Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

PROC14 VO Registration

From EGIWiki
Revision as of 15:20, 28 September 2012 by Krakow (talk | contribs)
Jump to navigation Jump to search
Main EGI.eu operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security


 


Title VO Registration Procedure
Document link https://wiki.egi.eu/wiki/PRO14
Version - last modified 4.1
Policy Group Acronym OMB
Policy Group Name Operations Management Board
Contact Person operational-documentation@mailman.egi.eu
Document Status Draft
Approved Date
Procedure Statement The document describes the process of enabling a Virtual Organisation (VO) on the European Grid Infrastructure (EGI) and the parties who are involved in process execution. Users of EGI are organised into Virtual Organisations (VO).'

VO Registration Procedure

The document describes the process of enabling a Virtual Organisation (VO) on the European Grid Infrastructure (EGI) and the parties who are involved in process execution.

Users of EGI are organised into Virtual Organisations (VO). A VO is a group of people (typically application scientists and application developers) who share similar interests and have similar goals and who need to work collaboratively and/or need to share resources (e.g. data, software, expertise, CPU, storage space) through a grid infrastructure regardless of their geographical location.

The focus of this document is on the tasks that VO representatives and the EGI staff have to accomplish in order to register and validate a new VO on EGI. The purpose of this page is to capture the VO registration workflow so it can be learned by VO representatives, by EGI staff as well as it can be improved in order to meet new requirements.

For other aspects of VO management (e.g. operation support, resource/service allocation, decommissioning) please consult with the VO services Wiki pageor contact the VO services team via EGI Helpdesk.

Definitions

Eentities involved in this procedure are defined in the EGI Glossary.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", “MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.

Entities involved in the procedure

  • VO manager: person who is responsible for initiating the registration process.
  • VO supervisor: person delegated from the EGI Operation team to handle the process on behalf of EGI project and is responsible for the approval of VO registration requests.

VO registration

Requirements

Any person, who holds a grid certificate recognised by EGI. can register a new EGI VO via the Operations Portal. The person who initiates the registration is called the VO manager. After the VO is setup and operational, the VO manager is the person who is primarily responsible for the operation of the VO and for providing sufficient information about VO activities for EGI and for VO members (to both people and sites).

Steps

The following table describes the VO registration process, listing each of the steps that need to be performed, the people who are responsible for the action, and the physical action that need to be executed to complete the step.

  • Actions tagged VO are the responsibility of the VO Manager.
  • Actions tagged VS are the responsibility of the VO Supervisor.
  • Actions tagged OP are automatically triggered by Operations Portal


Responsible Action Prerequisites, if any
0
VO

Submit VO registration request Fill out Web form (the VO Id card) in Operations Portal

Grid certificate must be in Web browser.
1


1
OP

Inform EGI about new VO registration request

Send notification email to


  • VO supervisor
  • NOC/ROC managers list



2
OP

Inform EGI ab'out new VO requiresVOMS server

Open GGUS ticket requesting a VOMS server to the new VO, and asking to be assigned to the VO Services support unit.

VO manager asked EGI for a VOMS server in Step 0.

3
OP

Inform EGI about new VOrequires new Support Unit in GGUS

Open a ticket against the GGUS support unit in GGUS. 

VO manager asked assistance in Step 0 to setup a new GGUS Support Unit.
2

1
VS

''Check the correctness of VO registration request

Check the content of the VO Id card in Operational Portal.

  • Grid certificate must be in Web browser
  • Must have “OAG manager” role in Operations Portal
2
VS

Ask for update of VO Id card

Through GGUS send out update request to VO manager

Data is missing or incorrect in VO Id card.

Please see the specification of correct and complete VO Id cards.

3

VS

Approve registration

On the VO Id card on Operational Portal:


  • Set VO status from NEW to VALIDATED
  • Set the scope of the VO

Save the Id card

The scope of the VO is GLOBAL.
4

VO

Optional step: Setup VOMS server and register in GOC DB.

  • If this step is not included, then the VO must ask EGI for a VOMS server in step 0.
  • If this step is included, then it can happen here, or even before step 0.
The VO cannot use any of the existing VOMS servers.
5

VO

Defining VOMS server on VO Id card in Operational Portal Can be part of step 0.


