I have already used CentOS 7(gcc11) platform in SWAN configuration for my coffea analysis. There, in order to access /eos/ and CMS datasets I used to set up a grid VO certificate in my home directory and I could access CMS datasets using XDROOT after executing the following commands in SWAN terminal:
Recently I decided to use AlmaLinux 9(gcc13) platform to be able to use jupyterlab. I set up my certificate but when I run ‘‘voms-proxy-init --rfc --voms cms -valid 192:00’’ in terminal I get the error:
“bash: voms-proxy-init: command not found”.
Does anybody know what is the problem?
How can I access /eos/ and CMS data in SWAN’s AlmaLinux 9 platform?
Also note that if the data is on /eos/cms, you should be able to access it normally now in Alma9 too. What we are missing is x509-based access to external data sources.
Your answer, created another question for me. Can I have access to CMS datasets on DAS normally without a proxy certificate in SWAN? I mean suppose I find my dataset on DAS and I want remote access to the root files in that dataset. Name of the file is
/store/mc/blublu…/somthing.root
Can I get access to this file in my notebook without proxy certificate?
Coffea-casa package implemented a facility to handle access to remote files without certificate on its own cloud infrastructure. It replaces
I’m afraid we do not have any means to get you credentials to access that CMS data store automatically. They probably store that dataset on their local xcache server which they must configure with tokenized access, that is probably why you do not need the proxy certificate. We have an equivalent functionality for data that is on EOS, you can access it via xrootd or via local fuse client without kinit, but we don’t have the same for that CMS data store.
Coffea-casa handles the issue of certificates internally through xcache tokens so that its users do not explicitly have to import their certificates, though this dynamic requires adjustiment of the redirector portion of the path to the root file requested.
and
In addition to handling authentication, XCache will cache files so that they are able to be pulled more quickly in subsequent runs of the analysis. It should be expected, then, that the first analysis run with a new coffea-casa file will run slower than ones which follow afterwards.
Thanks for sharing this, Artur. I’d need to check if such XCache servers with tokenized access are configured at CERN. I’ll inform here if that’s the case after checking with my colleagues.
Anyway as I said previously, for datasets on EOS we already have automatic credential generation when you start your session, so this would only be useful for tokenized access of cached external datasets.
We have scheduled an intervention on Monday 8th at 7am (CERN time) to make this change. If after that you still have problems generating your proxy certificate, please open a SNOW ticket to SWAN.