1Maria Dimou- cern-it-gd LCG November 2007 GDB October 2007 VOM(R)S Workshop report https://twiki.cern.ch/twiki/bin/view/LCG/VomsWG Grid Deployment Board.

Slides:

Advertisements

Similar presentations

Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft Torsten Antoni – LCG Operations Workshop, CERN 02-04/11/04 Global Grid User Support - GGUS -

Advertisements

Last update 01/06/ :23 LCG 1Maria Dimou- cern-it-gd Maria Dimou IT/GD Site Registration policy & procedures

Accounting Update Dave Kant Grid Deployment Board Nov 2007.

Status of WLCG Tier-0 Maite Barroso, CERN-IT With input from T0 service managers Grid Deployment Board 9 April Apr-2014 Maite Barroso Lopez (at)

October, Scientific Linux INFN/Trieste B.Gobbo – Compass R.Gomezel - T.Macorini - L.Strizzolo INFN - Trieste.

RLS Tier-1 Deployment James Casey, PPARC-LCG Fellow, CERN 10 th GridPP Meeting, CERN, 3 rd June 2004.

VOX Project Status T. Levshina. Talk Overview VOX Status –Registration –Globus callouts/Plug-ins –LRAS –SAZ Collaboration with VOMS EDG team Preparation.

VOMS Alessandra Forti HEP Sysman meeting April 2005.

CERN Manual Installation of a UI – Oxford July - 1 LCG2 Administrator’s Course Oxford University, 19 th – 21 st July Developed.

Apr 30, 20081/11 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting Apr 30, 2008 Gabriele Garzoglio.

Monitoring in EGEE EGEE/SEEGRID Summer School 2006, Budapest Judit Novak, CERN Piotr Nyczyk, CERN Valentin Vidic, CERN/RBI.

JSPG: User-level Accounting Data Policy David Kelsey, CCLRC/RAL, UK LCG GDB Meeting, Rome, 5 April 2006.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Voms & Voms-admin report Vincenzo Ciaschini.

The huge amount of resources available in the Grids, and the necessity to have the most up-to-date experimental software deployed in all the sites within.

VOMRS/VOMS-Admin Convergence and VO Services Project Status Tanya Levshina Computing Division, Fermilab.

Moving towards VOMS-admin Alberto Rodríguez Peón IT-PES-PS.

13-Jul-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the Joint LCG/EGEE Security Group) CERN 13 July 2004 David Kelsey CCLRC/RAL,

Maarten Litmaath (CERN), GDB meeting, CERN, 2006/02/08 VOMS deployment Extent of VOMS usage in LCG-2 –Node types gLite 3.0 Issues Conclusions.

INFSO-RI Enabling Grids for E-sciencE SA1 and gLite: Test, Certification and Pre-production Nick Thackray SA1, CERN.

Towards a Global Service Registry for the World-Wide LHC Computing Grid Maria ALANDES, Laurence FIELD, Alessandro DI GIROLAMO CERN IT Department CHEP 2013.

GLite – An Outsider’s View Stephen Burke RAL. January 31 st 2005gLite overview Introduction A personal view of the current situation –Asked to be provocative!

LCG Pilot Jobs + glexec John Gordon, STFC-RAL GDB 7 November 2007.

15-Dec-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the Joint Security Policy Group) CERN 15 December 2004 David Kelsey CCLRC/RAL,

Grid Security Vulnerability Group Linda Cornwall, GDB, CERN 7 th September 2005

CERN IT Department CH-1211 Genève 23 Switzerland t Internet Services Job Priorities update Andrea Sciabà IT/GS Ulrich Schwickerath IT/FIO.

Derek Ross E-Science Department DCache Deployment at Tier1A UK HEP Sysman April 2005.

VOMS: Status & Plans Vincenzo Ciaschini, Valerio Venturi MWSG Meeting, CERN, Feb

USATLAS deployment We currently use VOMS Role based authorization in production within USATLAS. In the VO we have defined 4 groups/roles that satisfy our.

Security Operations David Kelsey GridPP Deployment Board 3 Mar 2005

Last update 21/01/ :05 LCG 1Maria Dimou- cern-it-gd Current LCG User Registration, VO management and Authorisation Procedures VOMS workshop

Last update 29/01/ :01 LCG 1Maria Dimou- cern-it-gd Maria Dimou IT/GD CERN VOMS server deployment LCG Grid Deployment Board

Last update 31/01/ :41 LCG 1 Maria Dimou Procedures for introducing new Virtual Organisations to EGEE NA4 Open Meeting Catania.

Experiment Support CERN IT Department CH-1211 Geneva 23 Switzerland t DBES Andrea Sciabà Hammercloud and Nagios Dan Van Der Ster Nicolò Magini.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Update Authorization Service Christoph Witzig,

1Maria Dimou- cern-it-gd LCG GDB May 2008 USAG and direct GGUS ticket routing to Sites Grid Deployment.

