Hi,
The following SEE-GRID guide can be of help - it even provides a script for
generating users.conf according to the newly suggested notation (prd and sgm
as prefixes, not suffixes), and which puts prd and sgm pool accounts after
ordinary VO pool accounts:
http://wiki.egee-see.org/index.php/SG_GLITE-3_0_2_Guide
It is easy to change the script to support just static one prd and/or sgm
account, if necessary.
Best regards, Antun
-----
Antun Balaz
Research Assistant
E-mail: [log in to unmask]
Web: http://scl.phy.bg.ac.yu/
Phone: +381 11 3713152
Fax: +381 11 3162190
Scientific Computing Laboratory
Institute of Physics, Belgrade, Serbia
-----
---------- Original Message -----------
From: Maarten Litmaath <[log in to unmask]>
To: [log in to unmask]
Sent: Tue, 3 Jul 2007 21:09:46 +0200
Subject: Re: [LCG-ROLLOUT] warning on sgm/prd pool account prefixes
> Gonçalo Borges wrote:
>
> > Dear All,
> >
> > I must say I'm a little bit confused about the prd and sgm stuff...
> > I think the way things were done was not smooth, and if the information
> > is available, it is so spread that it becomes almost unreachable.
> >
> > So, here are my main questions:
> >
> > 1) How do you configure mapping through a static account? Which files do
> > you have to change and how?
>
> Your users.conf. See below.
>
> > 2) How do you configure mapping through pool accounts? Which files do
> > you have to change and how?
> > 3) Now I've learned that I can not use configuration like the one bellow
> > because of the sgm termination in our lcg-CE:
> >
> > [root@wn03sge root]# cat /root/site-cfg/users-egee.conf | grep ops
> > 20000:opssgm:20000,20001:opssgm,ops:ops:sgm:
>
> That "opssgm" account is not needed when you have sgm pool accounts.
>
> > 20991:opssgm001:20000,20001:opssgm,ops:ops:sgm:
> > 20992:opssgm002:20000,20001:opssgm,ops:ops:sgm:
> > 20993:opssgm003:20000,20001:opssgm,ops:ops:sgm:
> > 20994:opssgm004:20000,20001:opssgm,ops:ops:sgm:
> > 20995:opssgm005:20000,20001:opssgm,ops:ops:sgm:
> > 20996:opssgm006:20000,20001:opssgm,ops:ops:sgm:
> > 20997:opssgm007:20000,20001:opssgm,ops:ops:sgm:
> > 20998:opssgm008:20000,20001:opssgm,ops:ops:sgm:
>
> Those accounts have "opssgm" as their prefix, which is an extension
> of the "ops" prefix already used for the ordinary pool accounts below.
>
> The broadcast said the accounts should instead be named e.g. as follows:
>
> 20991:sgmops01:20000,20001:sgmops,ops:ops:sgm:
> 20992:sgmops02:20000,20001:sgmops,ops:ops:sgm:
> 20993:sgmops03:20000,20001:sgmops,ops:ops:sgm:
> 20994:sgmops04:20000,20001:sgmops,ops:ops:sgm:
> 20995:sgmops05:20000,20001:sgmops,ops:ops:sgm:
> 20996:sgmops06:20000,20001:sgmops,ops:ops:sgm:
> 20997:sgmops07:20000,20001:sgmops,ops:ops:sgm:
> 20998:sgmops08:20000,20001:sgmops,ops:ops:sgm:
>
> (It is advisable to keep account names at most 8 characters long.)
>
> > 20001:ops001:20001:ops:ops::
> > 20002:ops002:20001:ops:ops::
> > 20003:ops003:20001:ops:ops::
> > 20004:ops004:20001:ops:ops::
> > 20005:ops005:20001:ops:ops::
> > 20006:ops006:20001:ops:ops::
> > 20007:ops007:20001:ops:ops::
> > 20008:ops008:20001:ops:ops::
> > 20009:ops009:20001:ops:ops::
>
> For example, suppose that for "dteam" you keep the static sgm
> account, something like this:
>
> 19999:dteamsgm:19000:dteam:dteam:sgm:
>
> YAIM will detect that you just have a single sgm account for that VO
> and put the corresponding mapping in edg-mkgridmap.conf etc.
>
> YAIM will warn if there is a single sgm _pool_ account definition:
>
> 20991:sgmops01:20000,20001:sgmops,ops:ops:sgm:
>
> Note that an sgm pool account has 2 groups separated by a comma,
> whereas a static account has just 1 group.
>
> > By the way, I just noticed that this kind of configuration is indeed
> > checked in the CE (it gives an error if it isn't like this for OPS) but
> > in the WN gives an error "[ERROR] Failed to add group opssgm,ops" in
> > glite-yaim-3.0.1-22.
>
> Alexander Piavka supplied a workaround for that problem: put the sgm/prd
> pool accounts _after_ the ordinary pool accounts in your users.conf.
------- End of Original Message -------
|