Skip to content

HTCondor/ARC Installation on VObox#

This documentation describes how to configure a VObox to enable it submit ALICE jobs to HTCondor CEs or ARC. Refer to the appropriate section as needed.

The VObox will typically have been set up first as a WLCG VObox as documented here:

WLCG VObox deployment documention

Mind adding the VOMS client configuration for ALICE:

~# yum install wlcg-voms-alice

HTCondor#

The VObox will run its own HTCondor services that are independent of the HTCondor services for your CE and batch system. The following instructions assume you are using CentOS/EL 7.5+. See below for installations compatible with EL 9.

Install HTCondor on CentOS 7#

  1. Install the EGI UMD 4 repository rpm:

    ~# yum install http://repository.egi.eu/sw/production/umd/4/centos7/x86_64/updates/umd-release-4.1.3-1.el7.centos.noarch.rpm

  2. Install HTCondor 9.0.16 or a later 9.0.x version (not yet 10.x):

    ~# cd 
~# yum update
~# yum install condor

JAliEn Configuration#

This configuration is needed for HTCondor that used run a JobRouter (not needed anymore).

  1. Go to the HTCondor configuration folder:

    ~# cd /etc/condor

  2. Create local configuration for HTCondor:

    ~# touch config.d/01_alice_jobrouter.config

  3. Add and adjust the following configuration content:

    config.d/01_alice_jobrouter.config 
    DAEMON_LIST = MASTER, SCHEDD, COLLECTOR

# the next line is needed since recent HTCondor versions

COLLECTOR_HOST = $(FULL_HOSTNAME)

GSI_DAEMON_DIRECTORY = /etc/grid-security
GSI_DAEMON_CERT = $(GSI_DAEMON_DIRECTORY)/hostcert.pem
GSI_DAEMON_KEY  = $(GSI_DAEMON_DIRECTORY)/hostkey.pem
GSI_DAEMON_TRUSTED_CA_DIR = $(GSI_DAEMON_DIRECTORY)/certificates

SEC_CLIENT_AUTHENTICATION_METHODS = SCITOKENS, FS, GSI
SEC_DEFAULT_AUTHENTICATION_METHODS = FS, GSI
SEC_DAEMON_AUTHENTICATION_METHODS = FS, GSI

AUTH_SSL_CLIENT_CADIR = /etc/grid-security/certificates

COLLECTOR.ALLOW_ADVERTISE_MASTER = condor@fsauth/$(FULL_HOSTNAME)
COLLECTOR.ALLOW_ADVERTISE_SCHEDD = $(FULL_HOSTNAME)

ALL_DEBUG = D_FULLDEBUG D_COMMAND
SCHEDD_DEBUG = D_FULLDEBUG
GRIDMANAGER_DEBUG = D_FULLDEBUG

FRIENDLY_DAEMONS = condor@fsauth/$(FULL_HOSTNAME), root@fsauth/$(FULL_HOSTNAME), $(FULL_HOSTNAME)
ALLOW_DAEMON = $(FRIENDLY_DAEMONS)

SCHEDD.ALLOW_WRITE = $(FRIENDLY_DAEMONS), *@cern.ch/$(FULL_HOSTNAME)

# more stuff from the CERN VOboxes

CONDOR_FSYNC = False
GRIDMANAGER_MAX_SUBMITTED_JOBS_PER_RESOURCE = 10000

GRIDMANAGER_JOB_PROBE_INTERVAL = 600

GRIDMANAGER_MAX_PENDING_REQUESTS = 500
GRIDMANAGER_GAHP_CALL_TIMEOUT = 3600
GRIDMANAGER_SELECTION_EXPR = (ClusterId % 2)
GRIDMANAGER_GAHP_RESPONSE_TIMEOUT = 300
GRIDMANAGER_DEBUG =
ALLOW_DAEMON = $(ALLOW_DAEMON), $(FULL_HOSTNAME), $(IP_ADDRESS), unauthenticated@unmapped
COLLECTOR.ALLOW_ADVERTISE_MASTER = $(COLLECTOR.ALLOW_ADVERTISE_MASTER), $(ALLOW_DAEMON)
COLLECTOR.ALLOW_ADVERTISE_SCHEDD = $(COLLECTOR.ALLOW_ADVERTISE_SCHEDD), $(ALLOW_DAEMON)

