Hi Maarten,
we tested a DNS alias for our ARGUS' earlier but were not successful:
lcmaps: Error: pep_authorize(request,response) failed. The Argus-PEP
return code is: 1075 with error message: "SSL peer certificate or SSH
remote key was not OK"
What is the trick?
Thanx
Andreas
On Mon, 7 Apr 2014, Maarten Litmaath wrote:
> Hi all,
>
>> > Now that we have CREAM-CEs querying an Argus server and even if gLexec
>> > on worker nodes is tested but not yet used in production, I am worried
>> > the the Argus server is becoming a SPOF (Single Point of Failure).
>> >
>> > Is it feasable to install more than one Argus server and make it so that
>> > CREAM and gLexec would be unaffected by the loss of one Argus server ?
>> >
>> In the CREAM configuration file (/etc/glite-ce-cream/cream-config.xml)
>> you can specify more than one PEP daemon endpoint.
>> As far as I know the list of urls is used by the PEP client for finding
>> the first available PEP daemon.
>> So I think you can at least configure a set of PEP daemons in HA; I
>> presume it is possible to distribute even the PDP service, but for what
>> concerns the PAP honestly I don't know.
>
> You have to ensure the different instances will return the same mappings,
> so there will be at least _one_ SPOF, viz. the gridmapdir...
>
> At CERN we have multiple Argus hosts behind a load-balanced alias,
> all mounting the single gridmapdir from an NFS server.
>
>
# Andreas Gellrich
# DESY IT / Grid Computing
# 2b/317, Notkestr. 85, D-22607 Hamburg, +49 40 8998 2732
|