[gin-data] Re: progress...

Stuart Martin smartin at mcs.anl.gov
Thu Jul 27 12:01:07 CDT 2006 

Bill,

For TeraGrid, we are taking the DNs and mapping them all to a group  
account "ginuser".  Currently, this is done by hand.  We take the GIN  
VO members from here: http://kuiken.nikhef.nl/gin.ggf.org/grid-mapfile

And have a merging process to augment the tg grid resource's gridmap  
file.  The merging process is needed in order for those with multiple  
mappings like myself to have a default mapping "smartin" and then  
"secondary" mappings "osgtg,ginuser" e.g.
     "/DC=org/DC=doegrids/OU=People/CN=Stuart Martin 564728"  
smartin,osgtg,ginuser

Others with just the one mapping are done as you'd expect, e.g.:
     "/C=CH/O=CERN/OU=GRID/CN=Erwin Laure 0286" ginuser

You are right in that we don't know who for sure who actually wrote  
the 100TB file, but we could probably track it down by looking at the  
log files for the gridftp server.  Similar for the container and  
gatekeeper log file and job request abuses.

Another point is that the GIN VO access should be for simple interop  
testing/verification, so we should not have too many problems with  
abuse.  I don't think the VO membership list should get so large that  
we can't stop problems easily if they occur.

-Stu

On Jul 27, 2006, at Jul 27, 8:48 AM, William E. Allcock wrote:

