Difference between revisions of "GGUS:VOMS Interface FAQ"
m |
|||
(One intermediate revision by the same user not shown) | |||
Line 15: | Line 15: | ||
*DB.php | *DB.php | ||
They are located on | They are located on the front end machines (prod-cn/prod-cs) in directory /usr/local/bin. | ||
Both scripts are executed every night via cron. | Both scripts are executed every night via cron. | ||
* fetch_voms.sh is stored as cronjob under /etc/cron.daily/fetch_voms | * fetch_voms.sh is stored as cronjob under /etc/cron.daily/fetch_voms | ||
Line 23: | Line 23: | ||
The script voms2list.pl retrieves daily the data about VOMS membership of the groups/roles team and alarm. | The script voms2list.pl retrieves daily the data about VOMS membership of the groups/roles team and alarm. | ||
====Updating GGUS user database==== | ====Updating GGUS user database==== | ||
The script voms_sync.php establishes a connection to the GGUS database and starts the VOMS synchronization through the Syncr.php script. The first step of the synchronization process is to delete all old alarm and team roles stored in the database. Then the script reads the content of each .csv files and updates the user accounts according to the latest VOMS version. If the user has already an account in the database only the new role will be assigned to him ( | The script voms_sync.php establishes a connection to the GGUS database and starts the VOMS synchronization through the Syncr.php script. The first step of the synchronization process is to delete all old alarm and team roles stored in the database. Then the script reads the content of each .csv files where the usernames/dn/emails are temporarily stored for each VO and each role (team/alarm) and updates the user accounts according to the latest VOMS version. If the user has already an account in the database only the new role will be assigned to him/her (the user account is not affected by the synchronization), otherwise a new account will be created together with the given role. | ||
Attributes covered by the synchronization process are | Attributes covered by the synchronization process are: | ||
* VOMS role (team, alarm) | * VOMS role (team, alarm) |
Latest revision as of 07:17, 25 September 2014
GGUS wiki / GGUS FAQ / GGUS Documentation / GGUS Helpdesk
FAQ for the Interface between GGUS and VOMS
Purpose
This document describes the VOMS–GGUS interface. The VOMS–GGUS interface is used for synchronizing the GGUS user database with the CERN VOMS server. In CERN VOMS server the alarm and team permissions for the LHC VOs are kept.
Tools, Applications, Systems
The VOMS–GGUS interface is based on scripts which retrieve the data from VOMS server using an API call. The scripts which are involved are:
- voms2list.pl
- voms_sync.php
- Syncr.php
- DB.php
They are located on the front end machines (prod-cn/prod-cs) in directory /usr/local/bin. Both scripts are executed every night via cron.
- fetch_voms.sh is stored as cronjob under /etc/cron.daily/fetch_voms
Workflow
Retrieving data from VOMS server
The script voms2list.pl retrieves daily the data about VOMS membership of the groups/roles team and alarm.
Updating GGUS user database
The script voms_sync.php establishes a connection to the GGUS database and starts the VOMS synchronization through the Syncr.php script. The first step of the synchronization process is to delete all old alarm and team roles stored in the database. Then the script reads the content of each .csv files where the usernames/dn/emails are temporarily stored for each VO and each role (team/alarm) and updates the user accounts according to the latest VOMS version. If the user has already an account in the database only the new role will be assigned to him/her (the user account is not affected by the synchronization), otherwise a new account will be created together with the given role. Attributes covered by the synchronization process are:
- VOMS role (team, alarm)
- Certificate DN
- User name
What happens if the nightly voms-ggus sync fails?
When the procedure fails new roles/users will be not updated/added - but no user account will be deleted, only previous roles. With the next proper execution of the synchronisation procedure the data will be up-to-date again.
What if I have questions which are not dealt with by this FAQ?
Open a GGUS ticket
indicating that it should be directed at the GGUS team.
Search
- Please use this link to search inside the GGUS FAQ