How to create New VO

This document describes how to install and configure the AliEn middleware.The aim is to provide clear instructions to administrators on how to deploy AliEn components their site or to end users on how to deploy AliEn for individual use. In addition troubleshooting advice is given based on the past experiences in deploying AliEn. The document is divided into service or machine type based chapters. Sources and dependencies required for a given service or machine type are listed as well as where to obtain them and how to install and configure them.

 

 

 

Installation Sequence

The recommended order of installation for the AliEn Components is:

 

  • LDAP and MySQL Database server
  • Core Services
  • Site Services
  • Worker Node
  • Client/API

 

Downloads

You can fetch and update AliEn installation using two methods

 

  • alien-installer (simple curses and command line user interface)
  • apkg, autopackage wrapper script that can use text or GUI backends (GTK or QT based)

In both cases, please select appropriate meta package (core, site, client, etc.. ). For production use we recomend alien-installer approach using the flag "-type vobox". Please visit Download topic to learn how to download precompiled AliEn packages or BuildSystem topic to learn how to use AliEn build system to build AliEn from sources.

 

External Dependencies

AliEn download and installation scripts (alien-installer, apkg) will install on your system all required dependencies. Optionally, they can detect and reuse some of the existing software components on your system.

 

Creating a new Virtual Organisation

Note that to follow this procedure, root access to the machine is required. You can run all these services on the same machine, but if you can also split them if you prefer and deploy them on several nodes. If you plan to connect to existing Virtual Organisation you can skip this section.

 

  • Install AliEn as described in Download section by selecting Core component.

 

LDAP Server

 

  • Create the local user who will run all the services (i.e. alienmaster)

 

# adduser alienmaster

 

  • Obtain a X509 certificate. You can use either a host certificate or service certificate. Put the certificate in

/etc/aliend/ldap/certs/hostcert.pem and /etc/aliend/ldap/certs/hostkey.pem

 

  • Then copy the host certificates to the .alien directory and rename them to be usercerts:

 

# cd /etc/aliend/ldap/certs/
# cp hostcert.pem /home/alienmaster/.alien/globus/usercert.pem
# cp hostkey.pem /home/alienmaster/.alien/globus/userkey.pem

 

  • Run CreateOrgLDAP.pl script to bootstrap LDAP for a VO. The script will suggest a password. Feel free to change it, but remember

it until next step.

 

# /opt/alien/bin/alien -x /opt/alien/scripts/CreateOrgLDAP.pl

 

  • Define the environment variable ALIEN_LDAP_DN (with a value like :8389/o=,dc=, i.e.

lxb2027.cern.ch:8389/o=egee,dc=cern,dc=ch) in all of your machines;

 

your VO with that end point at common VO name resolution service. From now on, we will assume that the VO has been registered. Otherwise, remember to setup also the variable ALIEN_LDAP_DN.

 

MySQL Database

To bootstrap database, run this script:

 

[pcepalice45] ~ > su
Password: [password]
# /opt/alien/bin/alien -x /opt/alien/scripts/CreateOrgDB.pl

This script will create the databases for the alien catalogue for a new AliEn Organisation. The script will suggest a password for the database. Feel free to change it. You will have to remember the password. The mysqld for AliEn does not run in the standard mysql port (3306). Therefore, you can have the default daemon of mysql and several alien-mysql daemons running in the same machine

At the moment, most of the databases used in AliEn are based on MySQL. However, the access to the database is done through several layers, thus making it possible to replace them by other database engines. There are also some text databases (like comma separated values, or SQLite). These databases are only used for caching and performance reasons: all the information kept in them is volatile, and if it is lost, it can be regenerated.

