glexec with setuid mode at WLCG sites Maarten was asked to follow this up Once an initial plan is available the MB will set a date for recommending MUPJs to run with glexec in setuid ID: 919561
Download Presentation The PPT/PDF document "Summary from last MB “The MB agreed th..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
![CONSUMPTION PLAN [client]](https://thumbs.docslides.com/642928/consumption-plan-client.jpg)
Slide1
Summary from last MB
“The MB agreed that a detailed deployment plan and a realistic time scale are required for deploying glexec with setuid mode at WLCG sites. Maarten was asked to follow this up. Once an initial plan is available the MB will set a date for recommending MUPJs to run with glexec in setuid mode.”Agreed:Agree milestone for Tier0/1 deployment of glexec deployed:With appropriate back-end (SCAS, ARGUS, GUMS)Publish capabilityPass Nagios testsRecommend that sites deploy glexec in setuid mode, but allow sites to choose logging-onlyExtend suspension of the policy on MUPJ until end of 2010
Ian.Bird@cern.ch
1
Slide2CERN
as reported already, glexec is available at CERN in production (setuid)mode, with an SCAS backend. During the GDB meeting, Maarten said thatthis fact is correctly reported by the Nagios tests. As far as I can
see, for CERN the work is done.
ASGC
ASGC is going to deploy glexec/argus as a preproduction for testing and evaluation first. The milestone to bring it into production by end of May is fine for us.FNAL1. We believe gLexec is configured appropriately now at the USCMS Tier 1 at Fermilab. It has been tested with MUPJ from UCSD up to 8000 simultaneous jobs. During these tests glexec worked fine for us, but we did experience some scaling limitations with our FNAL site security infrastructure (SAZ) that we need to address. The backend to this is GUMS and it works fine.2. We will publish this capability in the glue schema as prescribed by the GDB on April 5.3. We will write a monitoring script to ensure it is properly published and this will also be deployed by April 5. This is a local monitoring test.4. We will watch for any announcements about a WLCG SAM monitoring test for this and deploy it as needed.BNLAt the US ATLAS Tier-1 center we are prepared to deploy glexec as soon as we get a VDT based distribution from OSG. The latter has been pushed to a high level on OSG’s priority list and we expect to get an initial version in the next few weeks. However, looking at the complexity level and being conservative in view of data taking to start soon I don’t think a deadline of end of May is realistic. I would suggest moving it to end of JulyNL-T1 IN2P3 sorry for this delayed answer. There is still some uncertainties regarding our ability to have the backend fully tested by the end of May, but we certainly plan to work on the deployment of glexec and friends in the following weeks. So, the proposed timescale is realistic for us and we will work towards reaching that milestone
Ian.Bird@cern.ch
2
FZK
glexec
/ SCAS is installed and tested at KIT/
GridKa
. However,
scalability tests of our SCAS setup have not been performed so far
.
We will check if the
capabilty
is published correctly and wait for the
availability of a SAM test.
PIC
Work for deploying and testing
glexec
/SCAS has already started at PIC.
We confirm that the proposal milestone date for end May 2010 is
realistic for us.
NDGF
CNAF
At CNAF we have installed and configured the Argus 1.1 server; the Tier-1 production farm is configured, using the
WNoDeS
virtualization service, so that for test purposes one of the supported VOs (CMS) can dynamically run jobs on
glExec
-enabled WNs, when executing jobs with a particular VOMS role. We plan to configure
glExec
on the entire farm after Easter. Hence, the proposed timescale of end of May 2010 fits our plans.
Triumf
For TRIUMF we are happy with the "end of May" milestone. We will follow
a staged plan as usually to deploy
glexec
:
1) evaluation / choice of authorization module (GMUS/SCAS/ARGUS). Since
we use
dCache
we would like to use the same authorization service
.
2) deployment on pre-production system and testing + info publishing +
nagios
/SAM
monitoring
.
3) deployment/standby for production, until ATLAS is ready to use it.
RAL
glexec
and SCAS are installed at RAL but the CEs need configuring to map the pilot roles onto accounts that are permitted to use
glexec
. This will start after Easter and we anticipate all CEs being updated by the end of April. The capability will be published once this is done. So RAL is content with a milestone date of the end of May.
Slide3Summary of timescales
CERNEnd MayASGCEnd MayBNLEnd JulyCNAFEnd MayFNALNot explicit, but End MayFZKEnd May?
IN2P3End May
NDGF
No replyNL-T1No replyPICEnd MayRALEnd MayTriumfEnd MayIan.Bird@cern.ch3