SysAdmin FAQ

Information for users and Frequently Answered Questions.
Please contact TDAQ SysAdmins if you do not find an answer in these twiki pages.

  - advanced search

General

The ATLAS experiment is located in Point 1.
All the network devices used by the experiment are connected to the experiment network: the ATLAS Technical and Control Network (ATCN). See also the Network GuideLines.
A Point 1 account is needed to access any device in Point 1 connected to ATCN; see below for more details in Accounts and Access Manager Role twiki pages.

All CERN users, including P1 users, have to comply to the CERN Computer Security and Data Privacy Protection rules.
In particular to

All the Linux devices are installed and managed by the TDAQ System Administration team.

The following web tools/pages for the time being are not and will not be available inside ATCN as recommended by CERN Computing Security:

  • Jira
    • from the CERN Computer Security Officer: "the Jira instances are heavily used and visible form the Internet. Therefore, I strongly discourage making them visible to the ATCN."
    • last update: 3 Feb 2017
  • CERN TWiki: similar as above
  • Mattermost, Skype for business, Facebook, Messenger, etc are not and will not be allowed
    • discussed at the CNIC meeting on 28 Sep 2017
  • Service Now is not and will not be allowed
    • discussed at the CNIC meeting on 30 Nov 2017
  • python virtualenv and similar (PIP) are not recommended and will not be allowed in ATCN
    • discussed at the CNIC meeting in 29 June 2017 and 27 Nov 2018

Operating System and packages

The currently supported OS is SLC6.10 and CC7.5.

The RPM installed have to come from the CERN SLC6 or CC7 repositories.
Exceptions could be made if strictly needed, please contact TDAQ SysAdmins as we will need to evaluate case by case.
In particular:

  • other Linux flavours (Embedded Linux systems) should be network isolated and a security document must be provided. It will be submitted to CERN Computing Security for approval. See the available template.
  • if you build your own RPM:
    • we need to check they are built correctly and to know who exactly will be the responsible for maintaining and updating the package.
    • These RPMs will have to be added in our (ATLAS TDAQ SysAdmin) repo and then installed via Puppet
  • RPM from other distribution :
    • each request will be evaluated, please write all the details (e.g. reasons, needs, ...)

Migration to CC7

The migration to CC7 must be performed by Nov 2020 which is the SLC6 end of life.

On Dec 1st, 2020, the SLC6 nodes will be disconnected

List of nodes to be migrated.

Localboot systems
Detectors Run Coordinator are encouraged to migrated their nodes:
  • please open a ticket, see the ContactSysAdmins, so to followup properly.
  • as the node will be re-installed, please backup your local data if any

The migration of ACR and SCR nodes will be planned once the profile will be ready, currently (August 2019) it is not yet available.

Netbooted systems
The CC7 image has been prepared and tested in TestBed.
It takes us few minutes to update our configuration database to boot you SBC node with CC7 instead of SLC6.
And of course there could be something very specific configuration related to your node that could need to be fixed or updated.
Note also that one can also revert back to SLC6 if needed.
Please when do you decide to try with one of your nodes, open a ticket, see the link ContactSysAdmins, so that we can followup properly.

Network Guidelines

CERN Computing Security

Please carefully read the following:

Contact TDAQ SysAdmins

Accounts and Access Manager Role

Gateways and access to Point 1

Web servers and services, Twiki and Gateway Proxy

  • We suggest you to install the CERN CA Certificates in your browser.
  • Gateway Proxy Setup: how to setup the ATLAS Gateway proxy to access the Point 1 Internal Web Servers from GPN
  • Editing TWiki Pages : tricks and tips to correctly edit these P1 Twiki pages
  • Web Servers : description of the Internal and external Point 1 web servers
  • Web Services : service under development
  • ELiSA (Electronic Logbook for the information Storage of ATLAS) is the ATLAS Electronic logbook system. It has been developed by TDAQ CC, the responsible and maintainer is Alina Radu. Please contact her for any question.

Control Room and shifts

  • ACR PCs Map and Cabling: ACR nodes list, map, names etc
  • ACR Issues : most common problems with login, applications, roles, desks
  • ACR Issues PC : what to do if X Server or machine freezes
  • CR User login: Which CR users can login on which CR node
  • Control Room Desktop (CRD): menu and corresponding configurations are managed by TDAQ CC, in particular please contact Alina Radu.
  • please refer to OPM or the slimos shifter for issues with
    • projectors in ACR
    • wall-mount display in ACR (showing LHC Page1)

Physically installing and removing computers in Point 1

Using computers in Point 1

Configuration

Localbooted and Netbooted machines

  • LocalBoot system : the OS is installed on the disk available on the machine itself
  • NetBoot system: the OS image is loaded via network, the same image is used for all the NetBooted devices in Point 1

Using TDAQ Software

Monitoring

Miscellanea

-- SergioBallestrero - 2010-02-17

-- DianaScannicchio - 2016-10-15

Topic attachments
I Attachment History Action Size Date Who Comment
Microsoft Word filedocx ATLAS_Embedded_Linux_template.docx r1 manage 21.0 K 2017-12-06 - 15:52 DianaScannicchio Embedded Linux Security Document Template
Edit | Attach | Watch | Print version | History: r152 < r151 < r150 < r149 < r148 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r152 - 2020-11-10 - scannicc_40CERN_2eCH
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding ATLAS?Please contact the page author (see Topic revision above) or the Run Coordinator of the specific system.
Contact SysAdmins support only for technical issues