The databases defined in a new VO are:

 

  • alien_system:

This database represents the file and metadata catalogue. The file catalogue can be divided in several databases. At the same time, it can also be configured as a single database, thus trading scalability by a simpler way of managing the system. For more information, see the chapter

 

  • processes:

All the jobs that have to be executed in the system are kept here. There is information about the requirements of each job, and also a history of the jobs executed in each site

 

  • transfers:

This database has a similar structure than the one of processes, but oriented to files transfers: it keeps the history of all the transfers that have been scheduled in the system

 

  • InformationService:

This database holds the status of all the distributed services of a VO

 

  • Admin:

Here the system keeps a log file of alarms and errors that have happened, plus some information for the authentication of users and jobs.

 

Core Services

 

Download

Please consult Download section for information how to download AliEn source and binary packages.

 

Create the AliEn services:

The Core Services are are in fact SOAP servers, that will be listening in different ports, and will allow requests from the different sites of the organisation. The services will be created by running the CreateOrgServices.pl script.The script will ask for a lot of information (including the mysql password and ldap password generated in the two previous steps).

This script will configure the startup of the AliEn Services for a new AliEn Organisation

 

bash-2.05# alien -x CreateOrgServices.pl

To stop or start the service, please use:

 

/opt/alien/etc/rc.d/init.d/aliend [start/stop]

(We recommend putting a link from /etc/rc.d/init.d/ to that file)

Now one can check that all the services are still working:

 

# /opt/alien/etc/rc.d/init.d/aliend status
Status of AliEn services:
Doing Status for PHENIX
Service Proxy [ OK ]
Service Authen [ OK ]
Service Server [ OK ]
Service Logger [ OK ]
Service IS [ OK ]
Service Broker [ OK ]
Service TransferManager [ OK ]
Service TransferBroker [ OK ]
Service TransferOptimizer [ OK ]

If any of them have failed, check the log files in /var/log/AliEn/

 

Configure the services to start at boot time

 

cd /etc/rc.d/init.d/
ln -s /opt/glite/etc/alien/rc.d/init.d/aliend
ln -s /opt/glite/etc/alien/rc.d/init.d/alien-ldap
ln -s /opt/glite/etc/alien/rc.d/init.d/alien-mysqld

chkconfig --level 345 aliend on
chkconfig --level 345 alien-ldap on
chkconfig --level 345 alien-mysqld on

 

Configuration

The configuration is done in four steps:

 

  • First, the user has to specify to which VO she is trying to connect. This is done with the environment variable ALIEN_ORGANISATION. If this variable is not defined, AliEn will try to connect to the first VO that was created (ALICE).

 

  • AliEn has to find the address of the configuration service for that VO. There is a repository where the VOs have to register. That repository provides the mapping between the organistaion name and the address of its configuration service. However, if the environment

variable ALIEN_LDAP_DN is defined, AliEn will take it as the address of the configuration. The variables ALIEN_ORGANISATION and ALIEN_LDAP_DN (and any other that will be presented later) can be defined in the files $ALIEN_ROOT/.Environment or in $ALIEN_HOME/Environment. These two files are sourced before connecting to the configuration service.

 

  • AliEn will contact the configuration service, and it will retrieve the standard configuration for that site. This configuration contains the address of the central services and of the closest distributed services.

 

  • Finally, the user can overwrite any of the values returned by the configuration service using the optional files $ALIEN_ROOT/.conf and $ALIEN_HOME/.conf. These XML files give the possibility of modifying the local configuration of the site without having to update the central configuration service. At the moment, the configuration service is based on LDAP. It provides a hierarchical structure where

each VO can define the people allowed to connect and the different sites that belong to the VO.

