Tags:
,
view all tags
%TOC% ---++Whole site: How to enable a VO ---+++Prepare the configuration files Consider for example to enable the VO "<voname>". *Site configuration files structure:*<BR/> Please *pay attention* to the general information on site configuration files structure described in [[http://igrelease.forge.cnaf.infn.it/doku.php?id=doc:guides:yaim-configuration-files][IGI YAIM configuration files]]. You have to handle the following configuration files. ---++++ your-site-info.def * Add "<voname>" to ''VOS'' variable in ''your-site-info.def''. For example: <verbatim> VOS="... <voname> ..." </verbatim> * Check that the variable ''ALL_VOMS_VOS'' is aligned with the content deployed with the latest template version of ''ig-site-info.def''. The most recently added VOs should be listed there. * Add "<voname>" to the related queue settings inside the ''<QUEUE>_GROUP_ENABLE'' variable in ''your-site-info.def''. For example (we suppose to use ''grid'' queue): <verbatim> GRID_GROUP_ENABLE="... <voname> ..." </verbatim> * Edit the other VO settings in one of the following ways: 1) VO setting inside "your-site-info.def" Usually for these settings the default values placed at the end of ''your-site-info.def'' may be used: <verbatim> VO_<VONAME>_SW_DIR=$VO_SW_DIR/<voname> VO_<VONAME>_DEFAULT_SE=$CLOSE_SE_HOST VO_<VONAME>_STORAGE_DIR=$CLASSIC_STORAGE_DIR/<voname> (needed only for SE Classic) VO_<VONAME>_VOMS_SERVERS="vomss://<voms-server>.<voms-domain>:8443/voms/<voname>?/<voname>" VO_<VONAME>_VOMSES="<voname> <voms-server>.<voms-domain> <voms-port> <voms-server-DN> <voname>" </verbatim> 2) VO settings inside dedicated vo.d/ file * Create ''vo.d/<voname>'' file inside your site configuration directory (here called ''<confdir>/'') copying it from ''/opt/glite/yaim/examples/siteinfo/vo.d/<voname>'' if it exists (now this approach is used only for new //dns-like// VO). For example for ''enmr.eu'' VO (note that variable names don't contain the VO name): <verbatim> $ cat <confdir>/vo.d/enmr.eu SW_DIR=$VO_SW_DIR/enmr DEFAULT_SE=$CLASSIC_HOST STORAGE_DIR=$CLASSIC_STORAGE_DIR/enmr VOMS_SERVERS="'vomss://voms2.cnaf.infn.it:8443/voms/enmr.eu?/enmr.eu' 'vomss://voms-02.pd.infn.it:8443/voms/enmr.eu?/enmr.eu'" VOMSES="'enmr.eu voms2.cnaf.infn.it 15014 /C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it enmr.eu' 'enmr.eu voms-02.pd.infn.it 15014 /C=IT/O=INFN/OU=Host/L=Padova/CN=voms-02.pd.infn.it enmr.eu'" VOMS_CA_DN="'/C=IT/O=INFN/CN=INFN CA' '/C=IT/O=INFN/CN=INFN CA'" </verbatim> ---++++your-users.conf * Add to "your-users.conf" the users for the "<voname>'' VO fitting your site's policy in users management (range of uid and gid). You may find an *example* of the needed rows in ''/opt/glite/yaim/examples/ig-users.conf''. Some useful informations are available in ''/opt/glite/yaim/examples/users.conf.README''. You may also use the information you find at [[http://wiki.italiangrid.it/twiki/bin/view/IGIRelease/CreateLocalUserAndGroup][Whole site: How to create local users.conf and configure users]]. For example for ''enmr.eu'' VO you could use: <verbatim> 46001:enmr001:46000:enmr:enmr.eu:: 46002:enmr002:46000:enmr:enmr.eu:: 46003:enmr003:46000:enmr:enmr.eu:: ... 46901:sgmenmr001:46090,46000:sgmenmr,enmr:enmr.eu:sgm: 46902:sgmenmr002:46090,46000:sgmenmr,enmr:enmr.eu:sgm: 46903:sgmenmr003:46090,46000:sgmenmr,enmr:enmr.eu:sgm: ... 46921:sgmenmrbcbr001:46091,46000:sgmenmrbcbr,enmr:enmr.eu:sgmbcbr: 46922:sgmenmrbcbr002:46091,46000:sgmenmrbcbr,enmr:enmr.eu:sgmbcbr: 46923:sgmenmrbcbr003:46091,46000:sgmenmrbcbr,enmr:enmr.eu:sgmbcbr: ... 46941:sgmenmrbmrz001:46092,46000:sgmenmrbmrz,enmr:enmr.eu:sgmbmrz: 46942:sgmenmrbmrz002:46092,46000:sgmenmrbmrz,enmr:enmr.eu:sgmbmrz: 46943:sgmenmrbmrz003:46092,46000:sgmenmrbmrz,enmr:enmr.eu:sgmbmrz: ... 