Changes between Version 149 and Version 150 of Doc/gLite/TemplateCustomization


Ignore:
Timestamp:
Feb 7, 2010, 7:35:37 PM (16 years ago)
Author:
/O=GRID-FR/C=FR/O=CNRS/OU=LAL/CN=Michel Jouvin
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • Doc/gLite/TemplateCustomization

    v149 v150  
    33
    44[[TOC(inline,depth=1)]]
    5 = Site-wide Configuration =
     5
    66Site customization to QWG templates is done through a small set of templates used to define variables used as input by QWG templates. This doesn't cover OS basic configuration that is described in the page about [wiki:Doc/TemplateCustom template framework].
    77
     
    1414''Note: this documentation often makes reference to a template called `site/glite/config.tpl`. This template used to be called `pro_lcg2_config_site.tpl` in the past. Both names are valid and taken into account by current templates, even though the namespaced name is the recommended one.''
    1515
     16= Service-Independant Configuration =
     17
     18This section contains information about how to tweak machine describe site configuration and how to build services shared by several node types, like VO configuration, LCAS/LCMAPS, Globus...
     19 
    1620== Machine types ==
    1721
     
    313317If you need to update this template, refer to the standard [wiki:Development/Templates/Generated#TrustedCAsTemplate procedure] to do it.
    314318
     319== Globus ==
     320
     321Globus is used by most of the gLite services. Some variables allow to configure Globus parameters, in particular Globus ephemeral port ranges.
     322 *  `GLOBUS_TCP_PORT_RANGE_MIN`: lower port in TCP ephemeral port range. Default: 20000.
     323 *  `GLOBUS_TCP_PORT_RANGE_MAX`: upper port in TCP ephemeral port range. Must be greater or equal to lower port. Default: 25000.
     324 *  `GLOBUS_UDP_PORT_RANGE_MIN`: lower port in UDP ephemeral port range. Default: none.
     325 *  `GLOBUS_UDP_PORT_RANGE_MAX`: upper port in UDP ephemeral port range. Must be greater or equal to lower. Default: none.
     326
     327== LCAS / LCMAPS ==
     328
     329LCAS and LCMAPS are 2 underlying services, generally used together, by most grid services to manage authorization and user mapping. LCAS is responsible for managing authorization based on configured policies (banned users, timeslots permitted...) and LCMAPS is responsible for mapping a grid DN to a Unix user account.
     330
     331LCMAPS configuration is based on VO configured and on VOMS [#MappingofVOMSgroupsrolesintogrid-mapfile group/role mapping] rules.
     332
     333LCAS can be configured with the following variables to restrict access to a grid resource like a CE:
     334 * `LCAS_BANNED_USERS`: list of user DNs forbidden access to the resource. By default, this list is empty (it as a template DN which will never match a real user).
     335 * `LCAS_TIMESLOT_ENTRIES`: a list of timeslot specification specifying when the resource is opened to grid access. See [http://www.nikhef.nl/pub/projects/grid/gridwiki/index.php/LCAS LCAS documentation] for more information on the format. By default, there is no restriction.
    315336
    316337== Shared File Systems ==
     
    437458
    438459= Service-specific Configuration =
    439 
    440 == Globus ==
    441 
    442 Globus is used by most of the gLite services. Some variables allow to configure Globus parameters, in particular Globus ephemeral port ranges.
    443  *  `GLOBUS_TCP_PORT_RANGE_MIN`: lower port in TCP ephemeral port range. Default: 20000.
    444  *  `GLOBUS_TCP_PORT_RANGE_MAX`: upper port in TCP ephemeral port range. Must be greater or equal to lower port. Default: 25000.
    445  *  `GLOBUS_UDP_PORT_RANGE_MIN`: lower port in UDP ephemeral port range. Default: none.
    446  *  `GLOBUS_UDP_PORT_RANGE_MAX`: upper port in UDP ephemeral port range. Must be greater or equal to lower. Default: none.
    447460
    448461== LCG CE Configuration ==