 

  • Edit the startup configuration file /etc/aliend/startup.conf to include the following lines:

 

#Startup configuration for Alien
ALIEN_ORGANISATIONS=" "

* Create the startup configuration file for the VO in /etc/aliend/

 

# mkdir /etc/aliend//startup.conf

 

* Edit the /etc/aliend//startup.conf file to include the following lines:

 

#Startup configuration for Alien
#user under which services will run
AlienUser=alienmaster
AlienCommand="/opt/alien/bin/alien"
#Services to start
AlienLDAPP="/home/alienmaster/.alien/.startup/.ldap.secret.egtest"

 

  • Now start as root the daemons:

 

# /opt/glite/etc/rc.d/init.d/aliend start

 

If you want to run the core services in a different machine than the database (recommended scenario), using gq (or any other ldap editor), modify the entry ou=Config,o=,dc=cern,dc=ch Set the entries authHost, queueHost, logHost, isHost, brokerHost, transferManagerAddress, transferManagerBroker, transferManagerOptimizer, jobManagerAddress, jobBrokerAddress, jobOptimizerAddress to point to your core services machine.

 

Installing a Site

This section decribes how to join a new site an organisation. The following configuration has to be done ONLY by the responsible of the site. Here, the administrator will describe the different elements of the site (Computing elements and storage elements mainly), and some directories that will be used by AliEn.

 

Prerequisits

 

  • The services have to run under the same username which was used to install it.
  • The place where AliEn is installed has to be accessible from the worker nodes.

 

Pairing the Site and VO

Once AliEn is installed, the site has to be paired with VO.

 * Registering the site

 This is done running the script $ALIEN_ROOT/scripts/CreateOrgSite.pl.


 [pcitgd26] /home/alienmaster > alien -x /opt/alien/scripts/CreateOrgSite.pl
This script will create the ldap configuration for a new AliEn Site

Please, enter the following information:
Organisation name [ALICE]:pcitgd26
LDAP host and DN (leave it empty if you want to look for it in the alien ldap server) []:pcitgd26.cern.ch:8389/o=pcitgd26,dc=cern,dc=ch
Enter root dn for pcitgd26.cern.ch:8389 [cn=Manager,dc=cern,dc=ch]:
Enter admin password for pcitgd26.cern.ch:8389 []:
Connecting to ldap server on pcitgd26.cern.ch:8389...   ok
Site Name [CERN]:TORINO
Site Domain [cern.ch]:infn.to
Name of the city [Geneva]:Torino
Site administrator [Pablo Saiz]:Stefano Bagnasco
Name of the front-end machine where alien is installed [alien.cern.ch]:alien.infn.to
Path in that machine to keep log files [/home/alienmaster/AliEn/log]:
Path in the machine to keep temporary files [/tmp/AliEn/tmp]:

Creating the site with the following information
********************************************

Site name:             TORINO
Site domain:           infn.to
City name:             Torino
Administrator name:    Stefano Bagansco
Front End:             alien.infn.to
Log directory:         /home/alienmaster/AliEn/log
Temprorary directory:  /tmp/AliEn/tmp
********************************************
Proceed with creation [Y]:Y
Connecting to the ldap server pcitgd26.cern.ch:8389...  ok
Adding ou=TORINO,ou=Sites,o=pcitgd26,dc=cern,dc=ch...   ok
Adding ou=Config,ou=TORINO,ou=Sites,o=pcitgd26,dc=cern,dc=ch... ok
Adding ou=Services,ou=TORINO,ou=Sites,o=pcitgd26,dc=cern,dc=ch...       ok
Adding ou=SE,ou=Services,ou=TORINO,ou=Sites,o=pcitgd26,dc=cern,dc=ch... ok
Adding ou=CE,ou=Services,ou=TORINO,ou=Sites,o=pcitgd26,dc=cern,dc=ch... ok
Adding ou=FTD,ou=Services,ou=TORINO,ou=Sites,o=pcitgd26,dc=cern,dc=ch...        ok

******************************************************************
        Installation finished sucessfully.
There is a new site in pcitgd26 called TORINO

If you have any problems, please contact alice-project-alien@cern.ch

 


The most important field is the 'Site domain'. AliEn will use the domain name of the machine where it is running to map to the sites defined in the ldap configuration of that VO. If the domain is not mapped to any site, the authentication will not work. 

 

Sometimes you do not want to use the real domain name. In cases like that, you can use the environment variable ALIEN_DOMAIN, and this variable will be used for the mapping. 

