Difference between revisions of "Set up gLExec for Argus"
| Line 9: | Line 9: | ||
== Configuration with YAIM == | == Configuration with YAIM == | ||
| − | Please see the [https://twiki.cern.ch/twiki/bin/view/EGEE/YAIM YAIM guide] for general instructions on using YAIM, and [https://twiki.cern.ch/twiki/bin/view/LCG/Site-info_configuration_variables#GLEXEC_wn the list of variables] that need to be set in site-info.def | + | Please see the [https://twiki.cern.ch/twiki/bin/view/EGEE/YAIM YAIM guide] for general instructions on using YAIM, and [https://twiki.cern.ch/twiki/bin/view/LCG/Site-info_configuration_variables#GLEXEC_wn the list of variables] that need to be set in site-info.def, or siteinfo/services/glexec-wn. |
| + | Noteworthy variables: | ||
| + | GLEXEC_WN_OPMODE=setuid | ||
| + | GLEXEC_WN_ARGUS_ENABLED=yes | ||
| + | ARGUS_PEPD_ENDPOINTS="https://argus1.example.com:8154/authz https://argus2.example.com:8145/authz" | ||
| + | |||
| + | In this example the site has two service endpoints; the quotes are necessary as this is interpreted shell code. Multiple endpoints may be defined for scale; the pep-c plug-in will randomly choose one endpoint to talk to, and automatically fail-over to the others. (?? Verify please) | ||
== Manual Configuration == | == Manual Configuration == | ||
Revision as of 15:04, 27 April 2010
Setting up gLExec on the worker node to query Argus for authorization decisions is preferably done through YAIM, but some set-ups require manual configuration.
Installation
For the installation and configuration of Argus, see the Argus documentation.
For the installation of gLExec on the worker node, see the release notes and the installation manual.
Configuration with YAIM
Please see the YAIM guide for general instructions on using YAIM, and the list of variables that need to be set in site-info.def, or siteinfo/services/glexec-wn.
Noteworthy variables:
GLEXEC_WN_OPMODE=setuid GLEXEC_WN_ARGUS_ENABLED=yes ARGUS_PEPD_ENDPOINTS="https://argus1.example.com:8154/authz https://argus2.example.com:8145/authz"
In this example the site has two service endpoints; the quotes are necessary as this is interpreted shell code. Multiple endpoints may be defined for scale; the pep-c plug-in will randomly choose one endpoint to talk to, and automatically fail-over to the others. (?? Verify please)
