Introduction

• Information only for T2s (and T3s).
• ACL information only for DPM for the moment.
• Atlas official requirements in http://indico.cern.ch/materialDisplay.py?contribId=1&materialId=slides&confId=37181
  • but contents are not final yet.

• The requirements for ATLASGROUPDISK is temporary due to a technical limitation in DPM. Atlas has contacted DPM developpers. The proper implementation is expected to be available in September.

• Unless mentioned, the size is for a typical T2 with ~500 CPUs and ~100 TB disk
• Site admin's are requested to create at least the space tokens. The namespace directories can be left to atlas production if the top directory is properly set up so that /atlas/Role=production is allowed to execute dpns-mkdir and dpns-setacl remotely. (Of course they are welcome to create them by themselves).
• A T3 will need ATLASDATADISK if it would like to receive real data, ATLASMCDISK to received simulated data, ATLASGROUPDISK to receive group analysis data, and ATLASPRODDISK to contribute official production. ATLASUSERDISK is not necessary, but may be needed if the site contributes non-local user analysis.

• In general read permission should be given to all ATLAS users everywhere.
• In general write permission should be given to /atlas/Role=production everywhere, so that the ATLAS central deletion tool can work.

ATLAS top directory

• On this page the top directory for ATLAS is represented by .../atlas. Each site should replace it according to their SE configuration.
  • eg. It is lapp-se01.in2p3.fr:/dpm/in2p3.fr/home/atlas for lapp.

• Although it is up to sites policies, but it is recommended
  • to have this top directory configured so that only /atlas/Role=production and /atlas/Role=lcgadmin can create files/directories underneath and but ordinary users cannot.

Summary table for Space token and Name space

ATLASDATADISK

• Estimation of size comes later
• VOMS group associated with the space: /atlas/Role=production
• namespace to be created: .../atlas/atlasdatadisk
  • Normally, sites already have this namespace created.
• namespace acl:

# group: atlas/Role=production
user::rwx
group::rwx              #effective:rwx
group:atlas/Role=production:rwx         #effective:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:atlas/Role=production:rwx
default:mask::rwx
default:other::r-x

ATLASMCDISK

• 15TB for a typical T2 with ~500 CPU?fs and ~100 TB disk
  • 60TB for a T2 requesting for 100% AOD.
  • The size may increase in case D1PD comes in this space.
• namespace to be created: /atlas/atlasmcdisk
  • Normally, sites already have this namespace created.
• Namespace ACL:

# group: atlas/Role=production
user::rwx
group::rwx              #effective:r-x
group:atlas/Role=production:rwx         #effective:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:atlas/Role=production:rwx
default:mask::rwx
default:other::r-x

ATLASPRODDISK

• 2TB for a typical T2 with ~500 CPU?fs (the size is to be re-visited)
  • scales with the CPU capacity of the site.
  • will be larger if the reconstruction jobs run on the site.
• Namespace to be created and its ACL: .../atlas/atlasproddisk, write permission only to /atlas/Role=production

# group: atlas/Role=production
user::rwx
group::rwx              #effective:rwx
group:atlas/Role=production:rwx         #effective:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:atlas/Role=production:rwx
default:mask::rwx
default:other::r-x

ATLASGROUPDISK

• 6TB for a typical T2 with ~500 CPU?fs and ~100 TB disk
  • The size may decrease in case D1PD goes into ATLASMCDISK.
• VOMS group associated with the space: /atlas
  • A temporary solution until multiple group support to the spaces is available.
  • Once it is available, the groups will be /atlas/Role=production and /atlas/$GROUP/Role=production
• namespaces to be created and their ACLs:
  • .../atlas/atlasgroupdisk, write permission only to /atlas/Role=production
  • .../atlas/atlasgroupdisk/$GROUP, write permission to atlas/Role=production and /atlas/$GROUP/Role=production ($GROUP = phys-beauty, phys-exotics, phys-gener, phys-hi, phys-higgs, phys-lumin, phys-sm, phys-susy, phys-top, perf-egamma, perf-flavtag, perf-jets, perf-muons, perf-tau, etc.)
  • eg. for phys-higgs

# group: atlas/Role=production
user::rwx
group::rwx              #effective:rwx
group:atlas/Role=production:rwx         #effective:rwx
group:atlas/phys-higgs/Role=production:rwx         #effective:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:atlas/Role=production:rwx
default:group:atlas/phys-higgs/Role=production:rwx
default:mask::rwx
default:other::r-x
</ul>




ATLASUSERDISK

• 5TB for a typical T2 with ~500 CPU?fs and ~100 TB disk
• namespace to be created: .../atlas/user
• ACL: write permission to all ATLAS users
• Normally, sites already have this namespace created by user analysis jobs so far.
• example commands
  • dpns-mkdir .../atlas/user
  • dpns-setacl -m g:atlas:rwx,m:rwx,d:g:atlas:r-x .../atlas/user
  • dpns-getacl .../atlas/user

# group: atlas
user::rwx
group::rwx              #effective:rwx
group:atlas/Role=production:rwx         #effective:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:atlas/Role=production:rwx
default:mask::rwx
default:other::r-x




ATLASLOCALGROUPDISK

• size to be decided by sites.
  • the resources not included in the pledge.
• name space: .../atlas/fr/user (or .../atlas/ro/user, .../atlas/cn/user, .../atlas/jp/user, etc.)
• ACL: write permission only to /atlas/fr group (or /atlas/ro, /atlas/cn, /atlas/jp correspondingly)
• example ACL:

# group: atlas/fr
user::rwx
group::rwx
group:atlas/Role=production:rwx
group:atlas/fr:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:atlas/Role=production:rwx
default:mask::rwx
default:other::r-x