 

If you want to register a site on an existing VO, you have to contact the VO administrator, and send the information to that person. In particular, if you want to register a site in the ALICE VO, please send a mail to alien-cert-request@alien.cern.ch specifying:

 

  • Name of the institute (e.g. CERN)
  • Domain name (cern.ch)
  • Name of the city (Geneva)
  • Name of the administrator (Pablo Saiz)
  • Name of the front-end machine where alien is installed (alien.cern.ch)
  • Path in that machine to keep log files (/home/alienMaster/AliEn/log)
  • Path in the machine to keep temporary files (/tmp/AliEn/tmp)

When we receive this information, we will include it in our LDAP server, and you will find your site in the list of sites.

 

  • Authenticating to Core services

For the production sites, we suggest use of certifactes (use of SSH keys is possible but discouraged). To use SSH keys, you will also need to be able to authenticate to VO server (once) using password. Alternatively, you can ask VO admin to register your certificate subject in the LDAP server and skip key registraton section.

 

  • Key registration

If username choosen to run the services is different from production user id choosen at VO creation time, you will have to create the file $HOME/.alien/Environment, and put a line like the next one:

 

[pcepaip15] /home/alienMaster > echo "export ALIEN_USER=psaiz" >~/.alien/Environment
[pcepaip15] /home/alienMaster>

The command 'alien create-keys', that will prompt for your password, and will generate a pair of public and private ssh keys. Which username and password will be used here depends on the setup of machine that runs Authen service. It will use PAM mechnism to authenticate users against Kerberos, LDAP, local password file, etc... depending on setup decided by VO administrator. NOTE: alien create-keys will work only for users of Alice VO at CERN (requires Authen service to be setup to use AFS to check users credentials and assumes that all VO users do have AFS account).

 

[pcepaip15] /home/alienMaster > alien create-keys

Once this is done, you should be able to connect to the AliEn Catalogue:

 

[pcepaip15] /home/alienMaster > alien
Connecting to database alien_system in aliendb.cern.ch:3307 ...
[aliendb.cern.ch:3307] /alice/cern.ch/user/p/psaiz/ >

 

  • Production user role

Your identity should also be able to become the production user. To check that this works, you should do:

 

[pcepaip15] /home/alienMaster > alien --role aliprod
Connecting to database alien_system in aliendb.cern.ch:3307 ...
[aliendb.cern.ch:3307] /alice/cern.ch/user/a/aliprod/>

Please contact VO administrator to let you assume production user role by modifying Roles in the LDAP server.

 

Site Services

The site services include

 

  • ClusterMonitor
  • CE
  • SE
  • FTD
  • PackMan
  • MonaLisa

All the services can run in the same machine. and they will be listening in different ports.

 

Cluster Monitor

The first service that you need to run is called ClusterMonitor. It is used to route messages from our central server to the different sites. To start it, you have to do 'alien StartMonitor'.

 

[pcepaip15] /home/alienMaster > alien StartMonitor

This service has to be visible from the outside, therefore, the port has to be open for incoming access. Each organisation can define a default port in which the Cluster Monitor is going to listen.

 

Computing Element

A Computing Element (CE) is an interface to a batch system. At the moment, we have interfaces to BQS, CONDOR, DQS, EDG, Globus, LSF, PBS, SGE and LCG. To configure a CE, we need the following information:

 

  • Name of the front-end machine (e.g. alienx.cern.ch)
  • Type of batch system (LSF)
  • Number of simultaneous jobs that can be executed (20)

Optional information:

 

  • Working directory
  • If the command to submit the jobs is not in the path, full path to the command
  • Any special arguments required for the submission of the job (-q alien)

This infomation must be sent to VO administrator who we will insert it in our LDAP Server. To start the CE, type 'alien StartCE'.

