To get set up with a Rucio account please create a ticket on GGUS. Please fill in the form with a subject, description, ticket catagory - service request, priority - less urgent, and under routing information please select Assign to support unit - Rucio). Within the ticket description please include:
If you want password access we can organise a video call to explain or take
sensitive information if you prefer
In Terms of testing you can join the test VO (dteam) to try Rucio as a service
and its capabilities.
Please note that we are working on allowing Rucio accounts to be created and
accessed with IAM services, and
EGI Check-in, but currently only support
x509 and password access.
You will then need to install a containerised client on your computer.
$ openssl pkcs12 -in <*.pfx> -out /sensible/path/usercert.pem -clcerts -nokeys
$ openssl pkcs12 -in <*.pfx> -out /sensible/path/userkey.pem -nocerts -nodes
Run the Docker container using the following command:
When running the block of code below please replaces all items within <>
with
the relevent information. This uses a Rucio container that was setup for the EGI
communities.
$ run \
-e RUCIO_CFG_RUCIO_HOST=https://rucio-server.gridpp.rl.ac.uk:443 \
-e RUCIO_CFG_AUTH_HOST=https://rucio-server.gridpp.rl.ac.uk:443 \
-e RUCIO_CFG_AUTH_TYPE=x509_proxy \
-e RUCIO_CFG_CLIENT_VO=<3 CHAR VO NAME LOWERCASE> \
-e RUCIO_CFG_CLIENT_CERT=/opt/rucio/etc/usercert.pem \
-e RUCIO_CFG_CLIENT_KEY=/opt/rucio/etc/userkey.pem \
-e RUCIO_CFG_ACCOUNT=<Rucio Username> \
-e RUCIO_CFG_CA_CERT=/opt/rucio/etc/web/ca-first.pem \
-v <PATH/TO/e-Science CA 2B>:/opt/rucio/etc/web/ca-first.pem \
-v <PATH/TO/YOUR/USERCERT>:/opt/rucio/etc/usercert \
-v <PATH/TO/YOUR/USERKEY>:/opt/rucio/etc/userkey \
--name=rucio-client \
-it \
-d egifedcloud/rucioclient:1.23.17
This block of code may look large but it is configuring Rucio to connect to the Multi-VO Rucio at RAL, your account and VO details, where you are loading them into the container, and mounting the authentication details into the container.
The UK eScience CA 2B can be obtained here. The 3 character VO name will be provided to you when you sign up for a Rucio account.
$ cp /opt/rucio/etc/usercert /opt/rucio/etc/usercert.pem
$ cp /opt/rucio/etc/userkey /opt/rucio/etc/userkey.pem
$ chmod 600 /opt/rucio/etc/usercert.pem
$ chmod 400 /opt/rucio/etc/userkey.pem
You need to edit the /opt/rucio/etc/rucio.cfg
file, this then needs to be
lightly edited to add your account name. This will then be loaded into the Rucio
client.
[common]
logdir = /var/log/rucio
multi_vo = True
loglevel = INFO
[client]
rucio_host = https://rucio-server.gridpp.rl.ac.uk:443
auth_host = https://rucio-server.gridpp.rl.ac.uk:443
vo = <3 character VO name>
account = <your_account>
ca_cert = /opt/rucio/etc/web/ca-first.pem
auth_type = x509_proxy
client_cert = /opt/rucio/etc/usercert.pem
client_key = /opt/rucio/etc/userkey.pem
client_x509_proxy = /tmp/x509up_u1000
request_retries = 5
You should now have a fully set up Containerised Client for your Rucio Account and VO which you can start in docker and use whenever you need it.
To get set up with a new VO on Multi-VO Rucio account please create a ticket on ggus. Please fill in the form with a subject, description, ticket catagory - service request, priortiy - less urgent, and under routing information please select ‘assign to support unit’ - Rucio).
We will set up a meeting to discuss Rucio, your needs, sites, and current set up to ensure that Rucio can work for you, and will track progress with the ticket.