A couple of comments;
There is a yaim bug (fixed for next time) which affects VOMS-only VOs -
the sgm account is not properly mapped. A workaround is to set the
following variable
VO_GEANT4_SGM="x"
which will ensure your sgm user is mapped (via the VOMS server). It will
also result in a spurious but harmless ldap entry in mkgridmap.conf (the
"x").
More generally, we cannot mandate that the users on a site are named
after the VO - some sites operate a different policy. We also cannot
mandate that pool accounts all have 3 digit suffices (or similar). At
the moment, yaim does not fully handle VOs whose name terminates in a
digit. As discussed, it will still work, so long as you don't introduce
a VO called geant5...
Oliver.
Oliver Keeble Information Technology Department
[log in to unmask] CERN
+41 22 76 72360 CH-1211 Geneva 23
Dan Schrager wrote:
> It's geant4001-geant4050, geant4sgm, group geant4.
>
> The sgm user did not map right for now, however.
>
>
> David Garcia Aristegui wrote:
>
>> Hello, a quick question. You wrote "the mapped users I've defined are
>> geant4001-geant4050 and geant4sgm. The group is geant4". Is this
>> correct finally, or the pool account you have is geant001-geant050?
>>
>> Thank you in advanced.
>>
>>
>> Dan Schrager wrote:
>>
>>> I am a yaim "compliant" site.
>>> yaim should maybe fix a small inconsistency: the "root" for all names
>>> should be the vo's name as defined in the VOS="atlas ... geant4" line.
>>> anyway jobs do run well for geant4 here :-)
>>>
>>> Patricia Mendez Lorenzo wrote:
>>>
>>>> Hello Dan,
>>>>
>>>> The vo is called geant4 because geant4 is the name of the community
>>>> and geant4 should not cause any problem
>>>> in any configuration file. only geant has other meanings, so it is
>>>> important to realize that we speak abuot geant4 and
>>>> not about geant. It is not the 1st case with numbers inside the
>>>> name of the VO, for example na48 is another example.
>>>>
>>>> The grid-mapfile can read .geant4. Actually in other sites .geant4
>>>> appears inside the grid-mapfiles.
>>>>
>>>> at least what we realized at cern is the number of characters
>>>> included in the pool accounts. i think 8 characters is the
>>>> maximal. geant4001has 9.
>>>>
>>>> Patricia
>>>>
>>>> El 06/12/2005, a las 23:30, Dan Schrager escribió:
>>>>
>>>>> why don't you call the vo geant ?
>>>>> why the grid-mapfile doesn't read .geant4 ?
>>>>> who cares about the range of mapped users, 4001-4050 is as good as
>>>>> 001-050 ?
>>>>>
>>>>> Patricia Mendez Lorenzo wrote:
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>>>
>>>>>>> VOS="atlas alice lhcb cms dteam sixt zeus see geant4"
>>>>>>>
>>>>>>> VO_GEANT4_SW_DIR=$VO_SW_DIR/geant4
>>>>>>> VO_GEANT4_DEFAULT_SE=$SE_HOST
>>>>>>> VO_GEANT4_VOMS_SERVERS="vomss://lcg-voms.cern.ch:8443/voms/
>>>>>>> geant4?/ geant4"
>>>>>>> VO_GEANT4_STORAGE_DIR=$CE_CLOSE_SE1_ACCESS_POINT/geant4
>>>>>>> VO_GEANT4_QUEUES="geant4"
>>>>>>>
>>>>>>> The mapped users I've defined are geant4001-geant4050 and
>>>>>>> geant4sgm. The group is geant4.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> This could couse a problems, because the accounts are seen going
>>>>>> from 4001 to 4050 (the "4" is counted
>>>>>> as part od the number account). So I would suggest to define the
>>>>>> pool accounts from geant001 unti geant050 (without the
>>>>>> number 4), the sgm account, the same: geantsgm. and yes, the name
>>>>>> of the vo is geant4.
>>>>>> I can check a submission to WEIZMANN with the geant4 certificate.
>>>>>> i let yoou know.
>>>>>>
>>>>>> Patricia
>>>>>>
>>>>>>
>>>>>>> Could you please confirm that it is all right ?
>>>>>>>
>>>>>>> I have noticed however that in the /etc/grid-security/grid-
>>>>>>> mapfile there are two new geant(4) users that are mapped to
>>>>>>> .geant -- WITHOUT A 4--
>>>>>>> Is this OK ?
>>>>>>>
>>>>>>> The 4 seems a problem for me. Is it ? Could any of the geant4
>>>>>>> certificate holders submit a job to WEIZMANN-LCG2 and tell me
>>>>>>> whether the results are OK ?
>>>>>>>
>>>>>>> Regards,
>>>>>>> Dan
>>>>>>>
>>>>>>
>>>>>> +++++++++++++++++++++++++++++++++++++++++++
>>>>>> This Mail Was Scanned By Mail-seCure System
>>>>>> at the Tel-Aviv University CC.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>> +++++++++++++++++++++++++++++++++++++++++++
>>>> This Mail Was Scanned By Mail-seCure System
>>>> at the Tel-Aviv University CC.
>>>
>>>
>>>
>>>
>>>
>>
>> +++++++++++++++++++++++++++++++++++++++++++
>> This Mail Was Scanned By Mail-seCure System
>> at the Tel-Aviv University CC.
>
>
>
|