On 08/03/2012 02:37 PM, Stephen Burke wrote:
> Testbed Support for GridPP member institutes [mailto:TB-
>> [log in to unmask]] On Behalf Of Stephen Jones said:
>> I'd be grateful if sites who
>> don't use this pattern could let me know how they choose the FQANs to
>> put inside the groups.conf file.
>>
>> The point is that it's the VO that chooses the FQANs and how they get used, so they need to communicate that to sites - ideally via the CIC portal. It's probably worth creating the sgm account "just in case" because it will make life easier if the VO starts to use it, but otherwise I doubt you need to do anything beyond the default /vo and /vo/* if there is no explicit request.
Hi Steve,
I'm opening a can of worms on this (but that's part of my job as
"documentation coordinator"). So let me summarize the current state of
the world.
a) There is an undocumented "de facto standard pattern". Many sites use
it (at least Liverpool and Imperial) instead of referring to the FQANs
in the CIC Portal.
b) The VO chooses the FQANs and needs to communicate it to sites via the
CIC portal.
There is clear a disconnect there. A site either uses the pattern or
queries the CIC portal (for any particular VO, or even all the VOs). So
either the CIC Portal is ignored, or the pattern is ignored. Hm.... And
there's another problem - we know that the CIC portal lags behind and
has cruft in it.
That's the can of worms. One way to put the lid back on is to use both
the pattern and the CIC FQANs (where they don't conflict). At least that
way the VO gets what it bargains for, and if the VO gets it wrong then
it ends up with a viable set of FQANs anyway (via the pattern). Another
way to put the lid on is to put no FQANs in groups.conf unless they are
well defined in the CIC Portal (that's the hardcore option). Or we could
just leave the lid off (i.e. the do nothing option). I'll have to think
about this.
> Incidentally, there's an archaic format which looks something like VO=atlas/GROUP=/atlas/ROLE=lcgadmin/Capability=NULL which is no longer supported, so if anyone still has that it needs to be changed.
>
Good point. I'll advertise that.
Cheers,
Steve
--
Steve Jones [log in to unmask]
System Administrator office: 220
High Energy Physics Division tel (int): 42334
Oliver Lodge Laboratory tel (ext): +44 (0)151 794 2334
University of Liverpool http://www.liv.ac.uk/physics/hep/
|