TWiki> LCG Web>WebPreferences>WLCGCVMFSGridArea (2016-03-04, AndreaManzi) EditAttachPDF

The WLCG CVM-FS Grid Repository

The WLCG repository for the grid client middleware is hosted on the CVM-FS path /cvmfs/grid.cern.ch/Grid. It's maintained as a mirror of the WLCG Grid Application Area thus maintaining its tree structure

As soon as new version of client middleware are pushed to AFS they can be published on CVMF-FS ( manual procedure now that could be automate)

The WLCG CVM-FS Grid Repository Management

Members of the egroup lxcvmfs-grid@cernNOSPAMPLEASE.ch are allowed to make modification and publish on the CMV-FS Grid Repository. Further information can be found on the CVM-FS site

http://cernvm.cern.ch/portal/filesystem/maintain-repositories

and on the wiki maintained by PES https://twiki.cern.ch/twiki/bin/view/CvmFS/Installers ( obsolete)

Login

You must be a member of the e-group LxCvmfs-grid. Once you have joined the e-group it is best to wait until 08:00 local time for a cron to run.

Login ssh @cvmfs-grid.cern.ch

If you would like to take ownership of the e-group to allow you to manage its members this is fine. The full list of such e-groups can be obtained by querying in https://e-groups.cern.ch/e-groups/EgroupsSearch.do

Changing identity to the Software Owner

The CVMFS shadow tree in /cvmfs/grid.cern.ch/ is owned by a user called cvgrid.

To check know one else is this user and become the user 

$ pgrep -fl -u cvgrid
$ sudo -i -u cvgrid

To start a transaction:

cvmfs_server transaction grid.cern.ch

To publish a transaction

cvmfs_server publish grid.cern.ch

The CA and CRLs Management

This is a quite tricky part and delicate cause it could provoke issues on the whole WLCG infra

The /cvmfs/grid.cern.ch is used also to ship CAs and CLRs to sites.

At the moment there is a cron job installed on cvmfs-grid.cern.ch which does cp in certs and crls from /etc/grid-security/certificates and it's available at:

https://gitlab.cern.ch/wlcg-mw-readiness/scripts

If it fails then Lxvmfs-Grid is first point of contact if the lower level fails

/etc/grid-security/certificates on cvmfs-grid.cern.ch is populated same way as all other puppet managed machines, i.e include 'fetch-crl'

-- AndreaManzi - 03 Jun 2014

Edit | Attach | Watch | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r7 - 2016-03-04 - AndreaManzi
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    LCG All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright &© 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback