Daniela, I wasn't trying (or indeed expecting) to make you enthusiastic about Argus. I haven't heard your dcache problem, has it been expressed formally to the dcache or argus people? They are both in EMI now so it should be easier to make them think of each other and their interworking.
It is not that long since we were asked by many routes for requirements for EMI-2. We should put UK requirements into their process. We then have the moral high ground if such problems crop up later but hopefully there is less chance they will. It sounds like several sites have the asymmetric CE problem. Does anyone know if it was input to EMI? Does SCAS have the same behaviour? GUMS?
Regards,
John
> -----Original Message-----
> From: Testbed Support for GridPP member institutes [mailto:TB-
> [log in to unmask]] On Behalf Of Daniela Bauer
> Sent: 22 March 2011 16:22
> To: [log in to unmask]
> Subject: Re: glexec in London
>
> It requires a complete reconfiguration of my site - why should I be
> enthusiastic about this ? (not saying I am not doing this, but still,
> our setup was supported so far and now it's not anymore, so it's not a
> minor issue)
> I cannot see how this can work with our dCache setup *at all*. (As in
> 'I have no idea how to make this work, even if I try'. - What if I
> can't ? The difficulty of preserving information about stored data was
> discussed in the EMI upgrade context, but it applies here as well.)
>
> Incidentally according to the documentation Argus only allows a single
> user to set policies etc, surely if you aim for a somewhat better
> site coverage, multiple admins would be the way forward ? Or do I
> rerun yaim everytime I go home and Simon stays around longer ?
>
> It just doesn't look all that well thought out to me.
>
> Incidentally the glexec developers have answers Simon's query about
> the SGE/glexec problem mentioned elsewhere on this list:
>
> [this is from the glexec developers]
>
> > this actually has come up very recently, in the context of Condor.
> > So yes, it is a known problem, but only very recently. Note that
> > not all batch system use tracking GIDs. Many sites have so-called
> > reaper scripts running periodically, which kill daemonized user
> > jobs.
>
> > We have already been thinking about different ways to solve this
> > problem, but don't yet have a timeline. Most probably we will add an
> > option to either the glexec or lcmaps configuration file(s) to leave a
> > certain range of GIDs intact.
>
> This does not inspire confidence.
>
> I don't find banning a user on all my 5 headnodes (4 CEs, one SE) all
> that tedious to justify the above fallout.
>
>
> Daniela
>
> On 22 March 2011 16:08, John Gordon <[log in to unmask]> wrote:
> > Daniela, I'd be surprised if a sysadmin was enthusiastic about Argus
> today - it is just a tool required by glexec. No life-enhancing
> characteristics:-)
> >
> > Security people *are* enthusiastic about it for what it might do in
> future e.g.
> >
> > - a single decision point to ban a rogue user from all your services in
> one go
> > - linked in to a WLCG and/or EGI-wide blacklist so that bad folk get
> banned as soon as they are identified.
> >
> > Regards,
> >
> > John
> >
> >> -----Original Message-----
> >> From: Testbed Support for GridPP member institutes [mailto:TB-
> >> [log in to unmask]] On Behalf Of Daniela Bauer
> >> Sent: 16 March 2011 12:22
> >> To: [log in to unmask]
> >> Subject: glexec in London
> >>
> >> Hi All,
> >>
> >> after last weeks dteam meeting, I've taken an unscientific survey for
> >> the London sites and here's the answers (Chris of QMUL fame is on
> >> holiday):
> >>
> > .
> >>
> >> - Brunel: glexec OK, have a stab at installing it around April.
> >>
> >> The enthusiasm for Argus seems to be still limited though.
> >>
> >> Daniela
> >
>
>
>
> --
> -----------------------------------------------------------
> [log in to unmask]
> HEP Group/Physics Dep
> Imperial College
> Tel: +44-(0)20-75947810
> http://www.hep.ph.ic.ac.uk/~dbauer/
|