Last update 22/02/ :54 LCG 1Maria Dimou- cern-it-gd Maria Dimou IT/GD VO Registration procedure Presented by.

Last update 29/02/ :31 LCG 1Maria Dimou- cern-it-gd Maria Dimou IT/GD VOMS status IT GD Group Meeting

INFSO-RI Enabling Grids for E-sciencE gLite Certification and Deployment Process Markus Schulz, SA1, CERN EGEE 1 st EU Review 9-11/02/2005.

18-May-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) Barcelona 18 May 2004 David Kelsey CCLRC/RAL, UK

VOX Project Tanya Levshina. 05/17/2004 VOX Project2 Presentation overview Introduction VOX Project VOMRS Concepts Roles Registration flow EDG VOMS Open.

Enabling Grids for E-sciencE INFSO-RI Enabling Grids for E-sciencE Gavin McCance GDB – 6 June 2007 FTS 2.0 deployment and testing.

Site Services and Policies Summary Dirk Düllmann, CERN IT More details at

INFSO-RI Enabling Grids for E-sciencE gLite Test and Certification Effort Nick Thackray CERN.

VOX Project Status T. Levshina. 5/7/2003LCG SEC meetings2 Goals, team and collaborators Purpose: To facilitate the remote participation of US based physicists.

Feb 15, 20071/6 OSG EB Meeting – VO Services Status Gabriele Garzoglio VO Services Status OSG EB Meeting Feb 15, 2007 Gabriele Garzoglio, Fermilab.

Last update 13/03/ :11 LCG 1Maria Dimou- cern-it-gd Maria Dimou IT/GD Status of the Task Force for User Registration of LHC Experiment Users

LCG User, Site & VO Registration in EGEE/LCG Bob Cowles OSG Technical Meeting Dec 15-17, 2004 UCSD.

WLCG Operations Coordination report Maria Alandes, Andrea Sciabà IT-SDC On behalf of the WLCG Operations Coordination team GDB 9 th April 2014.

1Maria Dimou- cern-it-gd LCG End of the Task Force for VO User Registration of LHC Experiment Users Grid Deployment.

INFSO-RI Enabling Grids for E-sciencE File Transfer Software and Service SC3 Gavin McCance – JRA1 Data Management Cluster Service.

EGEE is a project funded by the European Union under contract IST Issues from current Experience SA1 Feedback to JRA1 A. Pacheco PIC Barcelona.

INFSO-RI Enabling Grids for E-sciencE Software Process Author: Laurence Field (CERN) Presented by David Smith JRA1 All Hands meeting,

OSG PKI Transition Impact on CMS. Impact on End User After March , DOEGrids CA will stop issuing or renewing certificates. If a user is entitled.

VO Management Tanya Levshina Computing Division, Fermilab.

VOX Project Status Report Tanya Levshina. 03/10/2004 VOX Project Status Report2 Presentation overview Introduction Stakeholders, team and collaborators.

CERN IT Department CH-1211 Genève 23 Switzerland t DPM status and plans David Smith CERN, IT-DM-SGT Pre-GDB, Grid Storage Services 11 November.

WLCG Operations Coordination Andrea Sciabà IT/SDC GDB 11 th September 2013.

Virtual Organization Management Registration Service (VOMRS) T. Levshina J. Weigand S. White Co-Authors: L. Bauerdick, G. Carcassi, I. Fisk, A. Heavey,

Jean-Philippe Baud, IT-GD, CERN November 2007

David Kelsey CCLRC/RAL, UK

LCG Security Status and Issues

David Kelsey CCLRC/RAL, UK

CREAM Status and Plans Massimo Sgaravatto – INFN Padova

Database Readiness Workshop Intro & Goals

EGEE VO Management.

Patricia Méndez Lorenzo ALICE Offline Week CERN, 13th July 2007

Short update on the latest gLite status

Francesco Giacomini – INFN JRA1 All-Hands Nikhef, February 2008

Leigh Grundhoefer Indiana University

Site availability Dec. 19 th 2006

Presentation transcript:

1Maria Dimou- cern-it-gd LCG November 2007 GDB October 2007 VOM(R)S Workshop report Grid Deployment Board

2Maria Dimou- cern-it-gd LCG November 2007 GDB Main challenges on the agenda  Complete the voms-admin+glite scripts’ certification process.  Install latest vomrs and voms on test host voms111.cern.ch.  Prompt VOs to test this installation with Generic Attributes (GAs) activated.  Check new software environment:  OS SLC4  New oracle-instant-client version  Different oracle connectivity parametres (OCI)  New tomcat5-5.5 version  Dramatically different voms-admin (version 2).  Full agenda: dard&confId= dard&confId=18764

3Maria Dimou- cern-it-gd LCG November 2007 GDB Transition to production  Waiting for 4 new SLC4 hosts with set-up:  lcg-voms.cern.ch (2 hosts, identical configuration, automatic fail-over via LinuxHA). Functions:  User registration via vomrs  Voms-proxy attribution.  Voms.cern.ch (2 hosts, identical configuration, automatic fail-over via LinuxHA). Functions:  Gridmap file preparation.  Voms-proxy attribution.  LinuxHA on SLC4 was never used so far. CERN/IT/FIO is helping us with this port.  NB!!! This function split between voms and lcg-voms is in use since December 18 th 2006!!! Still some VOs and sites are not aware.