DELEGATE_JOB_GSI_CREDENTIALS_LIFETIME = 0

GSI_SKIP_HOST_CHECK = true

  4. Restart HTCondor now and automatically at boot time:

    ~# service condor restart
~# chkconfig condor on

  5. Check HTCondor is running and produces the following initial output:

    ~# pstree | grep condor

 |-condor_master-+-condor_collecto
 |               |-condor_procd
 |               |-condor_schedd
 |               `-condor_shared_p

Install HTCondor on EL 9#

  1. Install the HTCondor LTS ("stable") release:

    ~# (umask 077; uuidgen > ~/pool-pwd-$$.txt)
~# curl -fsSL https://get.htcondor.org | GET_HTCONDOR_PASSWORD=`cat ~/pool-pwd-$$.txt` /bin/bash -s -- --no-dry-run --channel stable

  2. Move the original configuration file out of the way:

    ~# mv /etc/condor/config.d/00-minicondor ~/00-minicondor.orig

  3. Add the following configuration contents:

    /etc/condor/config.d/99-minicondor.vobox 
    # HTCONDOR CONFIGURATION TO CREATE A POOL WITH ONE MACHINE
# --> modified to allow it to be used ONLY for submitting to REMOTE CEs!
#
# This file was created upon initial installation of HTCondor.
# It contains configuration settings to set up a secure HTCondor
# installation consisting of **just one single machine**.
# YOU WILL WANT TO REMOVE THIS FILE IF/WHEN YOU DECIDE TO ADD ADDITIONAL
# MACHINES TO YOUR HTCONDOR INSTALLATION!  Most of these settings do
# not make sense if you have a multi-server pool.
#
# See the Quick Start Installation guide at:
#     https://htcondor.org/manual/quickstart.html
#

# ---  NODE ROLES  ---

# Every pool needs one Central Manager, some number of Submit nodes and
# as many Execute nodes as you can find. Consult the manual to learn
# about addtional roles.

use ROLE: CentralManager
use ROLE: Submit
# --> next line commented out to prevent jobs from running on this host:
# use ROLE: Execute

# --- NETWORK SETTINGS ---

# Configure HTCondor services to listen to port 9618 on the IPv4
# loopback interface.
NETWORK_INTERFACE = 127.0.0.1
# --> next line added to allow job submissions to remote CEs:
NETWORK_INTERFACE = *
BIND_ALL_INTERFACES = False
CONDOR_HOST = 127.0.0.1
# --> next line added to avoid condor_status errors:
CONDOR_HOST = $(HOSTNAME)

# --- SECURITY SETTINGS ---

# Verify authenticity of HTCondor services by checking if they are
# running with an effective user id of user "condor".
SEC_DEFAULT_AUTHENTICATION = REQUIRED
SEC_DEFAULT_INTEGRITY = REQUIRED
ALLOW_DAEMON = condor@$(UID_DOMAIN)
ALLOW_NEGOTIATOR = condor@$(UID_DOMAIN)

# Configure so only user root or user condor can run condor_on,
# condor_off, condor_restart, and condor_userprio commands to manage
# HTCondor on this machine.
# If you wish any user to do so, comment out the line below.
ALLOW_ADMINISTRATOR = root@$(UID_DOMAIN) condor@$(UID_DOMAIN)

# Allow anyone (on the loopback interface) to submit jobs.
ALLOW_WRITE = *
# Allow anyone (on the loopback interface) to run condor_q or condor_status.
ALLOW_READ = *

# --- PERFORMANCE TUNING SETTINGS ---

# Since there is just one server in this pool, we can tune various
# polling intervals to be much more responsive than the system defaults
# (which are tuned for pools with thousands of servers).  This will
# enable jobs to be scheduled faster, and job monitoring to happen more
# frequently.
SCHEDD_INTERVAL = 5
NEGOTIATOR_INTERVAL = 2
NEGOTIATOR_CYCLE_DELAY = 5
STARTER_UPDATE_INTERVAL = 5
SHADOW_QUEUE_UPDATE_INTERVAL = 10
UPDATE_INTERVAL = 5
RUNBENCHMARKS = 0