 

[pcegee02] ~ > alien StartCE
Starting the "CE"
"CE" started with 0 (pid 6468)
Log file: /tmp/pcegee02/log/CE.log
[pcegee02] ~>

Then, to check that the CE has been set up properly, you can submit a job specifying that it has to be executed in your site:

 

[lxplus051] ~ > alien login
Connecting to database alien_system in aliendb.cern.ch:3307 ...
Dec 2 16:48 info Contacting the local host monitor at lxplus051.cern.ch:8084
Dec 2 16:48 notice (Re)making connection to ClusterMonitor:lxplus051.cern.ch:8084
Dec 2 16:48 notice Starting remotequeue...

[
Requirements = ( other.Type == "Job" );
CE = "Alice::CERN::LXSHARE";
Host = "lxplus051.cern.ch";
Type = "machine"
]
[aliendb.cern.ch:3307] /alice/cern.ch/user/a/aliprod/ > submit << EOF
Enter the input for the job (end with EOF)
Executable="date";
Requirements=other.CE=="Alice::CERN::LXSHARE";
EOF
Thanks!!
Dec 2 16:49 info Submitting job '/bin/date '...
Dec 2 16:49 info Command submitted!!
[aliendb.cern.ch:3307] /alice/cern.ch/user/a/aliprod/ >

The command 'submit' sends a new job to AliEn. Note that in the requirements of the job, we specify where we want it to be executed.

After submitting the job, if you look at the log file of the CE, you should se something like:

 

 

pcegee02] ~ > tail -F /tmp/pcegee02/log/CE.log
Dec 2 16:51:49 info According to the manager, we can run 50 and 200
Dec 2 16:51:50 info There are 0 jobs right now
Dec 2 16:51:50 info Returning 50 slots
Sending info to monalisa
Dec 2 09:51:54 info Starting 1 agent(s) for [ Requirements= ( other.Type == "machine" )
&& ( other.CE=="Alice::CERN::LXSHARE" ) && ( other.TTL > 21600 ) && ( other.LocalDiskSpace > 0 );
user ="alienmaster";
Type="Job" ]

That means that the CE has submitted a JobAgent to a worker node. When the JobAgent starts on the worker node, it will take a job from the taskqueue.

Once you start the CE, it will ask the broker for jobs to execute and submit JobAgents to the batch system.

 

Storage Element

A Storage Element (SE) is an interface to a Mass Storage System (MSS). At the moment, we support Castor, DMF, EDF, File, HPSS, HSI, SRM and adsm.

You have to send us:

 

  • Name of the machine (e.g. wacdr001d.cern.ch)
  • Port in which the service will listen (8092)
  • Type of MSS (Castor)
  • Path in which the files will be saved ( /castor/cern.ch/user/a/aliprod/AliEn-1.0/data)

The path where the files are going to be saved has to be visible from the worker nodes of the site.

To start the SE, you have to do: alien StartSE

 

[aliprod@wacdr001d ~]$ alien StartSE
Starting the Storage element
Storage element started with 0 (pid 6281)
Log file: /tmp/AliEn/log/SE.log

The port in which the SE is listening has to be open for incoming access (if you want to check if we can access the service, click here )

 

File Transfer Daemon

The File Transfer Daemon (FTD) is used to transfer files between different sites using gridftp. The FTD's need a host certificate to authenticate to each other. The host certificate should be requested from your Certificate Authority.

 

The information that we need in order to set up the FTD is:

 

  • Name of the machine (e.g. wacdr001d.cern.ch)
  • Port in which the service is going to run (8091)
  • Host certificate subject
  • Maximum number of simultaneous transfer.

Once we get this information, we will generate your certificate, and mail it to you. You will have to put it in $HOME/.alien/identities.ftd/cert.pem.

Then, if you do 'alien StartFTD', the service will start.

 

[aliprod@wacdr001d ~]$ alien StartFTD
Starting the File Transfer Daemon
File Transfer Daemon started with 0 (pid 7446)
Log file: /tmp/AliEn/log/FTD.log

 

Starting the services at boot time

You can set up your machine to start up automatically all the services when the machine is rebooted, although for doing this you will need root privileges in the machine.

