WLCG Deployment with Data Capabilities

Note

WIP document!

Prerequisites

First follow the installation and configuration guide: ARC 6 installation guide.

Install necessary packages

CA certifcates

Install necessary CA certificates needed for WLCG (you have already installed the igtf-ca classic from the prerequisite step)

[root ~]# arcctl deploy igtf-ca mics slcs

Install and set up fetch-crl

To keep your CA’s revocation lists up-to-date you need to install and set up fetch-crl tool. Required for a WLCG site.

Install the package:

[root ~]# yum install fetch-crl

Enable and start fetch-crl:

[root ~]# systemctl enable fetch-crl-boot
[root ~]# systemctl enable fetch-crl-cron --now
[root ~]# systemctl start fetch-crl-boot
[root ~]# systemctl start fetch-crl-cron

For older pre-systemd distributions (e.g. RHEL 6) use:

[root ~]# chkconfig fetch-crl-boot on
[root ~]# chkconfig fetch-crl-cron on
[root ~]# service fetch-crl-cron start

If you want to edit the times that fetc-crl-cron runs, have a look in the CRON configuration file: /etc/cron.d/fetch-crl The default settings should be good to get you going. For more advanced options, please see fetch-crl man pages.

Prepare for voms service signature authentication

If your arc.conf contains authgroups using voms like

[authgroup:atlas-jobs]
voms = atlas * * * *

Then you must install the corresponding voms directory in the following way:

arcctl deploy voms-lsc -e atlas

arcctl will search in the EGI database for the VO in question, and install the necessary files in the vomsdir, where the default is /etc/grid-security/vomsdir, and the vo folder will be /etc/grid-security/vomsdir/atlas in this example.

Configure ARC datastaging and cache

The datastaging service is enabled by adding the [arex/data-staging] block to arc.conf

A minimal configuration with logfile enabled could look like:

[arex/data-staging]
logfile=/var/log/arc/datastaging.log

See [arex/data-staging] for other options. Especially the preferredpattern and deliveryservice in case you have one or more remote delivery service machine(s) set up.

Example configuration:

[arex/cache]
cachedir=/grid/cache01
cachedir=/grid/cache02

[arex/cache/cleaner]
cachesize=90 80
cachelifetime=50d
calculatesize=filesystem

Runtime environments

[root ~]# arcctl rte enable ENV/PROXY

ATLAS requires a dummy ATLAS-SITE RTE, create one and enable it like this:

[root ~]# arcctl rte enable --dummy APPS/HEP/ATLAS-SITE

Singularity from cvmfs on compute nodes

For singularity to work from cvmfs on the compute nodes (which it must) you need to run the following on all compute nodes

echo "user.max_user_namespaces = 15000" > /etc/sysctl.d/90-max_user_namespaces.conf; sysctl -p /etc/sysctl.d/90-max_user_namespaces.conf

Configure the site to work with ARC Control Tower (aCT)

For the ARC data-staging mode to work, the site needs to receive jobs from aCT instead of receiving pilot jobs directly from the job-provider (e.g. PanDA).