ATLAS PanDA server instances
Operating systems and python versions
We are currently running ALMA9 instances and python3.11
Puppet prerequisites
Puppet environment: production, Roger
state: production
Foreman ALMA9 hostgroup: vopanda/pandaserver/server_py3
Node aliases
Our PanDA server nodes have the aliases atlas-pandaserver-<2 digit number>.cern.ch, running from 00 to 08.
Installation
Full installation guide can be found under: https://panda-wms.readthedocs.io/en/latest/installation/server.html. The objective of this wiki is just to give an overview of the ATLAS production instances.
Python virtual environment
System env variable: VIRTUAL_ENV
Location: /opt/panda
/opt/panda/bin/python -V
Python 3.11.2
The PanDA code will be under: /opt/panda/lib/python3.11/site-packages/pandaserver
Installing and updating the code
The first time you install the code, you will want to bring in all atlasprod dependencies to install e.g. cx_oracle and the Rucio client:
/opt/panda/bin/pip install panda-server[atlasprod]
In order to install just the latest PanDA server code from github:
/opt/panda/bin/pip install --no-deps --force-reinstall git+https://github.com/PanDAWMS/panda-server.git
systemd services
The environment for systemd services has to be passed in a new format. The environment file is /etc/sysconfig/panda_server_env.
We have a parent (fake) service for panda, and two dependent (real) services panda_daemon and panda_httpd.
ls -lrt /etc/systemd/system/panda*
-rw-r--r--. 1 root root 320 May 17 12:24 /etc/systemd/system/panda.service
-rw-r--r--. 1 root root 519 May 17 12:24 /etc/systemd/system/panda_daemon.service
-rw-r--r--. 1 root root 390 May 17 12:24 /etc/systemd/system/panda_httpd.service
The very first time after setting up a machine, you need to enable the services.
systemctl enable panda.service
systemctl enable panda_daemon.service
systemctl enable panda_httpd.service
You can start/stop the parent service and it should trigger the start/stop of the dependent services.
systemctl start panda.service
systemctl stop panda.service
You can also start/stop the dependent services by themselves.
systemctl start panda_httpd.service
systemctl stop panda_httpd.service
systemctl start panda_daemon.service
systemctl stop panda_daemon.service
Systemd will not print anything out to the console. Instead you need to query the output by running:
systemctl status panda.service
Here you will find information, for example if the DB Schema check was passed.
The parent service does not give any information about the status of the sub-services. For this you need to query the dependent services directly.
systemctl status panda_httpd.service
● panda_httpd.service - PanDA server httpd service
Loaded: loaded (/etc/systemd/system/panda_httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2023-05-17 12:45:31 CEST; 35min ago
Main PID: 1530 (httpd)
Status: "Total requests: 24631; Idle/Busy workers 94/6;Requests/sec: 11.7; Bytes served/sec: 320KB/sec"
Tasks: 214 (limit: 91328)
Memory: 2.6G
CPU: 16min 15.406s
CGroup: /system.slice/panda_httpd.service
├─ 1530 /usr/sbin/httpd -f /etc/panda/panda_server-httpd.conf -k start -D FOREGROUND
├─ 1943 /usr/sbin/httpd -f /etc/panda/panda_server-httpd.conf -k start -D FOREGROUND
…
If there are issues starting the service, you can get additional information using journalctl.
journalctl -xeu panda_httpd.service
Logs and log rotation
Logs are under /var/log/panda.
Log rotate running times are now handled by systemd timers. You can see the time using this command:
systemctl list-timers logrotate
NEXT LEFT LAST PASSED UNIT ACTIVATES
Tue 2023-06-27 09:14:58 CEST 16h left Mon 2023-06-26 16:12:08 CEST 4min 52s ago logrotate.timer logrotate.service
1 timers listed.
Pass --all to see loaded but inactive timers, too.
Steps to online new node
Install panda server code through pip
Start panda server and squid
Open the ports 25080 (http), 25085 (squid), 25443 (https) (CSOps/CERN Firewall)
Add to squid config as new peer (CSOps)
Add to LB of pandaserver.cern.ch (CSOps)
New nodes have to be registered to the bigpanda group host certificate (CSOps and CERN IT)
Enable the services