On this subject could someone send me their dcache.kpwd and/or
storage-authzdb files so that I can see who is being mapped to what,
particularly for atlas? I'm still confused about how I should be
configuring accounts and access on dcache beyond "all users map to a
single pool account per vo per role".
gPlazma is running using grid-vorolemap and fallback to dcache.kpwd.
Both (set up with yaim) map normal, prd and sgm users to different
accounts (and different groups for grid-vorolemap).
Setting all roles in one vo to one account and group would make things
much easier but I suspect that isn't recommended.
Thanks,
John
Greig Alan Cowan wrote:
> No, we don't. We should continue to use production accounts though.
>
> Greig
>
> On 10/03/08 13:31, Alessandra Forti wrote:
>> Hi,
>>
>> in addition to John questions... do we really need sgm accounts on the
>> storage?
>>
>> thanks
>>
>> cheers
>> alessandra
>>
>> John Bland wrote:
>>> Hi,
>>>
>>> We're in the process of setting up reservations for VOs on our dcache
>>> system but ran into a problem with standard and prd/sgm accounts.
>>>
>>> Our current account mapping system maps standard accounts to VO001,
>>> prd accounts to prdVO01 and sgm accounts to sgmVO01.
>>>
>>> The reservation linkgroupauthorisations, however, are just for the
>>> standard account and the examples shown in previous threads by other
>>> sites don't have any mention of sgm/prd accounts in them. This leads
>>> to sgmops jobs being unable to write to the dteam/ops reservation.
>>>
>>> LinkGroup dteam-linkGroup
>>> dteam001/Role=*
>>> /dteam/Role=*
>>> ops001/Role=*
>>> /ops/Role=*
>>> sgmops01/Role=*
>>> /ops/Role=*
>>>
>>> LinkGroup lhcb-linkGroup
>>> lhcb001/Role=*
>>> /lhcb/Role=*
>>>
>>> LinkGroup atlas-linkGroup
>>> atlas001/Role=*
>>> /atlas/Role=*
>>>
>>>
>>> Are we mapping our accounts incorrectly for dcache or is there a
>>> recommended way of authorising them for reservations (the sgmops
>>> entry above didn't work)?
>>>
>>> Thanks,
>>>
>>> John
>>>
>>
--
Dr John Bland, Systems Administrator
Room 210, Oliver Lodge
Particle Physics Group, University of Liverpool
Mail: [log in to unmask]
Tel : 0151 794 3396
|