The first thing that you have to do is make a link of $HOME/AliEn/Admin/etc/rc.d/init.d/aliend in /etc/rc.d/init.d/, and make the set it to start and stop.

 

[pcepaip15] ~ > su
Password:
bash-2.05# ln -s /home/alienMaster/AliEn/Admin/etc/rc.d/init.d/aliend /etc/rc.d/init.d/
bash-2.05# cd /etc/rc.d/rc5.d/
bash-2.05# ln -s ../init.d/aliend S91aliend
bash-2.05# ln -s ../init.d/aliend K91aliend

Then you have to create the directory /etc/aliend, where you will put a directory per organisation that you want to start:

 

bash-2.05# mkdir /etc/aliend
bash-2.05# echo 'ALIEN_ORGANISATIONS="Alice"' >/etc/aliend/startup.conf

Finally, you will create subdirectory per organisation, and specify the services that you want to run for that organisation:

 

bash-2.05# mkdir /etc/aliend/Alice
bash-2.05# echo '#Startup configuration for alien' > /etc/aliend/Alice/startup.conf
bash-2.05# echo 'AliEnUser=alienMaster' >> /etc/aliend/Alice/startup.conf
bash-2.05# echo 'AliEnCommand="/opt/alien/bin/alien"' >> /etc/aliend/Alice/startup.conf
bash-2.05# echo '#services to start' >> /etc/aliend/Alice/startup.conf
bash-2.05# echo '#possible: Authen Monitor Logger Server Proxy' >> /etc/aliend/Alice/startup.conf
bash-2.05# echo 'AliEnServices="Monitor"' >> /etc/aliend/Alice/startup.conf

You can test that everything is ok:

 

bash-2.05# /etc/rc.d/init.d/aliend start
Starting AliEn services:
Doing Start for Alice
Service Monitor [ OK ]

 

Configuration files

There are three configuration files where you can define variables that AliEn will use. These files are $ALIEN_ROOT/.Environment $HOME/.alien/Environment and $HOME/.alien/.conf. The first two files are bash script. You can put there any bash command, and it will be executed before starting AliEn. These two files are used to define environment variables that have to be setup before AliEn starts. The difference between $ALIEN_ROOT/.Environemnt and $HOME/.alien/Environment is that the former applies to any user of that installation of AliEn, whereas the later is user dependent. By default, $HOME/.Environment looks like:

 

[pcegee02] /home/alienmaster > cat /opt/alien/.Environment
ALIEN_PATH=/opt/alien.v2-11/api/bin:/opt/alien.v2-11/globus/bin
ALIEN_LD_LIBRARY_PATH=/opt/alien.v2-11/api/lib:/opt/alien.v2-11/globus/lib:/opt/alien.v2-11/lib:/opt/alien.v2-11/lib/mysql
GLOBUS_LOCATION=/opt/alien.v2-11/globus
X509_CERT_DIR=/opt/alien.v2-11/globus/share/certificates
GAPI_LOCATION=/opt/alien.v2-11/api
SWIG_LOCATION=/opt/alien.v2-11
GSOAP_LOCATION=/opt/alien.v2-11
CGSI_GSOAP_LOCATION=/opt/alien.v2-11
CLASSAD_LOCATION=/opt/alien.v2-11
MYPROXY_LOCATION=/opt/alien.v2-11/globus
[pcegee02] /home/alienmaster>

For instance, we could add the following line to this file, and then we would receive an email everytime a user calls AliEn. PLEASE, NOTE THAT THIS IS JUST AN EXAMPLE. If you add this line to the file, and you are running some services (in particular the CE), you might get quite a lot of emails.

