 |
 |
Hi all, from lhcb VO CARD: The static gridmap-file should not contain any other mapping than .lhcb. It means that somehow the site must provide a edg-mkgridmap.conf file (used to build the /etc/grid-security/gridmap-file) that looks like that for LHCb: # LHCB # Map VO members (root Group) group vomss://voms.cern.ch:8443/voms/lhcb?/lhcb .lhcb I know how to do that in our lcg-CEs by hand, but I'm wondering if I could do it with YAIM. Now I have: # grep lhcb /opt/localconf/gLite3.1/yaim/pic/groups.conf "/lhcb":::: "/lhcb/ROLE=production":::prd: "/lhcb/ROLE=lcgadmin":::sgm: "/lhcb/Role=pilot":::pilot: Obviously, if I remove prd, sgm and pilot all lhcb users will be mapped to normal pool account, and grid mapfile will look as desired, but then, voms mapping won't work with Roles. am I right? If so, is there any way for creating the desired status grid-mapfile with YAIM? **** I'm trying to understand how /etc/grid-security/grid-mapfile dn-grid-mapfile and voms-grid-mapfile are created: 1.-) Create dn-gridmapfile: # cat /etc/cron.d/edg-mkgridmap PATH=/sbin:/bin:/usr/sbin:/usr/bin 38 2,8,14,20 * * * root (date; /opt/edg/sbin/edg-mkgridmap --output=/etc/grid-security/dn-grid-mapfile --safe) >> /var/log/edg-mkgridmap.log 2>&1 2.-) create grid-mapfile: # cat /etc/cron.d/lcg-ce-mkgridmap PATH=/sbin:/bin:/usr/sbin:/usr/bin 0 * * * * root (date; cp /etc/grid-security/dn-grid-mapfile /etc/grid-security/grid-mapfile.tmp; cat /etc/grid-security/voms-grid-mapfile >> /etc/grid-security/grid-mapfile.tmp; mv /etc/grid-security/grid-mapfile.tmp /etc/grid-security/grid-mapfile) >> /var/log/lcg-ce-mkgridmap.log 2>&1 3.-) but, how is voms-grid-mapfile created? I don't see references neither in cron nor in yaim functions... TIA, Arnau