-
Notifications
You must be signed in to change notification settings - Fork 3
Dune Physicsgroups disk how to create a new physics group
The use of the physicsgroups area is described here, as are all the existing groups and their conveners.
It is now possible for users to request that they be added to these roles via the "Update My Affiliation Role" form. https://fermi.servicenowservices.com/nav_to.do?uri=%2Fcom.glideapp.servicecatalog_cat_item_view.do%3Fv%3D1%26sysparm_id%3D423d4bb41b4e2550746aa82fe54bcb8b%26sysparm_link_parent%3Da5a8218af15014008638c2db58a72314%26sysparm_catalog%3De0d08b13c3330100c8b837659bba8fb4%26sysparm_catalog_view%3Dcatalog_default%26sysparm_view%3Dcatalog_default
DUNE has 11 physicsgroups represented in the /pnfs/dune/persistent/physicsgroups area.
This document shows what it takes to make one of those groups initially. Note that the curl commands in this document are
using x.509 access to Ferry which no longer works, I recommend the ferry-cli utility written by Shreyas.
There are six key points: 1) Making a new group id, 2) associating that group id with the DUNE unit 3) creating a new FQAN. 4) associating that FQAN with the DUNE unit 5) making a new capability set 6) associating the capability set with the FQAN.
For this you have to make a service desk ticket using the UID/GID Service from the Service Catalog https://fermi.servicenowservices.com/nav_to.do?uri=%2Fcom.glideapp.servicecatalog_cat_item_view.do%3Fv%3D1%26sysparm_id%3D97be09036f276d005232ce026e3ee435%26sysparm_link_parent%3Da5a8218af15014008638c2db58a72314%26sysparm_catalog%3De0d08b13c3330100c8b837659bba8fb4%26sysparm_catalog_view%3Dcatalog_default%26sysparm_view%3Dcatalog_default
Also request a UID to match.. i.e. for dunebeam you should request both dunebeam user and dunebeam group. Once the service desk gets back to you with the UID and GID then it is OK to start the FERRY process
curl -sk --cert /tmp/x509up_u2904 --key /tmp/x509up_u2904 --capath /etc/grid-security/certificates --get --data-urlencode "groupname=dunebeam" --data-urlencode "grouptype=UnixGroup" --data-urlencode "gid=8126" https://ferry.fnal.gov:8445/createGroup
ferry-cli -e createGroup --groupname=dunebeam --grouptype=UnixGroup --gid=8126
Note if you do the above more than a day after the group is created it will fail because the group will be auto-imported into FERRY already.
curl -sk --cert /tmp/x509up_u2904 --key /tmp/x509up_u2904 --capath /etc/grid-security/certificates --get --data-urlencode "groupname=dunebeam" --data-urlencode "grouptype=UnixGroup" --data-urlencode "unitname=dune" https://ferry.fnal.gov:8445/addGroupToUnit
ferry-cli -e addGroupToUnit --groupname=dunebeam --grouptype=UnixGroup --unitname=dune
curl -sk --cert /tmp/x509up_u2904 --key /tmp/x509up_u2904 --capath /etc/grid-security/certificates --get --data-urlencode "username=dunebeam" --data-urlencode "groupname=dunebeam" --data-urlencode "grouptype=UnixGroup" https://ferry.fnal.gov:8445/addUserToGroup
ferry-cli -e addUserToGroup --username=dunebeam --groupname=dunebeam --grouptype=UnixGroup
curl -sk --cert /tmp/x509up_u2904 --key /tmp/x509up_u2904 --capath /etc/grid-security/certificates --get --data-urlencode "fqan=/dune/Role=Beam/Capability=NULL" --data-urlencode "unitname=dune" --data-urlencode "groupname=dunebeam" https://ferry.fnal.gov:8445/createFQAN
ferry-cli -e createFQAN --fqan="/dune/Role=Beam/Capability=NULL" --unitname=dune --groupname=dunebeam
curl -sk --cert /tmp/x509up_u2904 --key /tmp/x509up_u2904 --capath /etc/grid-security/certificates --get --data-urlencode "setname=dunebeam" --data-urlencode "pattern=compute.cancel,compute.create,compute.modify,compute.read,storage.create:/persistent/physicsgroups/dunebeam,storage.create:/scratch/users/${uid},storage.read:/,storage.create:/persistent/jobsub/jobs,storage.create:/resilient/jobsub_stage" https://ferry.fnal.gov:8445/createCapabilitySet
ferry-cli -e createCapabilitySet --setname=dunebeam --pattern="compute.cancel,compute.create,compute.modify,compute.read,storage.create:/persistent/physicsgroups/dunebeam,storage.create:/scratch/users/\${uid},storage.read:/,storage.create:/persistent/jobsub/jobs,storage.create:/resilient/jobsub_stage"
curl -sk --cert /tmp/x509up_u2904 --key /tmp/x509up_u2904 --capath /etc/grid-security/certificates --get --data-urlencode "setname=dunebeam" --data-urlencode "unitname=dune" --data-urlencode "role=beam" https://ferry.fnal.gov:8445/addCapabilitySetToFQAN
ferry-cli -e addCapabilitySetToFQAN --setname=dunebeam --unitname=dune --role=beam