Hi Santanu,
There are a few issues wrapped up here!
The first thing is that the default setting is to have
grid-mapfile in /etc/grid-security/grid-mapfile
gridmapdir in /etc/grid-security/gridmapdir/
hostkey in /etc/grid-security/hostkey
hostcert in /etc/grid-security/hostcert
The lock files mapping certificates to pool accounts are shared between
the SE and the CE by an nfs mount of /etc/grid-security/gridmapdir/
However, the grid-mapfile can't be shared as this would require also
sharing the hostkey and certificate! So the SE should be running a cron
job to maintain it's own grid-mapfile.
The WN's don't need the lockfiles or a grid-mapfile, or a certificate.
There is another option, involving the autofs-cfg.h file. To use this
you have to "#define AUTOFS 1" in your site-cfg.h (default set to 0).
I'm not too certain what the AUTOFS option does - I think it may use
automount nfs - as I haven't used it, but it changes the nfs exported
and mounted directory paths slightly. Otherwise the mounts are the
same: gridmapdir is shared, but grid-mapfile is not.
There is one other bug, if you want to keep your gridmapdir in a
different location to the default (such as
/share/grid-security/gridmapdir/). Although this is #define'd as
SITE_DEF_GRIDMAPDIR in site-cfg.h, the default LCFG files ignore this
and hard code the nfs mounts to /etc/grid-security/gridmapdir/ anyway!
You really ought to change all occurrences of
/etc/grid-security/gridmapdir to SITE_DEF_GRIDMAPDIR in all cfg files
apart from site-cfg.h.
hope this helps,
Owen.
Santanu Das wrote:
>
>
> Owen,
> Can you pls check one thing for me? I'm a bit confused:
>
> ComputingElement-cfg.h says:
>
> nfs.fs_gridsec /export/grid-security
> nfs.fs_gridsec /etc/grid-security/gridmapdir
>
> StorageElement-cfg.h and WorkerNode-cfg.h trying for:
>
> nfsmount.nfsdetails_gridsec /etc/grid-security/gridmapdir
> CE_HOSTNAME:/etc/grid-security/gridmapdir rw
>
> according to autofs-cfg.h:
>
> autofs.path_security /share/grid-security
>
> but the location of grid-mapfile in site-cfg.h:
>
> #define SITE_DEF_GRIDMAP /etc/grid-security/grid-mapfile
>
> Physically location of grid-mapfile is '/etc/grid-security/grid-mapfile'
> on the CE and '/etc/grid-security/gridmapdir' is being mounted on WNs
> and SE hence no grid-mapfile is available on SE.
>
> What you have or should I post this to TB-Support?
>
> Thanks,
> Santanu
--
#########################################
Dr O J E Maroney [log in to unmask]
Research Associate in eScience
HH Wills Physics Laboratory
University of Bristol
Tyndall Avenue, Bristol, BS8 1TL
Tel. 0117 928 8760
|