-- StefanoAntonelli - 16 Nov 2006

Starting on the Grid


Getting a Grid Certificate

Questa e' una prova per aggiungere una PaginaNuova. ATLAS uses 3 different Grid implementations - OSG in the US, NorduGrid and the LCG. In order to use the Grid you need a Digital Certificate (sometimes called a PKI or X509 certificate) that acts as a passport and says who you are (know as Authentication). You obtain a Digital Certificate from your National Certification Authority (CA) by following one of the links below. Usually the procedure is the following:

  • go to one of the links below and find your National CA
  • retrieve a certificate from the site and go to your local RA (Registration Authority) which will give you an ID to authenticate you. Important: during the request use always the same browser
  • with this ID fill the form on the CA site and wait for the answer by mail
  • following the link you will get by mail, you will retrieve the certificate (e.g. don't worry if you are using Mozilla because you will get no answer. Go to the menu Edit -> Preferences -> Privacy & Security -> Certificates -> Manage Certificates button -> Your Certificates. From here you will be able even to backup your certificate to export it to other browsers or to protect it with a password or passphrase, passphrase1)

Links to the National CA

Note: It may take a few days to obtain a certificate. Here you can find some information about loading certificates with different browsers: http://grid-it.cnaf.infn.it/fileadmin/users/certmgr/certmgr.html and the same document in pdf http://grid-it.cnaf.infn.it/fileadmin/users/certmgr/certmgr.pdf.

Once you have a certificate you need to join a Virtual Organisation (VO) - in this case atlas following the procedure described in How to join the ATLAS VO . Being a member of a VO is like having Visas in your passport and say what you can do (known as Authorisation). ATLAS uses 3 different Grid implementations - OSG in the US, NorduGrid and the LCG. To join the LCG you need to follow the LCG Registration procedure.

Preparing to use the LCG or US-Grid

Once you have your Digital Certificate (probably inside your Web Browser) you need to export it. How you do this will depend on your Web Browser but will be somewhere under preferences -> security -> certificates. You should end up with something like mycert.pfx. In order to use the Grid you need access to a local User Interface (UI) machine that has the LCG Middleware installed. Copy your certificate to this UI machine and under your home directory on the UI create a .globus directory.

User Interface

You can use lxplus (or another machine under AFS) as a UI if you issue the command:
> source /afs/cern.ch/project/gd/LCG-share/sl3/etc/profile.d/grid_env.sh  [or .csh]

You can also install a UI on your own machine (needs lots of disk space). Go to http://grid-it.cnaf.infn.it/index.php?userinterface&type=1 and download the UIPnP. Then:

> cd path_to_somewhere
> tar -zxf UIPnP-2.6.0-4.tar.gz
Each time you want to use it you need to do:
> export UIPnP=/path_to_somewhere/UIPnP
> source $UIPnP/UIPnP.sh
where path_to_somewhere is wherever you installed UIPnP. You might need to change the resource brokers in the file UIPnP.conf.

When you use this UI to submit jobs you get a harmless error message that you can ignore:

**** Warning: UI_CAN_NOT_EXECUTE ****
Unable to execute "Python Tkinter Graphical":
Unable to load library.

Preparing your Certificate

You need to convert your certificate into the correct form using:
> openssl pkcs12 -in mycert.pfx -clcerts -nokeys -out usercert.pem
> openssl pkcs12 -in mycert.pfx -nocerts -out userkey.pem
> chmod 400 userkey.pem
> chmod 444 usercert.pem
then move these two files to the .globus directory. You probably need to remember two passwords, one for the original certificate and one for the converted one. If all is well try:
> grid-proxy-init
which should give something like this:
Your identity: /C=UK/O=eScience/OU=QueenMaryLondon/L=Physics/CN=steve lloyd
Enter GRID pass phrase for this identity:
Creating proxy .............................................................. Done
Your proxy is valid until: Tue Apr 12 22:03:18 2005
You need to do this once every session or after 12 hours have elapsed.

Preparing to use the NorduGrid

Obtaining NorduGrid/ARC client tools

Note that only a selected group of users has access to NorduGrid. In order to submit jobs, copy files and do other useful things on NorduGrid and other ARC-enabled resources, you need an appropriate set of client tools. You can download them from the NorduGrid downloads site: http://ftp.nordugrid.org/download.

Click Quick start: standalone client button and scroll to the bottom of the page. From the table offering different Linux flavors, click the one of your liking; for SLC3, select redhat-3WS. Save the file (tar.gz), or unpack it directly to any place you prefer. You will need 15 to 21 MB of disk space, depending on the version.

After unpacking, go down the newly created directory, e.g. nordugrid-standalone-0.4.5, make the setup script an executable chmod u+x setup.[c]sh, and then run

> source setup.[c]sh

You will have to run this for every new opened shell session, so it makes sense to add this line to your .{ba|c}shrc initialisation file.

Don't forget to run

> grid-proxy-init

to create your proxy or to renew it: default Grid proxy lifetime is 12 hours.

Originally taken from https://lcg-registrar.cern.ch/pki_certificates.html
-- SteveLloyd - 03 Feb 2005 -- Main.oxana - 28 Oct 2005 -- SteveLloyd - 24 Jan 2006


Topic attachments
I Attachment History Action Size Date Who Comment
GIFgif tile_schematic.gif r1 manage 11.0 K 2006-06-21 - 17:38 UnknownUser tile calorimeter ATLAS
JPEGjpeg tilecal_atlas.jpeg r1 manage 1.8 K 2006-06-21 - 17:50 UnknownUser  
Edit | Attach | Watch | Print version | History: r6 < r5 < r4 < r3 < r2 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r6 - 2007-06-03 - StefanoAntonelli
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    Sandbox All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback