Difference: AddFrontend (1 vs. 26)

Revision 262018/05/16 - Main.JeffreyDost

Line: 1 to 1
 
META TOPICPARENT name="GlideinFactoryFAQ"

Adding a New Frontend

Line: 30 to 30
 /etc/condor/config.d/90_gwms_dns.config /etc/condor/certs/condor_mapfile
Deleted:
<
<
  1. Stop the factory:
    service gwms-factory stop
  2. Reconfigure condor:
    service condor restart
 
  1. Add new frontend to /etc/gwms-factory/glideinWMS.xml:
          <frontends>
             ...
    
    
Line: 42 to 40
  </frontend> ... </frontends>
Added:
>
>
  1. Stop the factory:
    service gwms-factory stop
  2. Reconfigure condor:
    service condor stop
    service condor start
 
  1. Reconfigure and restart the factory

Notify Frontend Admin

Revision 252018/03/02 - Main.JeffreyDost

Line: 1 to 1
 
META TOPICPARENT name="GlideinFactoryFAQ"

Adding a New Frontend

Line: 24 to 24
  Perform the following steps as root:
  1. Create new user (note: on CERN factories, prefix username with _):
    /usr/sbin/useradd username
Added:
>
>
    • NOTE do NOT make custom groups with -g when running useradd, leave the frontend groups the same as usernames
 
  1. Add user to /etc/condor/privsep_config:
    valid-target-uids = feuser1 : feuser2 : … : username
    valid-target-gids = feuser1 : feuser2 : … : username
  2. Authenticate with condor:
    glidecondor_addDN -daemon 'add comment here' "frontend_DN" identity 
    Include in the comment the Frontend name, admin name, and admin's email address. This shows up in the condor config file. the changes will be found in:
    /etc/condor/config.d/90_gwms_dns.config
    
    

Revision 242017/06/21 - Main.JeffreyDost

Line: 1 to 1
 
META TOPICPARENT name="GlideinFactoryFAQ"

Adding a New Frontend

Line: 23 to 23
 

Registration Procedure

Perform the following steps as root:

Changed:
<
<
  1. Create new user and put them in the gwms group (note: on CERN factories, prefix username and group with an _):
    /usr/sbin/useradd username
>
>
  1. Create new user (note: on CERN factories, prefix username with _):
    /usr/sbin/useradd username
 
  1. Add user to /etc/condor/privsep_config:
    valid-target-uids = feuser1 : feuser2 : … : username
    valid-target-gids = feuser1 : feuser2 : … : username
Changed:
<
<
  1. Authenticate with Condor:
    /root/glideinwms/install/glidecondor_addDN -daemon 'add comment here' "frontend_DN" identity 
    Include in the comment the Frontend name, admin name, and admin's email address. This shows up in the condor config file.
  2. Reconfigure Condor:
    service condor restart

Perform the following steps as gfactory:

  1. add new Frontend to glideinWMS.xml
    <frontends>
    ...
    <frontend name="security_name" comment="Contact: add list of admins and contact email addresses here" identity="identity@gfactory-1.t2.ucsd.edu">
    <security_classes>
    <security_class name="frontend" username="username"/>
    </security_classes>
    </frontend>
    ...
    </frontends>
  2. Reconfigure and restart the Factory
>
>
  1. Authenticate with condor:
    glidecondor_addDN -daemon 'add comment here' "frontend_DN" identity 
    Include in the comment the Frontend name, admin name, and admin's email address. This shows up in the condor config file. the changes will be found in:
    /etc/condor/config.d/90_gwms_dns.config
    /etc/condor/certs/condor_mapfile
    
  2. Stop the factory:
    service gwms-factory stop
  3. Reconfigure condor:
    service condor restart
  4. Add new frontend to /etc/gwms-factory/glideinWMS.xml:
          <frontends>
             ...
             <frontend name="security_name" identity="identity@gfactory-1.t2.ucsd.edu">
                <security_classes>
                   <security_class name="frontend" username="username"/>
                </security_classes>
             </frontend>
             ...
          </frontends>
  5. Reconfigure and restart the factory
 

Notify Frontend Admin

Revision 232017/06/14 - Main.JeffreyDost

Line: 1 to 1
 
META TOPICPARENT name="GlideinFactoryFAQ"

Adding a New Frontend

Line: 41 to 41
  In your frontend security section please set: security_name="security_name"
Changed:
<
<
In factory collector section use the following: DN="/DC=com/DC=DigiCert-Grid/O=Open Science Grid/OU=Services/CN=gfactory-1.t2.ucsd.edu" factory_identity="gfactory@gfactory-1.t2.ucsd.edu" my_identity="identity@gfactory-1.t2.ucsd.edu" node="gfactory-1.t2.ucsd.edu"
>
>
In factory collector section use the following: DN="/DC=org/DC=opensciencegrid/O=Open Science Grid/OU=Services/CN=gfactory-1.t2.ucsd.ed" factory_identity="gfactory@gfactory-1.t2.ucsd.edu" my_identity="identity@gfactory-1.t2.ucsd.edu" node="gfactory-1.t2.ucsd.edu"
  In the pilot proxy section please use: security_class="frontend"

