BestMan

Introduction

This page organizes ATLAS-specific setups for various Bestman storage element setups; part of the US ATLAS IntegrationProgram.

More information about Bestman in general can be found on the OSG TWiki at https://twiki.grid.iu.edu/bin/view/ReleaseDocumentation/Bestman , and at LBNL at http://datagrid.lbl.gov/bestman/ and http://wt2.slac.stanford.edu/xrootdfs/bestman-gateway.html .

Bestman Gateway

For Posix filesystems, this is the recommended installation from the VDT:

• https://twiki.grid.iu.edu/bin/view/ReleaseDocumentation/BestmanGateway

Here is one possible way to install it. This assumes an up-to-date grid-mapfile in /etc/grid-security/ and an http*.pem certificate owned by daemon in /etc/grid-security/http/ .

mkdir /opt/bestman
cd /opt/bestman
. /opt/pacman/latest/setup.sh

echo -e 'y\nl\ny\nn\ny\ny\ny' | pacman -trust-all-caches -get ITB:Bestman

# The pre-answered questions above are for the following questions; please adjust for your own local requirements:
# y   # accept licenses
# l   # CA area local; other options are r (root) and n (none)
# y   # CA updated automatically
# n   # do not start gridftp server (we use an already existing gridftp server on a different machine)
# y   # rotate VDT logs automatically
# y   # start bestman automatically as service
# y   # update CRLs automatically

. setup.sh

emacs vdt/etc/vdt-update-certs.conf
# uncomment OSG CA line

. vdt-questions.sh
./vdt/sbin/vdt-setup-ca-certificates

mkdir /ibrix/data/bestman-storage
chmod go+w /ibrix/data/bestman-storage
$VDT_LOCATION/vdt/setup/configure_bestman --server y --user daemon --cert /etc/grid-security/http/httpcert.pem --key /etc/grid-security/http/httpkey.pem --http-port 8080 --https-port 8443 --globus-tcp-port-range 63001,65000 --enable-gateway --with-tokens-list "ATLASDATADISK[desc:ATLASDATADISK][40000][owner:atlas][retention:CUSTODIAL][latency:ONLINE][usedBytesCommand:/bin/echo $[(`/bin/df /ibrix/data/bestman-storage | tail -1 | awk '{print $3}'`)*1024]];ATLASMCDISK[desc:ATLASMCDISK][20000][owner:atlas][retention:CUSTODIAL][latency:ONLINE][usedBytesCommand:/bin/echo $[(`/bin/df /ibrix/data/bestman-storage | tail -1 | awk '{print $3}'`)*1024]];ATLASUSERDISK[desc:ATLASUSERDISK][10000][owner:atlas][retention:CUSTODIAL][latency:ONLINE][usedBytesCommand:/bin/echo $[(`/bin/df /ibrix/data/bestman-storage | tail -1 | awk '{print $3}'`)*1024]];ATLASPRODDISK[desc:ATLASPRODDISK][30000][owner:atlas][retention:CUSTODIAL][latency:ONLINE][usedBytesCommand:/bin/echo $[(`/bin/df /ibrix/data/bestman-storage | tail -1 | awk '{print $3}'`)*1024]];ATLASGROUPDISK[desc:ATLASGROUPDISK][30000][owner:atlas][retention:CUSTODIAL][latency:ONLINE][usedBytesCommand:/bin/echo $[(`/bin/df /ibrix/data/bestman-storage | tail -1 | awk '{print $3}'`)*1024]]" --with-transfer-servers gsiftp://tier2-02.ochep.ou.edu --with-allowed-paths=/ibrix/data/bestman-storage

export EDITOR=emacs
visudo               # add:
----
Cmnd_Alias SRM_CMD = /bin/rm, /bin/mkdir, /bin/rmdir, /bin/mv, /bin/cp, /bin/ls
Runas_Alias SRM_USR = ALL, !root
daemon     ALL=(SRM_USR) NOPASSWD: SRM_CMD
----

vdt-control --list
vdt-control --on

Then, to test it as a regular user:

srm-copy file://///home/hs/tmp/test1 srm://tier2-05.ochep.ou.edu:8443/srm/v2/server\?SFN=/ibrix/data/bestman-storage/test1 -spacetoken ATLASDATADISK
srm-copy srm://tier2-05.ochep.ou.edu:8443/srm/v2/server\?SFN=/ibrix/data/bestman-storage/test1 file://///home/hs/tmp/test2
srm-ping srm://tier2-05.ochep.ou.edu:8443/srm/v2/server
srm-sp-tokens srm://tier2-05.ochep.ou.edu:8443/srm/v2/server
srm-get-space-tokens srm://tier2-05.ochep.ou.edu:8443/srm/v2/server?SFN=/
srm-get-space-tokens -space_desc=ATLASPRODDISK srm://tier2-05.ochep.ou.edu:8443/srm/v2/server?SFN=/
srm-get-space-metadata -space_tokens=ATLASPRODDISK,ATLASUSERDISK srm://tier2-05.ochep.ou.edu:8443/srm/v2/server?SFN=/

Bestman-Xrootd

For an Xrootd backend storage system, this is the recommended installation from the VDT:

• https://twiki.grid.iu.edu/bin/view/ReleaseDocumentation/BestmanGatewayXrootd
• More information for ATLAS can be found on the BestmanXrootd page

Space tokens for ATLAS

• From Wei: In the way we use Bestman-gateway (pathToToken=false), bestman-g doesn't know the mapping between path and token. The original SRM specification doesn't assign a space token to a directory path. WLCG static space token does that. dCache follows the WLCG specification. Xrootd follows the original SRM specification. So dCache maps a space token to a directory path. Files under that path belong to that space token. In Xrootd, each file has an extend attribute called oss.cgroup, which is used to map to space token. It is a per file attribute regardless of the location. Since ToA? associates a path to a token anyway, choosing to follow dCache, Xrootd or ignoring space token (GPFS, Ibrix, Lustre) will all work.

• Setup at SLAC:

staticTokenList=ATLASDATADISK[desc:ATLASDATADISK][151200];ATLASMCDISK[51200]
[desc:ATLASMCDISK];ATLASPRODDISK[20480][desc:ATLASPRODDISK]

(and userdisk, groupdisk)

Support

• Main support list is osg-storage@opensciencegrid.org
• Use usatlas-ddm-l@lists.bnl.gov for ATLAS communications.
• Alex Sim - Bestman developer
• Wei Yang - Bestman-xrootd developer

References

• Original installation notes from Wei:
  • http://datagrid.lbl.gov/bestman/docs/bestman-guide.html
  • http://wt2.slac.stanford.edu/xrootdfs/bestman-gateway.html

-- RobertGardner - 14 Jan 2009