Using generic per-node pool accounts or a shared map database
Disclaimer
The preferred way of installing gLExec is using a central authorization service such as SCAS, Argus, or GUMS. The instructions below are for an installation without such a central service.
Introduction
A way to deploy gLExec on the worker node is by using (VO-agnostic) generic pool accounts that are local to each worker node. This way, you can be sure that a gLExec'ed job does not "escape" from the node, and it limits the number of pool accounts needed.
Configuration
For this configuration, you
- create at least as many pool accounts as you have job slots on a WN
- assign a worker node local gridmapdir (suggestion: /var/local/gridmapdir/ or /etc/grid-security/gridmapdir/)
- create local pool accounts with a local home directory (suggestion: account names wnpool00 etc, and home directories in a local file system that has enough space, e.g., /var/local/home/poolwn00, etc.)
- configure the lcmaps.db configuration used by glexec to refer to this gridmapdir
If you like shared pool accounts, you can use a shared atomic state database (implemented as an NFS directory) to host the gridmapdir. All operations on the gridmapdir are atomic, even over NFS, and it scales really well (remember that NFS is still the file sharing mechanism of choice for many large installations)
Detailed documentation (currently only for 0.6.8-3) is given at http://www.nikhef.nl/grid/lcaslcmaps/glexec/glexec-install-procedure.html.
More information
To test your setup then you can find more information on the page for Debugging hints.