProxy_2200630265,Mds-Vo-name=INFN-CNAF,o=grid
GlueServiceEndpoint: https://egee-wms-01.cnaf.infn.it:7443/glite_wms_wmproxy_server
GlueServiceName: INFN-CNAF-WMProxy
GlueServiceType: org.glite.wms.WMProxy

dn: GlueServiceUniqueID=cremino.cnaf.infn.it_org.glite.ce.CREAM_860197007,Mds-Vo-name=INFN-CNAF,o=grid
GlueServiceEndpoint: https://cremino.cnaf.infn.it:8443/ce-cream/services
GlueServiceName: INFN-CNAF-CREAM
GlueServiceType: org.glite.ce.CREAM

dn: GlueServiceUniqueID=cremino.cnaf.infn.it_org.glite.ce.Monitor_2670664997,Mds-Vo-name=INFN-CNAF,o=grid
GlueServiceEndpoint: https://cremino.cnaf.infn.it:8443/ce-monitor/services/CEMonitor
GlueServiceName: INFN-CNAF-Monitor
GlueServiceType: org.glite.ce.Monitor

dn: GlueServiceUniqueID=top-bdii01.cnaf.infn.it_bdii_top_1813027130,Mds-Vo-name=INFN-CNAF,o=grid
GlueServiceEndpoint: ldap://egee-bdii.cnaf.infn.it:2170/mds-vo-name=local,o=grid
GlueServiceName: INFN-CNAF-bdii_top
GlueServiceType: bdii_top
[...]

Go to SiteCertMan/Grid_manual_tests

Back to Resource Centre registration and certification procedure PROC09

Revision history

Version Authors Date Comments
1.0 Alessandro Paolini 2010-12-15 first draft
1.1 Alvaro Lopez 2011-01-27 Cosmetic changes, correct some information.