Whole site: How to enable a VO

Prepare the configuration files

Consider for example to enable the VO "<voname>".

*Site configuration files structure:*
Please pay attention to the general information on site configuration files structure described in IGI YAIM configuration files.

You have to handle the following configuration files.

your-site-info.def

* Add "<voname>" to ''VOS'' variable in ''your-site-info.def''. For example:

VOS="... <voname> ..."

* Check that the variable ''ALL_VOMS_VOS'' is aligned with the content deployed with the latest template version of ''ig-site-info.def''. The most recently added VOs should be listed there.

* Add "<voname>" to the related queue settings inside the ''_GROUP_ENABLE'' variable in ''your-site-info.def''. For example (we suppose to use ''grid'' queue):

GRID_GROUP_ENABLE="... &lt;voname&gt; ..."

* Edit the other VO settings in one of the following ways:

1) VO setting inside "your-site-info.def"

Usually for these settings the default values placed at the end of ''your-site-info.def'' may be used:

VO_<VONAME>_SW_DIR=$VO_SW_DIR/<voname>
VO_<VONAME>_DEFAULT_SE=$CLOSE_SE_HOST
VO_<VONAME>_STORAGE_DIR=$CLASSIC_STORAGE_DIR/<voname> (needed only for SE Classic)
VO_<VONAME>_VOMS_SERVERS="vomss://<voms-server>.<voms-domain>:8443/voms/<voname>?/<voname>"
VO_<VONAME>_VOMSES="<voname> <voms-server>.<voms-domain> <voms-port> <voms-server-DN> <voname>"

2) VO settings inside dedicated vo.d/ file

* Create ''vo.d/<voname>'' file inside your site configuration directory (here called ''/'') copying it from ''/opt/glite/yaim/examples/siteinfo/vo.d/'' if it exists (now this approach is used only for new //dns-like// VO).

For example for ''enmr.eu'' VO (note that variable names don't contain the VO name):

$ cat <confdir>/vo.d/enmr.eu
SW_DIR=$VO_SW_DIR/enmr
DEFAULT_SE=$CLASSIC_HOST
STORAGE_DIR=$CLASSIC_STORAGE_DIR/enmr
VOMS_SERVERS="'vomss://voms2.cnaf.infn.it:8443/voms/enmr.eu?/enmr.eu' 'vomss://voms-02.pd.infn.it:8443/voms/enmr.eu?/enmr.eu'"
VOMSES="'enmr.eu voms2.cnaf.infn.it 15014 /C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it enmr.eu' 'enmr.eu voms-02.pd.infn.it 15014 /C=IT/O=INFN/OU=Host/L=Padova/CN=voms-02.pd.infn.it enmr.eu'"
VOMS_CA_DN="'/C=IT/O=INFN/CN=INFN CA' '/C=IT/O=INFN/CN=INFN CA'"

your-users.conf

* Add to "your-users.conf" the users for the "<voname>'' VO fitting your site's policy in users management (range of uid and gid). You may find an example of the needed rows in ''/opt/glite/yaim/examples/ig-users.conf''.

Some useful informations are available in ''/opt/glite/yaim/examples/users.conf.README''.

You may also use the information you find at Whole site: How to create local users.conf and configure users.

For example for ''enmr.eu'' VO you could use:

46001:enmr001:46000:enmr:enmr.eu::
46002:enmr002:46000:enmr:enmr.eu::
46003:enmr003:46000:enmr:enmr.eu::
...
46901:sgmenmr001:46090,46000:sgmenmr,enmr:enmr.eu:sgm:
46902:sgmenmr002:46090,46000:sgmenmr,enmr:enmr.eu:sgm:
46903:sgmenmr003:46090,46000:sgmenmr,enmr:enmr.eu:sgm:
...
46921:sgmenmrbcbr001:46091,46000:sgmenmrbcbr,enmr:enmr.eu:sgmbcbr:
46922:sgmenmrbcbr002:46091,46000:sgmenmrbcbr,enmr:enmr.eu:sgmbcbr:
46923:sgmenmrbcbr003:46091,46000:sgmenmrbcbr,enmr:enmr.eu:sgmbcbr:
...
46941:sgmenmrbmrz001:46092,46000:sgmenmrbmrz,enmr:enmr.eu:sgmbmrz:
46942:sgmenmrbmrz002:46092,46000:sgmenmrbmrz,enmr:enmr.eu:sgmbmrz:
46943:sgmenmrbmrz003:46092,46000:sgmenmrbmrz,enmr:enmr.eu:sgmbmrz:
...
46961:sgmenmrcirmmp001:46093,46000:sgmenmrcirmmp,enmr:enmr.eu:sgmcirmmp:
46962:sgmenmrcirmmp002:46093,46000:sgmenmrcirmmp,enmr:enmr.eu:sgmcirmmp:
46963:sgmenmrcirmmp003:46093,46000:sgmenmrcirmmp,enmr:enmr.eu:sgmcirmmp:
...

