<!-- keep this as a security measure: #uncomment if the subject should only be modifiable by the listed groups # * Set ALLOWTOPICCHANGE = Main.TWikiAdminGroup,Main.CMSAdminGroup # * Set ALLOWTOPICRENAME = Main.TWikiAdminGroup,Main.CMSAdminGroup #uncomment this if you want the page only be viewable by the listed groups # * Set ALLOWTOPICVIEW = Main.TWikiAdminGroup,Main.CMSAdminGroup,Main.CMSAdminReaderGroup --> ---+ !!How to access, set up, and test your account %TOC% ---++ Compulsory Initial Setups All the documentation is maintained in the T3 twiki pages: https://wiki.chipp.ch/twiki/bin/view/CmsTier3/WebHome . Information about the two T3 mailing-lists: * Subscribe to the =cms-tier3-users@lists.psi.ch= mailing list using [[https://psilists.ethz.ch/sympa/info/cms-tier3-users][its web interface]] ([[https://psilists.ethz.ch/sympa/arc/cms-tier3-users][list archives]]). This mailing list is used to communicate information on Tier-3 matters like downtimes, news, upgrades, etc. and for discussions among users and admins. * To contact the CMS Tier-3 administrators write to =cms-tier3@lists.psi.ch= instead ; no subscription is needed for this mailing list. * Both lists are read by the administrators and are archived. Mails addressed to the =cms-tier3-users@lists.psi.ch= are read by *everyone* so they could get answered better and sooner, especially if you ask about specific CMS software ( CRAB3, CMSSW, Xrootd, ... ) ---+++ T3 policies Read and respect the Tier3Policies ---+++ Linux groups Each T3 user belongs to both a primary group and a common secondary group %GREEN%cms%ENDCOLOR%, the former is meant to classify common files like the ones downloaded by the [[https://cmsweb.cern.ch/phedex/][PhEDEx]] file transfer service. T3 primary groups are : | *ETHZ* | *UniZ* | *PSI* | | =ethz-ecal= | =uniz-higgs= | =psi-bphys= | | =ethz-bphys= | =uniz-pixel= | =psi-pixel= | | =ethz-ewk= | =uniz-bphys= | | | =ethz-higgs= | | | | =ethz-susy= | | | For instance this is the %BLUE%primary%ENDCOLOR% and the %GREEN%secondary%ENDCOLOR% group of a generic T3 account : <pre> $ id auser uid=571(auser) gid=532(%BLUE%ethz-higgs%ENDCOLOR%) groups=532(%BLUE%ethz-higgs%ENDCOLOR%),500(%GREEN%cms%ENDCOLOR%) </pre> <!-- The following output is a fragment of the private user dirs =/pnfs/psi.ch/cms/trivcat/store/user/= : <pre> $ ls -l /pnfs/psi.ch/cms/trivcat/store/user | grep -v cms total 56 drwxr-xr-x 2 alschmid %ORANGE%uniz-bphys%ENDCOLOR% 512 Feb 21 2013 alschmid drwxr-xr-x 5 amarini %RED%ethz-ewk%ENDCOLOR% 512 Nov 7 15:37 amarini drwxr-xr-x 2 arizzi %BROWN%ethz-bphys%ENDCOLOR% 512 Sep 16 17:49 arizzi drwxr-xr-x 5 bean %TEAL%psi-bphys%ENDCOLOR% 512 Aug 24 2010 bean drwxr-xr-x 5 bianchi %BLUE%ethz-higgs%ENDCOLOR% 512 Sep 9 09:40 bianchi drwxr-xr-x 98 buchmann %PURPLE%ethz-susy%ENDCOLOR% 512 Nov 5 20:36 buchmann ... </pre> --> The T3 groups areas: =/pnfs/psi.ch/cms/trivcat/store/t3groups= ---+++ First Steps on T3 User Interfaces (UI) Three identical User Interface servers ( UIs ) are available for programs development and T3 batch system job submission: %INCLUDE{"Tier3Policies" section="UisPerGroup"}% 1. Login into your =t3ui0*= server by =ssh= ; use =-Y= or =-X= flag for working with X applications: =ssh -Y !username@t3ui02.psi.ch= 1. *If you are an external PSI user ( ETHZ, !UniZ, ... ) modify the initial password ASAP from your UI* with =passwd= command. 