guide:Vo/user

From Dgiref
Jump to: navigation, search

Contents

Requirements

Accounts

Each Virtual Organization (VO) should have enough available local accounts. There are 150 users per VO expected for the beginning in the D-Grid reference installation for example: 

dgdt0001 to dgdt0100 for the VO ''dgtest'' 
dgmd0001 to dgmd0100 for the VO ''medigrid'' 
... 
dgws0001 to dgws0100 for the VO ''wisent''

The general account format is ppvvnnnn, with:

  • pp for a prefix with 1 or 2 characters (can be freely chosen)
  • vv for a shortcut with 2 characters for the VO (have been identified: https://dispatch.fz-juelich.de:8814/D-Grid-VO)
  • nnnn for a maximum of 4-digit number, awarded from the resource and user management.

UIDs

User accounts must exist with the same UID at all frontends (gLite-CE, Globus toolkit, Unicore NJS, dCache-SE, OGSA-DAI) and at the batch system ( server and all torque Worker nodes). Simply it can be surely setting up from NIS, LDAP. Furthermore, all local accounts should join the same VO group, such as: the group dgtest for the VO dgtest and the group medigrid for the VO medigrid. As example the /etc/passwd file should look like the following: 

dgmd0001:x:100001:63600:mapped user for medigrid:/home/medigrid/dgmd0001:/bin/bash
dgmd0002:x:100002:63600:mapped user for medigrid:/home/medigrid/dgmd0002:/bin/bash
...
dgdt0001:x:100101:63700:mapped user for dgtest:/home/dgtest/dgdt0001:/bin/bash
dgmdt0002:x:100102:63700:mapped user for dgtest:/home/dgtest/dgdt0002:/bin/bash

It is recommended to use Cfengine to distribute a single version of the files /etc/passwd and /etc/group to all the worker nodes and middleware frontends.

Mapping

After a resource have been registered, information about the user which is allowed to use this resource must be provided. This information is called mapping. The mapping of a "Certificate Grid Distinguished Name (DN)" to a local account is provided via a grid-mapfile ( Globus toolkit, gLite) or a UUDB (Unicore) and should be daily updated e.g. per cron job.

The script Dgridmap file is used to obtain these files. Usage instructions are available here. It is recommended to use Cfengine to distribute a single version of the grid-mapfile to all the middleware frontends.

Retrieved from "http://dgiref.d-grid.de/wiki/guide:Vo/user"
Personal tools