guide:Vo
Contents |
Vo list
Every VO (and all members on it) can access to the Grid middleware (the middleware should be configured for this). There is the list of Virtual organizations (VOs), which are supported by the D-Grid Reference installation. Every VO can use any middleware in the reference system, which is done by the following configurations:
| VO | VOMS port |
|---|---|
| dgtest | 15000 |
| kerndgrid | 15001 |
| hepcg | 15002 |
| c3grid | 15003 |
| astrogrid | 15004 |
| medigrid | 15005 |
| ingrid | 15006 |
| textgrid | 15011 |
| wisent | 15012 |
| gdigrid | 15013 |
| progrid | 15014 |
| partnergrid | 15015 |
| bwgrid | 15016 |
| fingrid | 15017 |
| lifescience | 15018 |
| education | 15019 |
| aerogrid | 15021 |
| bisgrid | 15022 |
| bauvogrid | 15023 |
| bioif | 15024 |
| biz2grid | 15025 |
| dgcms | 15026 |
| dgops | 15027 |
| optinum | 15028 |
| ptgrid | 15029 |
| pneumogrid | 15030 |
| valuegrids | 15031 |
| dgsi | 15032 |
| gapslc | 15033 |
| interloggrid | 15034 |
| mosgrid | 15035 |
In order to allow new D-Grid VO to access a registered D-Grid Resource, the administrator can use the link here and add the appropriate VOs for this resource.
- See also
configure new Vo
configure new VO in gLite
- configure the /etc/glite/yaim/site-info.def configuration file
- fill in the "VO configuration variables" section (VOS="")
- add information into the "VO Einstellungen" section
- configure the /yaim/etc/groups.conf
- configure the /yaim/etc/users.conf
- Reconfigure the gLite with:
% /opt/glite/yaim/bin/yaim -c -s site-info.def -n lcg-CE -n BDII_site -n TORQUE_utils
configure new VO in Globus
- No configuration is needed as the gridmapfile in /etc/grid-security/grid-mapfile will be automatically updated by cfengine
Vo users
Requirements
Accounts
Each Virtual Organization (VO) should have enough available local accounts. There are 150 users per VO expected for the beginning in the D-Grid reference installation for example:
dgdt0001 to dgdt0100 for the VO ''dgtest'' dgmd0001 to dgmd0100 for the VO ''medigrid'' ... dgws0001 to dgws0100 for the VO ''wisent''
The general account format is ppvvnnnn, with:
- pp for a prefix with 1 or 2 characters (can be freely chosen)
- vv for a shortcut with 2 characters for the VO (have been identified: https://dispatch.fz-juelich.de:8814/D-Grid-VO)
- nnnn for a maximum of 4-digit number, awarded from the resource and user management.
UIDs
User accounts must exist with the same UID at all frontends (gLite-CE, Globus toolkit, Unicore NJS, dCache-SE, OGSA-DAI) and at the batch system ( server and all torque Worker nodes). Simply it can be surely setting up from NIS, LDAP. Furthermore, all local accounts should join the same VO group, such as: the group dgtest for the VO dgtest and the group medigrid for the VO medigrid. As example the /etc/passwd file should look like the following:
dgmd0001:x:100001:63600:mapped user for medigrid:/home/medigrid/dgmd0001:/bin/bash dgmd0002:x:100002:63600:mapped user for medigrid:/home/medigrid/dgmd0002:/bin/bash ... dgdt0001:x:100101:63700:mapped user for dgtest:/home/dgtest/dgdt0001:/bin/bash dgmdt0002:x:100102:63700:mapped user for dgtest:/home/dgtest/dgdt0002:/bin/bash
It is recommended to use Cfengine to distribute a single version of the files /etc/passwd and /etc/group to all the worker nodes and middleware frontends.
Mapping
After a resource have been registered, information about the user which is allowed to use this resource must be provided. This information is called mapping. The mapping of a "Certificate Grid Distinguished Name (DN)" to a local account is provided via a grid-mapfile ( Globus toolkit, gLite) or a UUDB (Unicore) and should be daily updated e.g. per cron job.
The script Dgridmap file is used to obtain these files. Usage instructions are available here. It is recommended to use Cfengine to distribute a single version of the grid-mapfile to all the middleware frontends.
Vo update users
- CA-certificates
- It must be ensured that all nodes except torque and NFS servers, have a current version of CA certificates available. In the D-Grid reference installation this actualization is done by the cfengine automated configuration tool.
For this you have to install the Cfengine client using the instructions here and to configure it as here.
- Users/VOs
- In order to enable all new users and VOs for accessing the grid services, it must be ensured that all nodes except torque and NFS server, have a current version of the passwd and group files. In the D-Grid reference installation this actualization is done by the cfengine automated configuration tool.
For this you have to install the Cfengine client using the instructions here and to configure it as here.
- grid-mapfile
- It must be ensured that the OGSA-DAI Frontend have a current version of the grid-mapfile available. In the D-Grid reference installation this actualization is automated by the cfengine configuration tool. For this you have to install the Cfengine client using the instructions here and to configure it as here .
