Difference between revisions of "RucioNewVO"

From GridPP Wiki
Jump to: navigation, search
(Pre-cert look-up)
(Pre-cert look-up)
Line 21: Line 21:
 
=== Admin ===
 
=== Admin ===
  
==== Pre-cert look-up ====
+
==== Setup of the Daemon server for each VO ====
  
 
Created a new VM either using a snapshot of the Daemons server01 and named new server 0X or start a set-up from scratch in containers
 
Created a new VM either using a snapshot of the Daemons server01 and named new server 0X or start a set-up from scratch in containers

Revision as of 07:44, 6 May 2021

Introduction

This page describes the progress of how you request a new VO to be created on the RAL Multi-VO instance.

Use Case

The Multi-VO Rucio instance at RAL is design to be able to support multiple Virtual Organisations (VOs). A VO normally maps to a science experiment / project (e.g. ATLAS or GridPP). Each VO is kept entirely separate from each other. e.g. you won't be able to see the files that other experiments have stored.

  • VOs that wish to manage their data across several sites and plan to store less than 10PB or 100 million files.
  • VOs that would like to evaluate Rucio to see if it is the correct solution for them.

Pre-requisites

Currently in order to make use of the Rucio instance at RAL you need to have an existing precesence on the Grid

  • Your experiment/project must be an established Virtual Organisation (VO).

Process

Users

To request a new VO to be setup

Admin

Setup of the Daemon server for each VO

Created a new VM either using a snapshot of the Daemons server01 and named new server 0X or start a set-up from scratch in containers

Copy across the usercert and userkey to a new /opt/rucio/<new VO>

Add the <new VO> to the list of valid VOs by copying the relevant files to the /etc/vomses directory this may include the voms*.pem lcg-voms*.pem and within this directory make a new directory of <new VO>

Add the <new VO> LSC file in the newly created /etc/grid-security/vomsdir/<new VO>

Add the <new VO> information in the /etc/vomses/ directory, it only needs to be a simple text file with the following format:

"<VO name>" "<VO URL>" "<PORT>" "<DN>" "<VO name>" - need to look up the last number
"dteam" "voms2.hellasgrid.gr" "15004" "/C=GR/O=HellasGrid/OU=hellasgrid.gr/CN=voms2.hellasgrid.gr" "dteam"

Use voms-proxy-init --voms <new VO> specifying the usercert and userkey you copied earlier and output to the /opt/rucio/ska/x509PlainProxy - this will be changed in the future, but currently many scripts and Rucio components point here.

Edit the cron (in /etc/cron.d) 'renew-proxy.cron' to point to the correct --<new VO>

Once the cron has run, check the /var/log/renew-proxy.log for success of creating the proxy to persist beyond the day.

If you want testing for the VO and RSEs that are registered with the VO

There is a script in /etc/cron.d on daemon01 and daemon02, called functional_test.cron which points to functional_test.sh which will need to be copied and edited with the cron.

The .sh file needs to be edited to use the <NEW VO 3 char code> and the RSEs that the VO is associated with.