Revision 222017/05/23 - Main.JeffreyDost

Changed:
<
<
Revision 21 is unreadable
>
>
META TOPICPARENT name="GlideinFactoryFAQ"

Adding a New Frontend

Contents

Required Preliminary Info

Required from Frontend admin:

  • security_name - Agree on a name with the Frontend admin before proceeding. The security_name should contain the VO name and optionally a geographic location or abbreviated institution name if there is any chance in the future more than one frontend will serve the same VO.
  • Frontend host cert DN - provided by Frontend admin
  • Note, it may be useful to point new Frontend Admins to this twiki:
    http://www.t2.ucsd.edu/twiki2/bin/view/UCSDTier2/OSGgfactory

Decided by Factory admin:

  • username - The UNIX username the frontend will be mapped to in the factory. By convention, start username with “fe”
  • Frontend identity - The identity the frontend will be mapped to in the WMS Collector. This does not need to be the same as the UNIX username but it can be.
  • vo_name - Name to be specified in the GLIDEIN_Supported_VOs list in each entry authorized for the Frontend to use. This is usually simply the VO name but is arbitrary. It must be given to the Frontend admin to complete the process.

Like security_name, if multiple frontends serve the VO it may be useful to have geographic or institutional info in the username and identity name.

Registration Procedure

Perform the following steps as root:

  1. Create new user and put them in the gwms group (note: on CERN factories, prefix username and group with an _):
    /usr/sbin/useradd username
  2. Add user to /etc/condor/privsep_config:
    valid-target-uids = feuser1 : feuser2 : … : username
    valid-target-gids = feuser1 : feuser2 : … : username
  3. Authenticate with Condor:
    /root/glideinwms/install/glidecondor_addDN -daemon 'add comment here' "frontend_DN" identity 
    Include in the comment the Frontend name, admin name, and admin's email address. This shows up in the condor config file.
  4. Reconfigure Condor:
    service condor restart

Perform the following steps as gfactory:

  1. add new Frontend to glideinWMS.xml
    <frontends>
    ...
    <frontend name="security_name" comment="Contact: add list of admins and contact email addresses here" identity="identity@gfactory-1.t2.ucsd.edu">
    <security_classes>
    <security_class name="frontend" username="username"/>
    </security_classes>
    </frontend>
    ...
    </frontends>
  2. Reconfigure and restart the Factory

Notify Frontend Admin

Email the frontend admin when it is finished:

Hi admin_name,

We have finished registering your frontend to our factory. Here is the relevant info you need to complete your frontend configuration:

In your frontend security section please set:  security_name="security_name"

In factory collector section use the following: DN="/DC=com/DC=DigiCert-Grid/O=Open Science Grid/OU=Services/CN=gfactory-1.t2.ucsd.edu" factory_identity="gfactory@gfactory-1.t2.ucsd.edu" my_identity="identity@gfactory-1.t2.ucsd.edu" node="gfactory-1.t2.ucsd.edu"

In the pilot proxy section please use:  security_class="frontend"

Please also add stringListMember("vo_name",GLIDEIN_Supported_VOs) to your factory query_expr.

For the next step, please let us know a single site you would like to submit to, so we can test the configuration. Ideally it is a site you also have admin rights to. Once we confirm everything is working you can either supply us a full list of desired sites or we can provide a list of sites for you to choose from that claim to support your VO, whichever you prefer.

Thanks,
your_name
OSG Glidein Factory Operations

Whitlisting Entries for Frontend

Add the vo_name to the GLIDEIN_Supported_VOs list to each entry the frontend wants to use.

NOTE We have a tool that can generate a list of sites claiming to support a given VO. Details on how to use this will be added here later.