6

1
OP

Inform EGI that Id card contains VOMS server Send notification email to

  • VO supervisor
  • NOC/ROC managers list
  • Email list of ”VO services” group of EGI



2
OP

Inform EGI that New VO SU was created in GGUS Send notification email to

  • VO supervisor
  • NOC/ROC managers list

7

VS

Approve new VO Id card Set VO status from PENDING or NEW to ACTIVE, save VO Id card in Operational Portal.


8

OP

Inform EGI about new ACTIVE VO Send notification email to

  • VO supervisor
  • NOC/ROC managers list (should forward email to site administrators)


Accepting a VO

  1. Verify that there is no existing VO with significantly overlapping goals. This can be done through the VO list of the Operations portal. VOs with similar goals (e.g. image analysis) should be advised to join.
  2. Check that the VO Id card contains correct and complete data.
  3. Choose the scope of the VO.

Valid VO id cards

The following compulsory and optional fields must be filled out by the VO manager as part of the registration process (Step 1 in the table above):

  1. Section General information
    • Name (Mandatory) - The Operations portal enforces a DNS style name. It still has to be verified whether the VO manager whose name and mail address is available in the Contact list update section is authorised to use it. The VO registration procedure requests this but currently no enforcement is done. It is checked, though, whether the VO name is already in use, and if so, portal pops up the notification asking to choose another name. The obtained information is given back to the VO manager if it is not obvious that the owner of the domain and the VO manager are the same person. Note that it is not considered sufficient that the VO manager’s mail address is in the same domain as the VO name’s one, nor that the VOMS server or VO home page address are of that domain, if this information is available. Doubts on domain ownership are not stopping VO registration, as the responsibility of acquiring the domain name is with the VO manager anyway.
    • Description (Mandatory) - In principle any text is valid. However, it should describe a scientific or technical activity, or should be related to education. The text is also used to delimit proper resource usage on the grid, so it should be significant for this purpose, i. e. saying “VO giving access to the grid” is a poor description whereas “VO giving access to the grid for training purposes” is completely satisfying. In practice up to now every VO request came with a readable text but some VOs got stuck in the very first stage of the registration (state NEW) because of a too minimalistic view of what is a description.
    • Discipline (Mandatory) - It is simply verified whether there is a contradiction between the field Description just discussed and this one.
    • Supported Middleware (Mandatory) - There are four options to choose which middleware the VO support, portal automatically checks that at least one option was chosen by Vo Manager.
    • Acceptable Use Policy (AUP) (Mandatory) - The acceptable use policy which is meant here is the VO AUP. On the “New VO registration web page” the registering VO manager has the choice between a text automatically generated from the Description but where at least some words have to be updated, or a file in text or pdf format uploaded by the manager containing a VO written AUP. In the former case it has just to be checked whether the update has been done; the words to be replaced are “owner body”, included in brackets - “[]” - , and the replacing text must specify the authority enforcing the VO AUP. This is however omitted in one out of two cases but then normally corrected rapidly by the VO manager. If not the VO gets stuck in the NEW state; there are still some of them. If the AUP is uploaded, the complete text has to be verified if it corresponds to a VO AUP. In case of a doubt, in addition to contacting the VO manager a member of the JSPG is asked for advice.
    • VO homepage (Mandatory) -This field must be verified whether the home page contains information about the ongoing/planned grid activity and that this information corresponds to the VO’s Description. Sometimes the scope of the VO can also be determined with this or with the VO manager’s affiliation. (For example about the scientific goals of the community and how the EGI VO helps the community to achieve these goals.)
    • Enrolment URL (Mandatory) - This field must be verified whether it is functional or simply an optional service to the VO. Additionally, the information available on the enrolment web page might give some indications on the purpose and scope of the VO as well as on the attitude concerning security (availability of a Grid AUP, reminder of correct resource usage etc.).
  2. Section VOMS Information
    • “VOMS Configuration” (Mandatory) - There are two options the VO Manager must choose: one is a VOMS server which is pulled from GOCDB and another is a request for support in setting up the VOMS server.
  3. Section VO SU at GGUS
    • “check box” (Optional) - There are two options the VO Manager can choose: one is a default – No. If VO Manager will check a box, the new ticket will created for GGUS support unit and VO Supervisor will keep track of the process.
  4. Section Generic Contacts - There is only one not mandatory contact in the list of this section shown on the VO ID card,Operations contact. Other fields (VO Managers, Security, User Support, VO Users) are mandatory and currently, new registration requests must contain a valid address in these fields. Validity should be checked by sending an e-mail to it, requesting confirmation of receipt.
  5. Section Change status & scope
    • Pull down list Scope - As already indicated in the discussion of the previous fields, any hints are used to determine the value to be selected for Scope. In case of a doubt - which is the normal case here - a suggestion is made to the VO manager. The field is then updated only after a feedback from that person. Assigning a correct value is important for limiting the noise especially on the NOC/ROC managers list in case of Regional VOs and also to determine responsibilities for support in case of additional resource requests made by the new VO. If the VO is a Regional one, this field should be updated before the Status field. Updating this field triggers notifications to the  VO Services group list  and to the NOC/ROC managers list in all cases.
    • Pull down list Status - If all previously mentioned fields contain valid values, either since the beginning or after some communication with the VO manager, the status can be changed from NEW to PRODUCTION. The VO will be then active and in production state. Notifications are sent to the  VO Service group list  in all cases and to the NOC/ROC managers list in all cases except for Regional VOs where only the corresponding NOC/ROC is informed.

