Hi Goncalo,
I cannot claim to know all details of the CMS October exercise, but to
my knowledge CMS wants to test an implementation of the VOMS role
"priorityuser". Special tratement of local user is not asked for. Find
some information here:
https://twiki.cern.ch/twiki/bin/view/CMS/AnalysisOpsPriorityuser#Tier_2_Sites_Responsibility
Anyway your question is quite interesting (perhaps independent of the
CMS exersice). As Stephen mentioned for ATLAS there are a few national
VOMS groups configured in CMS:
Belgium, Germany, Spain, France, India, Italy, Taiwan, US.
I know that the German sites use this for allocating special shares.
Cheers, Christoph
On Wed, 30 Sep 2009 18:39:12 +0100
Gonçalo Borges <[log in to unmask]> wrote:
> Hi All...
>
> Sometime ago I started a thread asking for help on how to identify my
> institution local users. As part of a T2+T3, I have to provide a share
> of resources to my local users. Local users are here defined as users
> which via grid will preferable run their jobs in a specific site... A
> local user might be a person sitting in the office next to mine or
> someone from other institution in my region or federation. The answer
> was that a new tool was being developed but I'm not sure if it is
> already in production.
>
> As you probably know, next week there will be a CMS exercise, and my
> local CMS staff asked me to implement this reserved share of resources,
> since this is exactly one of the issues they will try to exercise.
> Searching a bit, I've seen that yaim supports a LOCAL_GROUPS_CONF
> variable, but it doesn't fit my needs since that variable is based on
> VOMS FQANs. There is no specific/dedicated VOMS FQAN to these local
> users, and therefore, the only way I have to identify them is checking
> their DNs.
>
> The only way I can think on how proceed as requested is to configure
> those DNs under the grid-mapfile-local file. However this raise me a
> couple of questions:
>
> 1./ Is this action sufficient? Is there an alternative way to do it?
>
> 2./ Will the settings in grid-mapfile-local be obeyed even if the user
> proxy comes with a VOMS FQAN? I have the feeling that grid-mapfile is
> only checked for proxies without VOMS FQANS... please correct me if i'm
> wrong...
>
> Thanks in Advance for the herlp
> Cheers
> Goncalo
|