Grid Testbed
Information about testbed resources is split in 2 parts - EMI resources, and CERN internal resources. From the point of view of CERN user of the testbed, EMI testbed consists services in stable/production version, while CERN internal testbed can also have services being tested and might not be available outside CERN network.
Information about EMI resources is available on EMI pages (see links below), while this page contains information about resources dedicated for CERN testbed users.
Status of the services
Grid Testbed NEWS / WARNINGS
Possible issues:
CERN internal testbed
EMI testbed
Security notes
Accessing testbed or VNode / CVI resources
As a grid users having many permissions you should be very careful and keep your authentication information (passwords, keys, certificates) secure(!).
- To access testbed resources directly (open a shell session on a machine), especially from outside CERN, please use the dedicated SSH Gateway (ask TomaszWolak for details, as it should not be information published in the twiki!). (please note that old SSH Gateway was disconnected from internet on February 7th, 2011 !).
- Please do not use
lxplus
machines for accessing grid resources (in particular - avoid typing your password directly there!). It is a general purpose service with a lot of users, what has security implications. Even when you login to lxplus
to work there please use either.
- kerberos credentials (see CERN Courier article for basic info or twiki about ssh at CERN for more details) or
- login first to the SSH Gateway then from there to
lxplus
(which if you have still valid kerberos tokens should not ask you for password!).
Of course - using
lxplus
may be OK in case of accessing only a UI machine, but even in that case users having account on
lxadm
should avoid it and pass through
lxadm
instead.
Firewall configuration
- Ask Tomasz if you need to make a specific firewall configuration (either local, or external).
IPv6
FAQ
Email from CERN network managers with subject "High number of DNS queries: (hostname of your machine)". What should I do?
You are running on the machine something that does far too many DNS queries. This is not normal use of the network services you
cannot do it! No matter how important is what you do - you
have to do something about it and not overload DNS (your machine will be blocked by network managers if you do not react on warning!).:
- if it is your application - you have a bug, correct it!
- if you are just running eg. some test in a loop or something else of what code you cannot control - you have to configure a local DNS caching,
In the second case you can use eg.
dnsmasq
doing following steps:
-
$ cp /etc/resolv.conf /etc/resolv.conf-dnsmasq
- change
/etc/resolv.conf
so it contains only:
search cern.ch
nameserver 127.0.0.1
- edit
/etc/dnsmasq.conf
setting
resolv-file=/etc/resolv.conf-dnsmasq
interface=lo
expand-hosts
domain=cern.ch
-
$/etc/init.d/dnsmasq restart
Then you can try if it really does the job:
- open 2 sessions on your machine
- on the first do:
$ tcpdump -i eth0 -n udp port 53
- on the second do few times eg.:
$ dig www.cern.ch
You should see query to DNS
only after the first execution.
Legacy links
See also
--
TomaszWolak - 27-Oct-2010