46961:sgmenmrcirmmp001:46093,46000:sgmenmrcirmmp,enmr:enmr.eu:sgmcirmmp: 46962:sgmenmrcirmmp002:46093,46000:sgmenmrcirmmp,enmr:enmr.eu:sgmcirmmp: 46963:sgmenmrcirmmp003:46093,46000:sgmenmrcirmmp,enmr:enmr.eu:sgmcirmmp: ... </verbatim> ---++++ your-groups.conf * Add to "your-groups.conf" the VOMS FQANs for the "<voname>'' VO copying them from ''/opt/glite/yaim/examples/ig-groups.conf''. Some useful informations are available in ''/opt/glite/yaim/examples/groups.conf.README''. For example for ''enmr.eu'' VO: <verbatim> "/enmr.eu/ROLE=SoftwareManager":::sgm: "/enmr.eu":::: "/enmr.eu/bcbr/ROLE=SoftwareManager":::sgmbcbr: "/enmr.eu/bcbr":::: "/enmr.eu/bmrz/ROLE=SoftwareManager":::sgmbmrz: "/enmr.eu/bmrz":::: "/enmr.eu/cirmmp/ROLE=SoftwareManager":::sgmcirmmp: "/enmr.eu/cirmmp":::: </verbatim> ---++++ Extra configuration The "enmr.eu" a particular structure is needed for sgm pool accounts, as you can see in ''ig-groups.conf'' and ''ig-users.conf'' template files. To fit these requirements some manual steps have to be performed in the software area exported to WNs. Assuming that the directory ''$VO_ENMR_EU_SW_DIR'' is already present with ''sgmenmr001.sgmenmr'' ownership: <verbatim> mkdir $VO_ENMR_EU_SW_DIR/BCBR $VO_ENMR_EU_SW_DIR/BMRZ $VO_ENMR_EU_SW_DIR/CIRMMP chown sgmenmrbcbr001.sgmenmrbcbr $VO_ENMR_EU_SW_DIR/BCBR chown sgmenmrbmrz001.sgmenmrbmrz $VO_ENMR_EU_SW_DIR/BMRZ chown sgmenmrcirmmp001.sgmenmrcirmmp $VO_ENMR_EU_SW_DIR/CIRMMP </verbatim> ---+++ Verify your installation In order to enable the "<voname>'' VO on your site you have to verify that: * the voms server host certificate of the newly added "<voname>'' VO is installed in "/etc/grid-security/vomsdir" * the Certification Authority that released the voms server host certificate is installed on your hosts ---+++ Configure your nodetypes In order to enable the newly added "<voname>'' VO on your site you have to run *for each nodetype* the function you find in the table below. Naturally you can also complete reconfigure your nodetypes but this is a more expensive procedure. For each nodetype you have to use the following command, properly replacing the profile and function's names: <verbatim> /opt/glite/yaim/bin/yaim -r -s <confdir>/<your-site-info.def> -n <profile> -f <function> </verbatim> | *Profiles* | *Function* | | BDII Site | ''config_newvo_bdii_site'' | | BDII Top | ''config_newvo_bdii_top'' | | CREAM | ''config_newvo_cream'' <BR/> ''config_newvo_cream_lsf'' <BR/> ''config_newvo_cream_torque'' | | GRIDFTP | ''config_newvo_gridftp'' | | HLR | ''config_newvo_hlr'' | | LB | ''config_newvo_lb'' | | SE_DPM | ''config_newvo_se_dpm_disk'' <BR/> ''config_newvo_se_dpm_mysql'' <BR/> ''config_newvo_se_dpm_oracle'' | | SE !StoRM | ''config_newvo_se_storm_backend'' <BR/> ''config_newvo_se_storm_frontend'' | | UI | ''config_newvo_ui'' | | WMS | ''config_newvo_wms'' | | WN | ''config_newvo_wn'' <BR/> ''config_newvo_wn_lsf'' <BR/> ''config_newvo_wn_torque'' |
Edit
|
Attach
|
PDF
|
H
istory
:
r3
<
r2
<
r1
|
B
acklinks
|
V
iew topic
|
More topic actions...
Topic revision: r2 - 2012-02-07
-
CristinaAiftimiei
Home
Site map
CEMon web
CREAM web
Cloud web
Cyclops web
DGAS web
EgeeJra1It web
Gows web
GridOversight web
IGIPortal web
IGIRelease web
MPI web
Main web
MarcheCloud web
MarcheCloudPilotaCNAF web
Middleware web
Operations web
Sandbox web
Security web
SiteAdminCorner web
TWiki web
Training web
UserSupport web
VOMS web
WMS web
WMSMonitor web
WeNMR web
IGI Documentation
Repositories specifications
Installation and Configuration Guides
Updates Guides
Services/Node Types List
IGI Updates Calendar
Tips & Tricks
Use Cases & Troubleshooting
Site Admin Corner
IGI Release Management
Integration Process
TODO List
IGI Testing & Certification
Certification Testbed
Blah testing
CREAM testing
HLR testing
Storm testing
UI testing
VOMS testing
WMS testing
WN testing
IGIRelease Web
Create New Topic
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
P
P
View
Raw View
Print version
Find backlinks
History
More topic actions
Edit
Raw edit
Attach file or image
Edit topic preference settings
Set new parent
More topic actions
Account
Log In
Edit
Attach
Copyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki?
Send feedback