 

[pcegee02] /home/alienmaster > cat >> /opt/alien/.Environment <
> echo "Hello" | mail -s "The user $USER is calling AliEn" pablo.saiz@cern.ch
> EOF
[pcegee02] /home/alienmaster>

Some of the environment variables that we can define in these files are:

  • ALIEN_DOMAIN By default, AliEn takes the configuration from the domain name of your machine. If you want to specify that you are in another domain, define this variable.
  • ALIEN_VO: This is the virtual organisation you want to connect to.
  • ALIEN_USER: By default, AliEn tries to connect with the same user name as the local user of the machine. If your username in AliEn is different, use this enviroment variable. Please, note that this is a good example of a variable that should be defined in $HOME/.alien/Environment and not in $ALIEN_ROOT/.Environment.
  • GLOBUS_LOCATION: AliEn tries to use the GLOBUS defined in the environment variables. If you have another GLOBUS installation that is not compatible with the one of AliEn, please, put a line like 'export GLOBUS_LOCATION=$ALIEN_ROOT/globus' in $ALIEN_ROOT/.Environment
  • ALIEN_WORKDIR: If you are setting up a CE, each job needs a directory where they will create any temporary files. By default, these temporary files go to $HOME/alien-job-. If you prefer to have these directories on a different location, make any of these three environment variables point to the directory where you want the jobs to put their temporary files.

The third configuration file is $HOME/.alien/.conf. Please, note that this is not a bash script, but an Apache-format file. This file is used to overwrite the configuration that the site has in the central ldap. Note that by default this file is ignored. The VO admin can change the central ldap so that this file will be in 'add' or 'overwrite' mode for some of the sites. 'add' means that the file will be able to define new variables, but it will not be able to redefine existing ones. 'overwrite' gives permission to redefine any existing variables.

To see the variables that you can redefine in this file, do 'alien -exec echo'. This command will tell you all the variables that are defined in the configuration of your site. It is worth to mention the following ones:

 

  • LOG_DIR This is where all the log files of your services will appear
  • TMP_DIR Any temporary files needed will be created in this directory
  • CACHE_DIR When AliEn gets a file (and the destination is not specified), AliEn will put it in this directory.
  • JOB_BROKER_ADDRESS For instance, if we define this variable, we can make the CE talk to a different Job Broker.

There are also some variables that are needed for LCG CE, and that in AliEn v2-11 and older cannot be defined in the ldap. In AliEn v2-12 and later, these variables can also be defined in the ldap). Among these variables we have includes:

  • CE_LCGCE Name of the LCG CE where AliEn will submit the JobAgents (e.x ce-fzk.gridka.de:2119/jobmanager-pbspro-aliceXL)
  • CE_SITE_BDII Pointer to the BDII that AliEn will use (e.x. ldap://lcg-gridka-bdii.fzk.de:2170/mds-vo-name=FZK-LCG2,mds-vo-name=local,o=grid)

Please, note that the .conf file is supposed to be used only while you are setting up the site. Once you are happy with the content of this file, you should send it to the vo-manager, who will put the changes in the central configuration.

 

Worker Node Installation

There is no need of running any services on the worker nodes.

Create the user who will execute the jobs: > adduser gproduct

If any application packages are to be made available in the WN then a link should be set as follows:

> ln -s /home/gproduct/.alien/packages

 

Client Installation

The client tools for the prototype can be installed both in shared file system or locally.

 

Installing AliEn client locally

Please consult Download section for information how to download AliEn source and binary packages. Select 'client' component if you want to install pure AliEn client and dependencies or 'gShell' if you want to install lightweight AliEn shell and AliEn enabled ROOT.

 

Using AliEn from shared file system

In case of AliEn installation on the shared file system (like AFS or NFS), the only requirement is to add alien script to the command search path. This is the recommnedend procedure:

 

> mkdir $HOME/bin
> ln -s /afs/cern.ch/project/egee/jra1/prototype/glite/bin/alien $HOME/bin/alien
> export PATH=${PATH}:/afs/cern.ch/project/egee/jra1/prototype/glite/bin

 

User Credentials

Before trying to log in to AliEn, you need to obtain the credentials. If you have a user certificate signed by reckognised CA (in $HOME/.globus/usercert.pem), make a link:

 

ln -s $HOME/.globus $HOME/.alien/globus

and then type

 

alien register-cert

This will register you certificate with alien. Now do

 

alien proxy-init

to create your proxy.