Scope of the VO

As part of the VO approval step (Step 5 in the table above) the scope of the VO must be defined by the VO supervisor based on information provided by the VO manager either in the VO Id card, or through additional channels (e.g. in email). The scope must be one of the following:

  1. GLOBAL: the VO is supported by sites from multiple countries and all of these countries are represented by its National Grid Infrastructure (NGI); comprises an international user community and/or has international resources coming from sites of different countries represented by their National Grid Infrastructures (NGIs).
  2. NATIONAL: at least the supporting sites of the VO belong to only one NGI; i.e. sites and users aer located within the same country. Users might come from elsewhere but they are working inside the scope of the same NGI where the sites are. The associated NGI is part of the scope, like for example “NGI - Italy” or “NGI - France”.

In case of invalid, unclear or ambiguous entries in any of the controlled fields of the VO Id card, or in case of doubts about the goals of the VO, the requestor must be contacted and invited to clarify the situation or to correct the entries.

VO lifecycle - VO states

A VO is in one of the following states:

  1. NEW: this is the initial state when the VO creation is requested. It is automatically assigned.
  2. PRODUCTION: the “normal” state of a VO. It is manually given to a VO by the VO supervisor when the VO manager has entered a valid VOMS server on the Id card of the VO.
  3. SUSPENDED: this state is entered when the VO no longer has a VOMS server, either because (one of) the VO manager(s) deleted the corresponding entry on the VO ID card, or some other person with  VO Supervisior role in the operations portal did that. This may be temporary or the preparation of VO deregistration. Manual intervention is needed to put a VO into this state.
  4. DELETED: the final state of all VOs ever registered. VOs where the registration was rejected do not get here. No trace is kept of erroneous registration requests neither. The associated VO Id card should basically be empty, the only information which really can be considered valid is the VO name (and the state itself). Keeping the VO name is meant to avoid giving the same name to different VOs and so to avoid confusion for sites which forgot or considered unnecessary to suppress a DEAD VO from their information system. It also keeps historical accounting data consistent.

 

Note that manual state changes can only be made by people registered in VO Supervisor role on the Operations portal or by the Operations portal team itself. This document covers the VO lifecycle from “non existing” through NEW, then VALIDATED to ACTIVE.

Support for VO operation and monitoring

  1. If the scope of a VO is national (i.e. both users and sites belong to a single country) then support for the VO must be provided by the respective National Grid Initiative/Infrastructure (NGI). The User Community Support Team can connect the VO manager to the respective NGI support team (ucst@egi.eu).
  2. The “VO Services” team of EGI provides assistance for the setup and operation of VOs. The team is able to answer questions related to VO operation, monitoring and accounting. The team also provides documentation and catch-all services for VOs. These catch-all services cover the basic monitoring and accounting needs of most communities. The VO Services team maintains up to date information at its Wiki page and can be contacted via the EGI Helpdesk helpdesk: www.ggus.org (Name of the support unit is also “VO Services”).


Revision History

  • 28/09/2012: (M. Krakowian) procedure moved from https://documents.egi.eu/public/ShowDocument?docid=278
    • Role of VO supervisor moved from the User Community Support Team of EGI.eu (UCST) to EGI Operations team
    • For Global VOs, Chief Customer Officer and Chief Operations Officer approval step was removed.