Start the Apptainer
Choose your apptainer
gpvm apptainer
/cvmfs/oasis.opensciencegrid.org/mis/apptainer/current/bin/apptainer shell --shell=/bin/bash -B /cvmfs,/exp,/nashome,/pnfs/dune,/opt,/run/user,/etc/hostname,/etc/hosts,/etc/krb5.conf --ipc --pid /cvmfs/singularity.opensciencegrid.org/fermilab/fnal-dev-sl7:latestcern apptainer
/cvmfs/oasis.opensciencegrid.org/mis/apptainer/current/bin/apptainer shell --shell=/bin/bash -B /cvmfs,/afs,/opt,/run/user,/etc/hostname --ipc --pid /cvmfs/singularity.opensciencegrid.org/fermilab/fnal-dev-sl7:latest
# use ups to find programs - this only works on SL7
source /cvmfs/dune.opensciencegrid.org/products/dune/setup_dune.sh
# do some data access setup
export IFDH_CP_MAXRETRIES=0 # no retries
export METACAT_SERVER_URL=https://metacat.fnal.gov:9443/dune_meta_prod/app
export METACAT_AUTH_SERVER_URL=https://metacat.fnal.gov:8143/auth/dune
# access some disks
export DUNEDATA=/exp/dune/data/users/$USER
export DUNEAPP=/exp/dune/app/users/$USER
export PERSISTENT=/pnfs/dune/persistent/users/$USER
export SCRATCH=/pnfs/dune/scratch/users/$USER
# set up the full DUNE SW suite
export DUNELAR_VERSION=v10_07_00d00 # you want to update this
export DUNELAR_QUALIFIER=e26:prof # you want to update this
setup -B dunesw ${DUNELAR_VERSION} -q ${DUNELAR_QUALIFIER}
To get a token that allows you to access files interactively in SL7
htgettoken -i dune --vaultserver htvaultprod.fnal.gov -r interactive
export BEARER_TOKEN_FILE=/run/user/`id -u`/bt_u`id -u`
put this in a file called dune_token.sh
The first time you do this you will see:
Attempting kerberos auth with https://htvaultprod.fnal.gov:8200 ... succeeded
Attempting to get token from https://htvaultprod.fnal.gov:8200 ... failed
Attempting OIDC authentication with https://htvaultprod.fnal.gov:8200
Complete the authentication at:
https://cilogon.org/device/?user_code=XXXX
No web open command defined, please copy/paste the above to any web browser
Waiting for response in web browser
Go to that web site and authenticate
Storing vault token in /tmp/vt_uXXX
Saving credkey to /nashome/s/USER/.config/htgettoken/credkey-dune-interactive
Saving refresh token ... done
Attempting to get token from https://htvaultprod.fnal.gov:8200 ... succeeded
Storing bearer token in /run/user/XXXX/bt_XXXX
Accessing rucio and justin require a bit more
in SL7 - put this in a file called dune_data_sl7.sh so you can use it again.
setup metacat
setup rucio
export RUCIO_ACCOUNT=justinreadonly
setup justin
justin time # this just tells justin that you exist and want to authenticate
justin get-token # this actually gets a token and associated proxy for access to rucio and the batch system
The first time you do this you will get asked (after the justin time command)
To authorize this computer to run the justin command, visit this page with your
usual web browser and follow the instructions within the next 10 minutes:
https://dunejustin.fnal.gov/authorize/XXXXX
Check that the Session ID displayed on that page is BfhVBmQ
Once you've followed the instructions on that web page, please run the command
you tried again. You won't need to authorize this computer again for 7 days.
Once again go to the website that appears and authenticate. After the first authentication to justIn you need to do a second justin call
justin get-token
You will need to do this sequence weekly as your justin access expires.
Note:
Despite the name of this command it gets you both a token and a special X.509 proxy and it is the latter you are actually using to talk to rucio in these SL7 examples
check root
root -l root://meitner.tier2.hep.manchester.ac.uk:1094//cephfs/experiments/dune/RSE/fardet-vd/fd/a6/prodmarley_nue_es_flat_radiological_decay0_dunevd10kt_1x8x14_3view_30deg_20250217T033222Z_gen_004122_supernova_g4stage1_g4stage2_detsim_reco.root
.q
check rucio
rucio replica list file fardet-vd:prodmarley_nue_es_flat_radiological_decay0_dunevd10kt_1x8x14_3view_30deg_20250217T033222Z_gen_004122_supernova_g4stage1_g4stage2_detsim_reco.root --protocols=root --pfns