> Ok, so for the immediate issue, Gregor (or his appropriate  
> designee), simply
> needs to use the registration page and after it is pushed out, they  
> should
> be able to make test runs against an installed GridFTP server,  
> correct?  Can
> we assume they are all on the standard port (2811) or is there a page
> somewhere that lists the contact strings?
>
> For my curiosity sake, all the Grids are using pool accounts,  
> including the
> TeraGrid?  How do you do auditing?  For instance, if we were to  
> push a 100TB
> file at a site and fill up the available space, how would you know  
> who did
> it?
>
> Bill
>
>
>> -----Original Message-----
>> From: David Wallom [mailto:david.wallom at oerc.ox.ac.uk]
>> Sent: Thursday, July 27, 2006 8:42 AM
>> To: allcock at mcs.anl.gov; Erwin Laure; 'Gregor von Laszewski'
>> Cc: gin-data at ggf.org; 'Mihael Hategan'; 'Raj Kettimuthu'
>> Subject: Re: [gin-data] Re: progress...
>>
>> Hello Bill,
>>
>> That is a gridmapfile that uses the pool accounts patch that
>> was applied
>> through EDG. Within the UK we have a patch to make this work
>> with both PreWS
>> & WS version of GT4 if you want.
>>
>> Cheers
>>
>> David
>>
>>
>> On 27/7/06 14:35, "William E. Allcock" <allcock at mcs.anl.gov> wrote:
>>
>>
>>> Never having used VOMS, I guess I am also a little
>>>
>> confused.  I went to the
>>
>>> registration page, and I looked in the gridmapfile.
>>>
>> However, the gridmap
>>
>>> file isn't really a gridmap file, because it doesn't
>>>
>> actually map anything.
>>
>>> It has a list of DNs, but there are no accounts associated
>>>
>> with them, which
>>
>>> is what the gridmap file does.  So, I think Gregor's (and
>>>
>> my) question is,
>>
>>> what account will the GridFTP server that gets invoked be
>>>
>> run under?  Or
>>
>>> does each Grid take responsibility for mapping it to some
>>>
>> appropriately
>>
>>> restricted account and we can just not worry about that?
>>>
>>> Bill
>>>
>>>
>>>> -----Original Message-----
>>>> From: owner-gin-data at ggf.org [mailto:owner-gin-data at ggf.org]
>>>> On Behalf Of Erwin Laure
>>>> Sent: Thursday, July 27, 2006 4:22 AM
>>>> To: Gregor von Laszewski
>>>> Cc: gin-data at ggf.org; Mihael Hategan; Raj Kettimuthu
>>>> Subject: [gin-data] Re: progress...
>>>>
>>>> Hi Gregor,
>>>>
>>>> You can get an initial list of Grids for testing purposes from:
>>>> http://wiki.nesc.ac.uk/read/gin-jobs?GinResources
>>>>
>>>> Why do you need accounts on these Grids? Wouldn't simply
>>>> joining the GIN
>>>> VO do? Information on how to join the VO is available at
>>>> http://wiki.nesc.ac.uk/read/gin-jobs
>>>> This VO is supported by all GIN sites.
>>>>
>>>> Cheers,
>>>>
>>>> -- Erwin
>>>>
>>>> Gregor von Laszewski wrote:
>>>>
>>>>> Erwin:
>>>>>
>>>>>     we have tested our tool and it works as expected.
>>>>>
>>>> However, there is
>>>>
>>>>> some issue in regards to renewing accounts and alloctaions
>>>>>
>>>> on TG to  run
>>>>
>>>>> this that are not yet resolved. To no longer delay the
>>>>>
>>>> publication of
>>>>
>>>>> the data, we have involved Raj that will start the  program
>>>>>
>>>> for us on
>>>>
>>>>> the TG. We hope this takes place tomorrow. This  also
>>>>>
>>>> allows us to test
>>>>
>>>>> the "easy deploy" requirement of the systems  so it could
>>>>>
>>>> be replicated
>>>>
>>>>> on other systems. Mike is improving the  documentation to
>>>>>
>> make this
>>
>>>>> happening.
>>>>>
>>>>> In return we have one question that we issued to this
>>>>>
>>>> mailinglist  before:
>>>>
>>>>>
>>>>> On which other Grids should we test our software?
>>>>> Is there someone in the GIN working group that can let us
>>>>>
>>>> know which
>>>>
>>>>> Grids we should approach next? From the experience we had with
>>>>> obtaining accouts, it looks like we want to get this
>>>>>
>>>> established  ASAP.
>>>>
>>>>> in order to start the application program. We probably need
>>>>>
>>>>  some kind
>>>>
>>>>> of "sponsor" or "champion" to push this out on the other
>>>>>
>>>> Grids. So if
>>>>
>>>>> there are people from other Grids (other than TG) in  this working
>>>>> group, maybe you can let us know how we should approach  getting
>>>>> accounts on your Grids.
>>>>>
>>>>> I would assume this applies also to the other technologies
>>>>>
>>>> from the
>>>>
>>>>> GIN-WG, do you have a uniform project description that I can point
>>>>> other Grids to as part of the application process?
>>>>>
>>>>> Gregor
>>>>>
>>>>>
>>>>> On Jul 25, 2006, at 4:39 AM, Erwin Laure wrote:
>>>>>
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> GGF18 is coming up soon. Could we please get an update on
>>>>>>
>>>> the  interop
>>>>
>>>>>> tests of SRB, SRM, and gridFTP?
>>>>>>
>>>>>> We will use this information to make an interop matrix
>>>>>>
>>>> available on
>>>>
>>>>>> the GIN gridforge pages.
>>>>>>
>>>>>> Also, we should prepare instructions of how people can run these
>>>>>> tests themselves, i.e. test, whether their infrastructure is
>>>>>> interoperable with others.
>>>>>>
>>>>>> Cheers,
>>>>>>
>>>>>> -- Erwin
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>
>> -- 
>> +++++++++++++++++++++++++++++++++
>> Dr. David Wallom
>> Technical Manager
>> Oxford e-Research Centre
>> University of Oxford
>> c/o OUCS
>> 13 Banbury Road
>> Oxford
>> OX2 6NN
>>
>> Tel  : +44 (0)1865 283378
>> email: david.wallom at oerc.ox.ac.uk
>>
>> PLEASE NOTE THE NEW EMAIL ADDRESS as OERC.OX.AC.UK
>> IERC WILL CONTINUE TO RECEIVE EMAIL FOR THE NEXT
>> FEW MONTHS BUT WILL EVENTUALLY PHASE OUT. PLEASE
>> CHANGE YOUR ADDRESS BOOK APPROPRIATELY
>>
>> +++++++++++++++++++++++++++++++++
>>
>>
>>
>>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.ogf.org/pipermail/gin-data/attachments/20060727/df5ea0a5/attachment.html

More information about the gin-data mailing list