HOWTO set up gLExec on the worker node
From PDP/Grid Wiki
Revision as of 08:51, 10 May 2010 by Msalle@nikhef.nl (talk | contribs) (→Central authorization service)
This guide will help you make a choice in deployment and configuration for gLExec on the worker node on your site.
Prerequisites
Prerequisite is that you already have a Grid site, including a Compute Element (LCG-CE and/or CREAM-CE) and worker nodes. For more general guidelines for site setup and configuration, see the gLite documentation.
See also the gLite release notes and the Installation Guide.
Central authorization service
It is recommended to set up a central authorization service, either
- Set up gLExec for Argus, which is the recommended solution (but see the checklist below), or
- Set up gLExec with SCAS, in some special cases as described below
Both options are fully supported, configurable by YAIM and offer similar functionality. See Argus, SCAS.
Special cases
Check if any of the following apply.
- my site makes use of third party plug-ins for LCMAPS
- You could still try to set up gLExec for Argus, and configure the LCMAPS plug-in for use with gLExec. If the plug-in should be run centrally, set up gLExec with SCAS instead.
- My site uses the LDAP enforcement plug-in for LCMAPS
- Set up gLExec with SCAS, and configure SCAS to use the ldap_enf plug-in. You can call Argus in the LCMAPS chain when Argus is configured without credential mapping.
- Users are authorised through secondary group mappings
- As Argus doesn't support secondary group mappings, set up gLExec with SCAS instead. You can call Argus in the LCMAPS chain when Argus is configured without credential mapping.
- I need a site-wide centralized authorization service, for the CEs as well as the WNs
- The tested option in this case is SCAS, but Argus should work as well; configure CREAM for use with SCAS.
- I've tried Argus and I found a problem
- Report a bug on Argus; if the problem is a show stopper, try SCAS as a (temporary) alternative.