90 likes | 236 Vues
LAL Site Report. Michel Jouvin LAL / IN2P3 jouvin@lal.in2p3.fr. 100 Go. FC. FC. HDS 9570 4 TB. ESA12000 1,5 TB. Electronic CAD (20 Sun CPUs). Alpha Experiments (8 CPUs). Linux Experiments (40 CPUs). GRID Fram (40 CPUs). Mac (100). Xterm. PC (300). Main Resources. DS20.
E N D
LAL Site Report Michel Jouvin LAL / IN2P3 jouvin@lal.in2p3.fr
100 Go FC FC HDS 9570 4 TB ESA12000 1,5 TB Electronic CAD (20 Sun CPUs) Alpha Experiments (8 CPUs) Linux Experiments (40 CPUs) GRID Fram (40 CPUs) Mac (100) Xterm PC (300) Main Resources DS20 LSF Cluster • NFS • SMB • Appletalk • www • Mail • Print DS20e Gb Ethernet 100 Mb 10 Mb LAL Site Report - HEPix - FZK 2005
Main Resources Changes • No HW change since BN Hepix • 6TB on order (SATA extension to HDS 9570V), 3TB more planned in autumn • Call for tender for new CPUs (20 dual Opteron ?) • Linux upgrade to Scientific Linux • Currently installed on all new machines (i386 or amd64) • Upgrade of old RH 7.2/9 machines (25) planned shortly. Will be done with Quattor (currently being set up) • Future HW upgrades driven by Tier2 project • x3 in 2006 and 2007 for CPU and storage LAL Site Report - HEPix - FZK 2005
Mail Service • Authenticated SMTP • Spam : Bayesian filtering useful • Filtering efficiency : ~95% - pretty constant • Centralized database (no per user) • Management cost very low since last summer • More than 3 months needed to reach current efficiency • Feed filter db with a few hundreds of undecteted SPAMs every month coming from 3-5 users • Move to Cyrus v2 still a project… • Plan to implement a calendar server • Based on CalDAV • Client integrated in Mulberry (and many others probably) LAL Site Report - HEPix - FZK 2005
Mail Service : Blacklists • LAL mailer blacklisted because of… Squid (Web cache) • LAL faulty : Squid misconfiguration allowing to use it as a TCP relay for almost any protocol… • One exploit is to use squid to workaround relay restriction on mailer and use it to send SPAM • Misconfiguration 10 years old…!!! • LAL blacklisted by 2 DNS blacklist service : • http://opm.blitzed.org : very professional, well documented automatic procedure to be removed • http://www.spin.it (based on ???) : unable to get the reason, a nightmare to be removed from BL. • Advice : if using blacklist, use well managed ones. LAL Site Report - HEPix - FZK 2005
Certificates • For 1 year, moving to certificates for Web authorization • Delivered by CNRS to every CNRS employee • Suppress traditional user/pwd auth as much as possible • More service available to LAL users outside lab • Moving to certificates for Subversion (CVS replacement) • Subversion access through HTTP + WebDav • Moving to certificated for WiKi authorization • Very successfull with Trac • Not working properly with TWiKi • Promoting use of certificate for mail signature (or encryption) LAL Site Report - HEPix - FZK 2005
Windows Infrastructure • IN2P3 forest still very successfull • 11 labs in production • All IN2P3 labs should participate • An administrators group set up in April (5 persons, 1 Trac site) • Management cost very low… • Looking at MOM to get centralized alert on key infrastructure components • Move of LAL AD domain to IN2P3 forest delayed • Antivirus : moving from F-Secure to McAfee • License policy change at CNRS / french Universities • + : MSI deployment, - : signatures updates with SMS • A couple of machines infected every month : generally when user has the administrator accout…, cleaning is time consuming… LAL Site Report - HEPix - FZK 2005
GRID • Paris region Tier2 project officially launched • Will be part of French MOU for LCG • Getting financial support is still a challenge… • Partnership of 3 labs : DAPNIA, LAL, LPNHE • Will be 1 unified resource from the GRID • Distributed over 3 sites • Target : simulation AND analysis • Opened to all LHC experiments + 20% non LHC (EGEE, local) • CPU capacity : 1500 CPUs • Large amount of storage planned : 300 TB of disks • Looking at LUSTRE for a distributed filesystem (HP partnership) LAL Site Report - HEPix - FZK 2005
Miscellaneous Projects • Quattor : nearly in production… • Serial Console Management with SLAC/CERN tool : not yet • Presented at Hepix by C. Boeheim and H. Meinhard • Conference organization tool • InDiCo installation postponed (too many problems encountered) • EU project based on CERN Agenda, presented at Edinburgh • Agenda started and now in production for internal and external use • Automatic visitor registration : postponed • Currently done manually on request (difficult but still manageable) • No WiFi access to visitors (except for conferences) • Dedicated network (routed) for conferences and visitors, not part of the intranet (in progress) LAL Site Report - HEPix - FZK 2005