HOWTO set up gLExec on the worker node

From PDP/Grid Wiki
Revision as of 08:51, 10 May 2010 by Msalle@nikhef.nl (talk | contribs) (→‎Central authorization service)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

This guide will help you make a choice in deployment and configuration for gLExec on the worker node on your site.


Prerequisites

Prerequisite is that you already have a Grid site, including a Compute Element (LCG-CE and/or CREAM-CE) and worker nodes. For more general guidelines for site setup and configuration, see the gLite documentation.

See also the gLite release notes and the Installation Guide.

Central authorization service

It is recommended to set up a central authorization service, either

Both options are fully supported, configurable by YAIM and offer similar functionality. See Argus, SCAS.

Special cases

Check if any of the following apply.

my site makes use of third party plug-ins for LCMAPS
You could still try to set up gLExec for Argus, and configure the LCMAPS plug-in for use with gLExec. If the plug-in should be run centrally, set up gLExec with SCAS instead.
My site uses the LDAP enforcement plug-in for LCMAPS
Set up gLExec with SCAS, and configure SCAS to use the ldap_enf plug-in. You can call Argus in the LCMAPS chain when Argus is configured without credential mapping.
Users are authorised through secondary group mappings
As Argus doesn't support secondary group mappings, set up gLExec with SCAS instead. You can call Argus in the LCMAPS chain when Argus is configured without credential mapping.
I need a site-wide centralized authorization service, for the CEs as well as the WNs
The tested option in this case is SCAS, but Argus should work as well; configure CREAM for use with SCAS.
I've tried Argus and I found a problem
Report a bug on Argus; if the problem is a show stopper, try SCAS as a (temporary) alternative.