Rucio Administrative CLI¶
usage: rucio-admin [-h] [--version] [--verbose] [-H ADDRESS]
[--auth-host ADDRESS] [-a ACCOUNT] [-S AUTH_STRATEGY]
[-T TIMEOUT] [-u USERNAME] [-pwd PASSWORD]
[--certificate CERTIFICATE]
[--ca-certificate CA_CERTIFICATE]
{account,identity,rse,scope,config,subscription,replicas}
...
Named Arguments¶
--version | show program’s version number and exit |
--verbose, -v | Print more verbose output Default: False |
-H, --host | The Rucio API host |
--auth-host | The Rucio Authentication host |
-a, --account | Rucio account to use |
-S, --auth-strategy | |
Authentication strategy (userpass, x509, ssh …) | |
-T, --timeout | Set all timeout values to SECONDS |
-u, --user | username |
-pwd, --password | |
password | |
--certificate | Client certificate file |
--ca-certificate | |
CA certificate to verify peer against (SSL) |
Sub-commands:¶
account¶
Account methods
rucio-admin account [-h]
{list,list-attributes,add-attribute,delete-attribute,add,delete,info,list-identities,set-limits,get-limits,delete-limits,ban,unban}
...
Sub-commands:¶
list¶
List Rucio accounts.
rucio-admin account list [-h] [--type ACCOUNT_TYPE] [--id IDENTITY]
[--filters FILTERS]
Named Arguments¶
--type | Account Type (USER, GROUP, SERVICE) |
--id | Identity (e.g. DN) |
--filters | Filter arguments in form key=value,another_key=next_value |
Usage example¶
$ rucio-admin account list --type 'user'
list-attributes¶
List attributes for an account.
rucio-admin account list-attributes [-h] account
Positional Arguments¶
account | Account name |
Usage example¶
$ rucio-admin account list-attributes jdoe
+-------+---------+
| Key | Value |
|-------+---------|
| admin | False |
+-------+---------+
Note: this table empty in most cases.
add-attribute¶
Add attribute for an account.
rucio-admin account add-attribute [-h] --key KEY --value VALUE account
Positional Arguments¶
account | Account name |
Named Arguments¶
--key | Attribute key |
--value | Attribute value |
Usage example¶
$ rucio-admin account add-attribute --key 'test' --value true jdoe
Note: no printed stdout.
delete-attribute¶
Delete attribute for an account.
rucio-admin account delete-attribute [-h] --key KEY account
Positional Arguments¶
account | Account name |
Named Arguments¶
--key | Attribute key |
add¶
Add Rucio account.
rucio-admin account add [-h] [--type ACCOUNTTYPE] [--email ACCOUNTEMAIL]
account
Positional Arguments¶
account | Account name |
Named Arguments¶
--type | Account Type Default: “USER” |
Email address associated with the account |
Usage example¶
$ rucio-admin account add jdoe-sister
Added new account: jdoe-sister
delete¶
Delete Rucio account.
rucio-admin account delete [-h] acnt
Positional Arguments¶
acnt | Account name |
Usage example¶
$ rucio-admin account delete jdoe-sister
Deleted account: jdoe-sister
info¶
Show detailed information about an account.
rucio-admin account info [-h] account
Positional Arguments¶
account | Account name |
Usage example¶
$ rucio-admin account info jdoe
status : ACTIVE
account : jdoe
account_type : SERVICE
created_at : 2015-02-03T15:51:16
suspended_at : None
updated_at : 2015-02-03T15:51:16
deleted_at : None
email : None
list-identities¶
List all identities (DNs) on an account.
rucio-admin account list-identities [-h] account
Positional Arguments¶
account | Account name |
Usage example¶
$ rucio-admin account list-identities jdoe
Identity: /C=DE/O=GermanGrid/OU=Desy/CN=Joe Doe, type: X509
Identity: jdoe@CERN.CH, type: GSS
Identity: /DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=jdoe/CN=707654/CN=Joe Doe, type: X509
set-limits¶
Set the limits for the provided account at given RSE.
rucio-admin account set-limits [-h] account rse bytes
Positional Arguments¶
account | Account name |
rse | RSE boolean expression |
bytes | Value can be specified in bytes (“10000”), with a storage unit (“10GB”), or “infinity” |
Usage example¶
$ rucio-admin account set-limits jdoe DESY-ZN_DATADISK 1000000000000
Set account limit for account jdoe on RSE DESY-ZN_DATADISK: 1.000 TB
Note: the order of perameters is fixed: account, rse, bytes.
