Difference between revisions of "NGI DE:Regional Monitoring"
Line 11: | Line 11: | ||
"/ops/Role=pilot" .ops | "/ops/Role=pilot" .ops | ||
"/ops/Role=pilot/Capability=NULL" .ops | "/ops/Role=pilot/Capability=NULL" .ops | ||
− | + | "/ops/*" .ops (matches also /ops/NGI/Germany) | |
* Support for VO subgroup /ops/NGI/Germany on SE | * Support for VO subgroup /ops/NGI/Germany on SE | ||
Following is an example of how to configure SE in order to support vo /ops/NGI/Germany. | Following is an example of how to configure SE in order to support vo /ops/NGI/Germany. | ||
− | Suppose that the SE is a dCache system | + | Suppose that the SE is a dCache system: |
− | In /etc/grid-security/grid-vorolemap there must be a line like this: | + | In /etc/grid-security/grid-vorolemap there must be a line like this: |
− | + | "<dn>" "/ops/NGI/Germany" <username> | |
− | "<dn>" "/ops/NGI/Germany" <username> | + | Here, <dn> can be “*” to map all the DNs on the same role /ops/NGI/Germany. The <username> is arbitrary(e.g. ops001). |
− | Here, <dn> can be “*” to all the DNs | + | However, the same username should be used in /etc/grid-security/ storage-authzdb as here: |
− | + | authorize <username> read-write <uid> <gid> /// | |
− | However, the same username should be used in /etc/grid-security/ storage-authzdb as here: | + | The <uid> and <gid> is site specific and should be known by the site administrator. |
− | authorize <username> read-write <uid> <gid> /// | + | It may be necessary to enter /ops/NGI/Germany also in the LinkGroupAuthorization.conf. |
− | |||
− | The <uid> and <gid> is site specific and should be known by the site administrator. | ||
− | It may be necessary to enter /ops/NGI/Germany also in the LinkGroupAuthorization.conf. |
Revision as of 17:31, 21 March 2011
Use of subgroup "/ops/NGI/Germany" for NGI-DE Nagios Tests
- Support for VO subgroup /ops/NGI/Germany on CE/CREAMCE
The VO mappping on the site CE /CREAMCE need to be configured to support the ops subgroup /ops/NGI/Germany As reference here is a sample how the ops vo subgroups are mapped in the voms-grid-mapfile on the CEs at FZK_LCG2 site:
"/ops/Role=NULL/Capability=NULL" .ops "/ops/Role=lcgadmin" opssgm "/ops/Role=lcgadmin/Capability=NULL" opssgm "/ops/Role=pilot" .ops "/ops/Role=pilot/Capability=NULL" .ops "/ops/*" .ops (matches also /ops/NGI/Germany)
- Support for VO subgroup /ops/NGI/Germany on SE
Following is an example of how to configure SE in order to support vo /ops/NGI/Germany. Suppose that the SE is a dCache system:
In /etc/grid-security/grid-vorolemap there must be a line like this: "<dn>" "/ops/NGI/Germany" <username> Here, <dn> can be “*” to map all the DNs on the same role /ops/NGI/Germany. The <username> is arbitrary(e.g. ops001). However, the same username should be used in /etc/grid-security/ storage-authzdb as here: authorize <username> read-write <uid> <gid> /// The <uid> and <gid> is site specific and should be known by the site administrator. It may be necessary to enter /ops/NGI/Germany also in the LinkGroupAuthorization.conf.