wiki:Doc/gLite/TemplateLayout

Version 6 (modified by /C=FR/O=CNRS/OU=UMR8607/CN=Michel Jouvin/emailAddress=jouvin@…, 18 years ago) (diff)

--

Layout of gLite Templates

TracNav

Table of Contents

  1. Layout Description
  2. Template Customization
    1. Allocation of Service Accounts
    2. Accepted CAs

This page contains a description of the layout of templates for gLite provided by QWG and how the site customization should be integrated. See page on template framework for more details on template framework structure and site customization.

Layout Description

Layout of gLite templates is based on PAN namespaces. This PAN feature brings an improved manageability. Among advantages, it allows :

  • More structured layout
  • Easier guess of where a template is located as its relative path is part of its name
  • Support for nodes running different versions of the gLite in the same cluster (not yet implemented)

A part of the effort to ease management of templates, templates names are now organized based on a per service view. That means that there is one directory for each service, with all the templates needed to configure the service contained in this directory (RPMs list, configuration information...). Inside each service directory, template names are now quite standardized. Main templates, available in every service where it is relevant, are :

  • rpms.tpl : contains all the RPMs required to run the service
  • service.tpl : contains all middleware components that need to be configured to run a specific service. This is mainly used for high level services, like CE, WN, BDII... This doesn't include any OS related information.
  • config.tpl : contains all the configuration information required to configure the service (but not the included services)

Some services are made of several sub-components using different configuration information but providing no specific RPMs (e.g. gridice). In this case, config.tpl is replaced by one template for each sub-component, named after the sub-component name. If the sub-component requires some RPMs, a sub-directory is created (e.g. nfs/client and nfs/server) and if they share common configuration information, the template for this is placed in the parent directory (e.g. nfs) and the template is generally named base.tpl.

gLite services templates are organized in 3 main hierarchies :

  • glite : one directory per gLite high-level service
  • lcg : one directory per LCG high-level service (in fact LCG CE and LCG RB) that are still part of gLite.
  • common : one directory per lower-level service used to configure high-level service.

There are a few exception to the service oriented layout of templates :

  • users : to improve consistency in account IDs allocation, all the account related templates (user/group creation) arenow in one directory, common/users, and is no longer part of service information. There is one template per user/group and the name of this template is generally the name of the user created. Some of them are empty : they are just placeholders to allow a site to define this accout.
  • common/security : this directory contains all the templates related to security configuration, mainly GSI (host certificates checking, accepted CAs, CRL management...)

In addition, gLite templates include the following hierarchies, very close to what existed in LCG2 templates :

  • machine-types : one template per machine type. Intended to be included in a machine profile.
  • vo : all the VO related information (not yet based on namespaces).
  • standard : version of some critical standard templates.
  • components : description of NCM components related to gLite services used in other gLite templates (doesn't include OS related components)
  • defaults : templates providing sensible default values, mainly `site.tpl' for default site parameter values.
  • repository : template defining RPM repositories where gLite RPMs are located. Need to be edited to match site repository names..

Template Customization

Despite the change in template layout, LCG2 template customization is still valid for gLite3. Refer to this description, except for components with an explicit description provided here.

Allocation of Service Accounts

Some services allow to define a specific account to be used to run the service. In this case, there is one template for each of these accounts in common/users. The name of the template generally matches the user account created or, when the template is empty, the name of the service.

A site can redefine account names or characteristics (uid, home directory...). To do this, you should not edit directly the standard templates as the changes will be lost in the next version of the template (or you will have to redo them by hand). You should create a users directory somewhere in your site or cluster hierarchy (e.g. under the site directory, not directly at the same level else it will not work without adjusting cluster.build.properties) and put your customized version of the template here.

Note : don't change the name of the template, even if you change the name of the account used (else you'll need to modify standard templates needing this user).

Accepted CAs

There is one template defining all the accepted CAs. We generally produced a new one each time there is a new release of the list of CAs officially accepted by EGEE. If you need to adjust it, create a site or cluster specific copy of common/security/cas.tpl in a directory common/security.