Authors

-- JeffreyDost - 2012/09/25

<-- TWIKI VARIABLES 
  • Set UCSD_VERS = Production_v4_3
-->

Revision 212016/06/02 - Main.JeffreyDost

Changed:
<
<
Revision 20 is unreadable
>
>
Revision 21 is unreadable

Revision 202015/06/20 - Main.BrendanDennis

Changed:
<
<
Revision 19 is unreadable
>
>
Revision 20 is unreadable

Revision 192015/05/27 - Main.MartinKandes

Changed:
<
<
Revision 18 is unreadable
>
>
Revision 19 is unreadable

Revision 182015/05/12 - Main.BrendanDennis

Changed:
<
<
Revision 17 is unreadable
>
>
Revision 18 is unreadable

Revision 172015/04/22 - Main.JeffreyDost

Changed:
<
<
Revision 16 is unreadable
>
>
Revision 17 is unreadable

Revision 162015/04/08 - Main.MartinKandes

Changed:
<
<
Revision 15 is unreadable
>
>
Revision 16 is unreadable

Revision 152015/02/17 - Main.BrendanDennis

Changed:
<
<
Revision 14 is unreadable
>
>
Revision 15 is unreadable

Revision 142015/02/12 - Main.BrendanDennis

Changed:
<
<
Revision 13 is unreadable
>
>
Revision 14 is unreadable

Revision 132015/01/22 - Main.JeffreyDost

Changed:
<
<
Revision 12 is unreadable
>
>
Revision 13 is unreadable

Revision 122014/11/17 - Main.JeffreyDost

Changed:
<
<
Revision 11 is unreadable
>
>
Revision 12 is unreadable

Revision 112014/07/11 - Main.LuisLinares

Changed:
<
<
Revision 10 is unreadable
>
>
Revision 11 is unreadable

Revision 102014/06/11 - Main.JeffreyDost

Changed:
<
<
Revision 9 is unreadable
>
>
Revision 10 is unreadable

Revision 92014/05/22 - Main.DanielKlein

Changed:
<
<
Revision 8 is unreadable
>
>
Revision 9 is unreadable

Revision 82013/06/04 - Main.JeffreyDost

Changed:
<
<
Revision 7 is unreadable
>
>
Revision 8 is unreadable

Revision 72013/04/24 - Main.JeffreyDost

Changed:
<
<
Revision 6 is unreadable
>
>
Revision 7 is unreadable

Revision 62013/04/09 - Main.JeffreyDost

Changed:
<
<
Revision 5 is unreadable
>
>
Revision 6 is unreadable

Revision 52013/03/21 - Main.JeffreyDost

Changed:
<
<
Revision 4 is unreadable
>
>
Revision 5 is unreadable

Revision 42013/03/08 - Main.JeffreyDost

Changed:
<
<
Revision 3 is unreadable
>
>
Revision 4 is unreadable

Revision 32013/02/12 - Main.JeffreyDost

Changed:
<
<
Revision 2 is unreadable
>
>
Revision 3 is unreadable

Revision 22012/10/22 - Main.JeffreyDost

Added:
>
>
Revision 2 is unreadable
Deleted:
<
<
META TOPICPARENT name="GlideinFactoryFAQ"

Adding a New Frontend

Contents

Required Preliminary Info

Required from Frontend admin:

  • security_name - Agree on a name with the Frontend admin before proceeding. The security_name should contain the VO name and optionally a geographic location or abbreviated institution name if there is any chance in the future more than one frontend will serve the same VO.
  • Frontend host cert DN - provided by Frontend admin

Decided by Factory admin:

  • username - The UNIX username the frontend will be mapped to in the factory. By convention, start username with “fe”
  • Frontend identity - The identity the frontend will be mapped to in the WMS Collector. This does not need to be the same as the UNIX username but it can be.
  • vo_name - Name to be specified in the GLIDEIN_Supported_VOs list in each entry authorized for the Frontend to use. This is usually simply the VO name but is arbitrary. It must be given to the Frontend admin to complete the process.

Like security_name, if multiple frontends serve the VO it may be useful to have geographic or institutional info in the username and identity name.

Registration Procedure

Perform the following steps as root:

  1. Create new user:
    useradd username
  2. Add user to /etc/condor/privsep_config:
    valid-target-uids = feuser1 : feuser2 : … : username
    valid-target-gids = feuser1 : feuser2 : … : username
    
  3. Authenticate with Condor:
    $GLIDEIN_SRC_DIR/install/glidecondor_addDN -daemon 'add comment here' frontend_DN identity
    
    Include in the comment the Frontend name, admin name, and admin's email address. This shows up in the condor config file.
  4. Reconfigure Condor:
    killall -HUP condor_collector

Perform the following steps as gfactory:

  1. add new Frontend to glideinWMS.xml
    <frontends>
       ...
       <frontend name="security_name" comment="Contact: add list of admins and contact email addresses here" identity="identity@glidein-1.t2.ucsd.edu">
          <security_classes>
             <security_class name="frontend" username="username"/>
          </security_classes>
       </frontend>
       ...
    </frontends>
    
  2. Reconfigure and restart the Factory

Notify Frontend Admin

Email the frontend admin when it is finished:

<--/twistyPlugin twikiMakeVisibleInline-->
Hi admin_name,

We have finished registering your frontend to our factory.  Here is the relevant info you need to complete your frontend configuration:

In your frontend security section please set:
security_name="security_name"

In factory collector section use the following:
DN="/DC=org/DC=doegrids/OU=Services/CN=glidein-1.t2.ucsd.edu"
factory_identity="gfactory@glidein-1.t2.ucsd.edu"
my_identity="identity@glidein-1.t2.ucsd.edu"
node="glidein-1.t2.ucsd.edu"

In the pilot proxy section please use:
security_class="frontend"

Please also add stringListMember("vo_name",GLIDEIN_Supported_VOs) to your factory query_expr.

