Multi-VO DIRAC 

author:: Bruno Santeramo <bruno.santeramo at ba.infn.it> - Federico Stagni (fstagni at cern.ch)
date:: 05/2013 - small update 03/2018
version:: 1.1

In this chapter a guide to install and configure DIRAC for multi-VO usage.

Before starting with this tutorial …

In this tutorial

Server hostname is: dirac.ba.infn.it
first VO configured is: superbvo.org
second VO configured is: pamela
adding more VOs can be done following instructions for the second one
for each VO a <vo_name>_user group is configured to allow normal user operations

Limits to this guide

This guide must be considered as a step-by-step tutorial, not intended as documentation for DIRAC’s multi-VO capabilities.
Please, feel free to send me via email any suggestion to improve this chapter.

DIRAC server installation 

First step is to install DIRAC. Procedure is the same for a single VO installation, but avoiding VirtualOrganization parameter in configuration file:

...
#  VO name (not mandatory, useful if DIRAC will be used for a VO)
#VirtualOrganization = superbvo.org
...

DIRAC client installation 

Second step is to install a dirac client and configure it for new installation.

Configuring first VO (e.g. superbvo.org)

Registry 

Add superb_user group

Registry
{
  DefaultGroup = superb_user
}

Registry/VO 

Registry
{
  VO
  {
    superbvo.org
    {
      VOAdmin = bsanteramo
      VOMSName = superbvo.org
      VOMSServers
      {
        voms2.cnaf.infn.it
        {
          DN = /C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it
          CA = /C=IT/O=INFN/CN=INFN CA
          Port = 15009
        }
      }
    }
  }
}

Registry/Groups 

Here define the users part of the “superb_user” group, its DIRAC properties, and its VOMS properties.

Registry
{
  Groups
  {
    superb_user
    {
      Users = bsanteramo, anotherUser
      Properties = NormalUser
      VOMSRole = /superbvo.org
      VOMSVO = superbvo.org
      VO = superbvo.org
      AutoAddVOMS = True
      AutoUploadProxy = True
      AutoUploadPilotProxy = True
    }
  }
}

DIRAC search for VOMS data in the directory pointed by $X509_VOMSES variable. Up to and including v7r1, DIRAC also searches for this information in $DIRAC/etc/grid-security/vomses independent of the environment variable. Starting with v7r2 only the X509_VOMSES variable will be used and must be set in the bashrc file. Still, the folder $DIRAC/etc/grid-security/vomses is going to be filled by the dirac-configure command with the information found in the CS, and is the default location pointed to by X509_VOMSES in bashrc files.

For each VO, there should be a file with the same name of VO and filled it the following way for every VOMS server: (Take data from http://operations-portal.egi.eu/vo)

"<VO name>" "<VOMS server>" "<vomses port>" "<DN>" "<VO name>" "<https port>"

For example:

[managai@dirac vomses]$ cat /usr/etc/vomses/superbvo.org
"superbvo.org" "voms2.cnaf.infn.it" "15009" "/C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it" "superbvo.org" "8443"
"superbvo.org" "voms-02.pd.infn.it" "15009" "/C=IT/O=INFN/OU=Host/L=Padova/CN=voms-02.pd.infn.it" "superbvo.org" "8443"

If your VO is not present, you can add the file by hand.

Operations - Shifter 

Operations
{
  SuperB-Production
  {
    Shifter
    {
      ProductionManager
      {
        User = bsanteramo
        Group = superb_user
      }
      DataManager
      {
        User = bsanteramo
        Group = superb_user
      }
    }
  }
}

Resources/FileCatalog 

Configure DIRAC File Catalog (DFC)

Resources
{
  FileCatalogs
  {
    FileCatalog
    {
      AccessType = Read-Write
      Status = Active
      Master = True
    }
  }
}

Resources/StorageElements/ProductionSandboxSE 

Resources
{
  StorageElements
  {
    ProductionSandboxSE
    {
      BackendType = DISET
      AccessProtocol.1
      {
        Host = dirac.ba.infn.it
        Port = 9196
        ProtocolName = DIP
        Protocol = dips
        Path = /WorkloadManagement/SandboxStore
        Access = remote
      }
    }
  }
}

Registry
{
  DefaultGroup = pamela_user, superb_user, user
}

Registry/VO 

Add pamela

Registry
{
  VO
  {
    pamela
    {
      VOAdmin = bsanteramo
      VOMSName = pamela
      VOMSServers
        voms-01.pd.infn.it
        {
          DN = /C=IT/O=INFN/OU=Host/L=Padova/CN=voms-01.pd.infn.it
          CA = /C=IT/O=INFN/CN=INFN CA
          Port = 15013
        }
      }
    }
  }
}

Registry/Groups 

Add pamela_user

Registry
{
  Groups
  {
    pamela_user
    {
      Users = bsanteramo
      Properties = NormalUser
      VOMSRole = /pamela
      VOMSVO = pamela
      VO = pamela
      AutoAddVOMS = True
      AutoUploadProxy = True
      AutoUploadPilotProxy = True
    }
  }
}

Operations - adding pamela section 

Operations
{
  EMail
  {
    Production = bruno.santeramo@ba.infn.it
    Logging = bruno.santeramo@ba.infn.it
  }
  SuperB-Production
  {
    Shifter
    {
      ProductionManager
      {
        User = bsanteramo
        Group = superb_user
      }
      DataManager
      {
        User = bsanteramo
        Group = superb_user
      }
    }
  }
  JobDescription
  {
    AllowedJobTypes = User
    AllowedJobTypes += Test
  }
  pamela
  {
    SuperB-Production
    {
      Shifter
      {
        ProductionManager
        {
          User = bsanteramo
          Group = pamela_user
        }
        DataManager
        {
          User = bsanteramo
          Group = pamela_user
        }
      }
    }
  }
}

Multi-VO DIRAC 

Before starting with this tutorial …

DIRAC server installation 

DIRAC client installation 

Configuring first VO (e.g. superbvo.org)

Registry 

Registry/VO 

Registry/Groups 

$HOME/.glite/vomses 

Operations - Shifter 

Resources/FileCatalog 

Resources/StorageElements/ProductionSandboxSE 

DONE 

Configuring another VO (e.g. pamela)

$HOME/.glite/vomses 

Registry 

Registry/VO 

Registry/Groups 

Operations - adding pamela section 