Difference between revisions of "NGI DE:Regional Monitoring"

From EGIWiki
Jump to: navigation, search
Line 11: Line 11:
 
   "/ops/Role=pilot" .ops
 
   "/ops/Role=pilot" .ops
 
   "/ops/Role=pilot/Capability=NULL" .ops
 
   "/ops/Role=pilot/Capability=NULL" .ops
"/ops/*" .ops  (matches also /ops/NGI/Germany)
+
  "/ops/*" .ops  (matches also /ops/NGI/Germany)
  
 
* Support for VO subgroup /ops/NGI/Germany on SE
 
* Support for VO subgroup /ops/NGI/Germany on SE
  
 
Following is an example of  how to configure SE in order to support vo /ops/NGI/Germany.
 
Following is an example of  how to configure SE in order to support vo /ops/NGI/Germany.
Suppose that the SE is a dCache system.
+
Suppose that the SE is a dCache system:
  
In /etc/grid-security/grid-vorolemap there must be a line like this:
+
In /etc/grid-security/grid-vorolemap there must be a line like this:
 
+
"<dn>" "/ops/NGI/Germany" <username>
"<dn>" "/ops/NGI/Germany" <username>
+
Here, <dn> can be “*” to map all the DNs on the same role /ops/NGI/Germany. The <username> is arbitrary(e.g. ops001).
Here, <dn> can be “*” to all the DNs map on the same role /ops/NGI/Germany. The <username> is arbitrary(e.g. ops001),
+
However, the same username should be used in /etc/grid-security/ storage-authzdb as here:
 
+
authorize <username> read-write <uid> <gid> ///
However, the same username should be used in /etc/grid-security/ storage-authzdb as here:
+
The <uid> and <gid> is site specific and should be known by the site administrator.
authorize <username> read-write <uid> <gid> ///
+
It may be necessary to enter /ops/NGI/Germany also in the LinkGroupAuthorization.conf.
 
 
The <uid> and <gid> is site specific and should be known by the site administrator.
 
It may be necessary to enter /ops/NGI/Germany also in the LinkGroupAuthorization.conf.
 

Revision as of 17:31, 21 March 2011

Use of subgroup "/ops/NGI/Germany" for NGI-DE Nagios Tests

  • Support for VO subgroup /ops/NGI/Germany on CE/CREAMCE

The VO mappping on the site CE /CREAMCE need to be configured to support the ops subgroup /ops/NGI/Germany As reference here is a sample how the ops vo subgroups are mapped in the voms-grid-mapfile on the CEs at FZK_LCG2 site:

 "/ops/Role=NULL/Capability=NULL" .ops
 "/ops/Role=lcgadmin" opssgm
 "/ops/Role=lcgadmin/Capability=NULL" opssgm
 "/ops/Role=pilot" .ops
 "/ops/Role=pilot/Capability=NULL" .ops
 "/ops/*" .ops   (matches also /ops/NGI/Germany)
  • Support for VO subgroup /ops/NGI/Germany on SE

Following is an example of how to configure SE in order to support vo /ops/NGI/Germany. Suppose that the SE is a dCache system:

In /etc/grid-security/grid-vorolemap there must be a line like this:
"<dn>" "/ops/NGI/Germany" <username>
Here, <dn> can be “*” to map all the DNs on the same role /ops/NGI/Germany. The <username> is arbitrary(e.g. ops001).
However, the same username should be used in /etc/grid-security/ storage-authzdb as here:
authorize <username> read-write <uid> <gid> ///
The <uid> and <gid> is site specific and should be known by the site administrator.
It may be necessary to enter /ops/NGI/Germany also in the LinkGroupAuthorization.conf.