Difference between revisions of "Using generic per-node pool accounts or a shared map database"
Line 1: | Line 1: | ||
+ | == Disclaimer == | ||
+ | |||
+ | The preferred way of installing gLExec is using a central authorization service such as SCAS, Argus, or GUMS. The instructions below are for an installation without such a central service. | ||
+ | |||
+ | == Introduction == | ||
+ | |||
A way to deploy gLExec on the worker node is by using (VO-agnostic) generic pool accounts that are local to each worker node. This way, you can be sure that a gLExec'ed job does not "escape" from the node, and it limits the number of pool accounts needed. | A way to deploy gLExec on the worker node is by using (VO-agnostic) generic pool accounts that are local to each worker node. This way, you can be sure that a gLExec'ed job does not "escape" from the node, and it limits the number of pool accounts needed. | ||
Line 6: | Line 12: | ||
* create at least as many pool accounts as you have job slots on a WN | * create at least as many pool accounts as you have job slots on a WN | ||
− | * assign a worker node local gridmapdir (suggestion: <tt>/var/local/gridmapdir</tt>) | + | * assign a worker node local gridmapdir (suggestion: <tt>/var/local/gridmapdir/</tt> or <tt>/etc/grid-security/gridmapdir/</tt>) |
* create local pool accounts with a local home directory (suggestion: account names <tt>wnpool00</tt> etc, and home directories in a local file system that has enough space, e.g., /var/local/home/poolwn00, etc.) | * create local pool accounts with a local home directory (suggestion: account names <tt>wnpool00</tt> etc, and home directories in a local file system that has enough space, e.g., /var/local/home/poolwn00, etc.) | ||
* configure the lcmaps.db configuration used by glexec to refer to this gridmapdir | * configure the lcmaps.db configuration used by glexec to refer to this gridmapdir | ||
− | |||
− | |||
If you like shared pool accounts, you can use a shared atomic state database (implemented as an NFS directory) to host the gridmapdir. All operations on the gridmapdir are atomic, even over NFS, and it scales really well (remember that NFS is still the file sharing mechanism of choice for many large installations) | If you like shared pool accounts, you can use a shared atomic state database (implemented as an NFS directory) to host the gridmapdir. All operations on the gridmapdir are atomic, even over NFS, and it scales really well (remember that NFS is still the file sharing mechanism of choice for many large installations) | ||
− | Detailed documentation is given at [http://www.nikhef.nl/grid/lcaslcmaps/glexec/glexec-install-procedure.html http://www.nikhef.nl/grid/lcaslcmaps/glexec/glexec-install-procedure.html]. | + | Detailed documentation (currently only for 0.6.8-3) is given at [http://www.nikhef.nl/grid/lcaslcmaps/glexec/glexec-install-procedure.html http://www.nikhef.nl/grid/lcaslcmaps/glexec/glexec-install-procedure.html]. |
== More information == | == More information == | ||
To test your setup then you can find more information on the page for [[Debugging hints]]. | To test your setup then you can find more information on the page for [[Debugging hints]]. |
Latest revision as of 11:40, 16 April 2010
Disclaimer
The preferred way of installing gLExec is using a central authorization service such as SCAS, Argus, or GUMS. The instructions below are for an installation without such a central service.
Introduction
A way to deploy gLExec on the worker node is by using (VO-agnostic) generic pool accounts that are local to each worker node. This way, you can be sure that a gLExec'ed job does not "escape" from the node, and it limits the number of pool accounts needed.
Configuration
For this configuration, you
- create at least as many pool accounts as you have job slots on a WN
- assign a worker node local gridmapdir (suggestion: /var/local/gridmapdir/ or /etc/grid-security/gridmapdir/)
- create local pool accounts with a local home directory (suggestion: account names wnpool00 etc, and home directories in a local file system that has enough space, e.g., /var/local/home/poolwn00, etc.)
- configure the lcmaps.db configuration used by glexec to refer to this gridmapdir
If you like shared pool accounts, you can use a shared atomic state database (implemented as an NFS directory) to host the gridmapdir. All operations on the gridmapdir are atomic, even over NFS, and it scales really well (remember that NFS is still the file sharing mechanism of choice for many large installations)
Detailed documentation (currently only for 0.6.8-3) is given at http://www.nikhef.nl/grid/lcaslcmaps/glexec/glexec-install-procedure.html.
More information
To test your setup then you can find more information on the page for Debugging hints.