For the next step, please let us know a single site you would like to submit to, so we can test the configuration.  Ideally it is a site you also have admin rights to.

Once we confirm everything is working you can either supply us a full list of desired sites or we can provide a list of sites for you to choose from that claim to support your VO, whichever you prefer.

Thanks,
your_name
OSG Glidein Factory Operations
<--/twistyPlugin-->

Whitlisting Entries for Frontend

Add the vo_name to the GLIDEIN_Supported_VOs list to each entry the frontend wants to use.

NOTE We have a tool that can generate a list of sites claiming to support a given VO. Details on how to use this will be added here later.

Authors

-- JeffreyDost - 2012/09/25

Revision 12012/09/25 - Main.JeffreyDost

Line: 1 to 1
Added:
>
>
META TOPICPARENT name="GlideinFactoryFAQ"

Adding a New Frontend

Contents

Required Preliminary Info

Required from Frontend admin:

  • security_name - Agree on a name with the Frontend admin before proceeding. The security_name should contain the VO name and optionally a geographic location or abbreviated institution name if there is any chance in the future more than one frontend will serve the same VO.
  • Frontend host cert DN - provided by Frontend admin

Decided by Factory admin:

  • username - The UNIX username the frontend will be mapped to in the factory. By convention, start username with “fe”
  • Frontend identity - The identity the frontend will be mapped to in the WMS Collector. This does not need to be the same as the UNIX username but it can be.
  • vo_name - Name to be specified in the GLIDEIN_Supported_VOs list in each entry authorized for the Frontend to use. This is usually simply the VO name but is arbitrary. It must be given to the Frontend admin to complete the process.

Like security_name, if multiple frontends serve the VO it may be useful to have geographic or institutional info in the username and identity name.

Registration Procedure

Perform the following steps as root:

  1. Create new user:
    useradd username
  2. Add user to /etc/condor/privsep_config:
    valid-target-uids = feuser1 : feuser2 : … : username
    valid-target-gids = feuser1 : feuser2 : … : username
    
  3. Authenticate with Condor:
    $GLIDEIN_SRC_DIR/install/glidecondor_addDN -daemon 'add comment here' frontend_DN identity
    
    Include in the comment the Frontend name, admin name, and admin's email address. This shows up in the condor config file.
  4. Reconfigure Condor:
    killall -HUP condor_collector

Perform the following steps as gfactory:

  1. add new Frontend to glideinWMS.xml
    <frontends>
       ...
       <frontend name="security_name" comment="Contact: add list of admins and contact email addresses here" identity="identity@glidein-1.t2.ucsd.edu">
          <security_classes>
             <security_class name="frontend" username="username"/>
          </security_classes>
       </frontend>
       ...
    </frontends>
    
  2. Reconfigure and restart the Factory

Notify Frontend Admin

Email the frontend admin when it is finished:

<--/twistyPlugin twikiMakeVisibleInline-->
Hi admin_name,

We have finished registering your frontend to our factory.  Here is the relevant info you need to complete your frontend configuration:

In your frontend security section please set:
security_name="security_name"

In factory collector section use the following:
DN="/DC=org/DC=doegrids/OU=Services/CN=glidein-1.t2.ucsd.edu"
factory_identity="gfactory@glidein-1.t2.ucsd.edu"
my_identity="identity@glidein-1.t2.ucsd.edu"
node="glidein-1.t2.ucsd.edu"

In the pilot proxy section please use:
security_class="frontend"

Please also add stringListMember("vo_name",GLIDEIN_Supported_VOs) to your factory query_expr.

For the next step, please let us know a single site you would like to submit to, so we can test the configuration.  Ideally it is a site you also have admin rights to.

Once we confirm everything is working you can either supply us a full list of desired sites or we can provide a list of sites for you to choose from that claim to support your VO, whichever you prefer.

Thanks,
your_name
OSG Glidein Factory Operations
<--/twistyPlugin-->

Whitlisting Entries for Frontend

Add the vo_name to the GLIDEIN_Supported_VOs list to each entry the frontend wants to use.

NOTE We have a tool that can generate a list of sites claiming to support a given VO. Details on how to use this will be added here later.

Authors

-- JeffreyDost - 2012/09/25

 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback