Hello all,
I`ve been new to glite3.1 and DPM so I`ve been a bit awkward with
config. So there are some questions. It`s mostly of interest and not
so important in short time.
First, DPM
I now have values VO_DEFAULT_SE set in environment for all grid user
accounts, that is why SAM-tests failed, though they somehow appeared in
dpm-gsiftp.logs. Reconfiguration with yaim(glite-yaim-lcg-ce-4.0.4-2)
don`t help with environment, though wiki says that file defaults/site-info.pre
is sourced before site-info.def. So, I believed, environment must be set
correctly(exactly unset), additionally I haven`t ever changed them
from default, however it was parsed and accepted.
Does it really need some special manipulations with profile.d and no
other way?
Well, now I reset these values - commented in site-info.def and remove
from glite_environment. But now there is warning like this
"IN: dn: GlueVOViewLocalID=sgmops,GlueCEUniqueID=grid8.wdcb.ru:2119/jobmanager-lcgpbs-ops,Mds-Vo-name=ru-Moscow-GCRAS-LCG2,o=grid
"GlueCEInfoDefaultSE: GlueCEInfoApplicationDir: GlueCEInfoDataDir: unset""
What really I supposed to do now?
Than, I`ve managed to copy a file(with globus-url-copy) into dpm_path/VO/file and not in
dpm_path/VO/generated/somewhat/file. And after that I cannot remove it
by user itself - it saying somewhat "full_file_path. File exist." and
dpm-rm doing nothing. So I do it by root on DPM host. File still exist
by users view, though it cannot now be copied elsewhere - it realy
erased. Where I did it wrong or how can it be corrected? Seemingly it
not only my problem, but other users also.
What is the way user must use copy to dpm with "generated" folder? By
hand only?
Second is BDII, BDII_site:
I`ve mistakenly run function config_bdii during reconfiguration(was
testing parameters) and managed to return all back only in very complicated manner by
uninstalling and reinstalling openldap(slapd wasn`t started
automatically). However, I still don`t believe
that bdii-update.conf is correct just containing only one line with "GIP
..." - does it so? If yes, than is bdii_regions value meaningfull?
What is deceiving, that on my SE node there is only this one line is
the file - but ldapsearch return too few info. Is it all OK with BDII
yaim config 31 version? And could it be possible to include GLITE_VERSION check with
running configuration with just functions separately not nodes?
Also I`ve tried my best to set up firewall ports correctly (2135,
2170-2173 is the base, right?) but ldapsearch can`t be carried out
from outside the site(from goc.sinica.edu). At least some upper
port(rather than GLOBUS_TCP) is used(for example 36255) for
forwarding, but it doesn`t described. sBDII is on CE.
Any comments?
I`ve also found that
BDII_BDII_URL="ldap://$SITE_BDII_HOST:2170/mds-vo-name=recource,o=grid" must be set in some cases, but there is now nothing in example.
(see https://savannah.cern.ch/bugs/?func=detailitem&item_id=31895
or /opt/glite/etc/gip/site-urls.conf).
Such line with DPM_HOST not also specified, though somehow it is clear.
And last is gridice
Is it neccessary to install the whole server in a small site, and if
not, what and where(CE,SE,WNs?) are needed to be installed?
What else services must be installed to such a site, but the only
one for the VO? I`ve used not to manage with myproxy of the
leading cluster some time before, so must I install it by my site?
VO voms is also on upper cluster - but do I need VOBOX, LFC or smth
else? Otherwise, how can VO members can find and use such info and
services? Thank in advance for any answers!
And finally, is it possible to include in yaim_guide info, that
queues(Torque) must be allowed for sgmops_ACLs(for SAM tests. Is simply
ops/dteam accounts still used?)?
Up to now I know only one method to really allow - it`s to modify
/var/spool/pbs/server_priv/acl_groups/VO_queue, then reconfig. But how
exactly it is possible via <QUEUE-NAME>_GROUP_ENABLE in site-info.def as guide
saying? Just OPS_GROUP_ENABLE= "ops sgmops" seemingly doesn`t work(not
exactly - it doesn`t work with pbs_server, though some other variables are
set).
Or why not to include this information somehow to VO_specific(vo.d/VO)
lines? Then admins would know what exactly VO_Roles used to.
May be it is becouse of something else(lcmaps,..) - I`ve saw some sites proving
that "ops" only enough. Isn`t it too complicated?
yum repos
The default one says nothing about "lcg-CA.repo enabled=1".
But today some updates performed only by "yum update node_name"(and
they were enabled=1). And also, WN node`s lcg-vomscerts was updated
not as soon as update was published - I mean, there are three rpms in
update, and two of them already was the newest versions, but the last
even hasn`t one with "yum list lcg-vomscerts"(after yum
upgrade).
I don`t think this is correct. May I wrong with repos config?
And another interesting question.
Can admins somehow improve "Effic" parameter of running job(showq -r)
or how site_config(not just software) affect it? - I just don`t
believe 12% is Ok.
Too much question..., I wonder if someone will answer all or just read
through everything.
However, good luck ;) and thank you!
--
Best regards,
Alexander mailto:[log in to unmask]
