Sorry, the last statement was incorrect - yaim uses users.conf to
populate the whitelist.
John
On 09/01/2014 16:06, John Hill wrote:
> I certainly use the same users.conf and groups.conf on my CREAM CE and
> WNs. What I don't understand is how the whitelist already includes
> ".pilops" as yaim uses groups.conf to populate that field.
>
> John
>
> On 09/01/2014 15:56, Matt RB wrote:
>> Hi Luke,
>> On 09/01/14 15:20, L Kreczko wrote:
>>>> That line for our nodes looks like:
>>>> user_white_list = .pilops,.pildteam,.pilatl,.pilsno
>>>>
>>>> so hopefully pilops is the correct one here?
>>> You can check your groups.conf for this (if configured with YAIM). For
>>> us it is
>>> /ops/ROLE=pilot":::sgm:
>>> so the pilot role is actually mapped to opssgm instead of opspilXXX.
>>> That caused us some problems recently.
>>
>> I have (/etc/yaim/groups.conf):
>> "/ops/GROUP=/ops/ROLE=lcgadmin":::sgm:
>> "/ops/GROUP=/ops"::::
>>
>> so am I maybe missing a line with /ops/ROLE=pilot ?
>>
>> In fact, I looked on our cream server and it has some differences for
>> it's groups.conf:
>>
>> This is a diff between the WN and the cream server for this
>> yaim/groups.conf:
>>
>> diff wn-groups.conf cream-groups.conf
>> 5,8c5,11
>> < "/dteam/GROUP=/dteam/ROLE=lcgadmin":::sgm:
>> < "/dteam/GROUP=/dteam"::::
>> < "/ops/GROUP=/ops/ROLE=lcgadmin":::sgm:
>> < "/ops/GROUP=/ops"::::
>> ---
>> > "/dteam/ROLE=lcgadmin":::sgm:
>> > "/dteam/ROLE=production":::prd:
>> > "/dteam"::::
>> > "/ops/ROLE=lcgadmin":::sgm:
>> > "/ops/ROLE=production":::prd:
>> > "/ops/ROLE=pilot":::pilot:
>> > "/ops"::::
>>
>> I'm wondering whether the groups.conf on the WNs is wrong therefore and
>> should be updated to be the same as that of the CREAM server?
>>
>> Cheers,
>> Matt
|