>> I was wondering wether it's possible to define wildcards for user mapping in argus based on VO extension. It seems the experiments invent new VO roles regularly and I'm seeing at times failures to authenticate with the basic /cms role or smth. Is it possible to match the few specific roles (like lcgadmin, production etc) to specific accounts and all the rest based on wildcards like "/cms/.*" .cms ?
>
> Yes, just like on the CE. Suppose you have this groups.conf:
>
> -------------------------------------------------------------
> "/vo/ROLE=lcgadmin":::sgm:
> "/vo/ROLE=production":::prd:
> "/vo/ROLE=pilot":::pilot:
> "/vo/*"::::
> "/vo"::::
> -------------------------------------------------------------
>
> It would lead to a grid-mapfile e.g. like this:
>
> -------------------------------------------------------------
> "/vo/Role=lcgadmin/Capability=NULL" vosgm
> "/vo/Role=lcgadmin" vosgm
> "/vo/Role=production/Capability=NULL" .voprd
> "/vo/Role=production" .voprd
> "/vo/Role=pilot/Capability=NULL" .vopil
> "/vo/Role=pilot" .vopil
> "/vo/*/Capability=NULL" .vo
> "/vo/*" .vo
> "/vo/Role=NULL/Capability=NULL" .vo
> "/vo" .vo
> -------------------------------------------------------------
Or not. This is the groups file:
"/VO=cms/GROUP=/cms/ROLE=lcgadmin":::sgm:
"/VO=cms/GROUP=/cms/ROLE=production":::prd:
"/VO=cms/GROUP=/cms/ROLE=priorityuser":::pri:
"/VO=cms/GROUP=/cms/ROLE=hiproduction":::prd:
"/VO=cms/*"::::
"/VO=cms"::::
"/VO=ops/GROUP=/ops/ROLE=lcgadmin":::sgm:
"/VO=ops/GROUP=/ops"::::
"/VO=balticgrid/GROUP=/balticgrid/ROLE=lcgadmin":bgsgm:1601:sgm:balticgrid
"/VO=balticgrid/GROUP=/balticgrid":bg:1600::balticgrid
this is the grid-mapfile:
"/cms/Role=lcgadmin/Capability=NULL" .sgmcms
"/cms/Role=lcgadmin" .sgmcms
"/cms/Role=production/Capability=NULL" .prdcms
"/cms/Role=production" .prdcms
"/cms/Role=priorityuser/Capability=NULL" .pricms
"/cms/Role=priorityuser" .pricms
"/cms/Role=hiproduction/Capability=NULL" .prdcms
"/cms/Role=hiproduction" .prdcms
"/ops/Role=lcgadmin/Capability=NULL" .sgmops
"/ops/Role=lcgadmin" .sgmops
"/ops/Role=NULL/Capability=NULL" .ops
"/ops" .ops
"/balticgrid/Role=lcgadmin/Capability=NULL" .sgmbg
"/balticgrid/Role=lcgadmin" .sgmbg
"/balticgrid/Role=NULL/Capability=NULL" .bg
"/balticgrid" .bg
As you can see the CMS part is cut off from the moment it reaches the wildcard and even the generic /VO=cms line is missing now from the mapping.
Mario Kadastik, PhD
Researcher
---
"Physics is like sex, sure it may have practical reasons, but that's not why we do it"
-- Richard P. Feynman
|