Difference between revisions of "NGI DE:VO dteam"

From EGIWiki
Jump to: navigation, search
Line 33: Line 33:
 
Suppose that the SE is a dCache system: In /etc/grid-security/grid-vorolemap there must be a line like this:
 
Suppose that the SE is a dCache system: In /etc/grid-security/grid-vorolemap there must be a line like this:
 
  "<dn>" "/dteam/NGI_DE" <username>
 
  "<dn>" "/dteam/NGI_DE" <username>
  Here, <dn> can be “*” to map all the DNs on the same role /dteam/NGI_DE. The <username> is arbitrary(e.g. ops001).
+
  Here, <dn> can be “*” to map all the DNs on the same role /dteam/NGI_DE. The <username> is arbitrary(e.g. dteam001).
 
  However, the same username should be used in /etc/grid-security/ storage-authzdb as here:
 
  However, the same username should be used in /etc/grid-security/ storage-authzdb as here:
 
  authorize <username> read-write <uid> <gid> ///
 
  authorize <username> read-write <uid> <gid> ///

Revision as of 09:19, 28 March 2011

  • General information of dteam VO

The dteam VO started in EGEE. Starting from EGI two new separate subgroups called /dteam/NGI-DE and /dteam/NGI-CH have been creacted and will replace the common old DECH subgroup /dteam/dech. All the NGI-DE and NGI-CH sites should support both VO subgroups /dteam/NGI_DE and /dteam/NGI_CH to allow the site administrators and ROD shifters to test the site services.

  • How to support VO /dteam/NGI_DE and /dteam/NGI_CH

on the node CE or CREAM CE configure the voms-grid-mapfile. Following is an example:

/dteam/Role=NULL/Capability=NULL" .dteam
"/dteam" .dteam
"/dteam/*/Role=NULL/Capability=NULL/Capability=NULL" .dteam
"/dteam/*/Role=NULL/Capability=NULL" .dteam       ( match /dteam/NGI_DE and /dteam/NGI_CH)
"/dteam/Role=lcgadmin/Capability=NULL" dteamsgm
"/dteam/Role=lcgadmin" dteamsgm
"/dteam/Role=production/Capability=NULL" dteamprd
"/dteam/Role=production" dteamprd

If the site prefer to filter and support only the specific group the voms-grid-mapfile could be as following(only listed groups and roles are supported):

"/dteam/NGI_DE/FZK-LCG2" .dteam (restrict access per site)
"/dteam/NGI_DE/FZK-LCG2/Role=NULL/Capability=NULL" .dteam
"/dteam/NGI_DE" .dteam (support all NGI-DE )
"/dteam/NGI_CH  .dteam (support all NGI_CH sites 
"/dteam" .dteam
"/dteam/Role=NULL/Capability=NULL" .dteam
"/dteam/Role=production" dteamprd
"/dteam/Role=production/Capability=NULL" dteamprd
"/dteam/Role=lcgadmin" dteamsgm
"/dteam/Role=lcgadmin/Capability=NULL" dteamsgm

on the node SE Suppose that the SE is a dCache system: In /etc/grid-security/grid-vorolemap there must be a line like this:

"<dn>" "/dteam/NGI_DE" <username>
Here, <dn> can be “*” to map all the DNs on the same role /dteam/NGI_DE. The <username> is arbitrary(e.g. dteam001).
However, the same username should be used in /etc/grid-security/ storage-authzdb as here:
authorize <username> read-write <uid> <gid> ///
The <uid> and <gid> is site specific and should be known by the site administrator.
It may be necessary to enter /dteam/NGI_DE also in the LinkGroupAuthorization.conf.
  • How to register to VO dteam

step 1: as a new member of dteam. (if you are already registered in subgroup /dteam or /dteam/dech member please go to step 2)

1-From the page https://voms.hellasgrid.gr:8443/vo/dteam/vomrs left menu, click on registration (phase I),  
2-Select the appropriate representative. Example: dteam users from Germany should select Ingrid Schaeffner or Wen Mei as their
representative. 
3-Fill your personal data and submit it. 
4-As soon as you got approved by the representative you are automatically registered under the root group /dteam in addition to any site group they might select.

Step2: select the group and role

1-From the page https://voms.hellasgrid.gr:8443/vo/dteam/vomrs left menu, now you can see the select group and
group roles. 
2-Select group /dteam/NGI_DE, /dteam/NGI_DE/<site name> and the roles of the site if necessary. 
3-Submit the selection. 
4-The registration is complete when you receive approved email from AUTOMATIC NOTIFICATION FROM VOMRS