On Fri, Feb 25, 2005 at 02:08:37PM +0000 or thereabouts, Owen Synge wrote:
> On Fri, 2005-02-25 at 13:36 +0000, Alessandra Forti wrote:
> > Hi,
> >
> > I regret to say I could start only today. However I'll send my comments
> > while doing.
> >
> > Requirements - Basics
> >
> > It should be specified that a host certificate for each node is required.
> > This bring me to two questions:
>
> Good point, I didn't think of that because that will be true in the
> Grid.
>
> >
> > 1) Has anything been done to automate the host certificates requests? I
> > requested 3 but.....
>
> Please talk to the grid support centre they know about this sort of
> think, Mike Jones did something, Steve T may have something.
Andrew informed us yesterday that GSI does some strange thing where if
you have a certificate for
service.gridpp.rl.ac.uk
then it will accept the hostnames presenting this certifcate as long as
they match.
service-whateverYouWant.gridpp.rl.ac.uk
Completly untested or confirmed. Jens? Sounds pretty scary if true since
trustworthy DNS becomes vital.
>
> >
> > 2) Can dcache/srm work with http(s) rather than gridftp? I think I've
> > already asked for this at the EGEE conference and Owen said yes it
> > could be implemented.
>
> Yes very easily in my software but in DCache I don't know how much
> effort would be required, and it is certainly possible with the SRM API
> in general.
>
> > Installation - Getting the software
> >
> > Is there any difference between the tar file that can be downloaded from
> > dcache website and the lcg rpm that can be downloaded from cern?
>
> Yes one is a setup script from LCG in sh the other is D-Cache in Java
> and C
The tar ball from dcache.org contains I think 3 rpms , lcg provides one
extra rpm which is basically a config script.
>
> > Why isn't dcache software yet in the yum repository at CERN?
It has not been released as part of any LCG version. When this happens it will
be.
>
> Good question, I guess its a licencing issue.
>
> > Is it possible to add URL for downloading the software rather than saying
> > you need these rpms? Even better would be if a dcache rpm repository could
> > be setup at RAL (or even at whatever site) for sites who want to start
> > testing dcache.
>
> D-Cache has no rpm repository, worse still they don't keep old versions
> available.
>
> > Is the mkgridmap.sh script that is used at ral and different from the
> > edg-mkgridmap script? Maybe it's cleaner to use the lcg rpms also for
> > this.
>
> cat /root/install-scripts/mkgridmap.sh
> #!/bin/sh
>
> # Attempt to build a mkgridmap file.
>
> yum -y -d 0 -t install edg-mkgridmap edg-mkgridmap-conf
>
> cat <<EOF>/opt/edg/etc/edg-mkgridmap.conf
>
> # Map VO members cms
> group ldap://grid-vo.nikhef.nl/ou=lcg1,o=cms,dc=eu-datagrid,dc=org .cms
>
> # Map VO members dteam
> group ldap://lcg-vo.cern.ch/ou=lcg1,o=dteam,dc=lcg,dc=org .dteam
>
> # A list of athorised users.
> auth ldap://lcg-registrar.cern.ch/ou=users,o=registrar,dc=lcg,dc=org
>
> gmf_local /opt/edg/etc/grid-mapfile-local
>
> EOF
>
> touch /opt/edg/etc/grid-mapfile-local
>
> /opt/edg/sbin/edg-mkgridmap --output=/etc/grid-security/grid-mapfile
> --safe
>
>
> cat<<EOF>/etc/cron.d/edg-mkgridmap
> 50 */6 * * * root /opt/edg/sbin/edg-mkgridmap
> --output=/etc/grid-security/grid-
> mapfile --safe
> EOF
>
>
> > thanks
> >
> > End of part one.
> > alessandra
>
>
> Thanks for part1 looking forward to part2
>
> Regards
>
> Owen S
--
Steve Traylen
[log in to unmask]
http://www.gridpp.ac.uk/
|