GGUS:VOMS Interface FAQ

From EGIWiki
Revision as of 12:23, 12 October 2011 by Ggrein (talk | contribs) (Created page with 'right|178px<br />'''GGUS wiki''' / '''GGUS FAQ''' / '''<span class="plainlinks">[https://ggus.eu/pages/docu.php GGUS Docume…')
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
GGUS-logo.jpg


GGUS wiki / GGUS FAQ / GGUS Documentation / GGUS Helpdesk


FAQ for the Interface between GGUS and VOMS

Updated
2011-10-12

Purpose

This document describes the VOMS–GGUS interface. The VOMS–GGUS interface is used for synchronizing the GGUS user database with the CERN VOMS server. In CERN VOMS server the alarm and team permissions for the LHC VOs are kept.

Tools, Applications, Systems

The VOMS–GGUS interface is based on scripts which retrieve the data from VOMS server using an API call. The scripts are

  • voms2list.pl and
  • alarm_team.sh.

They are located on machine “automatix” in directory /home/ggus/voms. Both scripts are executed every night via cron. Access to “automatix” is only possible via “Carl/Carla” setting up an ssh connection for ggus to “automatix”.

Work flows

Retrieving data from VOMS server

The script voms2list.pl retrieves the complete data set from VOMS server and saves it as csv file at /home/ggus/voms/$vo/$vo$role.csv. This script is executed once per VO and role. The script alarm_team.sh reads the csv file, sorts the data by certificate DN and compares the retrieved data with the data in a base file /home/ggus/voms/$vo/$vo$role_base_sort.csv. Differences are saved in a file /home/ggus/voms/$vo/$vo$role_temp.csv and an email notification is sent to the GGUS developers. Additionally the file with the retrieved data is used as new base file.

Updating GGUS user database

Via cfengine the *_temp.csv are copied to the GGUS production (and training) servers at the time when they are created. Coincidentally the php script voms_sync.php gets started. This script communicates with the GGUS user database and creates, deletes or updates user accounts according to the content of the csv files. Attributes covered by the synchronization process are

  • VOMS role (team, alarm)
  • Certificate DN
  • Email
  • User name

What if I have questions which are not dealt with by this FAQ?

Open a GGUS ticket

indicating that it should be directed at the GOCDB team.

Search