Difference: ArgusT1Deployment (2 vs. 3)

Revision 32010-02-18 - AndreaCeccanti

Line: 1 to 1
 
META TOPICPARENT name="InternalDiscussion"

Setup di Argus al T1

Line: 78 to 78
 /opt/glite/yaim/examples/siteinfo/services/glite-argus_server
Added:
>
>
N.B: una volta messo in produzione bisogna attivare via yaim anche le vo atlas, alice, cms, lhcb etc.

Configurazione delle policy per autorizzare gLexec sul Worker node

Il file delle policy di argus per autorizzare glexec sul worker node si trova in /root/policies/wn-policy.txt e contiene il testo seguente:

resource "http://cnaf.infn.it/wn" {
    obligation "http://glite.org/xacml/obligation/local-environment-map" {
    }

    action "http://glite.org/xacml/action/execute" {
        rule permit { pfqan="/cms/Role=pilot" }
        rule permit { pfqan="/lhcb/Role=pilot" }
        rule permit { pfqan="/atlas/Role=pilot" }
        rule permit { pfqan="/alice/Role=pilot" }
        rule permit { pfqan="/dteam/Role=pilot" }
        rule permit { pfqan="/ops/Role=pilot" }
        rule permit { vo="dteam" }
    }
}

Una volta che Argus sia in esecuzione, per rendere attive le policy di cui sopra bisogna eseguire i seguenti comandi:

pap-admin rap
pap-admin apf /root/policies/wn-policy.txt

Per verificare che le policy siano state effettivamente caricate, si puo' usare il comando list-policies:

[root@argus ~]# pap-admin lp

default (local):

resource "http://cnaf.infn.it/wn" {
    obligation "http://glite.org/xacml/obligation/local-environment-map" {
    }

    action "http://glite.org/xacml/action/execute" {
        rule permit { pfqan="/cms/Role=pilot" }
        rule permit { pfqan="/lhcb/Role=pilot" }
        rule permit { pfqan="/atlas/Role=pilot" }
        rule permit { pfqan="/alice/Role=pilot" }
        rule permit { pfqan="/dteam/Role=pilot" }
        rule permit { pfqan="/ops/Role=pilot" }
        rule permit { vo="dteam" }
    }
}
 

Worker Node

Prerequisiti

 
TWIKI.NET
This site is powered by the TWiki collaboration platformCopyright © 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback