Grid Elements deployment
Quick gLite Middleware Deployment HOW-TO for EU-IndiaGrid
EU-IndiaGrid sites willing to deploy gLite services (CE, SE, UI, WN) might consider to follow the installation/configuration instructions of the INFNGRID release gLite 3.1/SL4 guide or gLite 3.2/SL5 guide.
Commodity PCs are typically enough powerful to run the majority of the grid services. A minimal hardware configuration can be the following: a biprocessor machine with 1GB/core of RAM and 80GB SATA of HD.
Most recent machines with 2-CPU quad-core and 2GB/core RAM can even be virtualized to host 4 different grid services with minimal loss of performances.
The most relevant grid elements you may want to deploy at your site are gLite 3.2 version on Scientific Linux 5 (x86_64 architecture). Some grid elements are still available as gLite 3.1 version on Scientific Linux 4/x86_32. The plan for migrating all of the grid elements to gLite 3.2 is available here.
Most of grid services needs a X509 certificate issued by a IGTF recognized Certification Authority (e.g. IGCA , INFN CA, LCG catch-all,...). E.g. European sites should identify here their national CA and verify if their Institute is already a Registration Authority (RA) of that CA. If not, they should ask the CA to become a qualified RA, in order to be able to issue both host and personal certificates needed for grid operations. Indian sites should get their certificate from IGCA.
Be sure that the administrative network domain hosting the gLite services to be deployed is configured in order to allow communications with external hosts and ports as described in the document available here. In particular:
- most of the grid services has to be run on hosts with public IP address, and only the WNs can run under NAT with an appropriate configuration;
- you need DNS Reverse Name Resolution to make Grid Security Infrastructure (GSI) to work properly;
- time syncronisation (within minutes) among interacting grid elements is also required by GSI. The use of Network Time Protocol (NTP) is reccomended;
As an example, for the UI you should make sure that the following ports are open for communication with the euindia VO services:
| from | port | to | port | service |
|---|---|---|---|---|
| localhost | >1023 | eu-india-02.pd.infn.it | 7443 | WMProxy |
| localhost | >1023 | eu-india-02.pd.infn.it | 2811 | gridFTP Server |
| localhost | >1023 | eu-india-04.pd.infn.it | 9000 | LB |
| localhost | >1023 | eu-india-04.pd.infn.it | 9003 | LB |
| localhost | >1023 | voms2.cnaf.infn.it | 15010 | VOMS Server |
| localhost | >1023 | voms-02.pd.infn.it | 15010 | backup VOMS Server |
This release is 100% compatible with gLite 3.x release, but has some additional advanced accounting and monitoring features, and furthermore allows you to automatically enable the euindia VO at your site. The updates of INFNGRID Release are very frequent and important, please pay attention to them checking periodically the link.
The release is of course fully supported by the IGI Operations Centre (the old Regional Operation Centre in EGEE terminology) with a ticketing system, a knowledge base, and 4 people a day weekly rotating on duty covering 11 hours during the working days (11x5).
More infos are available here.
euindia VO service configuration
At the link https://voms2.cnaf.infn.it:8443/voms/euindia/configuration/configuration.action you'll find the data needed to configure the Grid services you might want to deploy at your site.
If you are using the INFN-GRID release, you can automatically enable the euindia VO in your gLite services using ig-yaim. In particulary, the file /opt/glite/yaim/examples/ig-site-info.def already contains the needed lines:
VO_EUINDIA_SW_DIR=$VO_SW_DIR/euindia
VO_EUINDIA_DEFAULT_SE=$CLASSIC_HOST
VO_EUINDIA_STORAGE_DIR=$CLASSIC_STORAGE_DIR/euindia
VO_EUINDIA_QUEUES="grid"
VO_EUINDIA_VOMS_SERVERS="'vomss://voms2.cnaf.infn.it:8443/voms/euindia?/euindia'
'vomss://voms-02.pd.infn.it:8443/voms/euindia?/euindia'"
VO_EUINDIA_VOMSES="'euindia voms2.cnaf.infn.it 15010 /C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it euindia'
'euindia voms-02.pd.infn.it 15010 /C=IT/O=INFN/OU=Host/L=Padova/CN=voms-02.pd.infn.it euindia'"
while 20 pool accounts + sgmeuindia00* are included in the relevant files /opt/glite/yaim/etc/ig-users.conf and /opt/glite/yaim/etc/ig-groups.conf
When installing e.g. a Computing Element with ig-yaim then automatically you get the VOMS mapping like:
[root@prod-ce-02 root]# cat /opt/edg/etc/lcmaps/gridmapfile
...
