Difference between revisions of "RucioNewVO"

From GridPP Wiki
Jump to: navigation, search
(Pre-requisites)
(Process)
Line 14: Line 14:
  
 
== Process ==  
 
== Process ==  
 +
 +
=== Users ===
 +
 
To request a new VO to be setup
 
To request a new VO to be setup
 +
 +
=== Admin ===
 +
 +
==== Pre-cert look-up ====
 +
 +
Created a new VM either using a snapshot of the Daemons server01 and named new server 0X or start a set-up from scratch in containers
 +
 +
Copy across the usercert and userkey to a new /opt/rucio/<new VO>
 +
 +
Add the <new VO> to the list of valid VOs by copying the relevant files to the /etc/vomses directory this may include the voms*.pem lcg-voms*.pem and within this directory make a new directory of <new VO>
 +
 +
Add the <new VO> LSC file in the newly created /etc/grid-security/vomsdir/<new VO>
 +
 +
Add the <new VO> information in the /etc/vomses/ directory, it only needs to be a simple text file with the following format:
 +
 +
"<VO name>" "<VO URL>" "<PORT>" "<DN>" "<VO name>" "<??>" - need to look up the last number
 +
 +
"dteam" "voms2.hellasgrid.gr" "15004" "/C=GR/O=HellasGrid/OU=hellasgrid.gr/CN=voms2.hellasgrid.gr" "dteam" "24"
 +
 +
Use voms-proxy-init --voms <new VO> specifying the usercert and userkey you copied earlier and output to the /opt/rucio/ska/x509PlainProxy - this will be changed in the future, but currently many scripts and Rucio components point here.
 +
 +
Edit the cron (in /etc/cron.d) 'renew-proxy.cron' to point to the correct --<new VO>
 +
 +
Once the cron has run, check the /var/log/renew-proxy.log for success of creating the proxy to persist beyond the day.
 +
 +
===== If you want testing for the VO and RSEs that are registered with the VO =====
 +
 +
There is a script in /etc/cron.dAfter correcting the functional test script from rucio --vo dteam
 +
to rucio --vo dtm
 +
the script runs, and other than QMUL which has not been added as an RSE yet functions to upload files, create containers of files and transfer files between sites for dteam

Revision as of 15:19, 5 May 2021

Introduction

This page describes the progress of how you request a new VO to be created on the RAL Multi-VO instance.

Use Case

The Multi-VO Rucio instance at RAL is design to be able to support multiple Virtual Organisations (VOs). A VO normally maps to a science experiment / project (e.g. ATLAS or GridPP). Each VO is kept entirely separate from each other. e.g. you won't be able to see the files that other experiments have stored.

  • VOs that wish to manage their data across several sites and plan to store less than 10PB or 100 million files.
  • VOs that would like to evaluate Rucio to see if it is the correct solution for them.

Pre-requisites

Currently in order to make use of the Rucio instance at RAL you need to have an existing precesence on the Grid

  • Your experiment/project must be an established Virtual Organisation (VO).

Process

Users

To request a new VO to be setup

Admin

Pre-cert look-up

Created a new VM either using a snapshot of the Daemons server01 and named new server 0X or start a set-up from scratch in containers

Copy across the usercert and userkey to a new /opt/rucio/<new VO>

Add the <new VO> to the list of valid VOs by copying the relevant files to the /etc/vomses directory this may include the voms*.pem lcg-voms*.pem and within this directory make a new directory of <new VO>

Add the <new VO> LSC file in the newly created /etc/grid-security/vomsdir/<new VO>

Add the <new VO> information in the /etc/vomses/ directory, it only needs to be a simple text file with the following format:

"<VO name>" "<VO URL>" "<PORT>" "<DN>" "<VO name>" "<??>" - need to look up the last number
"dteam" "voms2.hellasgrid.gr" "15004" "/C=GR/O=HellasGrid/OU=hellasgrid.gr/CN=voms2.hellasgrid.gr" "dteam" "24"

Use voms-proxy-init --voms <new VO> specifying the usercert and userkey you copied earlier and output to the /opt/rucio/ska/x509PlainProxy - this will be changed in the future, but currently many scripts and Rucio components point here.

Edit the cron (in /etc/cron.d) 'renew-proxy.cron' to point to the correct --<new VO>

Once the cron has run, check the /var/log/renew-proxy.log for success of creating the proxy to persist beyond the day.

If you want testing for the VO and RSEs that are registered with the VO

There is a script in /etc/cron.dAfter correcting the functional test script from rucio --vo dteam to rucio --vo dtm the script runs, and other than QMUL which has not been added as an RSE yet functions to upload files, create containers of files and transfer files between sites for dteam