Grid Testbed

Information about testbed resources is split in 2 parts - EMI resources, and CERN internal resources. From the point of view of CERN user of the testbed, EMI testbed consists services in stable/production version, while CERN internal testbed can also have services being tested and might not be available outside CERN network.

Information about EMI resources is available on EMI pages (see links below), while this page contains information about resources dedicated for CERN testbed users.

Status of the services

Grid Testbed NEWS / WARNINGS

Possible issues:

CERN internal testbed

EMI testbed

Security notes

Accessing testbed or VNode / CVI resources

As a grid users having many permissions you should be very careful and keep your authentication information (passwords, keys, certificates) secure(!).

  • To access testbed resources directly (open a shell session on a machine), especially from outside CERN, please use the dedicated SSH Gateway (ask TomaszWolak for details, as it should not be information published in the twiki!). (please note that old SSH Gateway was disconnected from internet on February 7th, 2011 !).
  • Please do not use lxplus machines for accessing grid resources (in particular - avoid typing your password directly there!). It is a general purpose service with a lot of users, what has security implications. Even when you login to lxplus to work there please use either.
    • kerberos credentials (see CERN Courier article for basic info or twiki about ssh at CERN for more details) or
    • login first to the SSH Gateway then from there to lxplus (which if you have still valid kerberos tokens should not ask you for password!).

Of course - using lxplus may be OK in case of accessing only a UI machine, but even in that case users having account on lxadm should avoid it and pass through lxadm instead.

Firewall configuration

  • Ask Tomasz if you need to make a specific firewall configuration (either local, or external).

IPv6

FAQ

Email from CERN network managers with subject "High number of DNS queries: (hostname of your machine)". What should I do?

You are running on the machine something that does far too many DNS queries. This is not normal use of the network services you cannot do it! No matter how important is what you do - you have to do something about it and not overload DNS (your machine will be blocked by network managers if you do not react on warning!).:

  • if it is your application - you have a bug, correct it!
  • if you are just running eg. some test in a loop or something else of what code you cannot control - you have to configure a local DNS caching,
In the second case you can use eg. dnsmasq doing following steps:
  • $ cp /etc/resolv.conf /etc/resolv.conf-dnsmasq
  • change /etc/resolv.conf so it contains only:
search cern.ch
nameserver 127.0.0.1
  • edit /etc/dnsmasq.conf setting
resolv-file=/etc/resolv.conf-dnsmasq
interface=lo
expand-hosts
domain=cern.ch

  • $/etc/init.d/dnsmasq restart

Then you can try if it really does the job:

  • open 2 sessions on your machine
  • on the first do: $ tcpdump -i eth0 -n udp port 53
  • on the second do few times eg.: $ dig www.cern.ch
You should see query to DNS only after the first execution.

Legacy links

See also

-- TomaszWolak - 27-Oct-2010

Edit | Attach | Watch | Print version | History: r24 < r23 < r22 < r21 < r20 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r24 - 2012-06-28 - TomaszWolak
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    ITGT All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback