Firewall requirements
Regular Maintenance work
Dataset cleaning
This task must be done regularly (once every 2 months, for example), both for CSCS and PSI.
Getting the datasets list
Connect to t3cmsvobox as root and:
su - phedex
cd svn-sandbox/phedex/DB-query-tools/
./ListSiteDataInfo.pl -w -t --db ~/config/DBParam.PSI:Prod/PSI -s "%CSCS%" | grep "eleted"
./ListSiteDataInfo.pl -w -t --db ~/config/DBParam.PSI:Prod/PSI -s "%CSCS%" | grep -vE "Dutta|Fanfani|Kress|Magini|Wuerthwein|Belforte|Spinoso|Ajit|DataOps|eleted|StoreResults|Argiro|Klute"
./ListSiteDataInfo.pl -w -t --db ~/config/DBParam.PSI:Prod/PSI -s "%PSI%"
The
first PERL command creates a list of datasets that can be safely deleted from CSCS, as they are
just support requests for transfers to PSI (check that the transfer happened safely).
The
second command creates a list avoiding to include central requests, and the ones that can be deleted from CSCS.
The
third command produces a list for PSI.
Datasets which are proposed for deletion are all the datasets which have an expired retention time.
Publishing the list and notify users
Due date for feedback is usually in a week. Lists must be published in [https://wiki.chipp.ch/twiki/bin/view/CmsTier3/DataSetCleaningQuery] (previous lists must be deleted).
To get the information on the total size proposed for deletion, you can create a temporary text file with pasted list from the twiki and then do:
cat tmp.list | awk 'BEGIN{sum=0}{sum+=$4}END{print sum/1024.}'
This will give the total size in TB.
A email like this must be sent to the
cms-tier3-users@lists.psi.ch mlist:
Subject: Dataset deletion proposal and request for User Data cleaning - Due date: 28 Oct 2011, 9:0
Dear all,
a new cleaning campaign is needed, both at CSCS and PSI. You can find the list and the instructions on how to request to keep the data here:
https://twiki.cscs.ch/twiki/bin/view/CmsTier3/DataSetCleaningQuery
The data contained in the lists amount to 47TB (44TB) for CSCS (PSI).
If you need to store a dataset both at CSCS and at PSI please also reply to this e-mail explaining why.
Please remember to clean up your user folder at CSCS regularly; a usage overview can be found at [1].
Thanks, Daniel
[1] http://ganglia.lcg.cscs.ch/ganglia/cms_sespace.txt
Renew myproxy certificate for PhEDEx transfers (once per month)
The present myproxy servers have problems with host certificates for PSI from SWITCH, because they contain a "(PSI)" substring, and the parentheses are not correctly escaped in the regexp matching of the myproxy code.
Therefore, the renewer DN (-R argument to myproxy-init below) and the
allowed renewers policy on the myproxy server need to be defined with wildcards to enable the matching to succeed.
voms-proxy-init -voms cms
myproxyserver=myproxy.cern.ch
servicecert="/DC=com/DC=quovadisglobal/DC=grid/DC=switch/DC=hosts/C=CH/ST=Aargau/L=Villigen/O=Paul-Scherrer-Institut (PSI)/OU=AIT/CN=t3cmsvobox.psi.ch"
servicecert='*/CN=t3cmsvobox.psi.ch'
myproxy-init -s $myproxyserver -l psi_phedex -x -R "$servicecert" -c 720
scp ~/.x509up_u$(id -u) phedex@t3ui01:gridcert/proxy.cert
# for testing, you can try
myproxy-info -s $myproxyserver -l psi_phedex
As the phedex user do
chmod 600 ~/gridcert/proxy.cert
You should test whether the renewal of the certificate works for the phedex user:
unset X509_USER_PROXY # make sure that the service credentials from ~/.globus are used!
voms-proxy-init # initializes the service proxy cert that is allowed to retrieve the user cert
myproxyserver=myproxy.cern.ch
myproxy-get-delegation -s $myproxyserver -v -l psi_phedex -a /home/phedex/gridcert/proxy.cert -o /tmp/gagatest
export X509_USER_PROXY=/tmp/gagatest
srm-get-metadata srm://t3se01.psi.ch:8443/srm/managerv1?SFN=/pnfs/psi.ch/cms
rm /tmp/gagatest
Storage Consistency Checks
From time to time the transfer team will ask for input for their storage consistency check (so far only for T2); we need to complete the following steps:
sed -e 's#/pnfs/lcg.cscs.ch/cms/trivcat/store/\(mc\|data\|generator\|results\|hidata\|himc\|lumi\|relval\)/#/store/\1/#' \
-e '/<entry name="\/pnfs\/lcg.cscs.ch\/cms\/.*<\/entry>/d' \
-e 's#<dCache:location>.*</dCache:location>##' \
outfile.xml | uniq > storagedump.xml
- compress, store on AFS, and send path to transfer team
- take the file you get back from the transfer team with the LFNs to be deleted
for LFN in $(cat SCC_Nov2012_CSCS_LFNsToBeRemoved.txt); do lcg-del -b -D srmv2 -l srm://storage01.lcg.cscs.ch:8443/srm/managerv2?SFN=/pnfs/lcg.cscs.ch/cms/trivcat/$LFN; done
Emergency Measures
Installation
add the following package to run our custom "accounting"-scripts:
yum install perl-XML-Twig
Services
Refer to the description on the
Tier-2 VOBox.
There is one important difference: While we use FTS channels for the transfers to the Tier-2, we use the SRM backend for transfers to the Tier-3, because we do not have a FTS channel for PSI. This issue is linked to registering PSI as a regular grid site, which until recently was not possible, since we only sport a Grid SE, but no CE.
So, there is no fts.map file in the configuration area for the PhEDEx services.
Backups
--
DerekFeichtinger - 19 Jan 2009