It requires a complete reconfiguration of my site - why should I be
enthusiastic about this ? (not saying I am not doing this, but still,
our setup was supported so far and now it's not anymore, so it's not a
minor issue)
I cannot see how this can work with our dCache setup *at all*. (As in
'I have no idea how to make this work, even if I try'. - What if I
can't ? The difficulty of preserving information about stored data was
discussed in the EMI upgrade context, but it applies here as well.)
Incidentally according to the documentation Argus only allows a single
user to set policies etc, surely if you aim for a somewhat better
site coverage, multiple admins would be the way forward ? Or do I
rerun yaim everytime I go home and Simon stays around longer ?
It just doesn't look all that well thought out to me.
Incidentally the glexec developers have answers Simon's query about
the SGE/glexec problem mentioned elsewhere on this list:
[this is from the glexec developers]
> this actually has come up very recently, in the context of Condor.
> So yes, it is a known problem, but only very recently. Note that
> not all batch system use tracking GIDs. Many sites have so-called
> reaper scripts running periodically, which kill daemonized user
> jobs.
> We have already been thinking about different ways to solve this
> problem, but don't yet have a timeline. Most probably we will add an
> option to either the glexec or lcmaps configuration file(s) to leave a
> certain range of GIDs intact.
This does not inspire confidence.
I don't find banning a user on all my 5 headnodes (4 CEs, one SE) all
that tedious to justify the above fallout.
Daniela
On 22 March 2011 16:08, John Gordon <[log in to unmask]> wrote:
> Daniela, I'd be surprised if a sysadmin was enthusiastic about Argus today - it is just a tool required by glexec. No life-enhancing characteristics:-)
>
> Security people *are* enthusiastic about it for what it might do in future e.g.
>
> - a single decision point to ban a rogue user from all your services in one go
> - linked in to a WLCG and/or EGI-wide blacklist so that bad folk get banned as soon as they are identified.
>
> Regards,
>
> John
>
>> -----Original Message-----
>> From: Testbed Support for GridPP member institutes [mailto:TB-
>> [log in to unmask]] On Behalf Of Daniela Bauer
>> Sent: 16 March 2011 12:22
>> To: [log in to unmask]
>> Subject: glexec in London
>>
>> Hi All,
>>
>> after last weeks dteam meeting, I've taken an unscientific survey for
>> the London sites and here's the answers (Chris of QMUL fame is on
>> holiday):
>>
> .
>>
>> - Brunel: glexec OK, have a stab at installing it around April.
>>
>> The enthusiasm for Argus seems to be still limited though.
>>
>> Daniela
>
--
-----------------------------------------------------------
[log in to unmask]
HEP Group/Physics Dep
Imperial College
Tel: +44-(0)20-75947810
http://www.hep.ph.ic.ac.uk/~dbauer/
|