your-groups.conf

* Add to "your-groups.conf" the VOMS FQANs for the "<voname>'' VO copying them from ''/opt/glite/yaim/examples/ig-groups.conf''.

Some useful informations are available in ''/opt/glite/yaim/examples/groups.conf.README''.

For example for ''enmr.eu'' VO:

"/enmr.eu/ROLE=SoftwareManager":::sgm:
"/enmr.eu"::::
"/enmr.eu/bcbr/ROLE=SoftwareManager":::sgmbcbr:
"/enmr.eu/bcbr"::::
"/enmr.eu/bmrz/ROLE=SoftwareManager":::sgmbmrz:
"/enmr.eu/bmrz"::::
"/enmr.eu/cirmmp/ROLE=SoftwareManager":::sgmcirmmp:
"/enmr.eu/cirmmp"::::

Extra configuration

The "enmr.eu" a particular structure is needed for sgm pool accounts, as you can see in ''ig-groups.conf'' and ''ig-users.conf'' template files. To fit these requirements some manual steps have to be performed in the software area exported to WNs. Assuming that the directory ''$VO_ENMR_EU_SW_DIR'' is already present with ''sgmenmr001.sgmenmr'' ownership:

mkdir $VO_ENMR_EU_SW_DIR/BCBR $VO_ENMR_EU_SW_DIR/BMRZ $VO_ENMR_EU_SW_DIR/CIRMMP
chown sgmenmrbcbr001.sgmenmrbcbr $VO_ENMR_EU_SW_DIR/BCBR
chown sgmenmrbmrz001.sgmenmrbmrz $VO_ENMR_EU_SW_DIR/BMRZ
chown sgmenmrcirmmp001.sgmenmrcirmmp $VO_ENMR_EU_SW_DIR/CIRMMP

Verify your installation

In order to enable the "<voname>'' VO on your site you have to verify that:

* the voms server host certificate of the newly added "<voname>'' VO is installed in "/etc/grid-security/vomsdir"

* the Certification Authority that released the voms server host certificate is installed on your hosts

Configure your nodetypes

In order to enable the newly added "<voname>'' VO on your site you have to run for each nodetype the function you find in the table below. Naturally you can also complete reconfigure your nodetypes but this is a more expensive procedure.

For each nodetype you have to use the following command, properly replacing the profile and function's names:

/opt/glite/yaim/bin/yaim -r -s <confdir>/<your-site-info.def> -n <profile> -f <function>

Profiles Function
BDII Site ''config_newvo_bdii_site''
BDII Top ''config_newvo_bdii_top''
CREAM ''config_newvo_cream''
''config_newvo_cream_lsf''
''config_newvo_cream_torque''
GRIDFTP ''config_newvo_gridftp''
HLR ''config_newvo_hlr''
LB ''config_newvo_lb''
SE_DPM ''config_newvo_se_dpm_disk''
''config_newvo_se_dpm_mysql''
''config_newvo_se_dpm_oracle''
SE StoRM ''config_newvo_se_storm_backend''
''config_newvo_se_storm_frontend''
UI ''config_newvo_ui''
WMS ''config_newvo_wms''
WN ''config_newvo_wn''
''config_newvo_wn_lsf''
''config_newvo_wn_torque''
Edit | Attach | PDF | History: r3 < r2 < r1 | Backlinks | Raw View | More topic actions
Topic revision: r3 - 2012-07-02 - PaoloVeronesi
 
This site is powered by the TWiki collaboration platformCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback