100 likes | 317 Vues
SURAgrid Account Mgmt Tool Case Study: Kennesaw State University. brian.brooks@acm.org Graduate Research Assistant – Kennesaw State University. Overall Experience. Good Approximately 3 weeks from Rocks ‘jumbo’ install to Bridge Cross-Certification Documentation fairly good
 
                
                E N D
SURAgrid Account Mgmt Tool Case Study: Kennesaw State University brian.brooks@acm.org Graduate Research Assistant – Kennesaw State University
Overall Experience • Good • Approximately 3 weeks from Rocks ‘jumbo’ install to Bridge Cross-Certification • Documentation fairly good • Had to get a few answers from SURA support team • Perl scripts are well-commented • A bit of bouncing between web sites
Which Tools We Use • All of them e.g. • SURA simpleCA Bundle • bridge.pl • homedir.pl • web interface - https://www.pki.virginia.edu/suragrid/ • LDAP callout
KSU Starting Point • Hardware • Dell PowerEdge 1855 • Intel Xeon x86_64 • Software • Rocks 4.1 ‘jumbo’ DVD • CentOS • Rocks Grid Roll 4.0.1 • Zero Users • Skills • 5+ years experience with certificates • 10+ years UNIX experience
Install Bumps in the Road • Perl Open::LDAP Installation Fails • Scripts require Open::LDAP module • Solution: cpan>install Net::SSLeay • gsissh prompts for password – unresolved • Users made by homedir.pl • get no /etc/passwd entry • If you want to assign a password, manually edit /etc/passwd and then run pwconv
Web Interface • Worked well • Wasn’t sure about ‘user password’ field • Sites with lots of existing users may want a bulk add feature. Right now web interface only permits 1 user add at a time.
scratch.pl - Example LDAP Extension • Automates SCRATCH creation using LDAP • Modified homedir.pl Perl code $search = $ldap->search( "base" => $LDAP_BASE, "scope" => "one", "filter" => "(uid=*)", "attrs" => [ "uid", "uidNumber", "gidNumber", "homeDirectory" ] ); ...snip… # populate SURAGRID_SCRATCH_PARENT and SURAGRID_SHARED_SCRATCH_PARENT foreach $entry ($search->entries) { $loginid = $entry->get_value("uid"); $scatchhomedir = $entry->get_value("homeDirectory"); $uid = $entry->get_value("uidNumber"); $gid = $entry->get_value("gidNumber"); next if -d "$SURAGRID_SCRATCH_PARENT/$loginid/."; &make_scratchhomedir($scatchhomedir, $loginid, $uid, $gid); }
scratch.pl - continued • Automates scratch directory creation on head and compute nodes • Uses Rocks-specific ‘cluster-fork’ python script
Additional Feedback • Unclear if current verification steps match typical grid use • Current verification: gsissh / globus-url-copy • Versus, typical use: myproxy and portal • Automate installation filesystem path setting Perl scripts and ldap_authz_callout-0.2.tar.gz • Code repository • Promote sharing of locally developed improvements and enhancements • Version control • Suggest • user under which homedir.pl should run • CRON entries • Unclear if when using Globus LDAP callout if the text “add your DN to /etc/grid-security/grid-mapfile” still applies.
Questions or comments? For more information… brian.brooks@acm.org