[glue-wg] publishing srb information on glue
Jensen, J (Jens)
j.jensen at rl.ac.uk
Wed Oct 31 14:39:01 CDT 2007
Shunde Zhang wrote:
> Hi Jens,
>
> Sorry for the late response since I've been away for days.
No worries - I know this only too well.
> Thanks for your reply and it is very helpful.
Oh, good.
> Can I ask if your SRB is a 'normal' one or it is
> installed with GSI support or with a gridftp interface?
Er, both. (Apologies for going off topic for GLUE-WG) It uses a normal
.MdasAuth file for authentication, but also has a gridftp server - which
of course uses GSI. The S commands use ENCRYPT1.
>
> At this stage I just started looking at how to publish SRB to our MDS. but I
> cannot find fields to put SRB's zone, resource and SRB uses username/password
> so how I can use ACL to show who can use what resource.
Right, in my case the gridftp server is connected to a single SRB
resource which in turn is more or less dedicated to a single VO (it's
actually a test account for a customer but we use it more for
interoperability testing).
I am told this is the limitation of the gridftp server: if you're
writing, you can access only one resource.
However, it fits well with GLUE because you publish an SA with a
suitable SAPath for a single VO.
At this stage we haven't tried relying on the ACBR for resolving the SRB
but it should be possible.
>
> If possible, could you also give me a sample of GLUE xml with SRB information?
> thanks a lot.
>
Do an ldapsearch on ldap://pps-bdii.cern.ch:2170 looking for the SE with
hostname kisumu.esc.rl.ac.uk.
This one works even with lcg-cr!
It's there now (just checked) but Derek (our Tier 1 BDII admin among
other things) has been talking about moving it over to production so he
can test it with CASTOR. If you can't find it, try looking in the
toplevel BDII for production.
Regards,
--jens
More information about the glue-wg
mailing list