LHC Computer Grid - Rollout
> [mailto:[log in to unmask]] On Behalf Of
> Maarten Litmaath, CERN said:
> > Why do we need an sgm account at all? Why don't we just rsync (or an
> > ssl/gsi protected version of rsync) from a VO managed
> server and drop
> > the sgm accounts all together?
>
> Yes, that seems a good idea! Does anyone see potential problems here?
> Firewall issues?
Like many things this has been discussed many times over the years -
there were even other solutions, like Tank and Spark that no-one used,
the alien package manager that was part of the original ARDA/glite
project, and suggestions about using pacman. The present system is one
of our many "short-term hacks" - the way the VO tags are managed is even
more clunky than the installation! The basic reason we eneded up with
the current solution is that it's relatively simple, and in particular
it implies little effort by the admins apart from configuring the disk
areas in the first place, everything else is done by the VOs. Also it
needs no intervention (daemons or whatever) on the WNs, since everything
is NFS-mounted - that's important at many sites, and also avoids
problems with WNs which are down which you'd have to worry about with
WN-local installations.
A more elaborate solution is certainly possible, but it will
immediately expand in all the usual directions - how do you know where
the VO repositories are? Push or pull? Is the system secure? How do the
VOs verify the installations? How are the tags published? Who manages
the process? ... basically it's another software development project,
for something which has worked reasonably well so far and hence hasn't
had anyone pushing for it. As I'm sure Markus and Ian will say, if we
allocate manpower to this, what else do we give up? :)
Stephen
|