> On 14 Jul 2014, at 14:36, "Stephen Jones" <[log in to unmask]> wrote:
>
>> On 07/14/2014 11:00 AM, Stephen Burke wrote:
>> Stephen Jones [mailto:[log in to unmask]] said:
>>> As Chris says, if a VOMS server is to be deleted, UIs need to remove
>>> it first (or it
>>> needs to be blocked from giving out proxies) so that the supply of new
>>> proxies
>>> dries up while existing ones remain valid for a short while. Once they
>>> have dried up and expired, the VOMS server can be removed from
>>> the rest of the site.
>>>
>>> Observation 1: Obviously all this means that, for the period, Approved
>>> VOs/Ops Portal is
>>> wrong if it includes the To-Be-Deleted VOMS Server, and also wrong if
>>> it excludes it! Hm...
>> IMO the VO should just turn the VOMS server off. The clients will then fail over to the next one, all proxies will be gone within 24 hours, and sites can remove the configuration at their leisure.
>>
>> Stephen
>>
>
> Good. If the system is designed to cope with this, we should allow
> it to. The full SOE might formally be:
>
> Turn off the VOMS Server.
> Clients will fail over to the next one.
> All proxies will be gone within 24 hours.
> Formally switch (i.e. remove deleted server from Ops Portal).
> The normal process for site updates then takes place.
>
> Is there any hitch? I can't see one.
And to add a voms server, how about:
firewall it off except to test locations, and only remove the firewall when sites have added the config to their services.
Chris
>
> Steve
>
>
> --
> Steve Jones [log in to unmask]
> System Administrator office: 220
> High Energy Physics Division tel (int): 42334
> Oliver Lodge Laboratory tel (ext): +44 (0)151 794 2334
> University of Liverpool http://www.liv.ac.uk/physics/hep/
|