WLCG Deployment with Data Capabilities

All steps below are performed as the root user unless explisitly stated.

Prerequisites

First follow the installation and configuration guide: ARC installation guide.

Install necessary packages

CA certifcates

Install necessary CA certificates needed for WLCG (you may have already installed the igtf-ca classic from the prerequisite step)

arcctl deploy igtf-ca classic

Install and set up fetch-crl

To keep your CA’s revocation lists up-to-date you need to install and set up fetch-crl tool. Required for a WLCG site.

Install the package:

dnf install fetch-crl

Enable and start fetch-crl:

systemctl start fetch-crl

Install xrootd plugin for data fetching

Your jobs may require to access data through the xrootd protocol. If so, install the plugin:

dnf install -y nordugrid-arc-plugins-xrootd

Prepare for voms service signature authentication

If your arc.conf contains authgroups using voms like

[authgroup:atlas-jobs]
voms = atlas * * * *

[authgroup:ops]
voms=ops * * *
voms=dteam * * *

Then you must install the corresponding voms directory. Here we show the installation for rhel9 flavour CE, and for a site running jobs for the ATLAS experiment. Replace atlas with the experiment you serve, for instance cms or lhc-b if needed. In addition, a WLCG site will need the lcg and dteam vomsdirs:

dnf install -y https://linuxsoft.cern.ch/wlcg/el9/x86_64/wlcg-iam-lsc-atlas-2.0.0-1.el9.noarch.rpm
dnf install -y https://linuxsoft.cern.ch/wlcg/el9/x86_64/wlcg-voms-atlas-2.0.0-1.el9.noarch.rpm
dnf install -y https://linuxsoft.cern.ch/wlcg/el9/x86_64/wlcg-iam-lsc-dteam-1.0.0-1.el9.noarch.rpm
dnf install -y https://linuxsoft.cern.ch/wlcg/el9/x86_64/wlcg-iam-lsc-ops-2.0.0-1.el9.noarch.rpm

To inspect what the installation does, you can issue the rpm -ql command on each rpm, which will show you what files were installed in what folders in your /etc/grid-security/vomsdir folder:

rpm -ql https://linuxsoft.cern.ch/wlcg/el9/x86_64/wlcg-iam-lsc-atlas-2.0.0-1.el9.noarch.rpm
/etc/grid-security/vomsdir/atlas/voms-atlas-auth.app.cern.ch.lsc
/etc/grid-security/vomsdir/atlas/voms-atlas-auth.cern.ch.lsc

Up-to-date information about the VOMS services can be found here.

Configure ARC datastaging and cache

The datastaging service is enabled by adding the [arex/data-staging] block to arc.conf

A minimal configuration with a central datastaging logfile enabled could look like:

[arex/data-staging]
logfile=/var/log/arc/datastaging.log

See [arex/data-staging] for other options. Especially the preferredpattern and deliveryservice in case you have one or more remote delivery service machine(s) set up.

You should also enable the cache and cache-cleaner by adding the blocks [arex/cache] and [arex/cache/cleaner]. An example configuration is shown below:

Example configuration:

[arex/cache]
cachedir=/grid/cache01
cachedir=/grid/cache02

[arex/cache/cleaner]
cachesize=90 80
cachelifetime=50d
calculatesize=filesystem

Runtime environments

ENV/PROXY

This runtimeenvironment will ensure the copying of the users proxy file from the ARC-CE to the compute node. In addition to other optional certificate/token related actions, see ENV/PROXY for more details.

[root ~]# arcctl rte enable ENV/PROXY

ATLAS RTE

If you are an ATLAS site, ATLAS requires a dummy ATLAS-SITE RTE. Create one and enable it like this:

[root ~]# arcctl rte enable --dummy APPS/HEP/ATLAS-SITE