SEE-GRID VO site configuration
From EGEE-see WIki
This wiki page describes configuration of a SEE-GRID site to support:
- Mapping to generic seegrid pool accounts when no role is specified. Generic accounts have a small fairshare and are limited to only a few CPUs.
- Mapping of ops role to a small number of pool accounts. Ops accounts have one CPU reserved at all times.
- Mapping of sgmadmin role to a small number of pool accounts. SGM accounts can install VO application software in the shared software area.
- Mapping of an application group (/seegrid/BG/App/SALUTE in the example) to a medium sized number of pool accounts. Application accounts have a larger fairshare and CPU limit than the generic seegrid accounts.
Contents |
Creating pool accounts
Pool accounts are be created using yaim's users.conf. Large number of generic pool accounts is created using seegrid as the primary group:
3001:seegrid001:1400:seegrid:seegrid:: 3002:seegrid002:1400:seegrid:seegrid:: ... 3200:seegrid200:1400:seegrid:seegrid::
A small number of special accounts is created for previously described purposes. These accounts are marked using a special tags (ops, sgm, app) that are used as a link to entries in groups.conf. Different primary groups are also used in order to assign different privileges to these accounts.
3501:opsseegrid001:1401,1400:opsseegrid,seegrid:seegrid:ops: 3502:opsseegrid002:1401,1400:opsseegrid,seegrid:seegrid:ops: ... 3510:opsseegrid010:1401,1400:opsseegrid,seegrid:seegrid:ops:
3601:sgmseegrid001:1402,1400:sgmseegrid,seegrid:seegrid:sgm: 3602:sgmseegrid002:1402,1400:sgmseegrid,seegrid:seegrid:sgm: ... 3610:sgmseegrid010:1402,1400:sgmseegrid,seegrid:seegrid:sgm:
3701:appseegrid001:1403,1400:appseegrid,seegrid:seegrid:app: 3702:appseegrid002:1403,1400:appseegrid,seegrid:seegrid:app: ... 3750:appseegrid050:1403,1400:appseegrid,seegrid:seegrid:app:
Mapping roles to pool accounts
Adding the following lines to groups.conf should generate the correct mapping:
"/VO=seegrid/GROUP=/seegrid/ROLE=ops":::ops: "/VO=seegrid/GROUP=/seegrid/ROLE=sgmadmin":::sgm: "/VO=seegrid/GROUP=/seegrid/BG/App/SALUTE":::app: "/VO=seegrid/GROUP=/seegrid":::: "/VO=seegrid/GROUP=/seegrid/*"::::
The last line allows correct mapping of special VO groups that are not explicitly listed (e.g. /seegrid/RS/App/VIVE) to generic pool accounts. SEE-GRID VOMS servers should also be listed in site-info.def:
VO_SEEGRID_VOMSES=" 'seegrid voms.irb.hr 15010 /C=HR/O=edu/OU=irb/CN=host/voms.irb.hr seegrid' 'seegrid voms.grid.auth.gr 15040 /C=GR/O=HellasGrid/OU=grid.auth.gr/CN=voms.grid.auth.gr seegrid' " VO_SEEGRID_VOMS_SERVERS=" 'vomss://voms.irb.hr:8443/voms/seegrid?/seegrid' 'vomss://voms.grid.auth.gr:8443/voms/seegrid?/seegrid' "
Verification of VOMS proxy extensions also requires VOMS server host certificates to be available on the machine. These certificates are provided through an rpm file. It can be installed using:
# rpm -ihv http://www.irb.hr/users/vvidic/seegrid/seegrid-0.5-2.noarch.rpm Retrieving http://www.irb.hr/users/vvidic/seegrid/seegrid-0.5-2.noarch.rpm Preparing... ########################################### [100%] 1:seegrid ########################################### [100%]
Older versions of the rpm are also available.