 

Customising User Environment

Now go to your home directory and create the directory .alien. This is where AliEn will store user credentials and look for configuration files. Here is how this directory can look like (none of these files are mandatory):

 

[pcalicepb] ~/.alien > ls -la
total 17
drwxr-xr-x 4 pbuncic z2 2048 Apr 21 20:23 .
drwxr-xr-x 35 pbuncic root 10240 Apr 21 20:18 ..
-rw-r--r-- 1 pbuncic z2 44 Apr 21 20:48 Environment
lrwxr-xr-x 1 pbuncic z2 35 Apr 16 02:54 globus -> /afs/cern.ch/user/p/pbuncic/.globus
drwx------ 2 pbuncic z2 2048 Apr 9 13:20 identities.alice

[pcalicepb] ~/.alien > cat Environment
export ALIEN_ROOT=/afs/cern.ch/alice/library/local/alien
export ALIEN_ORGANISATION=Alice
[pcalicepb] ~/.alien >

In the Environment file, the user can define any of the following variables:

 

  • ALIEN_ROOT: location of AliEn distribution (same as INSTALL_DIR used during installation).
  • ALIEN_ORGANISATION: Virtual Organisation that you want to connect to (default 'Alice').
  • ALIEN_USER: username that you will use to connect to the system (default is $USER)
  • ALIEN_DOMAIN: domain name of your site (default, `hostname -d`)
  • ALIEN_LDAP_DN: place where the the ldap server of your organisation is running (by default, the system will connect to an ldap server in alien.cern.ch, and get the address of the organisation from there).

All these variables are optional, and you do not have to specify unless you want to override the default value.

The link globus points to the directory where you have your globus certificate.

The directory identities.alice (or identities.) will be created by alien to keep tokens or ssh keys if needed

 

Try it out!

Once you have all the services of a VO up and running, you should test that you can connect to them. The easiest way is to create an Environment file in which you will specify to which organisation you want to connect. You will also have to include there the name of your ldap server and DN, unless you have sent it to us.

 

[pcepaip15] /home/alienMaster > echo export ALIEN_ORGANISATION=PHENIX \
> export ALIEN_LDAP_DN="pcepalice45.cern.ch:8389/o=phenix,dc=cern,dc=ch">~/.alien/Environment

[pcepaip15] /home/alienMaster > alien
Warning: no SE defined for your site
Warning: no CE defined for your site
Warning: no FTD defined for your site
Connecting to database alien_system in pcepalice45.cern.ch:3307 ...
Warning! not able to load the previous environment!
[pcepalice45.cern.ch:3307] / >

If you have sent us the information of your ldap server, it will be enough if you specify the organisation from the command line (although you could still put it in the Environment file)

 

[pcepaip15] /home/alienMaster > alien --org PHENIX
Warning: no SE defined for your site
Warning: no CE defined for your site
Warning: no FTD defined for your site
Connecting to database alien_system in pcepalice45.cern.ch:3307 ...
[pcepalice45.cern.ch:3307] / >

This is the AliEn promt, its is NOT a shell promt. Some commands like ls, cd etc. will work to browse the alien catalogue. Please, check the Tutorial for a list of the commands that you can execute on AliEn. Check also the Server Administration to know the basic administration tasks (like adding users or sites to the system)

 

 

Known problems

Installation fails and on Fedora Core 3

  • Problem:
    alien is crashing at start because of libcrypt library from alien/globus/lib ... As for wget, the error message is: "cannot restore segment prot after reloc: Permission denied"
  • Solution:
    Switch off selinux from Desktop->System Settings->Security Level.