Gonçalo Borges wrote:
> Dear All,
>
> I must say I'm a little bit confused about the prd and sgm stuff...
> I think the way things were done was not smooth, and if the information
> is available, it is so spread that it becomes almost unreachable.
>
> So, here are my main questions:
>
> 1) How do you configure mapping through a static account? Which files do
> you have to change and how?
Your users.conf. See below.
> 2) How do you configure mapping through pool accounts? Which files do
> you have to change and how?
> 3) Now I've learned that I can not use configuration like the one bellow
> because of the sgm termination in our lcg-CE:
>
> [root@wn03sge root]# cat /root/site-cfg/users-egee.conf | grep ops
> 20000:opssgm:20000,20001:opssgm,ops:ops:sgm:
That "opssgm" account is not needed when you have sgm pool accounts.
> 20991:opssgm001:20000,20001:opssgm,ops:ops:sgm:
> 20992:opssgm002:20000,20001:opssgm,ops:ops:sgm:
> 20993:opssgm003:20000,20001:opssgm,ops:ops:sgm:
> 20994:opssgm004:20000,20001:opssgm,ops:ops:sgm:
> 20995:opssgm005:20000,20001:opssgm,ops:ops:sgm:
> 20996:opssgm006:20000,20001:opssgm,ops:ops:sgm:
> 20997:opssgm007:20000,20001:opssgm,ops:ops:sgm:
> 20998:opssgm008:20000,20001:opssgm,ops:ops:sgm:
Those accounts have "opssgm" as their prefix, which is an extension
of the "ops" prefix already used for the ordinary pool accounts below.
The broadcast said the accounts should instead be named e.g. as follows:
20991:sgmops01:20000,20001:sgmops,ops:ops:sgm:
20992:sgmops02:20000,20001:sgmops,ops:ops:sgm:
20993:sgmops03:20000,20001:sgmops,ops:ops:sgm:
20994:sgmops04:20000,20001:sgmops,ops:ops:sgm:
20995:sgmops05:20000,20001:sgmops,ops:ops:sgm:
20996:sgmops06:20000,20001:sgmops,ops:ops:sgm:
20997:sgmops07:20000,20001:sgmops,ops:ops:sgm:
20998:sgmops08:20000,20001:sgmops,ops:ops:sgm:
(It is advisable to keep account names at most 8 characters long.)
> 20001:ops001:20001:ops:ops::
> 20002:ops002:20001:ops:ops::
> 20003:ops003:20001:ops:ops::
> 20004:ops004:20001:ops:ops::
> 20005:ops005:20001:ops:ops::
> 20006:ops006:20001:ops:ops::
> 20007:ops007:20001:ops:ops::
> 20008:ops008:20001:ops:ops::
> 20009:ops009:20001:ops:ops::
For example, suppose that for "dteam" you keep the static sgm account,
something like this:
19999:dteamsgm:19000:dteam:dteam:sgm:
YAIM will detect that you just have a single sgm account for that VO
and put the corresponding mapping in edg-mkgridmap.conf etc.
YAIM will warn if there is a single sgm _pool_ account definition:
20991:sgmops01:20000,20001:sgmops,ops:ops:sgm:
Note that an sgm pool account has 2 groups separated by a comma,
whereas a static account has just 1 group.
> By the way, I just noticed that this kind of configuration is indeed
> checked in the CE (it gives an error if it isn't like this for OPS) but
> in the WN gives an error "[ERROR] Failed to add group opssgm,ops" in
> glite-yaim-3.0.1-22.
Alexander Piavka supplied a workaround for that problem: put the sgm/prd
pool accounts _after_ the ordinary pool accounts in your users.conf.
|