-
Notifications
You must be signed in to change notification settings - Fork 3
Dune Physicsgroups disk how to create a new physics group
The use of the physicsgroups area is described here, as are all the existing groups and their conveners.
Steve todo--need to make scripts of this sequence with substitutions for the various fields There is a Service Desk ticket RITM1340711 that is requesting the Service Desk to automate all of this.
DUNE has 11 physicsgroups represented in the /pnfs/dune/persistent/physicsgroups area.
This document shows what it takes to make one of those groups initially.
There are six key points: 1) Making a new group id, 2) associating that group id with the DUNE unit 3) creating a new FQAN. 4) associating that FQAN with the DUNE unit 5) making a new capability set 6) associating the capability set with the FQAN.
For this you have to make a service desk ticket using the UID/GID Service from the Service Catalog https://fermi.servicenowservices.com/nav_to.do?uri=%2Fcom.glideapp.servicecatalog_cat_item_view.do%3Fv%3D1%26sysparm_id%3D97be09036f276d005232ce026e3ee435%26sysparm_link_parent%3Da5a8218af15014008638c2db58a72314%26sysparm_catalog%3De0d08b13c3330100c8b837659bba8fb4%26sysparm_catalog_view%3Dcatalog_default%26sysparm_view%3Dcatalog_default
Also request a UID to match.. i.e. for dunebeam you should request both dunebeam user and dunebeam group. Once the service desk gets back to you with the UID and GID then it is OK to start the FERRY process
curl -sk --cert /tmp/x509up_u2904 --key /tmp/x509up_u2904 --capath /etc/grid-security/certificates --get --data-urlencode "groupname=dunebeam" --data-urlencode "grouptype=UnixGroup" https://ferry.fnal.gov:8445/createGroup
curl -sk --cert /tmp/x509up_u2904 --key /tmp/x509up_u2904 --capath /etc/grid-security/certificates --get --data-urlencode "groupname=dunebeam" --data-urlencode "grouptype=UnixGroup" --data-urlencode "unitname=dune" https://ferry.fnal.gov:8445/addGroupToUnit
curl -sk --cert /tmp/x509up_u2904 --key /tmp/x509up_u2904 --capath /etc/grid-security/certificates --get --data-urlencode "username=dunebeam" --data-urlencode "groupname=dunebeam" --data-urlencode "grouptype=UnixGroup" https://ferry.fnal.gov:8445/addUserToGroup
curl -sk --cert /tmp/x509up_u2904 --key /tmp/x509up_u2904 --capath /etc/grid-security/certificates --get -- data-urlencode "fqan=/dune/Role=Beam/Capability=NULL" --data-urlencode "unitname=dune" --data-urlencode "groupname=dunebeam" https://ferry.fnal.gov:8445/createFQAN
curl -sk --cert /tmp/x509up_u2904 --key /tmp/x509up_u2904 --capath /etc/grid-security/certificates --get --data-urlencode "setname=dunebeam" --data-urlencode "pattern=compute.cancel,compute.create,compute.modify,compute.read,storage.create:/dune/persistent/physicsgroups/dunebeam,storage.create:/dune/scratch/users/${uid},storage.read:/dune" https://ferry.fnal.gov:8445/createCapabilitySet
curl -sk --cert /tmp/x509up_u2904 --key /tmp/x509up_u2904 --capath /etc/grid-security/certificates --get --data-urlencode "setname=dunebeam" --data-urlencode "unitname=dune" --data-urlencode "role=beam" https://ferry.fnal.gov:8445/addCapabilitySetToFQAN