Frederic,
Like Yves has already commented, we would appreciate being able to see
the source code of the "script" that you would like us to run on our
DPMs. I think this is particularly important given the "EXTREMELY
DELICATE" nature of the operation that is required.
Also, I am confused as to why Atlas need to provide a binary in order
for these operations to be carried out. Why not just ask the site admins
to use the dpns-setacl command in order to set the correct permissions
on the required atlas directories. I would much prefer this approach
than the method that has been suggested.
Cheers,
Greig
Frederic Brochu wrote:
> Dear all,
>
> Apologies if this message does not apply to you.
>
> We need to update as soon as possible the ACLs for the ATLAS area on the
> following DPMs:
>
> svr018.gla.scotgrid.ac.uk
> se1.pp.rhul.ac.uk
> gallows.dur.scotgrid.ac.uk
> pc55.hep.ucl.ac.uk
> gw-3.ccc.ucl.ac.uk
> serv02.hep.phy.cam.ac.uk
> se01.esc.qmul.ac.uk
> t2se01.physics.ox.ac.uk
> gc-grid-34.brunel.ac.uk
>
> The instructions are as follows.
> Let me know if you do not have AFS access so I would put the tarball in my
> web area in Cambridge.
>
> Cheers,
>
> Frederic
>
>
> Dear all.
>
> As you surely know, an ACL change is needed in all DPMs used by ATLAS.
> Lana and Jean Philippe provided a script performing the change at the
> MySQL level, which I put in a tarball, with its configuration file in
>
> /afs/cern.ch/user/c/campanas/public/DPM/update_acl_formysql.tar
>
> In the same tarball there is an "instructions" file which explains what to
> do. I attach the instructions also at the bottom of the email. Please
> notice that the ACL change has to be done twice. The script removes the DB
> password from the config file, remember to re-introduce it.
>
> People should read carefully all the instructions before starting doing
> anything and contact me in case of any doubt.
>
> The script has been successfully tested in Milano. We should start
> applying it gradually and receive feedback, to make sure nothing is
> missing. Since there are a lot of jobs assigned to IT and FR clouds, I
> would start from those ones, since there is where more desperately DPMs
> for outputs are needed.
>
> INSTRUCTIONS FOR THE DPM ACL CHANGE FOR ATLAS
> ---------------------------------------------
>
> INITIAL WARNING: this operation is **EXTREMELY DELICATE**. The risk is the
> corruption of all entries in the DPM.
> Please read those instructions carefully and ask for help in case you are
> not sure about what to do.
> A backup of the DPM MySQL database before the operation would be
> appropriate.
>
> 1) Download the tar file on a LCG user interface and unzip it.
> It is made of of 2 files (config_file.data and UpdateACLForMySQL)
>
> 2) Fill in the config_file.dat with the proper information.
> Each entry must be terminated by ; (a semi column).
> The "socket_path" and "socket_port" are optional.
> You can leave them blank without ";" at the end but DO NOT REMOVE the
> line.
>
> This is an example of the configuration file used for the MILANO DPM:
>
> ********************************************************************
>
> mysql_host_name=grid006.mi.infn.it;
> mysql_user_name=dpm;
> mysql_pwd=<THEPWD>;
> mysql_db_name=cns_db;
> mysql_port_nb=
> mysql_socket_path=
> new_gid_acl=atlas/Role=production;
> new_directory_path=/dpm/mi.infn.it/home/atlas/simone_ACL_2;
>
> *********************************************************************
>
> Please notice many aspects:
>
> a) "mysql_host_name" contains also the domain.
> b) "mysql_user_name" must be changed to your MySQL user for DPM
> c) "mysql_pwd" remember to put the PWD here, FOLLOWED by
> semi-column ";"
> d) "mysql_db_name" must be changed to your MySQL db name for DPM
> e) "mysql_port_nb" and "mysql_socket_path are optional, but see
> what statet above about not removing them.
> f) You will need to be extremely carefull with "new_gid_acl" and
> "new_directory_path". See the end of this document.
>
> 3) chmod +x UpdateACLForMySQL
>
> 4) launch the application ./UpdateACLForMySQL
>
>
>
> IMPORTANT: what to change?
> --------------------------
>
> You will need to run the command twice and modify the config file each
> time.
>
> - The 1st time you will grand write access to the "production" role into
> the ATLAS "dq2" area. This
> will allow production jobs to store data in the DPM.
> Set "new_gid_acl" and "new_directory_path" in the config file as
> follows:
>
> new_gid_acl=atlas/Role=production;
> new_directory_path=<ATLAS_DPM_HOME>/dq2;
>
> <ATLAS_DPM_HOME> is the home directory of ATLAS in DPM, which in the
> case of Milano is "/dpm/mi.infn.it/home/atlas"
>
> - The 2nd time you will grand write access to the "lcgadmin" role into the
> ATLAS "generated" area. This will
> allow the SAM SRM test to run successfully (if the rest is working of
> course ..)
> Set "new_gid_acl" and "new_directory_path" in the config file as
> follows:
>
> new_gid_acl=atlas/Role=lcgadmin;
> new_directory_path=<ATLAS_DPM_HOME>/generated;
>
> <ATLAS_DPM_HOME> is the home directory of ATLAS in DPM, which in the
> case of Milano is "/dpm/mi.infn.it/home/atlas"
|