Difference: SharedFactoryConf (1 vs. 3)

Revision 32016/05/04 - Main.JeffreyDost

Line: 1 to 1
 
META TOPICPARENT name="GlideinFactoryFAQ"

Shared Factory Config

Line: 48 to 48
  This allows factory operators to push changes to the repo without needing to forward their own credentials, or registering with the OSG github group.
Changed:
<
<
(more details to be written)
>
>
To set up a deploy key:
  1. For the desired factory user you plan to push to the repo with, run the following keygen command and just hit enter to set an empty passphrase:
    ssh-keygen -t rsa
    
  2. Send Jeff the newly generated id_rsa.pub to register with the repo in github
  In addition, in order to log commits with the correct identity, the git author name and email has to properly be propagated. The following environment variables can be set to do this:
Line: 71 to 75
 SendEnv? GIT_*
  1. In the machine you ssh from export GIT_AUTHOR_NAME and GIT_AUTHOR_EMAIL in your bash profile
Changed:
<
<
(more details to be written)
>
>
To retain env vars across sudo (b):
  1. Ensure GIT_AUTHOR_NAME and GIT_AUTHOR_EMAIL are exported in your bash profile, or forwarded via ssh as described above
  2. Use the -E flag when running sudo, e.g.:
    sudo -E /bin/bash
 

Notes on Deployment

Revision 22016/05/03 - Main.JeffreyDost

Line: 1 to 1
 
META TOPICPARENT name="GlideinFactoryFAQ"

Shared Factory Config

Line: 58 to 58
  However, they need to be propagated to the factory user account used to modify the git repo.
Changed:
<
<
There are two ways to do this. Either (1) forward the environment variables over ssh, or (2) retain env vars with sudo.
>
>
There are two ways to do this. Either (a) forward the environment variables over ssh, or (b) retain env vars with sudo.
 
Added:
>
>
To forward environment variables over ssh (a):
  1. Add the following to the factory /etc/ssh/sshd_config config:
    AcceptEnv GIT*
    
  2. Restart sshd:
    service sshd restart
    
  3. In the machine you ssh from add the following to ~/.ssh/config:
    SendEnv GIT_*
    
  4. In the machine you ssh from export GIT_AUTHOR_NAME and GIT_AUTHOR_EMAIL in your bash profile
 (more details to be written)

Notes on Deployment

Revision 12016/05/02 - Main.JeffreyDost

Line: 1 to 1
Added:
>
>
META TOPICPARENT name="GlideinFactoryFAQ"

Shared Factory Config

Introduction

This section implies glideinWMS verion v3_2_12 and above.

The factory config is hosted here:

https://github.com/opensciencegrid/osg-gfactory

The configs are split logically according to subsets of entries that are shared between factories. An example file name is:

10-cms-cern_osg.xml

The naming convention is to start with a priority number (10), followed by a dash, a descriptive name for the entry group (cms), another dash, and then the relevant factory domain (cern_osg). Higher numbered files overwrite entries if they are also defined in lower numbered files. The factory domain describes the factories that should include this file. Domain examples: osg (representing SDSC or GOC), cern, fnal, itb. Join factory domains with an underscore if the file is relevant for multiple factories, or simply use the keyword all if it applies to all.

As of 2016-05-01 SDSC, GOC and GOC-ITB have:

10-cms-cern_osg.xml
10-cmsopp-cern_osg.xml
10-cmst1-all.xml
10-cmst2-all.xml
10-fermi-fnal_osg.xml
10-noncms-osg.xml

GOC-ITB also includes the higher priority:

20-local-itb.xml

Which allows for overriding entry settings for testing and creating new entries. Once entries are production quality they should move from this file into one of the relevant production file.

Some high level guidelines:

  1. OSG and SDSC factories are mirrors and have all CMS entries and non-CMS grid entries
  2. CERN factory has only CMS entries
  3. FNAL factory has only CMS T1 entries and Fermilab VO entries
  4. FNAL and CERN share some CMS only entries that are non-grid resources (cloud, xsede) that are not in the OSG factories

Setup

Notes on Access

Each factory should use a shared ssh deploy key:

https://developer.github.com/guides/managing-deploy-keys/

This allows factory operators to push changes to the repo without needing to forward their own credentials, or registering with the OSG github group.

(more details to be written)

In addition, in order to log commits with the correct identity, the git author name and email has to properly be propagated. The following environment variables can be set to do this:

GIT_AUTHOR_NAME
GIT_AUTHOR_EMAIL

However, they need to be propagated to the factory user account used to modify the git repo.

There are two ways to do this. Either (1) forward the environment variables over ssh, or (2) retain env vars with sudo.

(more details to be written)

Notes on Deployment

The main config file is still /etc/gwms-factory/glideinWMS.xml. This will still contain everything not entry related. In order to start using the shared config, make the entry section here blank:

<entries />

The entry config files will go into /etc/gwms-factory/config.d. Each will have the form:

<glidein>
   <entries>
      <entry name="entry1" ...
      <entry name="entry2" ...
   </entries>
</glidein>
Not all config files are relevant for every factory. A simple way to manage the relevant files is to clone the git repo somewhere outside of the real factory config, then create symlinks into /etc/gwms-factory/config.d.

For example on SDSC, the git repo was cloned into /etc/osg-gfactory

and the relevant symlinks were created:

ls -l /etc/gwms-factory/config.d/
total 0
lrwxrwxrwx 1 root root 37 Apr 30 15:30 10-cms-cern_osg.xml -> /etc/osg-gfactory/10-cms-cern_osg.xml
lrwxrwxrwx 1 root root 40 Apr 30 15:30 10-cmsopp-cern_osg.xml -> /etc/osg-gfactory/10-cmsopp-cern_osg.xml
lrwxrwxrwx 1 root root 34 Apr 30 15:30 10-cmst1-all.xml -> /etc/osg-gfactory/10-cmst1-all.xml
lrwxrwxrwx 1 root root 34 Apr 30 15:30 10-cmst2-all.xml -> /etc/osg-gfactory/10-cmst2-all.xml
lrwxrwxrwx 1 root root 39 Apr 30 15:30 10-fermi-fnal_osg.xml -> /etc/osg-gfactory/10-fermi-fnal_osg.xml
lrwxrwxrwx 1 root root 35 Apr 30 15:30 10-noncms-osg.xml -> /etc/osg-gfactory/10-noncms-osg.xml

Note a link was not created for /etc/osg-gfactory/20-local-itb.xml since that file is only used in the ITB factory.

-- JeffreyDost - 2016/05/02

 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback