 |
 |
Hi Maarten, we tested a DNS alias for our ARGUS' earlier but were not successful: lcmaps: Error: pep_authorize(request,response) failed. The Argus-PEP return code is: 1075 with error message: "SSL peer certificate or SSH remote key was not OK" What is the trick? Thanx Andreas On Mon, 7 Apr 2014, Maarten Litmaath wrote: > Hi all, > >> > Now that we have CREAM-CEs querying an Argus server and even if gLexec >> > on worker nodes is tested but not yet used in production, I am worried >> > the the Argus server is becoming a SPOF (Single Point of Failure). >> > >> > Is it feasable to install more than one Argus server and make it so that >> > CREAM and gLexec would be unaffected by the loss of one Argus server ? >> > >> In the CREAM configuration file (/etc/glite-ce-cream/cream-config.xml) >> you can specify more than one PEP daemon endpoint. >> As far as I know the list of urls is used by the PEP client for finding >> the first available PEP daemon. >> So I think you can at least configure a set of PEP daemons in HA; I >> presume it is possible to distribute even the PDP service, but for what >> concerns the PAP honestly I don't know. > > You have to ensure the different instances will return the same mappings, > so there will be at least _one_ SPOF, viz. the gridmapdir... > > At CERN we have multiple Argus hosts behind a load-balanced alias, > all mounting the single gridmapdir from an NFS server. > > # Andreas Gellrich # DESY IT / Grid Computing # 2b/317, Notkestr. 85, D-22607 Hamburg, +49 40 8998 2732