Difference between revisions of "RucioNewVO"
(→Pre-cert look-up) |
(→Pre-cert look-up) |
||
Line 21: | Line 21: | ||
=== Admin === | === Admin === | ||
− | ==== | + | ==== Setup of the Daemon server for each VO ==== |
Created a new VM either using a snapshot of the Daemons server01 and named new server 0X or start a set-up from scratch in containers | Created a new VM either using a snapshot of the Daemons server01 and named new server 0X or start a set-up from scratch in containers |
Revision as of 07:44, 6 May 2021
Contents
Introduction
This page describes the progress of how you request a new VO to be created on the RAL Multi-VO instance.
Use Case
The Multi-VO Rucio instance at RAL is design to be able to support multiple Virtual Organisations (VOs). A VO normally maps to a science experiment / project (e.g. ATLAS or GridPP). Each VO is kept entirely separate from each other. e.g. you won't be able to see the files that other experiments have stored.
- VOs that wish to manage their data across several sites and plan to store less than 10PB or 100 million files.
- VOs that would like to evaluate Rucio to see if it is the correct solution for them.
Pre-requisites
Currently in order to make use of the Rucio instance at RAL you need to have an existing precesence on the Grid
- Your experiment/project must be an established Virtual Organisation (VO).
Process
Users
To request a new VO to be setup
Admin
Setup of the Daemon server for each VO
Created a new VM either using a snapshot of the Daemons server01 and named new server 0X or start a set-up from scratch in containers
Copy across the usercert and userkey to a new /opt/rucio/<new VO>
Add the <new VO> to the list of valid VOs by copying the relevant files to the /etc/vomses directory this may include the voms*.pem lcg-voms*.pem and within this directory make a new directory of <new VO>
Add the <new VO> LSC file in the newly created /etc/grid-security/vomsdir/<new VO>
Add the <new VO> information in the /etc/vomses/ directory, it only needs to be a simple text file with the following format:
"<VO name>" "<VO URL>" "<PORT>" "<DN>" "<VO name>" - need to look up the last number
"dteam" "voms2.hellasgrid.gr" "15004" "/C=GR/O=HellasGrid/OU=hellasgrid.gr/CN=voms2.hellasgrid.gr" "dteam"
Use voms-proxy-init --voms <new VO> specifying the usercert and userkey you copied earlier and output to the /opt/rucio/ska/x509PlainProxy - this will be changed in the future, but currently many scripts and Rucio components point here.
Edit the cron (in /etc/cron.d) 'renew-proxy.cron' to point to the correct --<new VO>
Once the cron has run, check the /var/log/renew-proxy.log for success of creating the proxy to persist beyond the day.
If you want testing for the VO and RSEs that are registered with the VO
There is a script in /etc/cron.d on daemon01 and daemon02, called functional_test.cron which points to functional_test.sh which will need to be copied and edited with the cron.
The .sh file needs to be edited to use the <NEW VO 3 char code> and the RSEs that the VO is associated with.