Here you can find a guide on how to use the resources at CNAF-INFN.
If you have questions/suggestions, please send an email to user-support<AT>lists.cnaf.infn.it
For any problem, please send an email to firstname.lastname@example.org or to email@example.com
Using Tier1 computing and storage resources by means of the grid tools requires a personal certificate, not needed if using resources locally. A personal certificate can be obtained following the procedure outlined here.
Once obtained the pk12 certificate (hereafter cert.p12), it is necessary to split it in a public and private keys and put them in a .globus folder inside user home directory in the User Interface (UI). The commands are:
cd $HOME mkdir .globus cd .globus openssl pkcs12 -clcerts -nokeys -in cert.p12 -out usercert.pem openssl pkcs12 -nocerts -in cert.p12 -out userkey.pem chmod 600 usercert.pem chmod 400 userkey.pem
The files must have the following permissions:
-rw------- 1 username virgo 2240 May 28 2019 usercert.pem -r-------- 1 username virgo 2004 May 28 2019 userkey.pem
In order to transfer files or submit jobs using a Virtual Organization (VO), first generate a proxy with VOMS extensions using the command:
voms-proxy-init --voms <vo name>
We can check the right voms extensions of the proxy with the command:
The output should be something like:
subject : /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Lucia Morganti/CN=559862463 issuer : /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Lucia Morganti identity : /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Lucia Morganti type : RFC3820 compliant impersonation proxy strength : 1024 path : /tmp/x509up_u21073 timeleft : 11:59:54 key usage : Digital Signature, Key Encipherment, Data Encipherment === VO virgo extension information === VO : virgo subject : /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Lucia Morganti issuer : /DC=org/DC=terena/DC=tcs/C=IT/ST=Lazio/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-01.pd.infn.it attribute : /virgo/virgo/Role=NULL/Capability=NULL attribute : /virgo/Role=NULL/Capability=NULL timeleft : 11:59:54 uri : voms-01.pd.infn.it:15009
If the bold part is not present or the timeleft there is zero, the proxy has not the voms extensions and has to be regenerated.
The mechanism of proxy renewal is based on proxy delegation: a long-term proxy is stored in a dedicated server, so called MyProxy server (e.g. myproxy.cnaf.infn.it here at CNAF), and is used to create a new short-term proxy before the old one expires.
Even if a proxy can be created with arbitrary lifetime, the delegation is necessary because its VOMS extensions have a limited lifetime, decided by the VO.
Job submission to WMS (glite-wms-job-submit)
Jobs submission to CE (glite-ce-job-submit)
Nota bene: each job has associated the proxy that was on the UI at the time of job submission.
Have a look at this page for a description of useful GFAL2 commands for data management.
Instructions are available at the following wiki pages:
CDG meetings (Comitato di Gestione del Tier-1) are typically held once a month, and announced via email. If you want to be informed about CDG meetings, please send an email to firstname.lastname@example.org
CDG minutes and slides are available in agenda.
At CNAF, the meeting room is “Valerio Venturi”.
Remote participation is possible, following the instructions sent via mail.
Monthly reports presented at Tier1-CdG meetings are available in the agenda.
To use CNAF VPN, one has to point to https://gate3.cnaf.infn.it and to follow the installation of the client.
When you update your personal certificate, in the Cisco AnyConnect client text field please insert gate3.cnaf.infn.it. You should then select the personal certificate that will be used by the client for future connections.
The procedure to configure eduroam or INFN-dot1x is the same. You just need to select the desired network between the two.
No matter your operating system, when doing the setup you need to provide username and password which are specific to eduroam or INFN-dot1x, and which you have to request your computing center for. The username is always in the form email@example.com.
Please have a look at this page.