|
How to
use SRM on the UAF
Introduction
Prerequisites
Prepare your UAF account to
use srmcp
Transfering a file
Monitoring SRM
Gettin Help
Introduction
SRM
(Storage Resource Management) is a grid-service available on the
UAF. The srmcp
command allows for file transfers between sites and mass
storage systems. Here we will show examples to transfer files from CASTOR at CERN to
Fermilab. Since it is a grid service there are two prerequisites:
Prerequisites
The whole
procedure will probaly take a few days but you might want to start
using other CMS grid services like CRAB
to do analysis on the grid and to access available data sets e.g. from
the Computing, Software and Analysis challenge: CSA06. So
let's get on the GRID.
First you need
to get a valid grid credential (a.k.a certificate)
. This can be obtained from the following site: http://www.doegrids.org/
Once you have your certificate and imported it into your browser you
can register to the VO (Virtual Organization): https://lcg-voms.cern.ch:8443/vo/cms/vomrs
Prepare your UAF account
to use srmcp
First export the certificate from the exact browser you used when
applying for the certificate. E.g. in Firefox the sequence is:
edit->
preferences -> advanced ->certificates -> manage certificates
-> select the DOE certificate -> backup
select a name
.e.g YourCert.p12
select a
passphrase
You should
now have the file YourCert.p12
that you can copy to the UAF.
Now log into the
UAF and setup the globus user environment:
source
/opt/globus/etc/globus-user-env.csh
Besides setting
all the environmental variables this should also create the $HOME/.globus
directory. Copy
your YourCert.p12
into this directory.
This
now has to be converted into PEM format.
openssl pkcs12 -in YourCert.p12
-clcerts -nokeys -out $HOME/.globus/usercert.pem
To get the encrypted private key :
openssl pkcs12
-in YourCert.p12 -nocerts -out $HOME/.globus/userkey.pem
For more details have a look at the following web site:
http://www.grid-support.ac.uk/content/view/63/55/
Now we are ready
try the
certification proxy initialization using the
grid-poxy-init command. If everything is
ok and you enter the correct passphrase:
/opt/globus/bin/grid-proxy-init
-valid 30:00
Your
identity: /DC=org/DC=doegrids/OU=People/CN=Hans Wenzel 869603
Enter GRID
pass phrase for this identity:
Creating
proxy .............................. Done
Your proxy is
valid until: Tue Oct 31 17:32:46 2006
Certification proxy initialization may fail for several reasons. When
you copy
your .pem files into ~/.globus/ verify file protections that must
be as follows:
ls -l .globus
-rw-r--r-- 1 wenzel
us_cms 1711 Oct 26 10:37
usercert.pem
-r-------- 1 wenzel
us_cms 1910 Oct 26 10:39 userkey.pem
Note that userkey.pem must be readable only by the user that owns the
file.
If either userkey.pem permissions are bad or your passphrase is wrong,
you will get the following error message:
/opt/globus/bin/grid-proxy-init -valid 30:00
Your
identity: /C=IT/O=ANY/OU=Personal Certificate/L=BBB/CN=Mm
Lz/Email=M.@site
Enter GRID
pass phrase for this identity:
ERROR:
Couldn't read user key. This is likely caused by
either giving
the wrong passphrase or bad file permissions
key file
location: /home/lz/.globus/userkey.pem
Use -debug
for further information.
More detailed information is given by the -debug option. You may use
the debug option as default with the proxy commands. The printed
information is brief and it is more or less meaningful depending on the
failure reason. One situation in which the -debug option is very useful
is when your proxy is missing or expired as shown below:
/opt/globus/bin/grid-proxy-info -debug
ERROR:
Couldn't find a valid proxy.
grid_proxy_info.c:334:
globus_gsi_system_config.c:4538:
globus_gsi_sysconfig_get_proxy_filename_unix:
Could not
find a valid proxy certificate file location:
A file
location for the proxy cert could not be found in:
1) env. var.
X509_USER_PROXY=NULL
2)
/tmp/x509up_u10009
Transfering a file
At this point we
should be ready to try to transfer a file. In the example below I am
copying a file from my area in CASTOR at CERN to a local
disk area on the UAF. Using the -debug option you will receive
very detailed information what's happening and in case things are
failing it should explain why. The printed
information is more or less meaningful depending on the
failure reason.
export PATH=/usr/java/jdk1.5.0_10/bin/:$PATH
srmcp -debug=true -2
"srm://cms-srm.cern.ch:8443/srm/managerv2?SFN=/castor/cern.ch/user/w/wenzel/hsimple.root"
file:////uscmst1b_scratch/lpc1/wenzel/hsimple.root
srmcp -debug=true
"srm://cmssrm.fnal.gov:8443/srm/managerv2?SFN=/4/test/TESTFILE"
file:////uscmst1b_scratch/lpc1/3DayLifetime/yujun/TESTFILE
One can also
copy directly from CASTOR SRM (and other SRM servers) from/to FNAL
dCache. E.g. To copy to your local area in dCache which is mounted as /pnfs/cms/WAX/2/wenzel on the UAF issue
the following command:
srmcp
-debug=true -2
"srm://cms-srm.cern.ch:8443/srm/managerv2?SFN=/castor/cern.ch/user/w/wenzel/hsimple.root"
"srm://cmssrm.fnal.gov:8443/srm/managerv2?SFN=/2/wenzel/hsimple.root"
Some users may
have some confusion with how many "slashes(/)" to put for the SURL. One
easiest way, as suggested by Jon, to think about this is: "a / is a
separator and part of the file path, and if in doubt add a / because
the dcache
will gladly ignore multiple slashes (like unix), but it will never add
one for you. For example file:////dev/null looks ridiculous, but if you
divide it up:
file:// <implied localhost.localdomain>/
/dev/null
and if you don't add the localhost, you get 4 slashes in a row.
If the pnfs path of the your resilient file is, for example:
/pnfs/cms/WAX/resilient/gerbaudo/mc-hcal-120_Ieta1-29_Iphi1-2_E005.root
you srmcp that as
"srmcp
srm://cmssrm.fnal.gov:8443/resilient/gerbaudo/mc-hcal-120_Ieta1-29_Iphi1-2_E005.root
file:///test.root"
Monitoring SRM
http://cmssrv33.fnal.gov:8080/srmwatch/
Getting Help
SRM
client package provider is - at the moment this is osg-int@opensciencegrid.or
or if you think the problem is on the fermilab side contact the
helpdesk (helpdesk@fnal.gov) or
the t1 team (cms-t1@fnal.gov).
Last modified:
October 30 , 2006 by Hans Wenzel
|
