PS: I anyone needs the tricky client bits, I'll make the script spit
those out too.
Maybe I'll add this as a VomsSnooper usecase, if people think it's worth it.
BTW: This is just a rough lash up for Matt, of course.
If it's useful, I'll tidy it up, and write the conversion in Python,
which is neater (but python has much less Whipupability than Perl does ...)
Cheers,
Ste
On 07/25/2016 05:28 PM, Stephen Jones wrote:
> Hi Matt,
>
> On 07/20/2016 12:15 PM, Matt Williams wrote:
>> However, it's still a shame that we have to do the mkgridmap stuff
>> manually, has anyone attempted to centralise that?
>
> It's comparatively easy to do this. These are the steps. On some
> development system with sl6 on it, set up this file:
>
> # cat sysadmin.hep.ac.uk.repo
> [sysadmin.hep.ac.uk]
> name=sysadmin.hep.ac.uk
> baseurl=http://map2.ph.liv.ac.uk/yum/pub/www.sysadmin.hep.ac.uk/rpms/fabric-management/RPMS.vomstools/
>
> enabled=1
> gpgcheck=0
> priority=100
>
> Then do this:
> # yum install VomsSnooper
> # cd /opt/GridDevel/vomssnooper/usecases/
> # mkdir puppetdpm
> # cd puppetdpm
> # touch novos.txt
> # vi allvos.txt
>
> In that file (allvos.txt) put the VOs you want to configure, one per
> line e.g.
> atlas
> gridpp
>
> No blanks, no spaces. Then put this shell script in the same dir:
>
> # cat doit.sh
> #!/bin/bash
>
> PATH=/opt/GridDevel/bin:$PATH
>
> # Tool to get the CIC XML File, and parse it, making SID and VOD records
> # sj, 25 Jul 2016
>
> rm -rf glitecfg/vo.d
> mkdir -p glitecfg/vo.d
>
> # Get the XML from the CIC Portal
> wget -O VOIDCardInfo.xml
> http://operations-portal.egi.eu/xml/voIDCard/public/all/true
>
> # Make all the VODs
> ###vomsSnooper.sh --xmlfile VOIDCardInfo.xml --myvos allvos.txt
> --vodfile allvos.txt --voddir glitecfg/vo.d --outfile
> glitecfg/site-info.def --nosillysids --printvodtitle
>
> # Make all the SIDs
> vomsSnooper.sh --xmlfile VOIDCardInfo.xml --myvos allvos.txt
> --vodfile novos.txt --voddir glitecfg/vo.d --outfile
> glitecfg/site-info.def --nosillysids --printvodtitle
>
> And run the shell scripts
> # sh ./doit.sh
>
> You'll end up with the YAIM settings for your VOs, i.e.
>
> # cat glitecfg/site-info.def
> VO_ATLAS_VOMS_SERVERS="'vomss://lcg-voms2.cern.ch:8443/voms/atlas?/atlas'
> 'vomss://voms2.cern.ch:8443/voms/atlas?/atlas' "
> VO_ATLAS_VOMSES="'atlas lcg-voms2.cern.ch 15001
> /DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch atlas' 'atlas
> voms2.cern.ch 15001 /DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch atlas' "
> VO_ATLAS_VOMS_CA_DN="'/DC=ch/DC=cern/CN=CERN Grid Certification
> Authority' '/DC=ch/DC=cern/CN=CERN Grid Certification Authority' "
>
> blah blah blah
>
> Next, you need to change the format - those parameters are for YAIM,
> because when I wrote VomsSnooper, YAIM was the in-thing. But now the
> in-thing is Puppet, so there has to be some conversion done. The next
> script does the conversion, and spits out the data in the format you
> need. It doesn't do the clinet bits, as John says you don't need them,
> and it'd take me an hour to write that program because it's a bit
> trick. Andway, give it a go and let me know how you get on.
>
> Cheers,
>
> Ste
>
> --- THE PERL SCRIPT TO CONVERT THE FORMAT
>
> #!/usr/bin/perl
> use strict;
>
> if ($#ARGV != 0) { die ("You have to give this script a site-info.def
> file\n"); }
>
> my $siteInfoDef = $ARGV[0];
>
> if (! -f $siteInfoDef) { die ("You have to give this script a file
> that actually exists!\n"); }
>
> my @sidLines;
> open(SID,$siteInfoDef) or die("There's still something wrong with that
> file $!");
> while (<SID>) {
> my $line = $_; chomp($line);
> push (@sidLines,$line);
> }
> close(SID);
>
> # first, build up the class lines
> foreach my $l (@sidLines) {
> if ($l =~ /VO_.*_VOMS_SERVERS=.*\/([a-zA-Z0-9\.]+)/) {
> my $voName = $1;
> print "class{\"voms::$voName\":}\n";
> }
> }
> print("\n\n");
>
> # stick in this bit
>
> print <<"END";
> lcgdm::mkgridmap::file {"lcgdm-mkgridmap":
> configfile => "/etc/lcgdm-mkgridmap.conf",
> mapfile => "/etc/lcgdm-mapfile",
> localmapfile => "/etc/lcgdm-mapfile-local",
> logfile => "/var/log/lcgdm-mkgridmap.log",
> groupmap => \$groupmap,
> localmap => {"nobody" => "nogroup"}
> }
> END
>
> # Next, build up the groupmap entries
> print '$groupmap = {',"\n";
> foreach my $l (@sidLines) {
> if ($l =~ /VO_.*_VOMS_SERVERS=.*\/([a-zA-Z0-9\.]+)/) {
> my $voName = $1;
> while ($l =~ /\'(\S+)\' /g) {
> my $vomssString = $1;
> print (" \"$vomssString\" => \"$voName\"\,\n");
> }
> }
> }
> print '}',"\n";
>
>
>
>
--
Steve Jones [log in to unmask]
Grid System Administrator office: 220
High Energy Physics Division tel (int): 43396
Oliver Lodge Laboratory tel (ext): +44 (0)151 794 3396
University of Liverpool http://www.liv.ac.uk/physics/hep/
|