NGI DE:Regional Monitoring
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Use of subgroup "/ops/NGI/Germany" for NGI-DE Nagios Tests
- Support for VO subgroup /ops/NGI/Germany on CE/CREAMCE
The VO mappping on the site CE /CREAMCE need to be configured to support the ops subgroup /ops/NGI/Germany As reference here is a sample how the ops vo subgroups are mapped in the voms-grid-mapfile on the CEs at FZK_LCG2 site:
"/ops/Role=NULL/Capability=NULL" .ops "/ops/Role=lcgadmin" opssgm "/ops/Role=lcgadmin/Capability=NULL" opssgm "/ops/Role=pilot" .ops "/ops/Role=pilot/Capability=NULL" .ops "/ops/*" .ops (matches also /ops/NGI/Germany and /ops/NGI/Switzerland)
When are using YAIM to configure your CE the groups.conf should look like:
"/ops":::: "/ops/ROLE=lcgadmin":::sgm: "/ops/*":::: "/ops/*/Role=NULL/Capability=NULL"::::
- Support for VO subgroup /ops/NGI/Germany on SE
Following is an example of how to configure an SE in order to support the vo subgroup /ops/NGI/Germany.
Suppose that the SE is a dCache system: In /etc/grid-security/grid-vorolemap there must be a line like this: "<dn>" "/ops/NGI/Germany" <username> Here, <dn> can be “*” to map all the DNs on the same role /ops/NGI/Germany. The <username> is arbitrary(e.g. ops001). However, the same username should be used in /etc/grid-security/ storage-authzdb as here: authorize <username> read-write <uid> <gid> /// The <uid> and <gid> is site specific and should be known by the site administrator. It may be necessary to enter /ops/NGI/Germany also in the LinkGroupAuthorization.conf.