Changes between Version 140 and Version 141 of Doc/gLite/TemplateCustomization

Timestamp:

Dec 20, 2009, 12:39:22 AM (16 years ago)

Author:

/O=GRID-FR/C=FR/O=CNRS/OU=LAL/CN=Michel Jouvin

Comment:

--

Doc/gLite/TemplateCustomization

@@ -104 +104 @@
 ''Note: VO alias names are alternative names for VOs locally defined. Unlike, VO names which are guaranteed to be unique, VO aliases may clash with another alias or full name. They must be used mainly to maintain backward compatibility in existing configurations where a name other than the VO full name was used. The use of VO alias is '''strongly''' discouraged for a new configuration or new VOs added to an existing configuration.''
  
+For some specific purposes, it is possible to execute a site-specific template just before starting the VO configuration, after the site paramaters have been read and the OS configuration has been done. Use variable `NODE_VO_CONFIG` to specify the name of the template.
+
 
 === VO accounts ===
@@ -129 +131 @@
 
 
-=== Site Specific Defaults for VO Parameters ===
-
-It is possible to define site specific defaults for VOs that override standard default. This must be done by defining variable `VOS_SITE_PARAMS` as a nlist. This nlist can contain one entry per VO plus an entry `DEFAULT`. Entry `DEFAULT` is used to define paramaters that will apply to all VOs, other entries apply only to one specific VO. The entry key is the VO name (except for `DEFAULT`), as used in `VOS` variable.
+=== Site Specific Defaults for VO Parameters === #VODefaultParams
+
+It is possible to define site specific defaults for VOs that override standard default. This must be done by defining entry `DEFAULT` in  nlist variable `VOS_SITE_PARAMS`. This entry is used to define paramaters that will apply to all VOs if they are not defined explicitly in VO parameters.
 
 Each entry value must be the name of a structure template or a nlist defining any of these properties :
@@ -138 +140 @@
  * `create_keys` : Create SSH keys for VO accounts. Default defined by variable `CREATE_KEYS` variable.
  * `unlock_accounts` : a regexp defining host names where the VO accounts must be unlocked
- * `pool_digits` : define default number of digits to use when creating pool accounts
- * `pool_offset` : define offset from VO base uid for the first pool account
- * `pool_start` : index of the first pool accounts to create for a VO
- * `pool_size` : number of pool accounts to create by default for a VO
+ * `pool_digits` : default number of digits to use when creating pool accounts
+ * `pool_offset` : offset from VO base uid for the first pool account (normal users)
+ * `pool_start` : index of the first account to create for a VO in its allocated VO range
+ * `pool_size` : number of pool accounts to create by default for a VO (normal users)
+ * `fqan_pool_size` : number of pool accounts to create for specific FQANs
  * `sw_mgr_role` : description of VO software manager role. Avoid to change default.
  * Location of standard services. See [wiki:Doc/gLite/TemplateCustomization#DefaultServicesforaVO below].
 
-For example, to define a site specific RB for VO Alice, create a template `vo/site/alice.tpl` in your site directory like :
+'Note: some properties are invalid in the context of the `DEFAULT` entry, in particular: `account_prefix`, `base_uid`, `gid`, `name`, `voms_servers`, `voms_roles`.''
+
+
+=== Overriding default VO Parameters ===
+
+In addition to define [#VODefaultParams default values] for VO parameters, it is possible to override default VO parameters, as specified in templates located in [source:trunk/grid/glite-3.2/vo/params vo/params], with site specific values. This is possible to do it on a per-VO basis or for all VOs configured on a machine. This is done using the same variable (nlist) as for [#VODefaultParams default parameters], `VOS_SITE_PARAMS`. To override default parameters for one specific VO, the key must be the VO name, as used in `VOS` variable. To override default parameters for all configured VOs, use special entry `LOCAL`.
+
+''Note: if a template `vo/site/VONAME` can be located, it'll be loaded even though there is no explicit entry for the VO into variable `VOS_SITE_PARAMS`.''
+
+The allowed properties are the same as for [#VODefaultParams default parameters].
+
+'Note: some properties are invalid in the context of the `LOCAL` entry (as with `DEFAULT`), in particular: `account_prefix`, `base_uid`, `gid`, `name`, `voms_servers`, `voms_roles`.''
+
+For example, to define a site specific WMS for VO Alice, create a template `vo/site/alice.tpl` in your site directory like :
 {{{
 structure template vo/site/alice;
 
-'rb_hosts' = 'myrb.example.org';
-}}}
-
-and add the following entry in `VOS_SITE_PARAMS` in your `site/glite/config.tpl` :
-{{{
-variable VOS_SITE_PARAMS = nlist ('alice', 'vo/site/alice',
-                                 );
-}}}
-
-''Note: if a template `vo/site/VONAME` can be located, it'll be loaded even though there is no explicit entry for the VO into variable `VOS_SITE_PARAMS`.''
+'wms_hosts' = 'wms.example.org';
+}}}
 
 Alternativly, you can define these parameters directly into `VOS_SITE_PARAMS` :
 {{{
-variable VOS_SITE_PARAMS = nlist ('alice', nlist('rbhosts' , 'myrb.example.org',
+variable VOS_SITE_PARAMS = nlist ('alice', nlist('wms_hosts' , 'wms.example.org',
                                                 ),
                                  );
 }}}
 
-In addition to `VOS_SITE_PARAMS`, '''which is the recommended method''' to specify site-specific parameters for VO configuration, it is also possible for some specific purposes to execute a site-specific template before doing the configuration related to VOs. Use variable `NODE_VO_CONFIG` to specify the name of the template.
-
 === Site-specific parameters for VOMS role accounts ===
+
 VOs often define roles in VOMS for specific purposes. For example, the ATLAS VO defines the role `production` which can only be used by users allowed to run production jobs. The roles defined for a VO are automatically retrieved by the `update.vo.config` and task. By default, a single account with an arbitrary suffix is automatically generated for each role found. For example, the following is an extract of the accounts generated for roles in the ATLAS VO:
 
@@ -186 +193 @@
 }}}
 
-A particular site may wish to define its own parameters for a particular VOMS role. You can do this by defining entries in the nlist variable VOMS_ROLE_CONFIG_SITE. In this example, the parameters are set for the role `production` in the ATLAS VO:
+A particular site may wish to define its own parameters for a particular VOMS role. This can be done with nlist variable VOMS_ROLE_CONFIG_SITE. In this variable the key is a VO name and the value a nlist where the key is the role. The value of this second nlist has the same format as `VOS_SITE_PARAMS`. 
+
+In this example, the Atlas role `production` is configured to use pool accounts:
 {{{
 variable
   VOMS_ROLE_CONFIG_SITE =
    nlist("atlas",                            # VO
-     nlist(escape("production"),             # role FQAN
-        nlist(  "description","production",  # role params
-        "fqan", "production",
-        "name", "production",
-        "pool_size", 20,
-        "base_uid", 35800,
-        "pool_digits", 3,
-        "pool_start", 1,
-        "gid", 35080,
-        "suffix", "prd") ));
+     nlist(escape("/atlas/Role=production"),             # role FQAN
+        nlist("pool_size", 20,
+              "suffix", "prd") ));
 }}}