Difference between revisions of "New VO deployment"

From GridPP Wiki
Jump to: navigation, search
(Tweaks. Removed dead link.)
Line 3: Line 3:
 
The general procedure is sketched out in the section [[Instruction for VO administrators]]. The process is still under development, and anyone wishing to create a new VO should contact the [https://www.gridpp.ac.uk/deployment/contact.html Deployment Team] for further help and information (in particular the Production Manager, Security Officer and VOMS Manager).
 
The general procedure is sketched out in the section [[Instruction for VO administrators]]. The process is still under development, and anyone wishing to create a new VO should contact the [https://www.gridpp.ac.uk/deployment/contact.html Deployment Team] for further help and information (in particular the Production Manager, Security Officer and VOMS Manager).
  
It is also possible to join an existing VO, of course, if there is one with similar goals: see the [http://operations-portal.egi.eu/vo/registrationWelcome EGI VO registration portal], and in particular the [http://operations-portal.egi.eu/vo/search list of existing VOs] (click the + on the left to see the VO information - a new VO would need to provide the same information.)
+
It is also possible to join an existing VO, of course, if there is one with similar goals: see the [http://operations-portal.egi.eu/vo/search EGI VO registration portal].
  
What follows below is general information that you should be aware of if you want to start a VO.  
+
What follows below is general information that you should be aware of if you want to start a VO. There are sort of two different flavours of VOs, a national (or local) one where
  
 
===Information needed===
 
===Information needed===
The VO will need to provide some information, partly for security reasons and partly to let system administrators judge what resources the VO will be likely to need. Useful information would include:
+
The VO will need to provide some information, partly for security reasons and partly to let system administrators judge what resources the VO will be likely to need.  
* VO name. This should be reasonably short, distinctive, and must not clash with any existing VO. A lower-case name is recommended, and generally no more than five or six characters (letters and numbers are allowed in the name, but most other characters are not). There is a recommendation to base VO names on DNS names to avoid name clashes, so that  GridPP VOs should have names like xxx.gridpp.ac.uk.
+
 
 +
* Name of the VO. This should be reasonably short, distinctive, and must not clash with any existing VO. A VO will typically have two names, a short name (usually lower case), say "poohsticks" (an experiment running poohsticks simulations), and a DNS style name, such as vo.poohsticks.org (assuming they own the DNS name poohsticks.org.)
 
* VO support contacts - both specific responsible people and various experiment mailing lists.
 
* VO support contacts - both specific responsible people and various experiment mailing lists.
 
* Security contacts - ideally at least two people who can respond quickly in the event of a security incident relating to a member of the VO, or to the VO as a whole.
 
* Security contacts - ideally at least two people who can respond quickly in the event of a security incident relating to a member of the VO, or to the VO as a whole.
Line 16: Line 17:
 
* Software requirements - any software beyond the basic Linux tools/libraries, including things which are part of standard distributions as they may not be installed by default.
 
* Software requirements - any software beyond the basic Linux tools/libraries, including things which are part of standard distributions as they may not be installed by default.
 
* Typical usage pattern - expected job frequency and variation over time, job length, data read and written per job etc.
 
* Typical usage pattern - expected job frequency and variation over time, job length, data read and written per job etc.
* Glue schema fields used - this would give an idea of what is really used in the information system and needs to be ensured to be properly set and maintained.
 
 
* General procedures - for example if the site has to request the installation of VO software.
 
* General procedures - for example if the site has to request the installation of VO software.
 
* Size of the VO (i.e how many users), to give a guide to how many pool accounts to create.  
 
* Size of the VO (i.e how many users), to give a guide to how many pool accounts to create.  
  
 
See the [http://www.phenogrid.dur.ac.uk/howto/config Phenogrid] web site for an example of the sort of thing required. You can also have a look at a [https://www.gridpp.ac.uk/deployment/users/questionnaire.html questionnaire] which EGEE has used to start discussions with new VOs.
 
See the [http://www.phenogrid.dur.ac.uk/howto/config Phenogrid] web site for an example of the sort of thing required. You can also have a look at a [https://www.gridpp.ac.uk/deployment/users/questionnaire.html questionnaire] which EGEE has used to start discussions with new VOs.
 
