Hi Matt,
On 07/20/2016 12:15 PM, Matt Williams wrote:
> However, it's still a shame that we have to do the mkgridmap stuff
> manually, has anyone attempted to centralise that?
It's comparatively easy to do this. These are the steps. On some
development system with sl6 on it, set up this file:
# cat sysadmin.hep.ac.uk.repo
[sysadmin.hep.ac.uk]
name=sysadmin.hep.ac.uk
baseurl=http://map2.ph.liv.ac.uk/yum/pub/www.sysadmin.hep.ac.uk/rpms/fabric-management/RPMS.vomstools/
enabled=1
gpgcheck=0
priority=100
Then do this:
# yum install VomsSnooper
# cd /opt/GridDevel/vomssnooper/usecases/
# mkdir puppetdpm
# cd puppetdpm
# touch novos.txt
# vi allvos.txt
In that file (allvos.txt) put the VOs you want to configure, one per
line e.g.
atlas
gridpp
No blanks, no spaces. Then put this shell script in the same dir:
# cat doit.sh
#!/bin/bash
PATH=/opt/GridDevel/bin:$PATH
# Tool to get the CIC XML File, and parse it, making SID and VOD records
# sj, 25 Jul 2016
rm -rf glitecfg/vo.d
mkdir -p glitecfg/vo.d
# Get the XML from the CIC Portal
wget -O VOIDCardInfo.xml
http://operations-portal.egi.eu/xml/voIDCard/public/all/true
# Make all the VODs
###vomsSnooper.sh --xmlfile VOIDCardInfo.xml --myvos allvos.txt
--vodfile allvos.txt --voddir glitecfg/vo.d --outfile
glitecfg/site-info.def --nosillysids --printvodtitle
# Make all the SIDs
vomsSnooper.sh --xmlfile VOIDCardInfo.xml --myvos allvos.txt --vodfile
novos.txt --voddir glitecfg/vo.d --outfile glitecfg/site-info.def
--nosillysids --printvodtitle
And run the shell scripts
# sh ./doit.sh
You'll end up with the YAIM settings for your VOs, i.e.
# cat glitecfg/site-info.def
VO_ATLAS_VOMS_SERVERS="'vomss://lcg-voms2.cern.ch:8443/voms/atlas?/atlas'
'vomss://voms2.cern.ch:8443/voms/atlas?/atlas' "
VO_ATLAS_VOMSES="'atlas lcg-voms2.cern.ch 15001
/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch atlas' 'atlas
voms2.cern.ch 15001 /DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch atlas' "
VO_ATLAS_VOMS_CA_DN="'/DC=ch/DC=cern/CN=CERN Grid Certification
Authority' '/DC=ch/DC=cern/CN=CERN Grid Certification Authority' "
blah blah blah
Next, you need to change the format - those parameters are for YAIM,
because when I wrote VomsSnooper, YAIM was the in-thing. But now the
in-thing is Puppet, so there has to be some conversion done. The next
script does the conversion, and spits out the data in the format you
need. It doesn't do the clinet bits, as John says you don't need them,
and it'd take me an hour to write that program because it's a bit trick.
Andway, give it a go and let me know how you get on.
Cheers,
Ste
--- THE PERL SCRIPT TO CONVERT THE FORMAT
#!/usr/bin/perl
use strict;
if ($#ARGV != 0) { die ("You have to give this script a site-info.def
file\n"); }
my $siteInfoDef = $ARGV[0];
if (! -f $siteInfoDef) { die ("You have to give this script a file that
actually exists!\n"); }
my @sidLines;
open(SID,$siteInfoDef) or die("There's still something wrong with that
file $!");
while (<SID>) {
my $line = $_; chomp($line);
push (@sidLines,$line);
}
close(SID);
# first, build up the class lines
foreach my $l (@sidLines) {
if ($l =~ /VO_.*_VOMS_SERVERS=.*\/([a-zA-Z0-9\.]+)/) {
my $voName = $1;
print "class{\"voms::$voName\":}\n";
}
}
print("\n\n");
# stick in this bit
print <<"END";
lcgdm::mkgridmap::file {"lcgdm-mkgridmap":
configfile => "/etc/lcgdm-mkgridmap.conf",
mapfile => "/etc/lcgdm-mapfile",
localmapfile => "/etc/lcgdm-mapfile-local",
logfile => "/var/log/lcgdm-mkgridmap.log",
groupmap => \$groupmap,
localmap => {"nobody" => "nogroup"}
}
END
# Next, build up the groupmap entries
print '$groupmap = {',"\n";
foreach my $l (@sidLines) {
if ($l =~ /VO_.*_VOMS_SERVERS=.*\/([a-zA-Z0-9\.]+)/) {
my $voName = $1;
while ($l =~ /\'(\S+)\' /g) {
my $vomssString = $1;
print (" \"$vomssString\" => \"$voName\"\,\n");
}
}
}
print '}',"\n";
--
Steve Jones [log in to unmask]
Grid System Administrator office: 220
High Energy Physics Division tel (int): 43396
Oliver Lodge Laboratory tel (ext): +44 (0)151 794 3396
University of Liverpool http://www.liv.ac.uk/physics/hep/
|