Adding Pilot roles to system, May 2009

There was a useful page on doing this: Glasgow Enabling theLHCb/ATLAS pilot roles. Following that through:

Introduction

The fair-share for each group was adjusted in the maui.cfg on epgce3. Also needs to be done for BlueBEAR.

Pool Accounts

We have a shell script /home/lsl/sys/GRID/makeug-yaim/makeugf which creates files (passwd, group, users.conf, and a useradd script); this version creates pilot userids as well, for LHCb and ATLAS. It produces userids/groups in several selectable styles:

  • The traditional style userids lhb001 and sgmlhb01 (etc), with groups lhcb and lhcbsgm (etc). We currently use this except on epgce4 and its BlueBEAR WNs.
  • The compact style with userids lhb001 and lhbs01 (etc), with groups lhcb and lhcbs (etc). Userids are therefore always 6 characters.
  • Either style can have an optional prefix. We use the compact style with a prefix of "g-" on epgce4 and BlueBEAR, so userids are guaranteed different to non-grid userids, and are 8 characters, no more, which is good for command output like showq.

users.conf, passwd, group, and a addug script is generated with the above command. The addug script contains groupadd and useradd commands. The pilot userids from these were added on epgse1, epgsr1, epgce3, epgce3 WNs, epgce4, and epgce4 WNs. As the latter are part of the BlueBEAR cluster, I asked Alan of ITS to do the necessary work to add these userids to the BB ldap authentication system. The users.conf new lines (that is, referring to the pilot roles) were appended to the users.conf on the above machines.

For each machine, extra roles were added in /root/yaim-conf/groups.conf, following the Glasgow page. There's a small typo there (as of 20/5/2009): the flag fields of the users.conf and groups.conf files need to agree: either "pil", or "pilot", say, but not one of each!

Node-specifc tasks

Before running yaim, a backup of /etc, /opt and /var directories was done, to local disk. Yaim is version 4.0.6-47 on epgce3/4 and 4.0.7-9 on epgse1/sr1. On epgse1/sr1, some duplicate uid entries in users.conf were removed first (totalep group entries removed, clashed with na48 entries).

The suggested yaim commands were run: see Glasgow document; for epgse1, the command needed an extra -n SE_dpm_mysql and for epgsr1 an extra -n SE_dpm_disk.

The yaim run updated file: /opt/edg/etc/edg-mkgridmap.conf.

/etc/cron.d/edg-mkgridmap was changed by the yaim procedure: on epgse1/sr1 the change was harmless (white space, and minutes past the hour). On epgce3/4, it re-introduced an old bug https://savannah.cern.ch/bugs/?39326, so I restored the old version from the disk backup. /etc/cron.d/lcg-expiregridmapdir appeared on epgsr1: it wasn't there before, but it's ineffective since it invokes missing script /opt/edg/sbin/lcg-expiregridmapdir.pl. Also appeared: /opt/glite/etc/profile.d/clean-grid-env-funcs.sh.

On epse1 and epgsr1, /opt/glite/etc/profile.d/grid-env.sh was updated and lost the line which sets GRID_ENV_LOCATION. /opt/lcg/etc/lcgdm-mapfile and
/opt/lcg/etc/lcgdm-mkgridmap.conf updated.

-- LawrenceLowe - 01 Jun 2009

Topic revision: r2 - 01 Jun 2009 - 15:12:48 - LawrenceLowe
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback