Skip to content

Documentation

Jump to bottom Edit New page
sfayer edited this page Mar 3, 2015 · 5 revisions

This is the documentation for the features of the GridPP DIRAC module.

Fetch pilot job code from a Git repo

The GridPPDIRAC pilot modules have the ability to checkout modules from git (if it's available on the WN) for testing purposes. This feature shouldn't be used for production services.

To control this feature you simply add -t <repo_url>[@<branch>] to the Pilot options, which can be specified more than once. If you checkout a module called DIRAC, then this will be used for the main DIRAC code and only the externals will be downloaded over HTTP.

An example configuration might be:
/Systems/WorkloadManagement/Devel/Agents/SiteDirector/ExtraPilotOptions = -u http://homes.hep.ph.ic.ac.uk/~sf105/dirac/installSource -t https://github.com/ic-hep/DIRAC.git -t https://github.com/ic-hep/GridPPDIRAC.git@mybranch

Note that the above example also introduces a -u so that the externals are fetched from a local so that it knows of the existence of the GridPP pilot module (the webserver also has IPv6 support). The ordering of different options isn't important (although the ordering of the -t options does set the order they're checked out in).

Multi-VO UsersAndGroups Agent

This agent replaces the UsersAndGroups one with one capable of populating the registry from multiple different VOMS servers.

The VOMS server addresses should be specified in the registry:

/Registry/VOMS/URLs/<VO>/VOMSAdmin = https://voms.server/.../VOMSAdmin
/Registry/VOMS/URLs/<VO>/VOMSAttributes = https://voms.server/.../VOMSAttributes

VO Role to group mappings must then be specified in the mappings section. Any DIRAC groups referenced here will be fully controlled by the Agent (manually added users will be removed), all other groups will remain untouched. The most specific path is matched, so a catch-all FQAN of "/" should match all of the VO users.

/Registry/VOMS/Mapping/<group> = <FQAN>

For example, the GridPP VO could be automatically kept up-to-date in the DIRAC registry with the following entries:

/Registry/VOMS/URLs/gridpp/VOMSAdmin = https://voms.gridpp.ac.uk:8443/voms/gridpp/services/VOMSAdmin
/Registry/VOMS/URLs/gridpp/VOMSAttributes = https://voms.gridpp.ac.uk:8443/voms/gridpp/services/VOMSAttributes
/Registry/VOMS/Mapping/gridpp_user = /gridpp
/Registry/VOMS/Mapping/gridpp_pilot = /gridpp/Role=pilot

The default run frequency for this agent is 6 hours, but it can be altered via the usual PollingTime config variable if required.

Apache frontend

This isn't actually a direct feature of the GridPPDIRAC module, as it requires no changes to the code. These are the steps needed to run apache instead of lighttpd as the frontend for Apache. You'll need the normal hostcert/hostkey/grid certs in /etc/grid-security all owned by root.

  • Stop the Web_httpd module if it is running (sv stop .../start/Web_httpd)
  • Remove the startup/Web_httpd symlink to disable the old webserver.
  • Install httpd, mod_ssl.
  • If using SELinux, setsebool -P httpd_can_network_connect=1.
  • Copy dirac.conf to /etc/httpd/conf.d (This can be found in the GridPPDIRAC Extras directory).
  • Edit /etc/sysconfig/httpd and export DIRAC_ROOT=
  • Start Apache.
Add a custom footer
Add a custom sidebar
Clone this wiki locally