get-limits¶
To get the account limits on an RSE.
rucio-admin account get-limits [-h] account rse
Positional Arguments¶
account | Account name |
rse | The RSE name |
Usage example¶
$ rucio-admin account get-limits jdoe DESY-ZN_DATADISK
Quota on DESY-ZN_DATADISK for jdoe : 1.000 TB
Note: the order of parameters is fixed: account, rse.
delete-limits¶
Delete limites for an account at given RSE.
rucio-admin account delete-limits [-h] account rse
Positional Arguments¶
account | Account name |
rse | RSE name |
Usage example¶
$ rucio-admain account delete-limits jdoe DESY-ZN_DATADISK
Deleted account limit for account jdoe and RSE DESY-ZN_DATADISK
Note: the order of parameters is fixed: account, rse.
identity¶
Identity methods
rucio-admin identity [-h] {add,delete} ...
Sub-commands:¶
add¶
Grant an identity access to an account.
rucio-admin identity add [-h] --account ACCOUNT --type {X509,GSS,USERPASS,SSH}
--id IDENTITY --email EMAIL
Named Arguments¶
--account | Account name |
--type | Possible choices: X509, GSS, USERPASS, SSH Authentication type [X509|GSS|USERPASS|SSH] |
--id | Identity |
Email address associated with the identity |
Usage example¶
To add an identity of X509 type:
$ rucio-admin identity add --account jdoe --type X509 --id '/DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=jdoe/CN=707658/CN=Joe Doe' --email jdoe@cern.ch
Added new identity to account: /DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=jdoe/CN=707658/CN=Joe Doe-jdoe
$ rucio-admin account list-identities jdoe
Identity: /DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=jdoe/CN=707658/CN=Joe Doe, type: X509
Note: please keep the DN inside quota marks.
To add an identity of GSS type:
$ rucio-admin identity add --account jdoe --type GSS --email jdoe@cern.ch --id jdoe@CERN.CH
Added new identity to account: jdoe@CERN.CH-jdoe
$ rucio-admin account list-identities jdoe
Identity: jdoe@CERN.CH, type: GSS
Identity: /DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=jdoe/CN=707658/CN=Joe Doe, type: X509
delete¶
Revoke an identity’s access to an account. The mandatory parameters are account, type and identity.
rucio-admin identity delete [-h] --account ACCOUNT --type
{X509,GSS,USERPASS,SSH} --id IDENTITY
Named Arguments¶
--account | Account name |
--type | Possible choices: X509, GSS, USERPASS, SSH Authentication type [X509|GSS|USERPASS|SSH] |
--id | Identity |
Usage example¶
$ rucio-admin identity delete --account jdoe --type X509 --id '/DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=jdoe/CN=707658/CN=Joe Doe'
Deleted identity: /DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=jdoe/CN=707658/CN=Joe Doe
Note: if the identity was accidentaly deleted, use add option.
rse¶
RSE (Rucio Storage Element) methods
rucio-admin rse [-h]
{list,add,info,set-attribute,delete-attribute,add-distance,update-distance,get-distance,get-attribute,add-protocol,delete-protocol,delete}
...
Sub-commands:¶
list¶
List all RSEs.
rucio-admin rse list [-h]
Usage example¶
To list all rses:
$ rucio-admin rse list
Note: same as rucio list-rses
To list special class of rses:
$ rucio list-rses --expression "tier=2&type=DATADISK"
add¶
Add new RSE.
rucio-admin rse add [-h] [--non-deterministic] rse
Positional Arguments¶
rse | RSE name |
Named Arguments¶
--non-deterministic | |
Create RSE in non-deterministic mode Default: False |
Example Usage¶
$ rucio-admin rse add JDOES-TEST_DATADISK
Added new deterministic RSE: JDOES-TEST_DATADISK
$ rucio-admin rse add --non-deterministic JDOES-TEST_DATATAPE
Added new non-deterministic RSE: JDOES-TEST_DATATAPE
info¶
Information about RSE.
