EOS storage

EOS storage system is both a grid storage and also a massive local storage.

The major advantage of this storage is it is available easily both locally (using it's POSIX path i.e. /eos/lyoeos.in2p3.fr/...) and remotely using X509 GRID certificates (or soon AAI) and XRootD or https protocols to read, write files from remote datacenters (CERN, CC-IN2P3...).

It is composed of 3 metadata (QDB) servers, 2 management (MGM) servers and more than 6 disk (FST) servers, all these underlying services compose a EOS storage system which is available both localy (/eos/...) than remotely in the WLCG grid (using XRootD, https protocols).

There are 2 management (MGM) servers, you need to contact these servers to use the service. Their names are lyoeosmgm1.in2p3.fr and lyoeosmgm2.in2p3.fr, high-available servers behind a failover mechanism which expose the service as lyoeos.in2p3.fr. So the storage service name is lyoeos.in2p3.fr.

How to use EOS ?

You can use this storage area locally using it's POSIX path i.e. /eos/lyoeos.in2p3.fr/...

There are some areas in the EOS system :

  • /eos/lyoeos.in2p3.fr/grid : GRID Area : files under the control of VOs (CMS, ALICE...)
  • /eos/lyoeos.in2p3.fr/group : GROUP Area : files shared inside your IP2I's local group
  • /eos/lyoeos.in2p3.fr/home : USER Area : your own files stored in EOS
  • /eos/lyoeos.in2p3.fr/scratch : SCRATCH area : where you can store your temporary files that will be automatically deleted after 90 days.

How to use EOS localy

First, let's see if the authentication mechanism is working well, if it know your account :

Your UNIX identity (user's ID) : 

id

Should be the same as your EOS identity (EOS user's ID) : 

cat /eos/lyoeos.in2p3.fr/proc/whoami

Then, set some environment variables like this (you can put them in your .bashrc) : 

export EOS_MGM_URL="root://lyoeos.in2p3.fr"
export EOS_HOME=/eos/lyoeos.in2p3.fr/home/$USER
export EOSHOME=$EOS_HOME

And you need to have a storage area (GRID, GROUP or USER area) where you can READ or WRITE. If not, discuss this topic with your supervisor or ask to IT support (https://support.ip2i.in2p3.fr)[https://support.ip2i.in2p3.fr]

Then, these commands should work : 

ls -l /eos/lyoeos.in2p3.fr/home/$USER
ls -l $EOSHOME
cp /etc/hosts /eos/lyoeos.in2p3.fr/home/$USER/hosts-cp
rm /eos/lyoeos.in2p3.fr/home/$USER/hosts-cp
cd /eos/lyoeos.in2p3.fr/home/$USER
touch hosts-cp
rm hosts-cp

How to use EOS remotely

First of all, you need to be authorized to use EOS, this is done thru an authorization system. Currently only the GSI X509 authorization protocol is implemented. This protocol requires that you should have a valid X509 GRID certificate and you should also have a valid proxy.

By default, when you create your proxy from you GRID certificate with the command voms-proxy-init, you proxy will be stored in a tiny file in /tmp named /tmp/x509up_u$UID (where $UID is the numerical ID of your account).

If you also set this export : 

export X509_USER_PROXY=$HOME/x509up_u$UID

With this (export X509_USER_PROXY=$HOME/x509up_u$UID), when you create your proxy with the command voms-proxy-init, it will be stored on your $HOME path (instead of /tmp which is local on the server), then with this trick, the proxy will be available and shared within all UI servers and all SLURM Workers, you can then access your EOS files from anywhere in the batch farm. Note that in some cases, you also need to copy your proxy to the local /tmp directory of the servers like this : cp -f $HOME/x509up_u$UID /tmp.

For example, you create your proxy like this (for the cms VO, with a proxy valid 192 hours = 1 week) :

voms-proxy-init --voms cms --valid 192:00

The voms-proxy-info -all command should display a valid proxy with some timeleft.

With a valid certificate, you can access all the files under the control of your VO or your group. You should be able to store files under your /eos/lyoeos.in2p3.fr/group area or your /eos/lyoeos.in2p3.fr/home/$USER area. If you don't have your /eos/lyoeos.in2p3.fr/home/$USER and you need one, please, ask for it.

If you need to put or read some files from another place (CC-IN2P3, CERN, or from jobs launched on the WLCG grid...), you just also need to have a valid certificate and then you can access the files stored on IP2I EOS system or store files into it remotely like localy, using the xrdcp or gfal-copy commands :

From anywhere, with an valid X509 proxy certificate, the following example copy a file from CERN into IP2I EOS system (replace my_user with your IP2I username) : 

CERN> $ xrdcp /etc/hosts root://lyoeos.in2p3.fr//eos/lyoeos.in2p3.fr/home/my_ip2i_user_name/file

From anywhere, with an valid X509 proxy certificate, the following example copy a file from the IP2I EOS system into the remote system (replace my_ip2i_user_name with your IP2I username) : 

CC-IN2P3> $ xrdcp root://lyoeos.in2p3.fr//eos/lyoeos.in2p3.fr/home/my_ip2i_user_name/file local_file

Then when you have a valid proxy, these commands should work (both from lyoui and from a SLURM job) : 

$ eos root://lyoeos.in2p3.fr whoami
$ eos root://lyoeos.in2p3.fr quota
$ xrdcp /etc/hosts root://lyoeos.in2p3.fr//eos/lyoeos.in2p3.fr/home/$USER/hosts-xrdcp
$ xrdfs lyoeos.in2p3.fr rm /eos/lyoeos.in2p3.fr/home/$USER/hosts-xrdcp
$ gfal-copy /etc/hosts root://lyoeos.in2p3.fr//eos/lyoeos.in2p3.fr/home/pugnere/hosts-gfal-copy
$ gfal-rm root://lyoeos.in2p3.fr//eos/lyoeos.in2p3.fr/home/pugnere/hosts-gfal-copy
$ eos root://lyoeos.in2p3.fr

The simplified commands should also work : 

$ eos whoami
$ eos quota
$ eos