Hello,
As many have noticed before, despite lots of entries for the pretend-naughty user in our gridftp logs they were not in the dmlite "userlist". In order to ban the user via dmlite I had to "useradd" them first (useradd "DN").
As I barely touch puppet at Lancaster I'm afraid I can neither confirm or deny that the argus puppet line Raul shared works - but it looks right.
Cheers,
Matt
On 19/03/2019 11:46, Sam Skipsey wrote:
> (I also note to the group that all of you should already have
> dpm-argus installed, since it has been a soft requirement for GridPP
> Storage sites for more than a year now !)
>
> On Tue, 19 Mar 2019 at 10:54, RAUL H C LOPES <[log in to unmask]> wrote:
>>
>> Hi,
>>
>>
>> I had sent this to Dviid, Sam and Matt yesterday.
>>
>>
>> I have used this SSC to run some tests in Brunel. Target is to check what works in DPM.
>>
>>
>> Important: my storage at Brunel runs on DOME pre-1.12.1. You'll have seen it is in epel-tesing.
>>
>>
>> Facts:
>>
>> - the old way to ban users in DPM before 1.10 doesn't work.
>>
>> dpns-modifyusrmap --uid 3734 --user "/DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=acaillet/CN=700993/CN=Amelie Caillet" --status LOCAL_BAN
>>
>> I tested it several times between Friday and today.
>>
>>
>> Important: I discussed this today with dpm-dev and dpns-modifyusrmap does not work.
>>
>>
>>
>> - you can ban a user in DOME 1.12 with dmlite-shell by issuing
>>
>> userban "/DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=acaillet/CN=700993/CN=Amelie Caillet" 2
>>
>>
>>
>> - you can check it
>>
>>
>> dmlite-shell -e "userinfo"| grep BANNED
>> - /DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=acaillet/CN=700993/CN=Amelie Caillet (ID: 3734) (BANNED - LOCAL_BAN)
>>
>>
>> - central ban seems to work. It uses a cron job to read from your designated Argus servers.
>>
>>
>> Important: you have to install dpm-argus which isnot in epel. Stangely enough it is only found in UMD-4-updates.
>>
>>
>> if you use puppet, then add to your recipe a class like
>>
>>
>> class{'lcgdm::argus':
>> argus_url => 'pumpkin.brunel.ac.uk:8154/authz',
>> }
>>
>> I wonder if Matt can confirm it.
>>
>>
>> Sam doesn't have DOME in production, however I bellieve that dmlite-shell ban will work.
>>
>>
>> Thanks, raul
>>
>>
>>
>> ________________________________
>>
>> To unsubscribe from the GRIDPP-STORAGE list, click the following link:
>> https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=GRIDPP-STORAGE&A=1
>
> ########################################################################
>
> To unsubscribe from the GRIDPP-STORAGE list, click the following link:
> https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=GRIDPP-STORAGE&A=1
>
########################################################################
To unsubscribe from the GRIDPP-STORAGE list, click the following link:
https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=GRIDPP-STORAGE&A=1