# --- COMMON CHANGES ---

# Uncomment the lines below and do 'sudo condor_reconfig' if you wish
# condor_q to show jobs from all users with one line per job by default.
#CONDOR_Q_DASH_BATCH_IS_DEFAULT = False
#CONDOR_Q_ONLY_MY_JOBS = False

# next line added to run only the daemons necessary on a VObox
DAEMON_LIST = MASTER, SCHEDD, COLLECTOR
    /etc/condor/config.d/99-alice-vobox.conf 
    # non-standard settings for an ALICE VObox

CONDOR_FSYNC = False

GRIDMANAGER_DEBUG =
GRIDMANAGER_GAHP_CALL_TIMEOUT = 3600
GRIDMANAGER_GAHP_RESPONSE_TIMEOUT = 300
GRIDMANAGER_JOB_PROBE_INTERVAL = 600
GRIDMANAGER_MAX_PENDING_REQUESTS = 500
GRIDMANAGER_MAX_SUBMITTED_JOBS_PER_RESOURCE = 10000
GRIDMANAGER_SELECTION_EXPR = (ClusterId % 2)

  4. Restart HTCondor now and automatically at boot time:

    ~# systemctl restart condor
~# systemctl enable --now condor

  5. Check HTCondor is running and produces the following initial output:

    ~# pstree | grep condor
    |-condor_master-+-condor_collecto
    |               |-condor_procd
    |               |-condor_schedd
    |               `-condor_shared_p

LDAP and VObox Configuration (for the ALICE grid team)#

In the Environment section, these values need to be added/adjusted as needed:

Definition Description
CE_LCGCE=your-ce01.your-domain:9619, your-ce02.your-domain:9619, ... CE list example
USE_TOKEN=[0-2] use X509 proxy, WLCG token, or both
SUBMIT_ARGS=-append "+TestClassAd=1" ... Specify extra options for condor_submit command,
e.g. add extra ClassAd(s) to the job description

Mind the firewall settings on the VObox. See Network setup for more details.

Miscellaneous Scripts#

Cleanup script for job logs and stdout/stderr files removal:

Clean up script 
#!/bin/sh

cd ~/htcondor || exit

GZ_SIZE=10k
GZ_MINS=60
GZ_DAYS=2
RM_DAYS=7

STAMP=.stamp
prefix=cleanup-
log=$prefix`date +%y%m%d`
exec >> $log 2>&1 < /dev/null
echo === START `date`
for d in `ls -d 20??-??-??`
do
    (
        echo === $d
        stamp=$d/$STAMP
        [ -e $stamp ] || touch $stamp || exit
        if find $stamp -mtime +$RM_DAYS | grep . > /dev/null
        then
            echo removing...
            /bin/rm -r $d < /dev/null
            exit
        fi
        cd $d || exit
        find . ! -name .\* ! -name \*.gz \( -mtime +$GZ_DAYS -o \
             -size +$GZ_SIZE -mmin +$GZ_MINS \) -exec gzip -9v {} \;
     )
done
find $prefix* -mtime +$RM_DAYS -exec /bin/rm {} \;
echo === READY `date`

Crontab line for the cleanup script:

37 * * * * /bin/sh $HOME/cron/htcondor-cleanup.sh

ARC#

LDAP Configuration#

The following configuration parameters need to be added/adjusted as needed:

LDAP configuration examples 
# optional (normally not needed): the site BDII to take running and queued job numbers from

CE_SITE_BDII=ldap://site-bdii.gridpp.rl.ac.uk:2170/mds-vo-name=RAL-LCG2,o=grid

# specifies whether to use BDII and which GLUE schema version (only 2 is supported in JAliEn)
CE_USE_BDII=2

# a list of ARC CEs to be used for jobagent submission
CE_LCGCE=arc-ce01.gridpp.rl.ac.uk:2811/nordugrid-Condor-grid3000M, ...

# arguments for arcsub command (load-balancing is done by the JAliEn CE itself)
CE_SUBMITARG=--direct

# additional parameters to arcsub, in particular to pass XRSL clauses as shown
CE_SUBMITARG_LIST=xrsl:(queue=mcore_alice)(memory="2000")(count="8")(countpernode="8")(walltime="1500")(cputime="12000")

Debug ARC for Operations (to be tested)

Set the following variable in ~/.alien/config/CE.env file to let arc* CLI tools log debug output in CE.log.N files:

ARC_DEBUG=1