Hi,
well, actually the generic installation is a very technical and neutral
document where no guidelines at all are given about which kind of
service is mandatory, dangerous, delicate or "cool" to run. So to remove
completely a supported installation method (that could be useful,
incidentally, also to some big sites) does not appear to be a good idea
and I am sure it is not what you mean.
What is probably missing is a "deployment strategy" document for small
sites, that is something completely different. Provided that a site
administrator knows which nodes he needs to install, it could then pick
just the needed variables in site-info.def by according to the "context"
information in the site configuration file specification.
Anyway I can agree with Jeff's consideration about the possibly
misleading example of site configuration file. I don't see any reasons
not to use comments line saying "you need this", "possibly you don't
need this", although to enrich too much that file with "strategic"
information could result, in the long term, in all site admins being
obliged to read it carefully at each release.
A probably even more proper place to add these comments would the site
configuration file specification, that all sites admins are supposed to
read once in life.
We'll do both things as a buffer solution for the next release, and
we'll start analyzing the documentation to see what's missing for small
sites. In that sense, as in this case, your feedback is welcome.
Antonio
-----Original Message-----
From: LHC Computer Grid - Rollout [mailto:[log in to unmask]]
On Behalf Of David Groep
Sent: Monday, January 17, 2005 9:04 PM
To: [log in to unmask]
Subject: Re: [LCG-ROLLOUT] IMPORTANT: clarifying purpose of Storage
Elemen ts etc
Hi all,
On Mon, Jan 17, 2005 at 08:17:21PM +0100, Jeff Templon wrote:
> It's even worse than that:
> > ...
> At some point we were wondering here why so many smaller sites were
> interested in setting up a MyProxy server. Just made no sense
> whatsoever. Until one of us was looking at the LCG manual install
> (specially recommended for small sites without a lot of expertise) and
> in the example config file, there was a) CE, b) SE, c) WN, d) MyProxy.
> All those myproxies since sites were just assuming they needed to have
> one of each just like the example!!
Could at least the MyProxy server be taken out of this example list?
Running a MyProxy server in a reasonable way is a very delicate
business,
there are no guidelines on how to operate a MyProxy server securely,
and even if there were any small sites are usually not up to par on
protecting stuff.
I think the ROCs/CICs/GOCs/Tier-1s/LargeSites(TM) are far better
equipped to take that role
(dedicated system, no normal user logins, additional firewalling
and a DMZ inbetween, intense IDS monitoring both on the box and the
network
and a very awake admin is the least what it takes to run a proper
MyProxy).
For this reason, NIKHEF does not run a MyProxy but happily leaves that
role to SARA :-)
An RB/BDII is a much more useful thing than a MyProxy server, even for
small sites, so if you crave for more example configs ...
Cheers,
DavidG.
--
David Groep
** National Institute for Nuclear and High Energy Physics, PDP
projectgroup **
** Room: H1.57 Phone: +31 20 592 2179, PObox 41882, NL-1009 DB Amsterdam
NL **
|