Difference between revisions of "Adding a new VO"

From PDP/Grid Wiki
Jump to navigationJump to search
Line 9: Line 9:
 
== Create pool accounts and the gridmapdir ==
 
== Create pool accounts and the gridmapdir ==
  
Find a free Unix group ID and user ID range for the pool accounts. This can be achieved with via an ldapsearch query, or easier by using the ldap browser (LBE). LBE is available at the Nikhef desktops via <nowiki>/global/ices/toolset/bin/lbe</nowiki>.
+
Find a free Unix group ID and user ID range for the pool accounts. This can be achieved with via an ldapsearch query, or easier by using the ldap browser (LBE). LBE is available at the Nikhef desktops via <tt>/global/ices/toolset/bin/lbe</tt>.
  
 
Create pool accounts, home directories for the pool accounts and gridmapdir entries using the procedure described at the following page: [[http://www.nikhef.nl/pub/projects/grid/gridwiki/index.php/Creating_Pool_Accounts_With_LDAP]].
 
Create pool accounts, home directories for the pool accounts and gridmapdir entries using the procedure described at the following page: [[http://www.nikhef.nl/pub/projects/grid/gridwiki/index.php/Creating_Pool_Accounts_With_LDAP]].
  
For DPM, a separate NFS-shared home directory exists at hooimijt: /export/perm/share/gridmapdir_dpm. The pool account entries created in the regular gridmapdir can simply be copied (as user root on hooimijt) to the gridmapdir for DPM.  
+
For DPM, a separate NFS-shared home directory exists at hooimijt: <tt>/export/perm/share/gridmapdir_dpm</tt>. The pool account entries created in the regular gridmapdir can simply be copied (as user root on hooimijt) to the gridmapdir for DPM.  
  
For the LFC, a local gridmapdir is used: /etc/grid-security/gridmapdir. Again, the newly created entries in the regular shared gridmapdir should be copied to the local gridmadir.
+
For the LFC, a local gridmapdir is used: <tt>/etc/grid-security/gridmapdir</tt>. Again, the newly created entries in the regular shared gridmapdir should be copied to the local gridmadir.
  
 
== Create a software installation area ==
 
== Create a software installation area ==

Revision as of 12:19, 5 June 2007

Collect information about the new VO

Go to the CIC portal ([1]) to collect information about the new VO.

Relevant information are the VOMS server(s), the content for the vomses file, possible VOMS roles and groups to be supported, indications of the number of required pool accounts etc.


Create pool accounts and the gridmapdir

Find a free Unix group ID and user ID range for the pool accounts. This can be achieved with via an ldapsearch query, or easier by using the ldap browser (LBE). LBE is available at the Nikhef desktops via /global/ices/toolset/bin/lbe.

Create pool accounts, home directories for the pool accounts and gridmapdir entries using the procedure described at the following page: [[2]].

For DPM, a separate NFS-shared home directory exists at hooimijt: /export/perm/share/gridmapdir_dpm. The pool account entries created in the regular gridmapdir can simply be copied (as user root on hooimijt) to the gridmapdir for DPM.

For the LFC, a local gridmapdir is used: /etc/grid-security/gridmapdir. Again, the newly created entries in the regular shared gridmapdir should be copied to the local gridmadir.

Create a software installation area

This section is only needed if the VO requires a software installation area.

The software installation areas are located under /export/cache/lcgprod/esia at host hooimijt. The areas should be created manually, as user root at hooimijt.

mkdir /export/cache/lcgprod/esia/voname
chgrp unixgroup /export/cache/lcgprod/esia/voname
chmod g+wrs /export/cache/lcgprod/esia/voname
chmod +t /export/cache/lcgprod/esia/voname

If there is a group of pool accounts for sgm users for the VO, unixgroup should match the group for the sgm users.

Add the VO configuration to Quattor profiles

All modifications to the Quattor set up are located in the template hierarchy under the facility-specific directory $L/cfg/facility/facility-name where $L points to the conf directory under the Quattor root directory. Unless specified differently, all files mentioned here are relative to the facility-specific directory.

lcg2/yaim/pro_vo_voname.tpl

Configuration of VO settings like the VOMS server, contents for the vomses file, location of the software installation directory, the default storage element etc. It is recommended to copy an existing template, rename it and customize its contents.

lcg2/yaim/pro_config_lcg2_vos.tpl

In this file, include the VO-specific file created above.

lcg2/yaim/pro_lcg2_config_yaim_files.tpl

Add 1 line per pool account group associated with the VO to the definition of variable USERSCONF. This line should refer to the first pool account in the group only (because we do not use Yaim to create these users). Add all supported VOMS roles and groups to variable GROUPSCONF.

lcg2/yaim/pro_queue_access.tpl

Add the name of the VO and optional VOMS FQANs to the QUEUE_GROUP_ENABLE variables that correspond to the queues to which the VO users may submit jobs.

lcg2/pro_lcg2_service_maui.tpl

Add a line to the Maui configuration to specify the fair share and priority of the VO.

lcg2/yaim/pro_voms_trustanchors.tpl

If the server certificate of the VOMS server is not installed via e.g. an rpm, it should be included in this template.