Multi-VO DIRAC
- author:
Bruno Santeramo <bruno.santeramo at ba.infn.it> - Federico Stagni (fstagni at cern.ch)
- date:
05/2013 - small update 03/2018
- version:
1.1
In this chapter a guide to install and configure DIRAC for multi-VO usage.
Before starting with this tutorial …
- In this tutorial
Server hostname is: dirac.ba.infn.it
first VO configured is: superbvo.org
second VO configured is: pamela
adding more VOs can be done following instructions for the second one
for each VO a <vo_name>_user group is configured to allow normal user operations
- Limits to this guide
This guide must be considered as a step-by-step tutorial, not intended as documentation for DIRAC’s multi-VO capabilities.
Please, feel free to send me via email any suggestion to improve this chapter.
DIRAC server installation
First step is to install DIRAC. Procedure is the same for a single VO installation, but avoiding VirtualOrganization parameter in configuration file:
...
# VO name (not mandatory, useful if DIRAC will be used for a VO)
#VirtualOrganization = superbvo.org
...
DIRAC client installation
Second step is to install a dirac client and configure it for new installation.
Configuring first VO (e.g. superbvo.org)
Registry
Add superb_user group
Registry
{
DefaultGroup = superb_user
}
Registry/VO
Registry
{
VO
{
superbvo.org
{
VOAdmin = bsanteramo
VOMSName = superbvo.org
VOMSServers
{
voms2.cnaf.infn.it
{
DN = /C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it
CA = /C=IT/O=INFN/CN=INFN CA
Port = 15009
}
}
}
}
}
Registry/Groups
Here define the users part of the “superb_user” group, its DIRAC properties, and its VOMS properties.
Registry
{
Groups
{
superb_user
{
Users = bsanteramo, anotherUser
Properties = NormalUser
VOMSRole = /superbvo.org
VOMSVO = superbvo.org
VO = superbvo.org
AutoAddVOMS = True
AutoUploadProxy = True
AutoUploadPilotProxy = True
}
}
}
$HOME/.glite/vomses
DIRAC search for VOMS data in the directory pointed by $X509_VOMSES
variable.
Up to and including v7r1
, DIRAC also searches for this information in $DIRAC/etc/grid-security/vomses
independent of the environment variable. Starting with v7r2
only the X509_VOMSES
variable will be used and must be set in the bashrc
file. Still, the folder $DIRAC/etc/grid-security/vomses
is going to be filled by the dirac-configure
command with the information found in the CS, and is the default location pointed to by X509_VOMSES
in bashrc
files.
For each VO, there should be a file with the same name of VO and filled it the following way for every VOMS server: (Take data from http://operations-portal.egi.eu/vo)
"<VO name>" "<VOMS server>" "<vomses port>" "<DN>" "<VO name>" "<https port>"
For example:
[managai@dirac vomses]$ cat /usr/etc/vomses/superbvo.org
"superbvo.org" "voms2.cnaf.infn.it" "15009" "/C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it" "superbvo.org" "8443"
"superbvo.org" "voms-02.pd.infn.it" "15009" "/C=IT/O=INFN/OU=Host/L=Padova/CN=voms-02.pd.infn.it" "superbvo.org" "8443"
If your VO is not present, you can add the file by hand.
Operations - Shifter
Operations
{
SuperB-Production
{
Shifter
{
ProductionManager
{
User = bsanteramo
Group = superb_user
}
DataManager
{
User = bsanteramo
Group = superb_user
}
}
}
}
Resources/FileCatalog
Configure DIRAC File Catalog (DFC)
Resources
{
FileCatalogs
{
FileCatalog
{
AccessType = Read-Write
Status = Active
Master = True
}
}
}
Resources/StorageElements/ProductionSandboxSE
Resources
{
StorageElements
{
ProductionSandboxSE
{
BackendType = DISET
AccessProtocol.1
{
Host = dirac.ba.infn.it
Port = 9196
ProtocolName = DIP
Protocol = dips
Path = /WorkloadManagement/SandboxStore
Access = remote
}
}
}
}
WorkloadManagement - PilotStatusAgent
Option value could be different, it depends on UI installed on server
Systems/WorkloadManagement/<setup>/Agents/PilotStatusAgent/GridEnv = /etc/profile.d/grid-env
DONE
First VO configuration finished… Upload shifter certificates, add some CE and test job submission works properly (webportal Job Launchpad is useful for testing purpose)
Configuring another VO (e.g. pamela)
$HOME/.glite/vomses
Add the other VO following the same convention as above.
Registry
Registry
{
DefaultGroup = pamela_user, superb_user, user
}
Registry/VO
Add pamela
Registry
{
VO
{
pamela
{
VOAdmin = bsanteramo
VOMSName = pamela
VOMSServers
voms-01.pd.infn.it
{
DN = /C=IT/O=INFN/OU=Host/L=Padova/CN=voms-01.pd.infn.it
CA = /C=IT/O=INFN/CN=INFN CA
Port = 15013
}
}
}
}
}
Registry/Groups
Add pamela_user
Registry
{
Groups
{
pamela_user
{
Users = bsanteramo
Properties = NormalUser
VOMSRole = /pamela
VOMSVO = pamela
VO = pamela
AutoAddVOMS = True
AutoUploadProxy = True
AutoUploadPilotProxy = True
}
}
}
Operations - adding pamela section
Operations
{
EMail
{
Production = bruno.santeramo@ba.infn.it
Logging = bruno.santeramo@ba.infn.it
}
SuperB-Production
{
Shifter
{
ProductionManager
{
User = bsanteramo
Group = superb_user
}
DataManager
{
User = bsanteramo
Group = superb_user
}
}
}
JobDescription
{
AllowedJobTypes = User
AllowedJobTypes += Test
}
pamela
{
SuperB-Production
{
Shifter
{
ProductionManager
{
User = bsanteramo
Group = pamela_user
}
DataManager
{
User = bsanteramo
Group = pamela_user
}
}
}
}
}