From EGIWiki
Revision as of 07:31, 28 June 2013 by Ggrein (talk | contribs)
Jump to: navigation, search

GGUS wiki / GGUS FAQ / GGUS Documentation / GGUS Helpdesk

FAQ for the Interface between GGUS and VOMS


This document describes the VOMS–GGUS interface. The VOMS–GGUS interface is used for synchronizing the GGUS user database with the CERN VOMS server. In CERN VOMS server the alarm and team permissions for the LHC VOs are kept.

Tools, Applications, Systems

The VOMS–GGUS interface is based on scripts which retrieve the data from VOMS server using an API call. The scripts are

  • and

They are located on machine “automatix” in directory /home/ggus/voms. Both scripts are executed every night via cron. Access to “automatix” is only possible via “Carl/Carla” setting up an ssh connection for ggus to “automatix”.

Work flows

Retrieving data from VOMS server

The script retrieves the complete data set from VOMS server and saves it as csv file at /home/ggus/voms/$vo/$vo$role.csv. This script is executed once per VO and role. The script reads the csv file, sorts the data by certificate DN and compares the retrieved data with the data in a base file /home/ggus/voms/$vo/$vo$role_base_sort.csv. Differences are saved in a file /home/ggus/voms/$vo/$vo$role_temp.csv and an email notification is sent to the GGUS developers. Additionally the file with the retrieved data is used as new base file.

Updating GGUS user database

Via cfengine the *_temp.csv are copied to the GGUS production (and training) servers at the time when they are created. Coincidentally the php script voms_sync.php gets started. This script communicates with the GGUS user database and creates, deletes or updates user accounts according to the content of the csv files. Attributes covered by the synchronization process are

  • VOMS role (team, alarm)
  • Certificate DN
  • Email
  • User name

What if I have questions which are not dealt with by this FAQ?

Open a GGUS ticket

indicating that it should be directed at the GGUS team.