rucio-admin rse info [-h] rse
Positional Arguments¶
rse | RSE name |
Usage example¶
Information about a RSE:
$ rucio-admin rse info JDOES-TEST_DATADISK
Settings:
=========
third_party_copy_protocol: 1
rse_type: DISK
domain: [u'lan', u'wan']
availability_delete: True
delete_protocol: 1
rse: JDOES-TEST_DATADISK
deterministic: True
write_protocol: 1
read_protocol: 1
staging_area: False
credentials: None
availability_write: True
lfn2pfn_algorithm: default
availability_read: True
volatile: False
id: 9c54c73cbd534450b2202a576f809f1f
Attributes:
===========
JDOES-TEST_DATADISK: True
Protocols:
==========
Usage:
======
rucio
used: 0
rse: JDOES-TEST_DATADISK
updated_at: 2018-02-16 13:08:28
free: None
source: rucio
total: 0
Note: alternatively: rucio list-rse-usage JDOES-TEST_DATADISK.
set-attribute¶
Add RSE attribute(key-value pair).
rucio-admin rse set-attribute [-h] --rse RSE --key KEY --value VALUE
Named Arguments¶
--rse | RSE name |
--key | Attribute key |
--value | Attribute value |
Usage example¶
$ rucio-admin rse set-attribute --rse JDOES-TEST_DATADISK --key owner --value jdoe
Added new RSE attribute for JDOES-TEST_DATADISK: owner-jdoe
CAUTION: the existing attribute can be overwritten. Check rucio list-rse-attributes JDOES-TEST_DATADISK before setting an attribute.
delete-attribute¶
Delete a RSE attribute(key-value pair).
rucio-admin rse delete-attribute [-h] --rse RSE --key KEY --value VALUE
Named Arguments¶
--rse | RSE name |
--key | Attribute key |
--value | Attribute value |
Usage example¶
$ rucio-admin rse delete-attribute --rse JDOES-TEST_DATADISK --key owner --value jdoe
Deleted RSE attribute for JDOES-TEST_DATADISK: owner-jdoe
add-distance¶
Set the distance between a pair of RSEs.
rucio-admin rse add-distance [-h] [--distance DISTANCE] [--ranking RANKING]
source destination
Positional Arguments¶
source | Source RSE name |
destination | Destination RSE name |
Named Arguments¶
--distance | Distance between RSEs Default: 1 |
--ranking | Ranking of link Default: 1 |
Usage example¶
$ rucio-admin rse add-distance JDOES-TEST2_DATADISK JDOES-TEST_DATADISK
Set distance from JDOES-TEST2_DATADISK to JDOES-TEST_DATADISK to 1 with ranking 1/n
Note:
--distance can be set in range (0-11), 0 is the closest
--ranking can be set in range (0-13), 13 is the best
Note: order of RSEs is fixed: source, destination
update-distance¶
Update the existing distance or ranking between a pair of RSEs. The mandatory parameters are source, destination and distance or ranking.
rucio-admin rse update-distance [-h] [--distance DISTANCE] [--ranking RANKING]
source destination
Positional Arguments¶
source | Source RSE name |
destination | Destination RSE name |
Named Arguments¶
--distance | Distance between RSEs |
--ranking | Ranking of link |
Usage example¶
$ rucio-admin rse update-distance JDOES-TEST_DATADISK JDOES-TEST2_DATADISK --ranking 10
Update distance information from JDOES-TEST_DATADISK to JDOES-TEST2_DATADISK:
- Ranking set to 10
Note:
--distance can be set in range (0-11), 0 is the closest
--ranking can be set in range (-inf+inf), the larger the better
Note: order of RSEs is fixed: source, destination. Note: ranking is updated dynamically against coditions at grid.
get-distance¶
Get the distance information between a pair of RSEs.
rucio-admin rse get-distance [-h] source destination
Positional Arguments¶
source | Source RSE name |
destination | Destination RSE name |
Usage example¶
$ rucio-admin rse get-distance JDOES-TEST_DATADISK JDOES-TEST2_DATADISK
Distance information from JDOES-TEST_DATADISK to JDOES-TEST2_DATADISK: distance=3, ranking=10
Note: order of RSEs is fixed: source, destination.
get-attribute¶
List RSE attributes.
rucio-admin rse get-attribute [-h] rse
Positional Arguments¶
rse | RSE name |
Usage example¶
$ rucio-admin rse get-attribute JDOES-TEST_DATADISK
owner: jdoe
JDOES-TEST_DATADISK: True
Note: alternatively: rucio list-rse-attributes JDOES-TEST_DATADISK.
add-protocol¶
Add a protocol and its settings to a RSE.