1. Copy your grid credentials to =~/.globus/userkey.pem= and =~/.globus/usercert.pem= and make sure that their permissions are properly set like : <pre> chmod 400 userkey.pem chmod 400 usercert.pem </pre> For details about how to extract those =.pem= files from your CERN User Grid-Certificate ( usually a password protected .p12 file ) please follow [[https://twiki.cern.ch/twiki/bin/view/CMSPublic/PersonalCertificate]]. 1. grid environment scripts are automatically loaded when you login to UI/WN nodes. You might add personal chages/setup into your =~/.bash_profile= file. 1. You must be registered to CMS "Virtual Organization" [[https://twiki.cern.ch/twiki/bin/view/CMSPublic/SWGuideLcgAccess#How_to_register_in_the_CMS_VO][CERN details about that]]. 1. Create a proxy certificate (that lasts 24 hours) for CMS by: <pre> voms-proxy-init -voms cms</pre> and =voms-proxy-init --voms cms --valid 168:00= for 168 hours. If the command =voms-proxy-init -voms cms= fails then run the command with =-debug= flag to troubleshoot the problem.</br> 1. do some basic setup of CMSSW:<pre> export VO_CMS_SW_DIR=/cvmfs/cms.cern.ch/ source ${VO_CMS_SW_DIR}/cmsset_default.sh </pre> 1. Test your basic access to the PSI Storage element using our =test-dCacheProtocols= command<pre> $ test-dCacheProtocols Test directory: /tmp/dcachetest-20190215-1649-89361 TEST: GFTP-write ...... [OK] TEST: GFTP-ls ...... [OK] TEST: GFTP-read ...... [OK] TEST: DCAP-read ...... [OK] TEST: SRMv2-write ...... [OK] TEST: SRMv2-ls ...... [OK] TEST: SRMv2-read ...... [OK] TEST: SRMv2-rm ...... [OK] TEST: XROOTD-LAN-write ...... [OK] TEST: XROOTD-LAN-ls ...... [OK] TEST: XROOTD-LAN-read ...... [OK] TEST: XROOTD-LAN-rm ...... [OK] TEST: XROOTD-WAN-write ...... [OK] TEST: XROOTD-WAN-read ...... [OK] TEST: XROOTD-WAN-rm ...... [OK] </pre> * NOTE 1: sometimes the XROOTD-WAN-* tests might get stuck due to exessive I/O traffic over the WAN. Try again. * NOTE 2: You can use the =-v= (verbose) flag to see the commands that the script executes. 1. Test write access to your user area on the storage element. The user area is located underneath =/pnfs/psi.ch/cms/trivcat/store/user= and has your login name as directory name, so <pre> $ test-dCacheProtocols -l /pnfs/psi.ch/cms/trivcat/store/user/$(id -nu) Test directory: /tmp/dcachetest-20190215-1654-89843 TEST: GFTP-write ...... [OK] TEST: GFTP-ls ...... [OK] TEST: GFTP-read ...... [OK] TEST: DCAP-read ...... [OK] TEST: SRMv2-write ...... [OK] TEST: SRMv2-ls ...... [OK] TEST: SRMv2-read ...... [OK] TEST: SRMv2-rm ...... [OK] TEST: XROOTD-LAN-write ...... [OK] TEST: XROOTD-LAN-ls ...... [OK] TEST: XROOTD-LAN-read ...... [OK] TEST: XROOTD-LAN-rm ...... [OK] TEST: XROOTD-WAN-write ...... [OK] TEST: XROOTD-WAN-read ...... [OK] TEST: XROOTD-WAN-rm ...... [OK] </pre> 1. The =test-dCacheProtocols= tool can be also addressed vs a *remote* storage element (use the =-h= flag to get more info about it). Since we are executing the test not locally at CSCS we need to ignore all the tests that only work for local LAN ( -i "%ORANGE%DCAP-read XROOTD-LAN-write XROOTD-WAN-write%ENDCOLOR%" ) ; e.g. to check the CSCS storage element =storage01.lcg.cscs.ch= : <pre> $ test-dCacheProtocols -s storage01.lcg.cscs.ch -x storage01.lcg.cscs.ch -l /pnfs/lcg.cscs.ch/cms/trivcat/store/user/martinel -i "%ORANGE%DCAP-read XROOTD-LAN-write XROOTD-WAN-write%ENDCOLOR%" Test directory: /tmp/dcachetest-20150529-1545-16302 TEST: GFTP-write ...... [%GREEN%OK%ENDCOLOR%] TEST: GFTP-ls ...... [%GREEN%OK%ENDCOLOR%] TEST: GFTP-read ...... [%GREEN%OK%ENDCOLOR%] TEST: %ORANGE%DCAP-read%ENDCOLOR% ...... [%ORANGE%IGNORE%ENDCOLOR%] TEST: SRMv2-write ...... [%GREEN%OK%ENDCOLOR%] TEST: SRMv2-ls ...... [%GREEN%OK%ENDCOLOR%] TEST: SRMv2-read ...... [%GREEN%OK%ENDCOLOR%] TEST: SRMv2-rm ...... [%GREEN%OK%ENDCOLOR%] TEST: %ORANGE%XROOTD-LAN-write%ENDCOLOR% ...... [%ORANGE%IGNORE%ENDCOLOR%] TEST: XROOTD-LAN-ls ...... [SKIPPED] (dependencies did not run: XROOTD-LAN-write) TEST: XROOTD-LAN-read ...... [SKIPPED] (dependencies did not run: XROOTD-LAN-write) TEST: XROOTD-LAN-rm ...... [SKIPPED] (dependencies did not run: XROOTD-LAN-write) TEST: %ORANGE%XROOTD-WAN-write%ENDCOLOR% ...... [%ORANGE%IGNORE%ENDCOLOR%] TEST: XROOTD-WAN-ls ...... [SKIPPED] (dependencies did not run: XROOTD-WAN-write) TEST: XROOTD-WAN-read ...... [SKIPPED] (dependencies did not run: XROOTD-WAN-write) TEST: XROOTD-WAN-rm ...... [SKIPPED] (dependencies did not run: XROOTD-WAN-write) </pre> ---+++ Backup policies Your =/t3home= and =/work= files are backuped daily. </br> Recovering a file details are here HowToRetrieveBackupFiles. </br> There are NO backups of =/tmp /scratch /pnfs= , so pay attention there! ---++ Optional Initial Setups ---+++ local Anaconda/Conda installation One might do following steps to add anaconda: * Only once: <pre> cd /work/${USER}/ wget https://repo.continuum.io/miniconda/Miniconda3-latest-Linux-x86_64.sh sh Miniconda3-latest-Linux-x86_64.sh -b -p ./miniconda3 rm Miniconda3-latest-Linux-x86_64.sh </pre> * Every time when using this conda environment: =export PATH=${PWD}/miniconda3/bin:${PATH}= or =export PATH=/work/${USER}/miniconda3/bin:${PATH}= ---+++ Installing the CERN CA files into your Web Browser Install in your Web Browser any [[https://cafiles.cern.ch/cafiles/][CERN CA file]], conversely your Web Browser might constantly bother you about all the CERN =https://= URLs ; typically the Web Browsers feature many well known [[https://en.wikipedia.org/wiki/Certificate_authority][CA files]] by default but not the CERN CA files. ---+++ Applying for the VOMS Group =/cms/chcms= membership It's available a dedicated 'Swiss' VOMS Group called =/cms/chcms= in order to get more rights over the CMS HW resources installed at T2_CH_CSCS, Lugano ; namely : * higher priority on the T2_CH_CSCS batch queues * additional Jobs slots on the T2_CH_CSCS batch queues * additional =/pnfs= space inside the T2_CH_CSCS grid storage * during 2017, a group area like the T3 groups areas =/pnfs/psi.ch/cms/trivcat/store/t3groups/= When a user belongs to the =/cms/chcms= group, and he runs =voms-proxy-init --voms cms=, the =voms-proxy-info --all= will report the new %BLUE%/cms/chcms/Role=NULL/Capability=NULL%ENDCOLOR% attribute, like : <pre> $ voms-proxy-info --all | grep /cms attribute : /cms/Role=NULL/Capability=NULL attribute : %BLUE%/cms/chcms/Role=NULL/Capability=NULL%ENDCOLOR% </pre> To apply for the =/cms/chcms= membership load your X509 into your daily Web Browser ( probably your X509 is already there ), then click on https://voms2.cern.ch:8443/voms/cms/group/edit.action?groupId=5 and request the =/cms/chcms= membership ; be aware that the port =:8443= might be blocked by your Institute Firewall, if that's the case contact your Firewall team or simply try from another network ( like your net at home )
This topic: CmsTier3
>
WebHome
>
HowToSetupYourAccount
Topic revision: r68 - 2020-05-22 - NinaLoktionova
Copyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki?
Send feedback