On Tue, 28 Jan 2003, Steve Traylen wrote:
> To support a VO the following things should exist. eg for atlas.
There are some more things. On the SE there should be a config file:
/opt/edg/etc/edg_query_vo_storage.conf
with lines like:
vo=alice(/flatfiles/05/alice,0)
GDMP should have been configured for each VO, and in particular the
/opt/edg/etc/<VO>/gdmp.private.conf file should have the RC config
information.
In principle the SE does not need to map users to individual pool
accounts, but it does need to map them to groups which match the VO groups
on the CE (at least if there's an NFS mount). Ideally things should be set
up to make files and directories g+w by default. The gdmp user should be a
member of all the VO groups.
On the CE there should be an rc.conf for each VO, again with the RC
information. There should also be lines in /opt/edg/etc/edg-vo-env.conf
like:
[ALICE]
ALICE_ROOT_DIR=/opt/alice
GDMP_CONFIG_FILE=/opt/edg/etc/alice/gdmp.conf
RC_CONFIG_FILE=/opt/edg/etc/alice/rc.conf
These files need to be visible to all the worker nodes. Likewise for a UI.
> + On the SE a GDMP specific grid-mapfile should exist
> SE:/opt/edg/etc/atlas/grid-mapfile
And should contain all users in that VO, plus all the SE subject names.
> + In the SE's mds a path should be defined.
> ldapsearch -x -H ldap://$SE:2135 -b 'Mds-vo-name=local,o=grid'
> that contains.
> SEvo: atlas:/flatfiles/05/atlas
And the directory should exist! As things stand we have the following
restrictions:
o All the VO directories need to be under a common path on the SE, at
least if you use an NFS mount.
o Once you have a path, *do not* change it, ever - if you do the path
has to be edited in every Replica Catalogue.
o The VO directory must have the same name as the VO.
o The directories should be owned by the gdmp user and the VO group. The
permissions on the directory should be rwxrwsr-x (or possibly
rwxrws--- if you want an illusion of security :).
o The mount point on the CE should point at the directory above the
VO directories, but does not need to have the same name as on the SE.
o Potentially each VO directory can be a separate partition mounted at
that point. However, except in extreme need it's a bad idea to subdivide
the space below that level, effectively any subdivision at any site
segments the file name space at *every* site!
o The SEsize in the SE object in the MDS should be the total space (in Gb
it seems) for all VOs. Likewise the SEfreespace needs to be the total
free space. If there are separate partitions for each VO the mount
points should be defined as a comma-separated list in the variable
SE_FILESYSTEMS in /etc/edg/info-mds.conf.
That's all I can think of for now - well, apart from the config needed
for MSS staging which is a whole extra can of worms ...
Stephen
PS Does anyone feel like writing a script to check all that? Any graduate
students out there in need of a project? :)
|