SEE-GRID VO site configuration
From EGEE-see WIki
This wiki page describes configuration of a SEE-GRID site to support:
- Mapping to generic seegrid pool accounts when no role is specified. Generic accounts have a small fairshare and are limited to only a few CPUs.
- Mapping of ops role to a small number of pool accounts. Ops accounts have one CPU reserved at all times.
- Mapping of sgmadmin role to a small number of pool accounts. SGM accounts can install VO application software in the shared software area.
- Mapping of an application group (/seegrid/BG/App/SALUTE in the example) to a medium sized number of pool accounts. Application accounts have a larger fairshare and CPU limit than the generic seegrid accounts.
Contents |
[edit]
Creating pool accounts
Pool accounts are be created using yaim's users.conf. Large number of generic pool accounts is created using seegrid as the primary group:
3001:seegrid001:1400:seegrid:seegrid:: 3002:seegrid002:1400:seegrid:seegrid:: ... 3200:seegrid200:1400:seegrid:seegrid::
A small number of special accounts is created for previously described purposes. These accounts are marked using a special tags (ops, sgm, app) that are used as a link to entries in groups.conf. Different primary groups are also used in order to assign different privileges to these accounts.
3501:opsseegrid001:1401,1400:opsseegrid,seegrid:seegrid:ops: 3502:opsseegrid002:1401,1400:opsseegrid,seegrid:seegrid:ops: ... 3510:opsseegrid010:1401,1400:opsseegrid,seegrid:seegrid:ops:
3601:sgmseegrid001:1402,1400:sgmseegrid,seegrid:seegrid:sgm: 3602:sgmseegrid002:1402,1400:sgmseegrid,seegrid:seegrid:sgm: ... 3610:sgmseegrid010:1402,1400:sgmseegrid,seegrid:seegrid:sgm:
3701:appseegrid001:1403,1400:appseegrid,seegrid:seegrid:app: 3702:appseegrid002:1403,1400:appseegrid,seegrid:seegrid:app: ... 3750:appseegrid050:1403,1400:appseegrid,seegrid:seegrid:app:
[edit]
Mapping roles to pool accounts
Adding the following lines to groups.conf should generate the correct mapping:
"/VO=seegrid/GROUP=/seegrid/ROLE=ops":::ops: "/VO=seegrid/GROUP=/seegrid/ROLE=sgmadmin":::sgm: "/VO=seegrid/GROUP=/seegrid/BG/App/SALUTE":::app: "/VO=seegrid/GROUP=/seegrid":::: "/VO=seegrid/GROUP=/seegrid/*"::::
The last line allows correct mapping of special VO groups that are not explicitly listed (e.g. /seegrid/RS/App/VIVE) to generic pool accounts. SEE-GRID VOMS servers should also be listed in site-info.def:
VO_SEEGRID_VOMSES=" 'seegrid voms.irb.hr 15010 /C=HR/O=edu/OU=irb/CN=host/voms.irb.hr seegrid' 'seegrid voms.grid.auth.gr 15040 /C=GR/O=HellasGrid/OU=auth.gr/CN=voms.grid.auth.gr seegrid' " VO_SEEGRID_VOMS_SERVERS=" 'vomss://voms.irb.hr:8443/voms/seegrid?/seegrid' 'vomss://voms.grid.auth.gr:8443/voms/seegrid?/seegrid' "
Verification of VOMS proxy extensions also requires VOMS server host certificates to be available on the machine. These certificates are provided through EGEE-SEE and SEE-GRID Yum repositories. After configuring repositories in:
- /etc/yum.repos.d/EGEE-SEE.repo
[EGEE-SEE General SL4 noarch] name=EGEE-SEE General Repository (noarch) baseurl=http://rpm.egee-see.org/yum/EGEE-SEE/sl4/noarch gpgcheck=0 [EGEE-SEE General SL4] name=SEE-GRID General Repository baseurl=http://rpm.egee-see.org/yum/EGEE-SEE/sl4/$basearch gpgcheck=0
- /etc/yum.repos.d/SEE-GRID.repo
[SEE-GRID General SL4 noarch] name=SEE-GRID General Repository (noarch) baseurl=http://rpm.egee-see.org/yum/SEE-GRID/sl4/noarch gpgcheck=0 [SEE-GRID General SL4] name=SEE-GRID General Repository baseurl=http://rpm.egee-see.org/yum/SEE-GRID/sl4/$basearch gpgcheck=0
RPMs can be installed by running:
# yum install seegrid Setting up Install Process Setting up repositories Parsing package install arguments Resolving Dependencies Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Installing: seegrid noarch 0.8-1 SEE-GRID General SL4 noarch 1.9 k Installing for dependencies: GridAUTH-vomscert noarch 1.4-2 EGEE-SEE General SL4 noarch 3.7 k IRB-vomscert noarch 20090211-1 EGEE-SEE General SL4 noarch 7.5 k Transaction Summary ============================================================================= Install 3 Package(s) Update 0 Package(s) Remove 0 Package(s) Total download size: 13 k Is this ok [y/N]: y Downloading Packages: Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing: IRB-vomscert ######################### [1/3] Installing: GridAUTH-vomscert ######################### [2/3] Installing: seegrid ######################### [3/3] Installed: seegrid.noarch 0:0.8-1 Dependency Installed: GridAUTH-vomscert.noarch 0:1.4-2 IRB-vomscert.noarch 0:20090211-1 Complete!