The EGEE operations group has developed a standardised [http://operations-portal.egi.eu/aboutportal/map VO ID card] to provide this kind of information. Most of the entries are well explained.
 
  
 
===Security considerations===
 
===Security considerations===
Line 48: Line 46:
 
[[Category:VOMS]]
 
[[Category:VOMS]]
  
{{KeyDocs|responsible=Jens Jensen|reviewdate=2014-10-16|accuratedate=2014-10-16|percentage=80}}
+
{{KeyDocs|responsible=Jens Jensen|reviewdate=2015-05-05|accuratedate=2015-05-05|percentage=80}}

Revision as of 10:20, 5 May 2015

Creating a New VO

The general procedure is sketched out in the section Instruction for VO administrators. The process is still under development, and anyone wishing to create a new VO should contact the Deployment Team for further help and information (in particular the Production Manager, Security Officer and VOMS Manager).

It is also possible to join an existing VO, of course, if there is one with similar goals: see the EGI VO registration portal.

What follows below is general information that you should be aware of if you want to start a VO. There are sort of two different flavours of VOs, a national (or local) one where

Information needed

The VO will need to provide some information, partly for security reasons and partly to let system administrators judge what resources the VO will be likely to need.

  • Name of the VO. This should be reasonably short, distinctive, and must not clash with any existing VO. A VO will typically have two names, a short name (usually lower case), say "poohsticks" (an experiment running poohsticks simulations), and a DNS style name, such as vo.poohsticks.org (assuming they own the DNS name poohsticks.org.)
  • VO support contacts - both specific responsible people and various experiment mailing lists.
  • Security contacts - ideally at least two people who can respond quickly in the event of a security incident relating to a member of the VO, or to the VO as a whole.
  • VO/VOMS server, file catalogue etc. end-points (see below).
  • Hardware requirements - memory size, disk space etc.
  • Software requirements - any software beyond the basic Linux tools/libraries, including things which are part of standard distributions as they may not be installed by default.
  • Typical usage pattern - expected job frequency and variation over time, job length, data read and written per job etc.
  • General procedures - for example if the site has to request the installation of VO software.
  • Size of the VO (i.e how many users), to give a guide to how many pool accounts to create.

See the Phenogrid web site for an example of the sort of thing required. You can also have a look at a questionnaire which EGEE has used to start discussions with new VOs.

Security considerations

The VO will need to provide administrators who take responsibility for adding users into the VO, checking that they understand their responsibilities, and if necessary removing them from the VO if they abuse the system. VOs should define what constitutes acceptable use for their members (in addition to the general acceptable use policies applicable to all grid users).

Some of the security policy documents are relevant to VO creation and operation, and the VO administrators need to ensure that they comply with the relevant policies.

VO services

Each VO will need some VO-specific services. At a minimum you need a VO/VOMS server to store the list of VO users, but file catalogues, resource brokers and perhaps other services may also be needed. These may be run by the VO itself or, by negotiation, as part of the general GridPP infrastructure. In particular a GridPP VOMS server is run by Manchester for the use of the GridPP community; contact the VOMS manager for more information.

Getting the VO enabled at sites

Enabling a VO is a relatively easy process, and sites which are directly associated with the VO (including sites in other countries) should be able to do it given the information described above. To get further resources from other GridPP sites, contact the Deployment Team.

VO software installation

There are various models for dealing with the installation of VO-specific software. If only a few dedicated sites are involved the software can be directly installed by the administrators. If the software is relatively compact it can be shipped with the job in the sandbox, or downloaded from a Storage Element or a web site.

There is also a more general method to install software in VO-specific disk space visible from the Worker Nodes.

Support procedures

  • VOs should be prepared to support their users at least in the use of VO-specific software.
  • More general Grid support will be provided by GridPP as a whole, including community support by users themselves.
  • VO support liaison should sign up for a mailing list (details to be added)

The standard support route for all Grid users is the GGUS portal, as described here. For regional (e.g. GridPP-specific) VOs the tickets will generally be directed back to the UK Grid helpdesk. There is also a GridPP Users mailing list (see the JISCmail web site for subscription information).

This page is a Key Document, and is the responsibility of Jens Jensen. It was last reviewed on 2015-05-05 when it was considered to be 80% complete. It was last judged to be accurate on 2015-05-05.