4Maria Dimou- cern-it-gd LCG November 2007 GDB Future topics at the workshop  VOMS db Replication  Allowed by policy, implemented in voms core, requested by the VOs, needs testing.  Following successful CNAF-internal tests, CERN-CNAF tests were decided.  VOM(R)S Service registration  The objective is to allow cron jobs to obtain voms-proxies.  Discussed also at the 29/10/07 JSPG. Features:  Trace back the individual who registered the service.  VO Admin entering hundreds of hosts or site admins becoming VO members is inconceivable.  Reached no implementable conclusion.  VOs and other middleware developers have to specify requirements.

5Maria Dimou- cern-it-gd LCG November 2007 GDB VOM(R)S versions  In production today (All on Oracle) :  Vomrs d with GAs implemented but not activated  Voms-admin with GAs implemented but not activated.  voms-server  Certified and going to production end of November 2007:  Vomrs e with GAs activated [Details]Details  Voms-admin with GAs activated.  voms-server slc4

6Maria Dimou- cern-it-gd LCG November 2007 GDB Pre-requisites for production  Still suffering from periodic memory problems on the CERN VOMS servers. On developers’ request we completely removed voms-admin from lcg-voms.cern.ch, leaving only vomrs. This requires an exceptional startup procedure, not available in the gLite scripts.  Due to our complex installation (4 hosts) the gLite ‘site’ configuration scripts are needed, which are currently broken and being re-written by the certifier.

7Maria Dimou- cern-it-gd LCG November 2007 GDB (More) pre-requisites  Vomrs code change to handle problems with voms-admin synchronisation due to VO members with certificates from expired CAs.  LinuxHA testing is not yet finished.  The new servers we requested last May will come after Christmas  we have to “improvise” with temporary hardware.  We can’t go back due to a change in the database schema.

8Maria Dimou- cern-it-gd LCG November 2007 GDB The Others  The Sites  Delays in updating VO configuration data at the sites are a big problem. The “VO Configurator” is now available from the CIC portal but:  How much complexity do we put in it?  How do we convince the sites to use it?  Voms no more requires the entire hostcert.pem to be installed at all sites. This will require a configuration change from their side.  Voms-admin no more accepts ‘ Address’ and ‘USERID’ in a DN. Sites have to upgrade to openssl

9Maria Dimou- cern-it-gd LCG November 2007 GDB Operational dangers  Between Christmas 2007 and March 2008 we are losing:  The CERN VOM(R)S service manager and supporter.  The only (worldwide) vomrs tester and supporter.  The only voms code certifier.  There is no such thing as a ‘frozen’, ‘stable’, ‘off the shelf’ service for voms/vomrs due to:  Bug fixes  New requirements

10Maria Dimou- cern-it-gd LCG November 2007 GDB Consequences  User support via mailing lists and GGUS tickets takes 5% of the supporters’ time but not less than that. It can’t be abandoned and it can’t be given to people who don’t know the service set-up.  Current installation according to CERN/IT/FIO quattor practices with individual rpms in CDB requires in depth knowledge of the certification status of every component. It can’t be given to a sys. Admin who doesn’t know about voms.

11Maria Dimou- cern-it-gd LCG November 2007 GDB Increasing complexity  voms-admin-2 is dramatically different from voms-admin We anticipate a lot of support effort required at the beginning.  voms-admin-2.5 is the next stop gap, implementing JSPG requirements for periodic user expiration in the VO etc. Who will do the big certification and vomrs testing job required for that?  JRA1 has not yet decided whether voms-admin-2 and 2.5 will be, both, supported.  Vom(r)s Oracle port is only used at CERN. All developers are reluctant to envisage any testing anywhere else but CERN.

12Maria Dimou- cern-it-gd LCG November 2007 GDB Moreover  FNAL is willing to maintain vomrs but will never test ORGDB (CERN HR db) integration (LHC VO exclusivity).  For GA usage, the UI must be equipped with voms-admin client and paraphernalia.

13Maria Dimou- cern-it-gd LCG November 2007 GDB In summary and conclusion voms and vomrs are still very visible and critical services. Therefore they can’t be stripped from resources for  development,  deployment and  support. Thank You!