Hi Daniela, Simon,
I've done this for Liverpool, as you asked. To re-iterate, I updated
groups.conf, users.conf, site-info.def, the Argus policy, the Maui
config, the PBS (qmgr) config. Then I had to do much yaiming on the CEs,
PBS, WNs, and reload a few servers (Argus, Maui, PBS, ...) We don't
think it impacts storage. One thing to watch - make sure to use unique
numbers for the new users and (esp) groups. It's easy for one system in
a cluster of service nodes and WNs to have (say) a single weird numbered
group amongst all that, and it would take quite a bit of backing out if
you hit one. Can you test it now? Try (say) these CEs:
hepgrid2.ph.liv.ac.uk:2811/nordugrid-Condor-grid
hepgrid5.ph.liv.ac.uk:8443/cream-pbs-long
Cheers,
Steve
On 08/04/2015 12:33 PM, Daniela Bauer wrote:
> Hi All,
>
> As discussed in the ops meeting we would like sites to enable glexec
> for small VOs. The setup would be identical to CMS, Atlas and LHCb,
> i.e. jobs arrive under a pilot proxy (mapped to a pilot account) and
> then switch to a user account (using the user proxy that is shipped
> with the pilot).
> We think this is necessary as otherwise it would be feasible for users
> to steal a copy of the pilot proxy. As this proxy is used by multiple
> VO in principle a user might access a different VO's data (or get up
> to other shenanigans using a proxy that isn't their own).
> Note that we cannot enable glexec per site/VO, it has to be enabled
> for all VOs/sites or none. That means if you do not want to enable
> glexec for a VO, you need to stop supporting the VO altogether as
> otherwise dirac will try and run (and fail) jobs at your site.
>
> Regards,
> Daniela and Simon
>
> --
> Sent from the pit of despair
>
> -----------------------------------------------------------
> [log in to unmask] <mailto:[log in to unmask]>
> HEP Group/Physics Dep
> Imperial College
> London, SW7 2BW
> Tel: +44-(0)20-75947810
> http://www.hep.ph.ic.ac.uk/~dbauer/
> <http://www.hep.ph.ic.ac.uk/%7Edbauer/>
--
Steve Jones [log in to unmask]
Grid System Administrator office: 220
High Energy Physics Division tel (int): 43396
Oliver Lodge Laboratory tel (ext): +44 (0)151 794 3396
University of Liverpool http://www.liv.ac.uk/physics/hep/
|