CVMFS shares are used on the bgvctrl and HLT nodes. It is based on http protocol and it can cache files locally. One advantage of the http protocol is that it can pass through http proxies and that the ports are easily forwarded via ssh if needed (as we do).

Some documentation:

http://cernvm.cern.ch/portal/filesystem/techinformation https://twiki.cern.ch/twiki/bin/view/CvmFS/ClientSetupCERN https://twiki.grid.iu.edu/bin/view/Documentation/Release3/InstallCvmfs

Setup CVMFS on bgvctrl and HLT nodes:

# Software:
yum-config-manager --add-repo http://cvmrepo.web.cern.ch/cvmrepo/yum/cernvm.repo
wget http://cvmrepo.web.cern.ch/cvmrepo/yum/RPM-GPG-KEY-CernVM -O /etc/pki/rpm-gpg/RPM-GPG-KEY-CernVM
yum -y install cvmfs-keys cvmfs cvmfs-init-scripts

# configuration (create the file if needed)
#cat /etc/cvmfs/default.local
CVMFS_QUOTA_LIMIT=20000
CVMFS_HTTP_PROXY="http://10.10.10.254:3128"
CVMFS_REPOSITORIES=lhcb,grid
CVMFS_CACHE_BASE=/localdisk/cvmfs2_cache

# create the mount directory
mkdir /localdisk/cvmfs2_cache

# disable SElinux (the default security forbids the mounts...)
# in /etc/selinux/config
SELINUX=disabled
/usr/sbin/setenforce 0

# setup to auto mount the share when needed (important so that the machine can boot without CVMFS first)
service autofs start
chkconfig autofs on

# tests:
cvmfs_config chksetup (should return ok)
cvmfs_config showconfig lhcb.cern.ch
cvmfs_config probe

# if not ok test with
mkdir /mnt/cvmfs
mount -t cvmfs lhcb.cern.ch /mnt/cvmfs

To simplify the setup, the bgvctrl has no http proxy installed, instead the http traffic is redirected to the CVMFS proxy via an ssh tunnel to the gateway (bgvgw). A script is used to setup the ssh tunnel to the gateway. In case of CVMFS problems, make sure the tunnel is active. This tunnel is only started on the bgvctrl machine. SSH key authentication is needed between bgvctrl and bgvgw.

cat /etc/init.d/cvmfs_tunnel

#!/bin/bash
#
# chkconfig: 2345 95 05
# description: This starts and stops ${PROG}.
# SSH tunnel from bgvctrl to gbvgw for cvmfs
#
# config: /etc/sysconfig/${PROG}
# pidfile: /var/run/${PROG}.pid
PATH=/sbin:/bin:/usr/bin:/usr/sbin:/usr/local/bin



TNLCMD="ssh -f -N -L 10.10.10.254:3128:ca-proxy.cern.ch:3128 bgvgw"


RETVAL=0

start(){
    for cmd in "$TNLCMD"
    do
        #echo $TNLCMD
        pid=`pgrep -f "$cmd"`
        if [ $? == 0 ]; then
            RETVAL=$?
            echo "already running $pid"
        else
            $TNLCMD
            RETVAL=$?
            if [ "$RETVAL" -eq 0 ]; then
                echo 'OK'
            fi
        fi
    done
    return $RETVAL
}

stop(){

    for cmd in "$TNLCMD"
    do
        #echo $cmd
        pid=`pgrep -f "$cmd"`
        if [ $? == 0 ]; then
            kill $pid
            RETVAL=$?
            if [ "$RETVAL" -eq 0 ]; then
                echo 'OK killed'
            fi
        fi
    done
    return $RETVAL

}

restart(){
    stop
    start
}

status(){
    for cmd in "$TNLCMD"
    do
        #echo $cmd
        pid=`pgrep -f "$cmd"`
        if [ $? == 0 ]; then
            echo "OK pid $pid"
        else
            echo "ssh tunnel off"            
        fi
    done
}

condrestart(){
    [ -e /var/lock/subsys/${PROG} ] && restart
    return 0
}



# See how we were called.
case "$1" in
    start)
        start
        ;;
    stop)
        stop
        ;;
    status)
        status
        ;;
    restart)
        restart
        ;;
    *)
        echo $"Usage: $0 {start|stop|status|restart}"
        RETVAL=1
esac

exit $RETVAL