Edit this page
r12 - 28 Oct 2008 - 23:27:32 - MarcoMambelliYou are here: TWiki >  Admins Web > ChecklistForLaunchOfLFC

ChecklistForLaunchOfLFC

DEPRECATED - Please see InstallLFConOSG#LFC_Launch_Check_List

Introduction

This page serves as a checklist of issues to be addressed in advance of launching the LFC deployment across US ATLAS.

LFC install and migration

  • See InstallLFConOSG.
  • Use the LFC gridmap file until all sites start to use the new voms proxy
  • Create lcgdm-mapfile file (eg.  =/opt/lcg/etc/lcgdm-mapfile=   which might be different location for VDT package.)
  • Add the following at least (list produced from myproxy.)

"/DC=org/DC=doegrids/OU=People/CN=Hironori Ito 564424" atlas
"/DC=org/DC=doegrids/OU=People/CN=Charles G Waldman 131209" atlas
"/DC=org/DC=doegrids/OU=People/CN=John Brunelle 583223" atlas
"/DC=org/DC=doegrids/OU=People/CN=Patrick McGuigan 416226" atlas
"/DC=org/DC=doegrids/OU=People/CN=wenjing wu 545240" atlas
"/DC=org/DC=doegrids/OU=People/CN=Neng Xu 462175" atlas
"/DC=org/DC=doegrids/OU=People/CN=Wei Yang 74203" atlas
"/DC=org/DC=doegrids/OU=People/CN=Shawn McKee 83467" atlas


Production role change

All proxy for production system should be using /atlas/Role=production  instead of /atlas/usatlas/Role=production and/or simple grid-proxy.
  • All DDM proxies for space token areas.  If you run your DQ2 site service using your proxy, make sure that you have this role.  Also, keep in mind that voms last only 12-96 hours depending on the voms server.  Make sure to renew your voms proxy within that period. To request the role, send email to Alessandro.De.Salvo@cern.ch (with cc to jhover@bnl.gov)
  • Panda/PILOT proxy.

New worker node-client

Make sure the new worker node client which has LFC libraries has been installed.

To be OK the new wn-client should return from vdt-version: >= 1.10.1k (or 1.10.1.mwt2)

Another test is:

source $OSG_GRID/setup.sh
python -c 'import lfc'

If there is no import error you are OK. If $OSG_GRID is not in your environment, substitute its supposed value. Check AtlasWorkerNode for install and upgrade instructions.

Pilot submitter for new role

Pilots must come in with the /atlas/Role=production.

Changes in SchedDB

The Site configuration, visible in Panda monitor has to go through a series of changes to accommodate both space tokens and LFC. At the end of he process pay attention to the followinf attributes: copyprefix, copytool (and copytoolin), dq2url, lfchost, lfcpath, lfcprodpath, se, sepath, seprodpath, setokens. Here is an example for ANALY_MWT2 
copyprefix = ^srm://uct2-dc1.uchicago.edu
copytool = lcg-cp2
copytoolin = dccp
dq2url = ''
lfchost = uct2-grid5.uchicago.edu
lfcpath = /grid/atlas/users/pathena
lfcprodpath = /grid/atlas/dq2
se = token:ATLASUSERDISK:srm://uct2-dc1.uchicago.edu:8443/srm/managerv2?SFN=
sepath = /pnfs/uchicago.edu/atlasuserdisk
seprodpath = /pnfs/uchicago.edu/atlasuserdisk
setokens = ATLASUSERDISK
Specially:
  • dq2url is an empty string
  • for analysis sites sepath= seprodpath (even if the production path is different)
  • setokens are ATLASUSERDISK or ATLASPRODDISK

Setup the PATHS and permissions (in both the SE and the LFC)

Create the required base directories and make sure that permissions are correct (generally 0x775).

Create the required base paths in LFC and use lfc-setacl to set the correct permissions, e.g. for analysis: 

$ lfc-mkdir -p /grid/atlas/users/pathena
$ lfc-setacl -m g:atlas/Role=production:rwx,m:rwx /grid/atlas/users/pathena
$ lfc-setacl -m g:atlas/usatlas/Role=production:rwx,m:rwx /grid/atlas/users/pathena

Switching over DQ2 site service

  • Edit /opt/dq2/etc/dq2.cfg     Remove your LRC information shown in [dq2-info] section.
  • Edit/request change to ToA.    Removing your LRC and add new LFC for your site.
    • Note: syntax for LFC is: 
lfc://hostname.site.org:/grid/atlas

  • Make sure voms are renewed in the short period.
  • if you still serve gridftp endpoint as well as space-token srm, you still need myproxy. 
    • If you don't want to use gridftp endpint with voms proxy, you can do myproxy-init -d -c long-hours as you have done this before.
    • If you want to use grdiftp endpoint with your new voms/role, you need to use myproxy-init -d -c short-hours -voms atlas:/atlas/Role=production   The voms client which came with your DQ2 might be too old.  VDT version has newer client which has this support.
    • Watch out what different roles are mapped in your local SE.


-- RobertGardner - 29 Sep 2008

About This Site

Please note that this site is a content mirror of the BNL US ATLAS TWiki. To edit the content of this page, click the Edit this page button at the top of the page and log in with your US ATLAS computing account name and password.


Attachments

 
Powered by TWiki
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback