Introduction

The following recipe was used to run the LxCloud tests for ATLAS distributed analysis. The goal is to get Panda jobs running in a panda pilot that is running on cloud-based resources. In this example, this was achieved at CERN, in ANALY_CERNVM_test.

Note that if you are working from outside the CERN firewall, you will need to make an ssh tunnel through lxplus. A rough script to setup the tunnel is at lxplus:~dvanders/public/tunnel.sh

1. Get CernVM client working

This work was done using CernVM version 2.3.2. The important components needed are the lcg grid UI, and the cvm cloud admin tool.

2. Configure cvm

cvm is a EC2 API client. It is used to instantiate and contextualize instances of a VM in the cloud.

From your home directory:

mkdir .ec2
cd .ec2
vi CERN.conf

and enter the text:

[Credentials]
access_key_id = yourid
secret_access_key = yourkey

[Service]
Url = https://oneadmin02.cern.ch:8443

but remember to correct the access key and service URL above. (IF you are outside the firewall, the url above should be "localhost..."). Next make ec2.conf:

vi ec2.conf

with the text:

[Service]
Region = CERN

Now you should be able to check the status of the cloud:

cvm ls
cvm ls -i

The 2nd command above lists the available images stored at the EC2 site.

3. Setup grid proxy

You need to copy over your grid certificate and create a proxy with the production role. Once you copy you should have:

[dvanders@localhost ~]$ ls -l .globus/
total 8
-rw-r--r-- 1 dvanders dvanders 3044 Jun 22 14:35 usercert.pem
-rw------- 1 dvanders dvanders 1925 Jun 22 14:35 userkey.pem

To initiate a proxy do:

lcg voms-proxy-init -voms atlas:/atlas/Role=production -valid 596:00

4. Configure a cloud template

Now we will create a template file used to contextualize an image. We create panda.tpl:

vi panda.tpl

with the text:

[amiconfig]
disabled_plugins = disablesshpasswdauth

[cernvm]
organisations = atlas
repositories  = atlas,grid,atlas-condb,sft
users = panda:atlas:thepassword
eos-server = eosatlas.cern.ch
contextualization_command = panda:'/cvmfs/sft.cern.ch/lcg/external/experimental/panda-pilot/runPanda-Daniel -m /eos/atlas/vm/copilot -t 48 -s ANALY_CERNVM_test -h ANALY_CERNVM -w pandaserver.cern.ch -u user'
[[IF X509_CERT]]x509-cert = [[X509_CERT]] [[ENDIF]]

This file will create an instance which adds the atlas environment, allows the user panda (group atlas) to ssh in with password thepassword. After booting the image will set the X509 env variable and run the runPanda-Daniel script. The contents of the runPanda-Daniel script is attached to this twiki.

Submit Grid Jobs

Use pathena or ganga (or HammerCloud!) to submit to the queue you are testing. In this case, the queue is ANALY_CERNVM_test. Use a queue that is not accessible to other users.

Run the pilots.

Now we will instantiate some VMs to run the pilots. This uses the credentials we setup earlier and the .tpl file.

lcg voms-proxy-init -voms atlas:/atlas/Role=production -valid 596:00
cvm --region CERN run ami-00000017 --proxy --template panda:1 -t m1.large

In this case ami-00000017 refers to the image ID of the image you want to use.

-- DanielVanDerSter - 20-Sep-2011