Eric Shook, Anand Padmanabhan Eric Shook, Anand Padmanabhan Grid Research & educatiOn group @ IoWa Grid Research & educatiOn group @ IoWa (GROW) (GROW) ITS Academic Technologies – Research ITS Academic Technologies – Research Services Services The University of Iowa The University of Iowa Iowa City, IA 52242, USA Iowa City, IA 52242, USA May 16, 2006 May 16, 2006 GUMS GUMS
23
Embed
Eric Shook, Anand Padmanabhan Grid Research & educatiOn group @ IoWa (GROW) ITS Academic Technologies – Research Services The University of Iowa Iowa City,
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Eric Shook, Anand PadmanabhanEric Shook, Anand Padmanabhan
Grid Research & educatiOn group @ IoWa Grid Research & educatiOn group @ IoWa (GROW)(GROW)
ITS Academic Technologies – Research ITS Academic Technologies – Research Services Services
The University of IowaThe University of IowaIowa City, IA 52242, USAIowa City, IA 52242, USA
May 16, 2006May 16, 2006
GUMSGUMS
22
What is GUMS?What is GUMS?
““The GUMS service performs one The GUMS service performs one and only one function: it maps and only one function: it maps user’s grid certificates/credentials to user’s grid certificates/credentials to site-specific identities/credentials site-specific identities/credentials (e.g., UNIX accounts or Kerberos (e.g., UNIX accounts or Kerberos principals) in accordance with the principals) in accordance with the site’s grid resource usage policy.”site’s grid resource usage policy.”
Define groups of usersDefine groups of users Determine user group mappingDetermine user group mapping Groups are defined by groupMappingGroups are defined by groupMapping
– groupMapping uses three definitionsgroupMapping uses three definitions userGroupuserGroup accountMappingaccountMapping compositeAccountMapping (not covered)compositeAccountMapping (not covered)
99
groupMappinggroupMapping
Defines a group of usersDefines a group of users Example:Example:
Defines a group of hosts and which Defines a group of hosts and which groupMappings will be usedgroupMappings will be used
Two groups are definedTwo groups are defined– CertificateHostGroupCertificateHostGroup– WildcardHostGroup (deprecated)WildcardHostGroup (deprecated)
1515
hostGroup (…)hostGroup (…)
WildcardHostGroupWildcardHostGroup– Use of this group is discouragedUse of this group is discouraged– Does not properly handle certificate identitiesDoes not properly handle certificate identities
*.persistanceFactory*.persistanceFactory– userGroup.name == table or column within userGroup.name == table or column within
mysql in relation to persistanceFactory usedmysql in relation to persistanceFactory used– accountMapping.groupName == UNIX useraccountMapping.groupName == UNIX user– accountMapping.name == pool reference accountMapping.name == pool reference
name created by ‘gums’ utility programname created by ‘gums’ utility program
1717
Wildcard WarningsWildcard Warnings
hostGroup CN and DN mappings hostGroup CN and DN mappings utilize wildcards to cover a wide utilize wildcards to cover a wide variety of hosts, variety of hosts, – But they can cause problemsBut they can cause problems
Look *closely* at your host Look *closely* at your host certificatescertificates– Make certain they will match a wildcardMake certain they will match a wildcard
Order matters in gums.configOrder matters in gums.config
1818
Wildcard Warnings (…)Wildcard Warnings (…)
Wildcards do not match beyond Wildcards do not match beyond – ‘‘.’, ‘/’, or ‘=‘.’, ‘/’, or ‘=‘
What does this mean?What does this mean?– If CN of certificate = “host/grow.uiowa.edu”If CN of certificate = “host/grow.uiowa.edu”
Also availableAlso available– Manual mapping administrative capabilitiesManual mapping administrative capabilities– Update groups and cachesUpdate groups and caches
2020
GUMS Utility Program GUMS Utility Program (…)(…)
Example – add pool account user Example – add pool account user rangerange– ./gums pool-addRange mysql grow grow10-./gums pool-addRange mysql grow grow10-
9999 Example – generate grid-map file Example – generate grid-map file