rucio-admin rse add-protocol [-h] --hostname HOSTNAME --scheme SCHEME --prefix
PREFIX [--space-token SPACE_TOKEN]
[--web-service-path WEB_SERVICE_PATH]
[--port PORT] [--impl IMPL]
[--domain-json DOMAIN_JSON]
[--extended-attributes-json EXT_ATTR_JSON]
rse
Positional Arguments¶
rse | RSE name |
Named Arguments¶
--hostname | Endpoint hostname |
--scheme | Endpoint URL scheme |
--prefix | Endpoint URL path prefix |
--space-token | Space token name (SRM-only) |
--web-service-path | |
Web service URL (SRM-only) | |
--port | URL port |
--impl | Transfer protocol implementation to use Default: “rucio.rse.protocols.gfalv2.Default” |
--domain-json | JSON describing the WAN / LAN setup |
--extended-attributes-json | |
JSON describing any extended attributes |
Usage example¶
$ rucio-admin rse add-protocol --hostname jdoes.test.org --scheme gsiftp --prefix '/atlasdatadisk/rucio/' --port 8443 JDOES-TEST_DATADISK
Note: no printed stdout. Note: examples of optional parametres:
--space-token DATADISK
--web-service-path '/srm/managerv2?SFN='
--port 8443
--impl 'rucio.rse.protocols.gfalv2.Default'
(for other protocol implementation, replace gfal2 with impl. name, e.g. srm)
--domain-json
--extended-attributes-json example.json
where example.json contains dict {'attr_name':'value', ...}
delete-protocol¶
Delete a protocol from a RSE.
rucio-admin rse delete-protocol [-h] [--hostname HOSTNAME] --scheme SCHEME
[--port PORT]
rse
Positional Arguments¶
rse | RSE name |
Named Arguments¶
--hostname | Endpoint hostname |
--scheme | Endpoint URL scheme |
--port | URL port |
Usage example¶
$ rucio-admin rse delete-protocol --scheme gsiftp JDOES-TEST_DATADISK
Note: no printed stdout.
scope¶
Scope methods
rucio-admin scope [-h] {add,list} ...
config¶
Configuration methods. The global configuration of data mangement system can by modified.
rucio-admin config [-h] {get,set,delete} ...
Sub-commands:¶
get¶
Get matching configuration.
rucio-admin config get [-h] [--section SECTION] [--option OPTION]
Named Arguments¶
--section | Section name |
--option | Option name |
Usage example¶
$ rucio-admin config get --section quota
[quota]
LOCALGROUPDISK=95
SCRATCHDISK=30
USERDISK=30
Note: to list other sections: rucio-admin config get.
set¶
Set matching configuration.
rucio-admin config set [-h] --section SECTION --option OPTION --value VALUE
Named Arguments¶
--section | Section name |
--option | Option name |
--value | String-encoded value |
Usage example¶
$ rucio-admin config set --section limitsscratchdisk --option testlimit --value 30
Set configuration: limitsscratchdisk.testlimit=30
CAUTION: you might not intend to change global configuration!
delete¶
Delete matching configuration.
rucio-admin config delete [-h] --section SECTION --option OPTION
Named Arguments¶
--section | Section name |
--option | Option name |
Usage example¶
$ rucio-admin config delete --section limitsscratchdisk --option testlimit
Deleted section 'limitsscratchdisk' option 'testlimit'
CAUTION: you might not intend to change global configuration!
e.g. quotas, daemons, rses
subscription¶
Subscription methods. The methods for automated and regular processing of some specific rules.
rucio-admin subscription [-h] {add,list,update,reevaluate} ...
Sub-commands:¶
add¶
Add subscription
rucio-admin subscription add [-h] [--lifetime LIFETIME]
[--account SUBS_ACCOUNT] [--priority PRIORITY]
name filter replication_rules comments
Positional Arguments¶
name | Subscription name |
filter | DID filter (eg ‘{“scope”: [“tests”], “project”: [“data12_8TeV”]}’) |
replication_rules | |
Replication rules (eg ‘[{“copies”: 2, “rse_expression”: “tier=2”, “lifetime”: 3600, “activity”: “Functional Tests”, “weight”: “mou”}]’) | |
comments | Comments on subscription |
Named Arguments¶
--lifetime | Subscription lifetime (in days) |
--account | Account name |
--priority | The priority of the subscription |
Usage example¶
$ rucio-admin subscription add --lifetime 2 --account jdoe --priority 1 jdoes_txt_files_on_datadisk
'{"scope": ["user.jdoe"], "datatype": ["txt"]}' '[{"copies": 1, "rse_expression": "JDOES-TEST_DATADISK", "lifetime": 3600, "activity": "User Subscriptions"}]'
'keeping replica on jdoes disk for 60 mins'
Subscription added 9a89cc8e692f4cabb8836fdafd884c5a
Note: priority can range from 1 to infinity. Internal share for given account.
list¶
List subscriptions
rucio-admin subscription list [-h] [--account SUBS_ACCOUNT] [--long] [name]
Positional Arguments¶
name | Subscription name |
Named Arguments¶
--account | Account name |
--long | Long listing Default: False |
Usage example¶
$ rucio-admin subscription list --account jdoe
jdoe: jdoes_txt_files_on_datadisk UPDATED
priority: 1
filter: {'datatype': ['txt'], 'scope': ['user.jdoe']}
rules: [{'lifetime': 3600, 'rse_expression': 'JDOES-TEST_DATADISK', 'copies': 1, 'activity': 'User Subscriptions'}]
comments: keeping replica on jdoes disk for 60 mins
update¶
Update subscription
rucio-admin subscription update [-h] [--lifetime LIFETIME]
[--account SUBS_ACCOUNT] [--priority PRIORITY]
name filter replication_rules comments
Positional Arguments¶
name | Subscription name |
filter | DID filter (eg ‘{“scope”: [“tests”], “project”: [“data12_8TeV”]}’) |
replication_rules | |
Replication rules (eg ‘[{“activity”: “Functional Tests”, “copies”: 2, “rse_expression”: “tier=2”, “lifetime”: 3600, “weight”: “mou”}]’) | |
comments | Comments on subscription |
Named Arguments¶
--lifetime | Subscription lifetime (in days) |
--account | Account name |
--priority | The priority of the subscription |
Usage example¶
$ rucio-admin subscription update --lifetime 3 --account jdoe --priority 1 jdoes_txt_files_on_datadisk
'{"scope": ["user.jdoe"], "datatype": ["txt"]}' '[{"copies": 1, "rse_expression": "JDOES-TEST_DATADISK", "lifetime": 3600, "activity": "User Subscriptions"}]
keeping replica on jdoes disk for 60 mins, valid until 23.2.2018
Note: no printed stdout. Note: all the input parameters are mandatory.
$ rucio-admin subscription list --account jdoe
jdoe: jdoes_txt_files_on_datadisk UPDATED
priority: 1
filter: {"datatype": ["txt"], "scope": ["user.jdoe"]}
rules: [{"lifetime": 3600, "rse_expression": "JDOES-TEST_DATADISK", "copies": 1, "activity": "User Subscriptions"}]
comments: keeping replica on jdoes disk for 60 mins, valid until 23.2.2018
replicas¶
Replica methods
rucio-admin replicas [-h] {declare-bad,list-pfns} ...
Sub-commands:¶
declare-bad¶
Declare bad file replicas
rucio-admin replicas declare-bad [-h] --reason REASON
[--inputfile [INPUTFILE]]
[--allow-collection]
[listbadfiles [listbadfiles ...]]
Positional Arguments¶
listbadfiles | List of bad items. Each can be a PFN (for one replica) or an LFN (for all replicas of the LFN) or a collection DID (for all file replicas in the DID) |
Named Arguments¶
--reason | Reason |
--inputfile | File containing list of bad items |
--allow-collection | |
Allow passing a collection DID as bad item Default: False |
Usage example¶
$ rucio-admin replicas declare-bad
srm://se.bfg.uni-freiburg.de:8443/srm/managerv2?SFN=/pnfs/bfg.uni-freiburg.de/data/atlasdatadisk/rucio/user/jdoe/e2/a7/jdoe.TXT.txt --reason 'test only'
Note: no printed stdout.
Note: pfn can be provided, see rucio-admin replicas list-pfns or rucio list-file-replicas
list-pfns¶
List the possible PFN for a file at a site.
rucio-admin replicas list-pfns [-h] dids rse protocol
Positional Arguments¶
dids | List of DIDs (coma separated) |
rse | RSE |
protocol | The protocol, by default srm, can be one of [root|srm|http(s)]. Default: “srm” |
Usage example¶
$ rucio-admin replicas list-pfns
user.jdoe:jdoe.TXT.txt CERN-PROD_SCRATCHDISK srm '{"all_states": False, "schemes": ["srm"], "dids": [{"scope": "user.jdoe", "name": "jdoe.TXT.txt"}]}'
srm://srm-eosatlas.cern.ch:8443/srm/v2/server?SFN=/eos/atlas/atlasscratchdisk/rucio/user/jdoe/e2/a7/jdoe.TXT.txt