Difference between revisions of "NGI DE:Regional Monitoring"

From EGIWiki
Jump to: navigation, search
Line 15: Line 15:
 
* Support for VO subgroup /ops/NGI/Germany on SE
 
* Support for VO subgroup /ops/NGI/Germany on SE
  
Following is an example of  how to configure SE in order to support vo /ops/NGI/Germany.
+
Following is an example of  how to configure an SE in order to support the vo subgroup /ops/NGI/Germany.
Suppose that the SE is a dCache system:
 
  
 +
Suppose that the SE is a dCache system:
 
  In /etc/grid-security/grid-vorolemap there must be a line like this:
 
  In /etc/grid-security/grid-vorolemap there must be a line like this:
 
  "<dn>" "/ops/NGI/Germany" <username>
 
  "<dn>" "/ops/NGI/Germany" <username>

Revision as of 17:33, 21 March 2011

Use of subgroup "/ops/NGI/Germany" for NGI-DE Nagios Tests

  • Support for VO subgroup /ops/NGI/Germany on CE/CREAMCE

The VO mappping on the site CE /CREAMCE need to be configured to support the ops subgroup /ops/NGI/Germany As reference here is a sample how the ops vo subgroups are mapped in the voms-grid-mapfile on the CEs at FZK_LCG2 site:

 "/ops/Role=NULL/Capability=NULL" .ops
 "/ops/Role=lcgadmin" opssgm
 "/ops/Role=lcgadmin/Capability=NULL" opssgm
 "/ops/Role=pilot" .ops
 "/ops/Role=pilot/Capability=NULL" .ops
 "/ops/*" .ops   (matches also /ops/NGI/Germany)
  • Support for VO subgroup /ops/NGI/Germany on SE

Following is an example of how to configure an SE in order to support the vo subgroup /ops/NGI/Germany.

Suppose that the SE is a dCache system:
In /etc/grid-security/grid-vorolemap there must be a line like this:
"<dn>" "/ops/NGI/Germany" <username>
Here, <dn> can be “*” to map all the DNs on the same role /ops/NGI/Germany. The <username> is arbitrary(e.g. ops001).
However, the same username should be used in /etc/grid-security/ storage-authzdb as here:
authorize <username> read-write <uid> <gid> ///
The <uid> and <gid> is site specific and should be known by the site administrator.
It may be necessary to enter /ops/NGI/Germany also in the LinkGroupAuthorization.conf.