University of Bristol

Owen Maroney University of Bristol1

5th GridPP Collaboration Meeting 16/17 September, 2002

• Testbed Site – EDG 1.2– LCFG

•GridPP Replica Catalogue– GDMP and multiple VO’s

University of Bristol

Owen Maroney University of Bristol2

5th GridPP Collaboration Meeting 16/17 September, 2002

• SE, CE, 2 WN’s running PBS queue– Standard EDG1.2

• Run from LCFG server

– In process of adding in working farm• 15 worker nodes• not using LCFG!

– Also local UI

• Replica Catalogue for GridPP VO– Being updated to EDG1.2

University of Bristol

Owen Maroney University of Bristol3

5th GridPP Collaboration Meeting 16/17 September, 2002

• LCFG – Used to set up 1.1.2 EDG version

• Painful process!

– For 1.2 used the GridPP network installation• Not a painful process!

– gpp-install.sh can also be used to upgrade EDG version

• Webpages on GridPP Site are excellent!– But could this be a problem? Site support?– Need the site test suite?

University of Bristol

Owen Maroney University of Bristol4

5th GridPP Collaboration Meeting 16/17 September, 2002

• LCFG “Disaster Recovery”– CE developed hardware failure

• just before Sheffield Demo• As this hosts security, shut-down entire site!

– Solution• edit 1 file on LCFG server (switch hardware

addresses in dhcp.conf)• Reboot one of the WN from disc

– Becomes new CE with exact configuration of old CE• Start PBS server on new CE• Done!

University of Bristol

Owen Maroney University of Bristol5

5th GridPP Collaboration Meeting 16/17 September, 2002

• GridPP Replica Catalogue– LDAP server – rc-gridpp.ac.uk

• Mapping LFN to PFN

– Straightforward but undocumented• In future will need many RC’s?• Currently write permission must be added ‘by

hand’

• Need to configure GDMP – multiple VO’s

• But: each user is assigned to only 1 VO

University of Bristol

Owen Maroney University of Bristol6

5th GridPP Collaboration Meeting 16/17 September, 2002

• GridPP RC Configuration– LCFG configuration:

• add to each node profile» #include “gridpp/gridpp-XX-cfg.h”

• Modify site-cfg.h file– Add lines

» #define SE_VO_GRIDPP» #define SE_GDMP_REP_CAT_GRIDPP_PWD !

password!– Add ‘gridpp:/<flatfiles>/gridpp’ to the line

» #define SE_VO_ alice:/<flatfiles>/alice ….

University of Bristol

Owen Maroney University of Bristol7

5th GridPP Collaboration Meeting 16/17 September, 2002

• GridPP RC Configuration– Post LCFG configuration on CE

• Create lock files– touch /<etc>/grid-security/gridmapdir/gridppXXX

• In /opt/edg/etc/mkgridmap.conf» group

ldap://vo.gridpp.ac.uk/ou=testbed,dc=gridpp,dc=ac,dc=uk .gridpp» auth ldap://grid-vo.nikhef.nl/ou=People,o=gdmpservers,dc=eu-

datagrid,dc=org» group ldap://grid-vo.nikhef.nl/ou=apptb,o=gdmpservers,dc=eu-

datagrid,dc=org gdmp

University of Bristol

Owen Maroney University of Bristol8

5th GridPP Collaboration Meeting 16/17 September, 2002

• GridPP RC Configuration– On CE, WN

• Add file gdmp-rc-values.sh to /etc/profile.d• Copy file rc-gridpp.conf to /opt/edg/etc/gridpp

– On UI, also need rc-gridpp.conf• User must declare environment variables

– export RC_CONFIG_FILE=/opt/edg/etc/gridpp/rc-gridpp.conf

– export GDMP_CONFIG_FILE=/opt/edg/etc/gridpp/gdmp.conf

– The SE must be included in the gdmpservers VO

– Notify Grid.Support@nikhef.nl– Attach the SE host certificate file

University of Bristol

Owen Maroney University of Bristol9

5th GridPP Collaboration Meeting 16/17 September, 2002

• Multiple VO membership– Currently: each user is mapped to one

(and only one) VO.• Can only use the RC of that VO

– To force an override, write the user into grid-mapfile-local for different VO eg:• “/O=Grid/OU=UKHEP/CN=First Last” .gridpp• But no longer in original VO!• Goes against security considerations