On 03/06/14 15:49, Winnie Lacesso wrote:
> Thank you all very much for your patience + helpful answers!
> Another question:
>
> As Ewan said, good to have the "software tags" NFS-mounted from central so
> all nodes agree on "what's installed".
>
> Now about /etc/grid-security/gridmapdir:
>> ...I believe that it is the case that ARGUS will provide the mapping
>> the CE needs, and thus the gridmapdir is not needed, yes.
> Is this how it works: the CEs ask ARGUS, which in fact writes its own
> /etc/grid-security/gridmapdir,
Yes.
> & when CEs get an answer they might (do?)
> write their own mapping in their own /etc/grid-security/gridmapdir
I'm reasonably sure they don't.
> (if
> it's not NFS-mounted) - right? As Dr Kreczko said, he thinks their
> gridmapdir would asymptotically become a copy of ARGUS's.
>
> Now if the CEs NFS-mount /etc/grid-security/gridmapdir from the ARGUS
> server, they would never have to write to it - they'd always find the
> mapping they seek exists (written there by the ARGUS server).
If configured to request mappings from ARGUS they wouldn't even need it
mounted.
> Is that correct?
>
> As QMUL points out, StoRM (& its gridftp servers) can't use ARGUS,
Yet/fully.
> so it
> could NFS-mount /etc/grid-security/gridmapdir from the ARGUS server. Then
> the SE & its gridftp servers, & the CEs & their WN would all map same user
> to same pool account. (Makes debugging easier)
That's what we do.
> The StoRM server *might* conceivably not find a mapping in
> /etc/grid-security/gridmapdir & so write one.
Yes.
> Dr Kreckzo (who built our ARGUS server) seems to think ARGUS would be like
> CE or SE: mapping already in /etc/grid-security/gridmapdir (even though I
> didn't write it there) - ho hum, that's fine, just use it.
> (If it's not there, write it there.)
>
> A concern is if ARGUS would bork/break if the StoRM server wrote an entry
> to /etc/grid-security/gridmapdir (NFS-mounted from ARGUS server).
Hasn't happened to us.
> Is anyone NFS-mounting /etc/grid-security/gridmapdir from ARGUS server, &
> has good/bad experiences or advice ?
We actually NFS export it from elsewhere, but shared by the SEs and
ARGUS (and also for historical reasons the CEs, but that shouldn't be
necessary).
Chris
|