WLCG Deployment with Data Capabilities
Note
WIP document!
Prerequisites
First follow the installation and configuration guide: ARC 6 installation guide.
Install necessary packages
CA certifcates
Install necessary CA certificates needed for WLCG (you have already installed the igtf-ca classic from the prerequisite step)
[root ~]# arcctl deploy igtf-ca mics slcs
Install and set up fetch-crl
To keep your CA’s revocation lists up-to-date you need to install and set up fetch-crl
tool. Required for a WLCG site.
Install the package:
[root ~]# yum install fetch-crl
Enable and start fetch-crl
:
[root ~]# systemctl enable fetch-crl-boot
[root ~]# systemctl enable fetch-crl-cron --now
[root ~]# systemctl start fetch-crl-boot
[root ~]# systemctl start fetch-crl-cron
For older pre-systemd distributions (e.g. RHEL 6) use:
[root ~]# chkconfig fetch-crl-boot on
[root ~]# chkconfig fetch-crl-cron on
[root ~]# service fetch-crl-cron start
If you want to edit the times that fetc-crl-cron
runs, have a look in the CRON configuration file: /etc/cron.d/fetch-crl
The default settings should be good to get you going. For more advanced options, please see fetch-crl
man pages.
Prepare for voms service signature authentication
If your arc.conf contains authgroups using voms like
[authgroup:atlas-jobs]
voms = atlas * * * *
Then you must install the corresponding voms directory in the following way:
arcctl deploy voms-lsc -e atlas
arcctl will search in the EGI database for the VO in question, and install the necessary files in the vomsdir, where the default is /etc/grid-security/vomsdir, and the vo folder will be /etc/grid-security/vomsdir/atlas in this example.
Configure ARC datastaging and cache
The datastaging service is enabled by adding the [arex/data-staging] block to arc.conf
A minimal configuration with logfile enabled could look like:
[arex/data-staging]
logfile=/var/log/arc/datastaging.log
See [arex/data-staging] for other options. Especially the preferredpattern
and deliveryservice
in case you have one or more remote delivery service machine(s) set up.
Example configuration:
[arex/cache]
cachedir=/grid/cache01
cachedir=/grid/cache02
[arex/cache/cleaner]
cachesize=90 80
cachelifetime=50d
calculatesize=filesystem
Runtime environments
[root ~]# arcctl rte enable ENV/PROXY
ATLAS requires a dummy ATLAS-SITE RTE, create one and enable it like this:
[root ~]# arcctl rte enable --dummy APPS/HEP/ATLAS-SITE
Singularity from cvmfs on compute nodes
For singularity to work from cvmfs on the compute nodes (which it must) you need to run the following on all compute nodes
echo "user.max_user_namespaces = 15000" > /etc/sysctl.d/90-max_user_namespaces.conf; sysctl -p /etc/sysctl.d/90-max_user_namespaces.conf
Configure the site to work with ARC Control Tower (aCT)
For the ARC data-staging mode to work, the site needs to receive jobs from aCT instead of receiving pilot jobs directly from the job-provider (e.g. PanDA).