Changes between Version 148 and Version 149 of Doc/gLite/TemplateCustomization


Ignore:
Timestamp:
Jan 11, 2010, 5:51:04 PM (16 years ago)
Author:
/O=GRID-FR/C=FR/O=CNRS/OU=LAL/CN=Michel Jouvin
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • Doc/gLite/TemplateCustomization

    v148 v149  
    2952952 variables allow to modify this default behaviour for generating grid-mapfile:
    296296 * `VO_GRIDMAPFILE_MAP_VOMS_ROLES`: when set  to `true`, a grid-mapfile entry is added for each valid VO FQANs in addition to the VO members.
    297  * `VO_GRIDMAPFILE_FQAN_FILTER`: this nlist allows to define on a per-VO basis what are the VOMS FQANs to add to the grid-mapfile. The key is a VO name or `DEFAULT` for the default entry. Default entry if present is applied to all VOs without an explicit entry. If there is no entry for a VO and there is no default entry defined, all VO users and valid FQANs are added to the grid-mapfile. This variable is ignored if `VO_GRIDMAPFILE_MAP_VOMS_ROLES` is not true. The entry value must be either a FQAN declared in VO parameters (without the initial /voname), a VOMS mapping description as declared in the VO parameters or undef to allow all users and valid FQAN. '/' is interpreted as all normal users (without a specific group or role).
     297 * `VO_VOMS_FQAN_FILTER`: this nlist allows to define on a per-VO basis what are the VOMS FQANs to add to the grid-mapfile. The key is a VO name or `DEFAULT` for the default entry. Default entry if present is applied to all VOs without an explicit entry. If there is no entry for a VO and there is no default entry defined, all VO users and valid FQANs are added to the grid-mapfile. This variable is ignored if `VO_GRIDMAPFILE_MAP_VOMS_ROLES` is not true. The entry value must be either a FQAN declared in VO parameters (without the initial /voname), a VOMS mapping description as declared in the VO parameters or undef to allow all users and valid FQAN. '/' is interpreted as all normal users (without a specific group or role).
    298298 
    299  These 2 variables are mainly used on [#VOBOX VO boxes].
     299 These 2 variables are mainly used on [#VOBOX VO boxes] where they should be defined with appropriate values by the standard configuration.
    300300
    301301== Allocation of Service Accounts ==
     
    979979The configuration templates for the VOBOX enforce there is only one VO configured for acess to VOBOX specific services. This VO must be declared using the `VOS` variable, as for other machine types. If you want to give other VOs access to the VOBOX for the management and operation of the VOBOX, you need to explicitly allow them using the variable `VOBOX_OPERATION_VOS`. This variable is a list of VOs considered as operation VOs. By default, this list is only VO `ops`. If the VOs listed in this variable are not listed in  `VOS`, they are automatically added.
    980980
    981 ''Note: this is recommended to list in `VOS` only the VO with access to VOBOX services, not the operation VOs, as accounts of every VO in `VOS` are enabled for gsissh access.''
     981Only the enabled VO has a `gsissh` access to the VOBOX by default. If you want the operation VOs to also be enabled for `gsissh` access to the VOBOX, you need to define variable `VOBOX_OPERATION_VOS_GSISSH` to `true` in the VOBOX profile. Only the FQAN enabled by [#MappingofVOMSgroupsrolesintogrid-mapfile VO_VOMS_FQAN_FILTER] will be enabled for each VO (default: SW manager).
     982
     983''Note: if you add `dteam` VO to operation VOs and enable `gsissh` access for operation VOs, be sure to restrict the people who will be allowed interactive access to the VOBOX, as `dteam` is a very large VO with people from every grid site.''
    982984
    983985There are some other variables available to tune the VOBOX configuration but the default should generally be appropriate. The main ones are: