Difference between revisions of "NGI DE:Regional Monitoring"
Jump to navigation
Jump to search
(2 intermediate revisions by the same user not shown) | |||
Line 11: | Line 11: | ||
"/ops/Role=pilot" .ops | "/ops/Role=pilot" .ops | ||
"/ops/Role=pilot/Capability=NULL" .ops | "/ops/Role=pilot/Capability=NULL" .ops | ||
"/ops/*" .ops (matches also /ops/NGI/Germany and /ops/NGI/Switzerland) | |||
When are using YAIM to configure your CE the groups.conf should look like: | |||
"/ops":::: | |||
"/ops/ROLE=lcgadmin":::sgm: | |||
"/ops/*":::: | |||
"/ops/*/Role=NULL/Capability=NULL":::: | |||
* Support for VO subgroup /ops/NGI/Germany on SE | |||
Following is an example of how to configure an SE in order to support the vo subgroup /ops/NGI/Germany. | |||
The <uid> and <gid> is site specific and should be known by the site administrator. | Suppose that the SE is a dCache system: | ||
It may be necessary to enter /ops/NGI/Germany also in the LinkGroupAuthorization.conf. | In /etc/grid-security/grid-vorolemap there must be a line like this: | ||
"<dn>" "/ops/NGI/Germany" <username> | |||
Here, <dn> can be “*” to map all the DNs on the same role /ops/NGI/Germany. The <username> is arbitrary(e.g. ops001). | |||
However, the same username should be used in /etc/grid-security/ storage-authzdb as here: | |||
authorize <username> read-write <uid> <gid> /// | |||
The <uid> and <gid> is site specific and should be known by the site administrator. | |||
It may be necessary to enter /ops/NGI/Germany also in the LinkGroupAuthorization.conf. |
Latest revision as of 13:00, 28 March 2011
Use of subgroup "/ops/NGI/Germany" for NGI-DE Nagios Tests
- Support for VO subgroup /ops/NGI/Germany on CE/CREAMCE
The VO mappping on the site CE /CREAMCE need to be configured to support the ops subgroup /ops/NGI/Germany As reference here is a sample how the ops vo subgroups are mapped in the voms-grid-mapfile on the CEs at FZK_LCG2 site:
"/ops/Role=NULL/Capability=NULL" .ops "/ops/Role=lcgadmin" opssgm "/ops/Role=lcgadmin/Capability=NULL" opssgm "/ops/Role=pilot" .ops "/ops/Role=pilot/Capability=NULL" .ops "/ops/*" .ops (matches also /ops/NGI/Germany and /ops/NGI/Switzerland)
When are using YAIM to configure your CE the groups.conf should look like:
"/ops":::: "/ops/ROLE=lcgadmin":::sgm: "/ops/*":::: "/ops/*/Role=NULL/Capability=NULL"::::
- Support for VO subgroup /ops/NGI/Germany on SE
Following is an example of how to configure an SE in order to support the vo subgroup /ops/NGI/Germany.
Suppose that the SE is a dCache system: In /etc/grid-security/grid-vorolemap there must be a line like this: "<dn>" "/ops/NGI/Germany" <username> Here, <dn> can be “*” to map all the DNs on the same role /ops/NGI/Germany. The <username> is arbitrary(e.g. ops001). However, the same username should be used in /etc/grid-security/ storage-authzdb as here: authorize <username> read-write <uid> <gid> /// The <uid> and <gid> is site specific and should be known by the site administrator. It may be necessary to enter /ops/NGI/Germany also in the LinkGroupAuthorization.conf.