The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.
Difference between revisions of "NGI DE:Regional Monitoring"
Jump to navigation
Jump to search
(Created page with '* Support for VO subgroup /ops/NGI/Germany on CE/CREAMCE The VO mappping on the site CE /CREAMCE need to be configured to support the ops subgroup /ops/NGI/Germany As reference …') |
|||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
== Use of subgroup "/ops/NGI/Germany" for NGI-DE Nagios Tests == | |||
* Support for VO subgroup /ops/NGI/Germany on CE/CREAMCE | * Support for VO subgroup /ops/NGI/Germany on CE/CREAMCE | ||
| Line 4: | Line 6: | ||
As reference here is a sample how the ops vo subgroups are mapped in the voms-grid-mapfile on the CEs at FZK_LCG2 site: | As reference here is a sample how the ops vo subgroups are mapped in the voms-grid-mapfile on the CEs at FZK_LCG2 site: | ||
"/ops/Role=NULL/Capability=NULL" .ops | "/ops/Role=NULL/Capability=NULL" .ops | ||
"/ops/Role=lcgadmin" opssgm | "/ops/Role=lcgadmin" opssgm | ||
"/ops/Role=lcgadmin/Capability=NULL" opssgm | "/ops/Role=lcgadmin/Capability=NULL" opssgm | ||
"/ops/Role=pilot" .ops | "/ops/Role=pilot" .ops | ||
"/ops/Role=pilot/Capability=NULL" .ops | "/ops/Role=pilot/Capability=NULL" .ops | ||
"/ops/*" .ops (matches also /ops/NGI/Germany | "/ops/*" .ops (matches also /ops/NGI/Germany and /ops/NGI/Switzerland) | ||
When are using YAIM to configure your CE the groups.conf should look like: | |||
"/ops":::: | |||
"/ops/ROLE=lcgadmin":::sgm: | |||
"/ops/*":::: | |||
"/ops/*/Role=NULL/Capability=NULL":::: | |||
* Support for VO subgroup /ops/NGI/Germany on SE | |||
Following is an example of how to configure an SE in order to support the vo subgroup /ops/NGI/Germany. | |||
The <uid> and <gid> is site specific and should be known by the site administrator. | Suppose that the SE is a dCache system: | ||
It may be necessary to enter /ops/NGI/Germany also in the LinkGroupAuthorization.conf. | In /etc/grid-security/grid-vorolemap there must be a line like this: | ||
"<dn>" "/ops/NGI/Germany" <username> | |||
Here, <dn> can be “*” to map all the DNs on the same role /ops/NGI/Germany. The <username> is arbitrary(e.g. ops001). | |||
However, the same username should be used in /etc/grid-security/ storage-authzdb as here: | |||
authorize <username> read-write <uid> <gid> /// | |||
The <uid> and <gid> is site specific and should be known by the site administrator. | |||
It may be necessary to enter /ops/NGI/Germany also in the LinkGroupAuthorization.conf. | |||
Latest revision as of 13:00, 28 March 2011
Use of subgroup "/ops/NGI/Germany" for NGI-DE Nagios Tests
- Support for VO subgroup /ops/NGI/Germany on CE/CREAMCE
The VO mappping on the site CE /CREAMCE need to be configured to support the ops subgroup /ops/NGI/Germany As reference here is a sample how the ops vo subgroups are mapped in the voms-grid-mapfile on the CEs at FZK_LCG2 site:
"/ops/Role=NULL/Capability=NULL" .ops "/ops/Role=lcgadmin" opssgm "/ops/Role=lcgadmin/Capability=NULL" opssgm "/ops/Role=pilot" .ops "/ops/Role=pilot/Capability=NULL" .ops "/ops/*" .ops (matches also /ops/NGI/Germany and /ops/NGI/Switzerland)
When are using YAIM to configure your CE the groups.conf should look like:
"/ops":::: "/ops/ROLE=lcgadmin":::sgm: "/ops/*":::: "/ops/*/Role=NULL/Capability=NULL"::::
- Support for VO subgroup /ops/NGI/Germany on SE
Following is an example of how to configure an SE in order to support the vo subgroup /ops/NGI/Germany.
Suppose that the SE is a dCache system: In /etc/grid-security/grid-vorolemap there must be a line like this: "<dn>" "/ops/NGI/Germany" <username> Here, <dn> can be “*” to map all the DNs on the same role /ops/NGI/Germany. The <username> is arbitrary(e.g. ops001). However, the same username should be used in /etc/grid-security/ storage-authzdb as here: authorize <username> read-write <uid> <gid> /// The <uid> and <gid> is site specific and should be known by the site administrator. It may be necessary to enter /ops/NGI/Germany also in the LinkGroupAuthorization.conf.