Difference between revisions of "Dirac GridPP DIRAC Tokens"
(Tokens for VOs supported on the GridPP DIRAC server.) |
|||
| Line 4: | Line 4: | ||
We are rolling out pilot submissions using token for the pilots on the GridPP DIRAC instance. Users are still expected to use certificates. VOs that are currently supported on the GridPP voms servers will use an IAM instance co-located with the DIRAC instance. VOs not supported by the GridPP voms servers have been advised to commission their own IAM server. For all practical purposes this mainly concerns the Moedal VO who has been told that it will take CERN until "early 2024" to deploy an IAM server for them: [https://cern.service-now.com/service-portal?id=ticket&table=u_request_fulfillment&n=RQF2470783 CERN ticket]. | We are rolling out pilot submissions using token for the pilots on the GridPP DIRAC instance. Users are still expected to use certificates. VOs that are currently supported on the GridPP voms servers will use an IAM instance co-located with the DIRAC instance. VOs not supported by the GridPP voms servers have been advised to commission their own IAM server. For all practical purposes this mainly concerns the Moedal VO who has been told that it will take CERN until "early 2024" to deploy an IAM server for them: [https://cern.service-now.com/service-portal?id=ticket&table=u_request_fulfillment&n=RQF2470783 CERN ticket]. | ||
| + | Apart from its production server GridPP has a DIRAC pre-prod server where new releases are tested to ensure they comply with the GridPP use cases. This pre-prod server is using a different client id, so we can distinguish were the pilots are coming from. The GridPP DIRAC support team, aka Simon and Daniela would appreciate it if you could configure these clients as well and preferentially map them to a distinct pilot account. We only use the gridpp and lz VOs for testing in pre-prod. We use a very small number of UK sites for certification of new DIRAC releases at CERN, which also uses tokens (or at least tries to). If this concerns your site, we will talk to you. | ||
| + | |||
| + | d19ac000-1c1c-4444-1c1c-d19ac000001 | ||
| Line 22: | Line 25: | ||
map_to_user = gridpp_iam_test pltgpp02:pltgpp | map_to_user = gridpp_iam_test pltgpp02:pltgpp | ||
</pre> | </pre> | ||
| + | |||
| + | === Notes on HTCondorCE === | ||
Revision as of 14:24, 12 January 2024
Enabling Tokens for VOs supported on the GridPP DIRAC instance
We are rolling out pilot submissions using token for the pilots on the GridPP DIRAC instance. Users are still expected to use certificates. VOs that are currently supported on the GridPP voms servers will use an IAM instance co-located with the DIRAC instance. VOs not supported by the GridPP voms servers have been advised to commission their own IAM server. For all practical purposes this mainly concerns the Moedal VO who has been told that it will take CERN until "early 2024" to deploy an IAM server for them: CERN ticket.
Apart from its production server GridPP has a DIRAC pre-prod server where new releases are tested to ensure they comply with the GridPP use cases. This pre-prod server is using a different client id, so we can distinguish were the pilots are coming from. The GridPP DIRAC support team, aka Simon and Daniela would appreciate it if you could configure these clients as well and preferentially map them to a distinct pilot account. We only use the gridpp and lz VOs for testing in pre-prod. We use a very small number of UK sites for certification of new DIRAC releases at CERN, which also uses tokens (or at least tries to). If this concerns your site, we will talk to you.
d19ac000-1c1c-4444-1c1c-d19ac000001
Notes on ARC6
Courtesy of Chris Brew. The "/" at the end of the URL is important.
[authtokens] … [authgroup: gridpp_iam_prod] authtokens = d19ac000-1c1c-4444-1c1c-d19ac000001 https://iam.grid.hep.ph.ic.ac.uk/ * * * [authgroup: gridpp_iam_test] authtokens = d19ac001-1c1c-4444-1c1c-d19ac000001 https://iam.grid.hep.ph.ic.ac.uk/ * * * [mapping] … map_to_user = gridpp_iam_prod pltgpp01:pltgpp map_to_user = gridpp_iam_test pltgpp02:pltgpp
