Difference between revisions of "Using generic per-node pool accounts or a shared map database"

From PDP/Grid Wiki
Jump to navigationJump to search
 
Line 1: Line 1:
 +
== Disclaimer ==
 +
 +
The preferred way of installing gLExec is using a central authorization service such as SCAS, Argus, or GUMS. The instructions below are for an installation without such a central service.
 +
 +
== Introduction ==
 +
 
A way to deploy gLExec on the worker node is by using (VO-agnostic) generic pool accounts that are local to each worker node. This way, you can be sure that a gLExec'ed job does not "escape" from the node, and it limits the number of pool accounts needed.  
 
A way to deploy gLExec on the worker node is by using (VO-agnostic) generic pool accounts that are local to each worker node. This way, you can be sure that a gLExec'ed job does not "escape" from the node, and it limits the number of pool accounts needed.  
  
Line 6: Line 12:
  
 
* create at least as many pool accounts as you have job slots on a WN
 
* create at least as many pool accounts as you have job slots on a WN
* assign a worker node local gridmapdir (suggestion: <tt>/var/local/gridmapdir</tt>)
+
* assign a worker node local gridmapdir (suggestion: <tt>/var/local/gridmapdir/</tt> or <tt>/etc/grid-security/gridmapdir/</tt>)
 
* create local pool accounts with a local home directory (suggestion: account names <tt>wnpool00</tt> etc, and home directories in a local file system that has enough space, e.g., /var/local/home/poolwn00, etc.)
 
* create local pool accounts with a local home directory (suggestion: account names <tt>wnpool00</tt> etc, and home directories in a local file system that has enough space, e.g., /var/local/home/poolwn00, etc.)
 
* configure the lcmaps.db configuration used by glexec to refer to this gridmapdir
 
* configure the lcmaps.db configuration used by glexec to refer to this gridmapdir
 
Note that the /var/run/glexec directory is used to maintain the mapping between the target and the originator account for easy back-mapping for running jobs. This information is of course also logged to syslog(3).
 
  
 
If you like shared pool accounts, you can use a shared atomic state database (implemented as an NFS directory) to host the gridmapdir. All operations on the gridmapdir are atomic, even over NFS, and it scales really well (remember that NFS is still the file sharing mechanism of choice for many large installations)
 
If you like shared pool accounts, you can use a shared atomic state database (implemented as an NFS directory) to host the gridmapdir. All operations on the gridmapdir are atomic, even over NFS, and it scales really well (remember that NFS is still the file sharing mechanism of choice for many large installations)
  
Detailed documentation is given at [http://www.nikhef.nl/grid/lcaslcmaps/glexec/glexec-install-procedure.html http://www.nikhef.nl/grid/lcaslcmaps/glexec/glexec-install-procedure.html].
+
Detailed documentation (currently only for 0.6.8-3) is given at [http://www.nikhef.nl/grid/lcaslcmaps/glexec/glexec-install-procedure.html http://www.nikhef.nl/grid/lcaslcmaps/glexec/glexec-install-procedure.html].
  
 
== More information ==
 
== More information ==
  
 
To test your setup then you can find more information on the page for [[Debugging hints]].
 
To test your setup then you can find more information on the page for [[Debugging hints]].

Latest revision as of 10:40, 16 April 2010

Disclaimer

The preferred way of installing gLExec is using a central authorization service such as SCAS, Argus, or GUMS. The instructions below are for an installation without such a central service.

Introduction

A way to deploy gLExec on the worker node is by using (VO-agnostic) generic pool accounts that are local to each worker node. This way, you can be sure that a gLExec'ed job does not "escape" from the node, and it limits the number of pool accounts needed.

Configuration

For this configuration, you

  • create at least as many pool accounts as you have job slots on a WN
  • assign a worker node local gridmapdir (suggestion: /var/local/gridmapdir/ or /etc/grid-security/gridmapdir/)
  • create local pool accounts with a local home directory (suggestion: account names wnpool00 etc, and home directories in a local file system that has enough space, e.g., /var/local/home/poolwn00, etc.)
  • configure the lcmaps.db configuration used by glexec to refer to this gridmapdir

If you like shared pool accounts, you can use a shared atomic state database (implemented as an NFS directory) to host the gridmapdir. All operations on the gridmapdir are atomic, even over NFS, and it scales really well (remember that NFS is still the file sharing mechanism of choice for many large installations)

Detailed documentation (currently only for 0.6.8-3) is given at http://www.nikhef.nl/grid/lcaslcmaps/glexec/glexec-install-procedure.html.

More information

To test your setup then you can find more information on the page for Debugging hints.