ALICE Vacuum VMs
This page explains how to use the ALICE VMs maintained by GridPP with Vac or Vcycle, which are currently based on CernVM3 and provide a SL6 environment.
To enable the VMs to pull jobs from the central ALICE services at CERN, please contact andrew.mcnab AT cern.ch to start the process. He will Cc: you into emails with the ALICE team at CERN.
Normally you should use the ALICE vacuum pipe JSON file provided by GridPP. This defines the VMs in terms of image, contextualization file, and parameters. To use the current ALICE pipe you need Vac 3.0 or greater. The pipe may contain definitions of multiple types of VM, but the running VMs will normally all be the alice-vm-mcore machinetype (the name you assign to the ALICE vacuum pipe, usually "alice", followed by the vm-mcore suffix specified in the VM definition.)
The configuration for ALICE in your Vac or Vcycle conf files can simply be:
[vacuum_pipe ALICE] vacuum_pipe_url = https://repo.gridpp.ac.uk/vacproject/alice/alice.pipe target_share = CHANGEMEwhere you set CHANGEME to an appropriate value relative to your other experiments VMs (Vac or Vcycle does the normalisation to 100%).
Vac settings configuration
The ALICE VMs make heavy use of CernVM-FS and so it is necessary to provide the VMs with a Squid cache they can access. In Vac 3.0 this can be set globally with
user_data_option_cvmfs_proxy = CHANGEMEin the [settings] section of the Vac configuration.
With Vac 00.21 onwards, it is not necessary to specify the amount of disk per-VM as Vac will share out the space in the vac_volume_group automatically. However, you should ensure there is at least 40GB per VM in the volume group.
Host certificate / key
You need to obtain a host certificate and key from your usual grid certificate authority which the VMs can use for authentication with ALICE. You should normally use a DNS hostname which is specific to ALICE but is part of your site's DNS space. It doesn't need to correspond to a real host or really exist as an entry on your DNS servers: just that you are entitled to register it. So if your site's domain name is example.cc then a certificate for ALICE-vm.example.cc with a DN like /C=CC/O=XYZ/CN=alice-vm.example.cc would be a good choice.
The x509cert.pem and x509key.pem for this certificate should be placed in ALICE vacuum pipe's machinetype directory such as /var/lib/vac/machinetypes/alice/ (for Vac) or /var/lib/vcycle/spaces/SPACENAME/machinetypes/alice/ (for Vcycle). Again "alice" in those file paths is the vacuum pipe name. (They must not be placed in the files subdirectory. This is because ALICE VMs request that Vac/Vcycle create an X.509 proxy from the certificate/key on the fly, rather than just passing files from the files subdirectory directly into the VM.)