Introduction
The following recipe was used to run the
LxCloud tests for ATLAS distributed analysis. The goal is to get Panda jobs running in a panda pilot that is running on cloud-based resources. In this example, this was achieved at CERN, in ANALY_CERNVM_test.
Note that if you are working from outside the CERN firewall, you will need to make an ssh tunnel through lxplus. A rough script to setup the tunnel is at lxplus:~dvanders/public/tunnel.sh
1. Get CernVM client working
This work was done using
CernVM version 2.3.2. The important components needed are the lcg grid UI, and the cvm cloud admin tool.
2. Configure cvm
cvm is a EC2 API client. It is used to instantiate and contextualize instances of a VM in the cloud.
From your home directory:
mkdir .ec2
cd .ec2
vi CERN.conf
and enter the text:
[Credentials]
access_key_id = yourid
secret_access_key = yourkey
[Service]
Url = https://oneadmin02.cern.ch:8443
but remember to correct the access key and service URL above. (IF you are outside the firewall, the url above should be "localhost..."). Next make ec2.conf:
vi ec2.conf
with the text:
[Service]
Region = CERN
Now you should be able to check the status of the cloud:
cvm ls
cvm ls -i
The 2nd command above lists the available images stored at the EC2 site.
3. Setup grid proxy
You need to copy over your grid certificate and create a proxy with the production role. Once you copy you should have:
[dvanders@localhost ~]$ ls -l .globus/
total 8
-rw-r--r-- 1 dvanders dvanders 3044 Jun 22 14:35 usercert.pem
-rw------- 1 dvanders dvanders 1925 Jun 22 14:35 userkey.pem
To initiate a proxy do:
lcg voms-proxy-init -voms atlas:/atlas/Role=production -valid 596:00
4. Configure a cloud template
Now we will create a template file used to contextualize an image. We create panda.tpl:
vi panda.tpl
with the text:
[amiconfig]
disabled_plugins = disablesshpasswdauth
[cernvm]
organisations = atlas
repositories = atlas,grid,atlas-condb,sft
users = panda:atlas:thepassword
eos-server = eosatlas.cern.ch
contextualization_command = panda:'/cvmfs/sft.cern.ch/lcg/external/experimental/panda-pilot/runPanda-Daniel -m /eos/atlas/vm/copilot -t 48 -s ANALY_CERNVM_test -h ANALY_CERNVM -w pandaserver.cern.ch -u user'
[[IF X509_CERT]]x509-cert = [[X509_CERT]] [[ENDIF]]
This file will create an instance which adds the atlas environment, allows the user
panda
(group
atlas
) to ssh in with password
thepassword
. After booting the image will set the X509 env variable and run the runPanda-Daniel script. The contents of the runPanda-Daniel script is attached to this twiki.
Submit Grid Jobs
Use pathena or ganga (or
HammerCloud!) to submit to the queue you are testing. In this case, the queue is ANALY_CERNVM_test. Use a queue that is not accessible to other users.
Run the pilots.
Now we will instantiate some VMs to run the pilots. This uses the credentials we setup earlier and the .tpl file.
lcg voms-proxy-init -voms atlas:/atlas/Role=production -valid 596:00
cvm --region CERN run ami-00000017 --proxy --template panda:1 -t m1.large
In this case
ami-00000017
refers to the image ID of the image you want to use.
--
DanielVanDerSter - 20-Sep-2011