After reconfiguring the LCG-CE or just running the relevant functions:
/opt/glite/yaim/bin/yaim -r -s site-info.def -n lcg-CE -f config_users -f config_mkgridmap
the result can be seen in:
- /opt/edg/etc/edg-mkgridmap.conf
# SEEGRID # Map VO members (ops) group vomss://voms.irb.hr:8443/edg-voms-admin/seegrid?/seegrid/Role=ops .opsseegrid # Map VO members (sgm) group vomss://voms.irb.hr:8443/edg-voms-admin/seegrid?/seegrid/Role=sgmadmin .sgmseegrid # Map VO members (app) group vomss://voms.irb.hr:8443/edg-voms-admin/seegrid?/seegrid/BG/App/SALUTE .appseegrid # Map VO members (root Group) group vomss://voms.irb.hr:8443/edg-voms-admin/seegrid?/seegrid .seegrid
- /opt/edg/etc/lcmaps/gridmapfile:
"/VO=seegrid/GROUP=/seegrid/ROLE=ops/Capability=NULL" .opsseegrid "/VO=seegrid/GROUP=/seegrid/ROLE=ops" .opsseegrid "/VO=seegrid/GROUP=/seegrid/ROLE=sgmadmin/Capability=NULL" .sgmseegrid "/VO=seegrid/GROUP=/seegrid/ROLE=sgmadmin" .sgmseegrid "/VO=seegrid/GROUP=/seegrid/BG/App/SALUTE/Role=NULL/Capability=NULL" .appseegrid "/VO=seegrid/GROUP=/seegrid/BG/App/SALUTE" .appseegrid "/VO=seegrid/GROUP=/seegrid/Role=NULL/Capability=NULL" .seegrid "/VO=seegrid/GROUP=/seegrid" .seegrid "/VO=seegrid/GROUP=/seegrid/*/Role=NULL/Capability=NULL" .seegrid "/VO=seegrid/GROUP=/seegrid/*" .seegrid
- /opt/edg/etc/lcmaps/groupmapfile:
"/VO=seegrid/GROUP=/seegrid/ROLE=ops/Capability=NULL" opsseegrid "/VO=seegrid/GROUP=/seegrid/ROLE=ops" opsseegrid "/VO=seegrid/GROUP=/seegrid/ROLE=sgmadmin/Capability=NULL" sgmseegrid "/VO=seegrid/GROUP=/seegrid/ROLE=sgmadmin" sgmseegrid "/VO=seegrid/GROUP=/seegrid/BG/App/SALUTE/Role=NULL/Capability=NULL" appseegrid "/VO=seegrid/GROUP=/seegrid/BG/App/SALUTE" appseegrid "/VO=seegrid/GROUP=/seegrid/Role=NULL/Capability=NULL" seegrid "/VO=seegrid/GROUP=/seegrid" seegrid "/VO=seegrid/GROUP=/seegrid/*/Role=NULL/Capability=NULL" seegrid "/VO=seegrid/GROUP=/seegrid/*" seegrid
Implementing scheduling policy
Batch system should be configured to allow jobs from all the mentioned groups:
VOS="seegrid" QUEUES="seegrid" SEEGRID_GROUP_ENABLE="seegrid opsseegrid sgmseegrid appseegrid"
The following maui configuration reserves one CPU for monitoring jobs and gives them high priority so they run immediately:
# use any working node SRCFG[ops] FLAGS=SPACEFLEX # reserve one cpu SRCFG[ops] TASKCOUNT=1 RESOURCES=PROCS:1 # reserve it forever SRCFG[ops] PERIOD=INFINITY # it can be used by seegrid ops group SRCFG[ops] GROUPLIST=opsseegrid # give it enough priority to run imediately GROUPWEIGHT 1 GROUPCFG[opsseegrid] PRIORITY=1000000
Faresharing allows specific application jobs (mapped to appseegrid group) to get more CPU time than other (normal) jobs.
# We will consider the last 7 24 hour periods for our fair # share calculations. The influence of each 24 hour period # decreases by a factor of 0.8 each time. FSPOLICY DEDICATEDPS FSDEPTH 7 FSINTERVAL 24:00:00 FSDECAY 0.8 FSWEIGHT 1 FSUSERWEIGHT 5 FSGROUPWEIGHT 30 GROUPCFG[appseegrid] FSTARGET=50 MAXPROC=50,100 GROUPCFG[seegrid] FSTARGET=10 MAXPROC=10,100
