NGI CZ:VO auger
VO auger is one of the biggest resource consumers of the EGI grid. It is used for Monte Carlo simulations of the extensive cosmic ray showers. Reconstructed signal is compared with measurements of the Pierre Auger Observatory.
VO auger central servers
- VOMS server: voms1.egee.cesnet.cz, voms2.grid.cesnet.cz
- LFC server: lfc1.egee.cesnet.cz
- CVMFS for auger
- Distributed Data Management for auger
- VO auger operations issues
- Usage of DIRAC for the VO auger
Resources for the VO auger
- Prague site:
- Storage: dpm1.egee.cesnet.cz: 46 TB of disk space total (for all supported VOs), 15 TB of it reserved via space token AUGERPROD for production
- CPU: No special reservations, 72 cores available in total
- Data Storage at Pilsen:
- Storage: dcache.du.cesnet.cz: 7 TB of disk space total, 5 TB of it reserved via space token AUGERPROD (for production), remaining 2 TB of disk space for auger users; arround 100 TB available on tape via space token AUGERTAPE (with 1 TB disk buffer for write and another 1 TB buffer for read). Available since November 2012.
- Prague site:
- FZU (Institute of Physics of the Academy of Sciences of the Czech Republic), site praguelcg2:
- Storage: golias100.farm.particle.cz: 122 TB of disk space for VO auger, 54 TB of it reserved via space token AUGERPROD for production
- CPU: fairshare set to 2% of published 3860 cores
An example of site-info.def file, section for the VO auger
######### # auger # ######### VO_AUGER_SW_DIR=/cvmfs/auger.egi.eu VO_AUGER_DEFAULT_SE=$SE_HOST VO_AUGER_VOMS_SERVERS='vomss://voms1.egee.cesnet.cz:8443/voms/auger?/auger/' VO_AUGER_VOMSES="'auger voms1.egee.cesnet.cz 15004 /DC=org/DC=terena/DC=tcs/OU=Domain Control Validated/CN=voms1.egee.cesnet.cz auger 24' 'auger voms2.grid.cesnet.cz 15004 /DC=org/DC=terena/DC=tcs/OU=Domain Control Validated/CN=voms2.grid.cesnet.cz auger 24'" VO_AUGER_VOMS_CA_DN="'/C=NL/O=TERENA/CN=TERENA eScience SSL CA' '/C=NL/O=TERENA/CN=TERENA eScience SSL CA'" VO_AUGER_WMS_HOSTS='wms1.grid.cesnet.cz wms2.grid.cesnet.cz' VO_AUGER_LB_HOSTS='lb1.grid.cesnet.cz'
There are some other places in the file where the VO auger must be included (list of VOs and queues, variables VOS, QUEUES, _GROUP_ENABLE). We should probbaly add also voms2 to the variable VO_AUGER_VOMS_SERVERS. It is only used for generation of static gridmapfile, newer grid components do not use it. Details about yaim configuration are here.
users.conf file defines local accounts for supported groups. VO auger uses accounts for standard users, for users with production role and for users with software manager role. This last role maps to accounts with write permissions to the $VO_AUGER_SW_DIR. If CVMFS is used, this role can be used only for publishing sw tags and it is not needed anymore. An example of users.conf file:
19301:auger001:1078:auger:auger:: 19302:auger002:1078:auger:auger:: 19303:auger003:1078:auger:auger:: 19304:auger004:1078:auger:auger:: 19305:auger005:1078:auger:auger:: 19306:auger006:1078:auger:auger:: 19307:auger007:1078:auger:auger:: 19308:auger008:1078:auger:auger:: 19309:auger009:1078:auger:auger:: 19310:auger010:1078:auger:auger:: 22801:augerprd001:1083,1078:augerprd,auger:auger:prd: 22802:augerprd002:1083,1078:augerprd,auger:auger:prd: 22803:augerprd003:1083,1078:augerprd,auger:auger:prd: 22804:augerprd004:1083,1078:augerprd,auger:auger:prd: 22805:augerprd005:1083,1078:augerprd,auger:auger:prd: 22806:augerprd006:1083,1078:augerprd,auger:auger:prd: 22807:augerprd007:1083,1078:augerprd,auger:auger:prd: 22808:augerprd008:1083,1078:augerprd,auger:auger:prd: 22809:augerprd009:1083,1078:augerprd,auger:auger:prd: 22810:augerprd010:1083,1078:augerprd,auger:auger:prd: 22901:augersgm001:1084,1078:augersgm,auger:auger:sgm: 22902:augersgm002:1084,1078:augersgm,auger:auger:sgm: 22903:augersgm003:1084,1078:augersgm,auger:auger:sgm:
Sites can define more pool accounts for standard users.
Frequently Asked Questions
- I got a new certificate. What do I have to do to continue my work on the grid?
a) If the DN of your certificate did not change and the issuing CA (Certification Authority) is the same, you do not have to do anything special regardng your membership in the VO. Just put your new certificate into the proper dircetory on your UI (usually in $HOME/.globus) in the proper format and you can use it. Also do not forget to load your new certificate into your browser if your certificate renewal was not done via browser.
b) The case when the DN has changed (and possible also CA has changed is more complicated. You must prove thet you are the same person as the holder of the old certificate and you must let it known to the registration system PERUN. If the old certificate is still valid, make sure that your both certificates are loaded in your browser. Then visit the consolidator of identities and select first your old certificate and then your new certificate when prompted. You can also use the new one first and then the old one. This procedure registers your new certificate to your existing identity. The new certificate will be propagated to VOMS servers in less than 1 hour. In case that your old certificate is not valid anymore, you must register as a new user to the VO. Usualy the DN is similar to the old one (it contains name and surname) and the system will alert VO manager, that the new user resmbles an old one. The VO manager can ask perun support (firstname.lastname@example.org) to unify these identities.
This procedure will keep the username and password on the centraly managed UIs the same, but all grid files owned by the old certificate are considered as files of another user. You may ask VO data manager (and he must often ask site system administrator) to change ownership.
--Chudoba 15:15, July 11, 2014 (CET)