On 10/10/2013 02:40 PM, John Hill wrote:
> where is it documented what to put in the whitelist on the WN? I can
> find nothing which tells me clearly what should be in there.Indeed the
> documentation on how to implement gLExec seems so poor that I wonder
> how anyone else managed to do it.
It's not much use to you now, but I'll follow up that. If there's an
issue with the clarity, it needs to be fixed. Here's the class I use to
install glexec on our WNs. Once you've done that, you can check that
ARGUS works from a node, as per that test I showed. Then CREAM etc. is
the issue for sure, not ARGUS.
Good luck. I don't know about "whitelist" - I don't use one! Should I?
Steve
:--------------
class emi::emi-glexec3 {
package { "yaim-glexec-wn": ensure => installed,}
package { "glexec-wn": ensure => installed,
require => Package ["yaim-glexec-wn"],
}
# services dir
file { "/root/glitecfg/services":
before => File["/root/glitecfg/services/emi-glexec_wn"],
ensure => "directory",
mode => "755"
}
# glexec log dir
file { "/var/log/glexec/":
before => File["/root/glitecfg/services/emi-glexec_wn"],
ensure => "directory",
mode => "755"
}
file { "/root/glitecfg/services/emi-glexec_wn":
source => "puppet:///emi/emi-glexec_wn",
owner => "root" ,
mode => "644",
}
}
That "services" file is like this:
[root@imageserver trunk]# cat ./modules/emi/files/emi-glexec_wn
GLEXEC_WN_SCAS_ENABLED="no"
GLEXEC_WN_ARGUS_ENABLED="yes"
ARGUS_PEPD_ENDPOINTS="https://hepgrid9.ph.liv.ac.uk:8154/authz"
GLEXEC_WN_OPMODE="setuid"
GLEXEC_WN_LOG_DESTINATION=file
GLEXEC_WN_LOG_FILE=/var/log/glexec/glexec_log
GLEXEC_WN_INPUT_LOCK=flock
GLEXEC_WN_TARGET_LOCK=flock
GLEXEC_EXTRA_WHITELIST=
Steve
--
Steve Jones [log in to unmask]
System Administrator office: 220
High Energy Physics Division tel (int): 42334
Oliver Lodge Laboratory tel (ext): +44 (0)151 794 2334
University of Liverpool http://www.liv.ac.uk/physics/hep/
|