"/VO=euindia/GROUP=/euindia/ROLE=SoftwareManager/Capability=NULL" euindiasgm
"/VO=euindia/GROUP=/euindia/ROLE=SoftwareManager" euindiasgm
"/VO=euindia/GROUP=/euindia/Role=NULL/Capability=NULL" .euindia
"/VO=euindia/GROUP=/euindia" .euindia
The DGAS accounting system is enabled on EU-IndiaGrid infrastrucure, via the HLR server hosted at INFN-Padova. Please configure the site-info.def of your CE with the line:
HLR_RESOURCE="prod-hlr-01.pd.infn.it:56568"
If you are not using INFN-GRID, e.g. you are just re-configuring a previous existing LCG/gLite tier-2 site, you'll need to install the euindia VOMS server certificate, which is not included in the gLite official rpms. You can download it from http://grid-it.cnaf.infn.it/mrepo/ig_sl4-i386/RPMS.3_1_0/ig-vomscerts-all-latest.noarch.rpm
euindia VO dedicated gLite services
A small test-bed with some high-level gLite services has been set-up at INFN-PADOVA and INFN-CNAF. It is composed by:
a glite-WMS hosted by eu-india-02.pd.infn.it (193.206.210.245)
a glite-LB hosted by eu-india-04.pd.infn.it (193.206.210.247)
a glite-BDII hosted by eu-india-03.pd.infn.it (193.206.210.246)
a GStat server (http://gstat-prod.cern.ch/gstat/summary/VO/euindia/)
a glite-VOMS server (https://voms2.cnaf.infn.it:8443/voms/euindia) (131.154.101.172)
a gLite-LFC catalogue hosted by lfcserver.cnaf.infn.it (131.154.101.156)
Users members of euindia VO can exploit the glite-WMS to submit jobs to Computing Elements of the test-bed (see here how to become an euindia VO member).
Up to now 15 CEs have enabled euindia VO:
$ glite-wms-job-list-match -a dummy.jdl
Connecting to the service https://eu-india-02.pd.infn.it:7443/glite_wms_wmproxy_server
==========================================================================
COMPUTING ELEMENT IDs LIST
The following CE(s) matching your job requirements have been found:
*CEId*
- ce-cr-02.ts.infn.it:8443/cream-lsf-grid
- cert-15.pd.infn.it:8443/cream-lsf-grid
- cert-37.pd.infn.it:8443/cream-lsf-grid
- grid001.ts.infn.it:2119/jobmanager-lcglsf-grid
- prod-ce-02.pd.infn.it:2119/jobmanager-lcglsf-grid
- serv07.hep.phy.cam.ac.uk:2119/jobmanager-lcgcondor-euindia
- t2-ce-03.lnl.infn.it:2119/jobmanager-lcglsf-euindia1
- t2-ce-06.lnl.infn.it:8443/cream-lsf-euindia1
- briareo.grid.elettra.trieste.it:8443/cream-pbs-iblade
- ce-01.grid.sissa.it:8443/cream-pbs-blade
- grid-ce-01.ba.infn.it:2119/jobmanager-lcgpbs-infinite
- grid-ce-01.ba.infn.it:2119/jobmanager-lcgpbs-long
- grid-ce-01.ba.infn.it:2119/jobmanager-lcgpbs-short
- grid012.ct.infn.it:2119/jobmanager-lcglsf-euindia
- prod-ce-01.pd.infn.it:8443/cream-lsf-grid
- t2-ce-01.lnl.infn.it:8443/cream-lsf-euindia1
- t2-ce-02.lnl.infn.it:8443/cream-lsf-euindia1
- t2-ce-04.lnl.infn.it:8443/cream-lsf-euindia1
- t2-ce-05.lnl.infn.it:8443/cream-lsf-euindia1
- cream-ce-2.ba.infn.it:8443/cream-pbs-infinite
- cream-ce-2.ba.infn.it:8443/cream-pbs-long
- cream-ce-2.ba.infn.it:8443/cream-pbs-short
==========================================================================
When other sites will to join the test-bed, they will be match-ables by the glite-WMS, as soon as they'll send us the LDAP address of their site-BDII. This is a string like:
ldap://prod-ce-01.pd.infn.it:2170/mds-vo-name=INFN-PADOVA,o=grid
and it allows us to include your site to our TOP BDII eu-india-03.pd.infn.it
