middleware:Glite/31/server/join/notes

From Dgiref
Jump to: navigation, search

The configuration is done by the Site-info configuration file, example please see: site-info.def

Examples of the required users.conf and groups.conf files are available here:

After any installation of a new gLite site the name of the site BDII - mostly on the CE - has to be added to the list of all sites in D-Grid and sent an email with the LDAP string to dgrid-admin(at)fzk.de.

Note-icon.png
  
After the successful installation of the gLite Frontend it must be registered (if this not done) as new supported compute middleware in the site using the D-Grid resource and user management portal. For more information please see here.
User mapping in gLite

There are two possibilities for users authenticating with your CE:

  1. users coming with a plain globus proxy. These users are searched in the gridmap-file and their mappings can be forced to a fixed account simply by not using poolaccounts there (say, have "hepcg007" instead of ".hepcg" ) -> here the dgridmap script also used in the Reference installation for Globus and Unicore can be used.
  2. users coming with a voms proxy. Users coming with a voms proxy are assigned accounts by the voms plugins of LCMAPS, and they do this by looking at the available links in /etc/grid-security/gridmapdir . These links fix an assignment Subject_DN <-> local_user. If no link exists for the DN a new account of the pool is assigned and a link created. But if a link exists... that mapping is used. So the idea is to pre-generate all the required links in that folder, forcing the mapping to be the same as the one in the gridmap-file resp. Globus/Unicore. Those links must be also "touched" each time to avoid the "cleanup poolaccounts script" to remove them after a few days.
What/how to install
There is a cronjob which runs the gridmap-lcmaps.pl script. This one in turn makes use of the dgridmap script to download the list of mappings from Juelich. BTW: notice that only *registered*hosts* are allowed to query the database in Juelich... so make sure your gLite CE is registered there! Also need to make sure you have the dgrid-gridmapfile with fixed mappings.
CA-certificates
It must be ensured that all nodes except torque and NFS servers, have a current version of CA certificates available. In the D-Grid reference installation this actualization is done by the cfengine automated configuration tool.

For this you have to install the Cfengine client using the instructions here and to configure it as here.

Users/VOs
In order to enable all new users and VOs for accessing the grid services, it must be ensured that all nodes except torque and NFS server, have a current version of the passwd and group files. In the D-Grid reference installation this actualization is done by the cfengine automated configuration tool.

For this you have to install the Cfengine client using the instructions here and to configure it as here.

grid-mapfile
It must be ensured that the OGSA-DAI Frontend have a current version of the grid-mapfile available. In the D-Grid reference installation this actualization is automated by the cfengine configuration tool. For this you have to install the Cfengine client using the instructions here and to configure it as here .
Retrieved from "http://dgiref.d-grid.de/wiki/middleware:Glite/31/server/join/notes"
Personal tools