Older versions of the RPMs are also available.
After reconfiguring the LCG-CE or just running the relevant functions:
/opt/glite/yaim/bin/yaim -r -s site-info.def -n lcg-CE -f config_users -f config_mkgridmap
the result can be seen in:
- /opt/edg/etc/edg-mkgridmap.conf
# SEEGRID # Map VO members (ops) group vomss://voms.irb.hr:8443/voms/seegrid?/seegrid/Role=ops .opsseegrid # Map VO members (sgm) group vomss://voms.irb.hr:8443/voms/seegrid?/seegrid/Role=sgmadmin .sgmseegrid # Map VO members (app) group vomss://voms.irb.hr:8443/voms/seegrid?/seegrid/BG/App/SALUTE .appseegrid # Map VO members (root Group) group vomss://voms.irb.hr:8443/voms/seegrid?/seegrid .seegrid
- /opt/edg/etc/lcmaps/gridmapfile:
"/VO=seegrid/GROUP=/seegrid/ROLE=ops/Capability=NULL" .opsseegrid "/VO=seegrid/GROUP=/seegrid/ROLE=ops" .opsseegrid "/VO=seegrid/GROUP=/seegrid/ROLE=sgmadmin/Capability=NULL" .sgmseegrid "/VO=seegrid/GROUP=/seegrid/ROLE=sgmadmin" .sgmseegrid "/VO=seegrid/GROUP=/seegrid/BG/App/SALUTE/Role=NULL/Capability=NULL" .appseegrid "/VO=seegrid/GROUP=/seegrid/BG/App/SALUTE" .appseegrid "/VO=seegrid/GROUP=/seegrid/Role=NULL/Capability=NULL" .seegrid "/VO=seegrid/GROUP=/seegrid" .seegrid "/VO=seegrid/GROUP=/seegrid/*/Role=NULL/Capability=NULL" .seegrid "/VO=seegrid/GROUP=/seegrid/*" .seegrid
- /opt/edg/etc/lcmaps/groupmapfile:
"/VO=seegrid/GROUP=/seegrid/ROLE=ops/Capability=NULL" opsseegrid "/VO=seegrid/GROUP=/seegrid/ROLE=ops" opsseegrid "/VO=seegrid/GROUP=/seegrid/ROLE=sgmadmin/Capability=NULL" sgmseegrid "/VO=seegrid/GROUP=/seegrid/ROLE=sgmadmin" sgmseegrid "/VO=seegrid/GROUP=/seegrid/BG/App/SALUTE/Role=NULL/Capability=NULL" appseegrid "/VO=seegrid/GROUP=/seegrid/BG/App/SALUTE" appseegrid "/VO=seegrid/GROUP=/seegrid/Role=NULL/Capability=NULL" seegrid "/VO=seegrid/GROUP=/seegrid" seegrid "/VO=seegrid/GROUP=/seegrid/*/Role=NULL/Capability=NULL" seegrid "/VO=seegrid/GROUP=/seegrid/*" seegrid
[edit]
Implementing scheduling policy
Batch system should be configured to allow jobs from all the mentioned groups:
VOS="seegrid" QUEUES="seegrid" SEEGRID_GROUP_ENABLE="seegrid opsseegrid sgmseegrid appseegrid"
The following maui configuration reserves one CPU for monitoring jobs and gives them high priority so they run immediately:
# use any working node SRCFG[ops] FLAGS=SPACEFLEX # reserve one cpu SRCFG[ops] TASKCOUNT=1 RESOURCES=PROCS:1 # reserve it forever SRCFG[ops] PERIOD=INFINITY # it can be used by seegrid ops group SRCFG[ops] GROUPLIST=opsseegrid # give it enough priority to run imediately GROUPWEIGHT 1 GROUPCFG[opsseegrid] PRIORITY=1000000
Faresharing allows specific application jobs (mapped to appseegrid group) to get more CPU time than other (normal) jobs.
# We will consider the last 7 24 hour periods for our fair # share calculations. The influence of each 24 hour period # decreases by a factor of 0.8 each time. FSPOLICY DEDICATEDPS FSDEPTH 7 FSINTERVAL 24:00:00 FSDECAY 0.8 FSWEIGHT 1 FSUSERWEIGHT 5 FSGROUPWEIGHT 30 GROUPCFG[appseegrid] FSTARGET=50 MAXPROC=50,100 GROUPCFG[seegrid] FSTARGET=10 MAXPROC=10,100
[edit]
