Print

Print
I'm worried as well that (some of) the developers don't have clear that rfio is still the core of DPM and is heavily used by admins.

I had ACLs problems too due to a bug and I had to argue first with Fabrizio who didn't want me to use it before we found out what the problem was even Andrea dropped it in Fabrizio's lap at the first hurdle and only after I replied to myself 5 times with my debugging progress finally looked into it.

cheers
alessandra

On 29/03/2016 16:51, Sam Skipsey wrote:
[log in to unmask]" type="cite">
Hi Alessandra,

I know, I'm on all those emails.

I'm... a little terrified that this is the case, given that rfio is the core comms protocol for DPM still!

Sam

On Tue, Mar 29, 2016 at 4:47 PM Alessandra Forti <[log in to unmask]> wrote:
Hi,

if you have followed the saga in Sheffield it doesn't work, it crashes with a weird error. We couldn't make it work and the developers were at loss too.

cheers

alessandra


On 29/03/2016 16:41, Sam Skipsey wrote:
I just changed it all to rfcp, since it's the natural way to do it (until DPM removes rfio) :)
Plus, I don't strictly have an ATLAS role, so I felt like mapping myself to ATLAS in the gridmaps would be bad form. (And it wouldn't necessarily work for xrootd, if vomsxrd was enabled?)

Sam

On Tue, Mar 29, 2016 at 4:36 PM Alessandra Forti <[log in to unmask]> wrote:
Hi Elena,

in other words you need to check your are mapping the host DN in /etc/lcgdm-mapfile-local (and /etc/grid-mapfile-local?)

how did other people do it? I have rfcp working I'd like not to test xrdcp if other people made it work already.

cheers

alessandra


On 29/03/2016 15:29, Sam Skipsey wrote:
Hi Elena,

The mistake you're making here is in assuming that the script is doing what it should do :)

xrdcp needs to be given a credential with permissions to write into the directory you're pointing it at. If your credential (without any VOMS roles) has permissions to do that, then this will work. However, the fact that you're getting a Permission Denied means that your bare proxy does not have the required permissions.

I would check to see what permission your bare DN has on your DPM server. And then, either give yourself the right permissions, or get the voms-proxy-init to give you a proper ATLAS role (which is what it should be doing in the first place).

Sam



On Tue, Mar 29, 2016 at 3:10 PM Elena Korolkova <[log in to unmask]> wrote:
Hi Sam,

the command in script does:

voms-proxy-init -cert /etc/grid-security/hostcert.pem -key /etc/grid-security/hostkey.pem.

So it shouldn’t be any atlas credential.

Then the script does:

dpns-mkdir -p ${atlas_path}/atlasgroupdisk/${i}/dumps
dpns-setacl  -m g:atlas:rwx,m:rwx ${atlas_path}/atlasgroupdisk/${i}/dumps


What is I missing here? How can I make it work?

Many thanks
Elena

On 29 Mar 2016, at 15:04, Sam Skipsey <[log in to unmask]> wrote:

> Well, xrdcp definitely won't work - it doesn't have permissions (your proxy doesn't seem to have any ATLAS VOMS roles in it?)
>
> Sam
>
> On Tue, Mar 29, 2016 at 2:08 PM Elena Korolkova <[log in to unmask]> wrote:
> Hi,
>
> A related question. I don’t have a cron job because I first tried to copy the dump with rfcp command which didn’t work in Sheffield.
> Now I’ve switched to xrdcp and it doesn’t work either:
>
> xrdcp ./${i}-dump_${yesterday} root://${se_hostname}/${atlas_path}/${i}/dumps/dump_${yesterday}
> [0B/0B][100%][==================================================][0B/s]
> Run: [ERROR] Server responded with an error: [3010] Unable to create /dpm/shef.ac.uk/home/atlas/atlasscratchdisk/dumps/dump_20160328; Permission denied
>
> [root@lcgse0 tmp.JSAOI1Epz8]# voms-proxy-info -all
> subject   : /C=UK/O=eScience/OU=Sheffield/L=CICS/CN=lcgse0.shef.ac.uk/CN=proxy
> issuer    : /C=UK/O=eScience/OU=Sheffield/L=CICS/CN=lcgse0.shef.ac.uk
> identity  : /C=UK/O=eScience/OU=Sheffield/L=CICS/CN=lcgse0.shef.ac.uk
> type      : full legacy globus proxy
> strength  : 1024
> path      : /tmp/x509up_u0
> timeleft  : 11:18:14
> key usage : Digital Signature, Key Encipherment, Data Encipherment
>
> [root@lcgse0 tmp.JSAOI1Epz8]# dpns-getacl /dpm/shef.ac.uk/home/atlas/atlasscratchdisk/dumps/
> # file: /dpm/shef.ac.uk/home/atlas/atlasscratchdisk/dumps/
> # owner: root
> # group: root
> user::rwx
> group::rwx              #effective:rwx
> group:atlas:rwx         #effective:rwx
> group:atlas/Role=production:rwx         #effective:rwx
> mask::rwx
> other::r-x
> default:user::rwx
> default:group::rwx
> default:group:atlas:rwx
> default:group:atlas/Role=production:rwx
> default:mask::rwx
> default:other::r-x
> [root@lcgse0 tmp.JSAOI1Epz8]
>
> Any thoughts what’s going wrong?
>
> Thanks
> Elena
>
>
> On 29 Mar 2016, at 13:26, Alessandra Forti <[log in to unmask]> wrote:
>
> > Hello,
> >
> > there are currently 4 tickets open and we can say they are in progress a couple may almost be on the verge of being closed.... However I did a sweep check on all the UK endpoints and I'm araid even the sites with  ticket already closed don't have a cron setup which means that there is nothing to check. Kudos to Cambridge and Liverpool that look fine, all the others can I ask you to setup the cron or to check why it isn't working please?
> >
> > thanks
> >
> > cheers
> > "Lu-Tze the sweeper"
> > alessandra
> >
> >
> > --
> > Respect is a rational process. \\//
> > Fatti non foste a viver come bruti (Dante)

-- 
Respect is a rational process. \\//
Fatti non foste a viver come bruti (Dante)


-- 
Respect is a rational process. \\//
Fatti non foste a viver come bruti (Dante)


-- 
Respect is a rational process. \\//
Fatti non foste a viver come bruti (Dante)