Sophie

Sophie

distrib > Fedora > 18 > i386 > by-pkgid > 1fbf00af1bf28add56720cdf9fa08fe9 > files > 4

nordugrid-arc-gridmap-utils-4.0.0-1.fc18.noarch.rpm

## The nordugridmap utility processes the arc.conf central config file.
## The --config command line option can be used to specify a 
## different configuration file.
## The relevant section of the arc.conf is shown below.
## Nordugridmap reads the [vo] blocks and generates 'gridmap' files.


## [nordugridmap] block is used to fine-tune nordugridmap behavior
## and provide necessary system paths information
[nordugridmap]
# x509_user_key path - file containing certificate private key. 
# Default is '/etc/grid-security/hostkey.pem'
# x509_user_cert path - file containing public certificate. 
# Default is '/etc/grid-security/hostcert.pem'
# This information is needed to contact external sources over TLS.
# https:// and vomss:// sources rely on this parameters.
x509_user_key="/etc/grid-security/hostkey.pem"
x509_user_cert="/etc/grid-security/hostcert.pem"

# x509_cert_dir path - The directory containing the CA certificates. 
# This information is needed by the 'require_issuerdn' [vo] block 
# option. Default is '/etc/grid-security/certificates/'.
x509_cert_dir="/etc/grid-security/certificates/"

# generate_vomapfile yes/no - control is nordugridmap will generate 
# vo-mapfile used by arc-ur-logger. Default is 'yes'
generate_vomapfile="yes"
# vomapfile file - path to vo-mapfile location.
# Default is '/etc/grid-security/grid-vo-mapfile'
vomapfile="/etc/grid-security/grid-vo-mapfile"

# log_to_file yes/no - control whether logging output of nordugridmap 
# will be saved to file. Default is 'no' (STDERR is used).
log_to_file="yes"
# logfile file - specify the log file location. 
# Default is '/var/log/arc/nordugridmap.log'
logfile="/var/log/arc/nordugridmap.log"

# cache_enable yes/no - control whether caching of external sources 
# will be used. Default is 'yes'
cache_enable="yes"
# cachedir path - path to store cached sources. 
# Default is '/var/spool/nordugrid/gridmapcache/'
cachedir="/var/spool/nordugrid/gridmapcache/"
# cachetime seconds - controls how many time cached information remains
# valid. Default is 3 days (259200).
cachetime="259200"

# issuer_processing relaxed/strict - control the behavior of [vo] block 
# require_issuerdn parameter. See 'require_issuerdn' description for 
# details. Default is 'relaxed'.
issuer_processing="relaxed"

# mapuser_processing overwrite/keep - control the behavior of [vo] block
# mapped_unixid usage. See 'mapped_unixid' description for details. 
# Default is 'keep'
mapuser_processing="keep"

# allow_empty_unixid yes/no - control whether empty (or unspecified) 
# 'mapped_unixid' [vo] block option is allowed to be used. 
# See 'mapped_unixid' description for details. Default is 'no'
allow_empty_unixid="no"

# voms_method soap/get - control how to get information from VOMS(S)
# sources:
#   soap - call SOAP method directly using SOAP::Lite (default)
#   get  - use old implementation that manually parses XML response
voms_method="soap"

# debug level - controls the verbosity of nordugridmap output. Valid
# values are:
#   0 - FATAL   - only critical fatal error shown
#   1 - ERROR   - errors, including non-critical are shown
#   2 - WARNING (default) - configuration errors that can be ignored
#   3 - INFO    - processing information
#   4 - VERBOSE - a bit more processing information
#   5 - DEBUG   - lot of processing information
#
# When test run is requested (--test command line option of the 
# nordugridmap) debug level is automatically set to 'DEBUG'
debug="4"

# fetch_timeout seconds - control how many time nordugridmap will 
# wait for external sources retrieval. Default is 15 secconds.
fetch_timeout="15"

## end of [nordugridmap] block

# [vo] block is used to define VOs and generate mapfiles from users 
# lists maintained by VO databases. 
# [vo] blocks can also be used and referenced in authorization blocks
# or in other [vo] blocks.
[vo]
# id blockid - specifies the unique block id (not required for processing)
id="vo_1"

# vo vo_name - specifies the VO name, this name can be used in other blocks
# and in gacl expressions. MUST be given.
vo="atlas"

# file path - output gridmap-file where GENERATED mapping list will be
# stored. See attributes below to specify how to generate this file.
#
# If the same file specified as output for different [vo] blocks, 
# nordugridmap will automatically merge enrties (in given blocks order)
file="/etc/grid-security/VOs/atlas-users"

# source url - the URL of the VO database which is assigned to this VO. 
# The nordugridmap will use this URL to automatically generate and keep 
# up-to-date userlist (mapfile) specified by the 'file' attribute. 
#
# several sources can be specified for a [vo] block and all the user 
# records from those sources will be merged
#
# The source URLs are processed from top to bottom in the given order.
# All already defined user's DN will be ignored.
#
# Currently supported URL types are: 
#    http(s):// - URL to plain text file. File should contain a list
#                 of DNs with optional issuer certificate authority DN
#                 (see require_issuerdn): "user DN" ["issuer DN"]
#    voms(s):// - URL to VOMS-Admin interface
#    nordugrid  - add NorduGrid VO members
#    ldap://    - expect LDAP-schema formatted VO Group
#    file://    - local file (stand-alone or dynamicaly generated by 
#                 nordugridmap). File should contain a list of DNs with
#                 optional mapped unixid: "user DN" [mapped user ID]
#                 Result of optional mapped unixid processing depend
#                 on mapuser_processing option settings.
#    vo://      - reference to another [vo] configuration block
#    edg-mkgridmap:// 
#               - local configuration file used by edg-mkgridmap tool.
#                 nordugridmap will parse configuration from file and 
#                 process it as aditional [vo] block that will be refered 
#                 authomatically in place URL specified. This allow 
#                 easy migration from edg-mkgridmap solution without 
#                 rewriting your previous configuration (NOTE that rarely 
#                 used 'auth' directive and 'AUTO' mapping options are not 
#                 supported)
#
# You can use either vo:// or file:// entries to specify dependencies
# between [vo] blocks, but using vo:// is a recommended way
#
# For each separate source URL it is possible to override some parameters 
# value. You can use the following syntax to perform this:
#    source="URL < parameter1=value1 parameter2=value2"
# You can override the following parameters:
#    mapped_unixid       for http(s),voms(s),ldap,file URLs
#    cache_enable        for http(s),voms(s),ldap,file URLs
#    voms_method         for voms(s) URLs
#    mapuser_processing  for file URLs (If file already contain mapped_unixid 
#    			    control weather overwrite it with supplied value.
#    			    Only applied if mapped_unixid overrided for URL. )
#
source="vomss://lcg-voms.cern.ch:8443/voms/atlas?/atlas/Role=VO-Admin < mapped_unixid=atlasadmin"
source="vomss://kuiken.nikhef.nl:8443/voms/gin.ggf.org"
source="http://www.nordugrid.org/developers.dn"
source="ldap://grid-vo.nikhef.nl/ou=lcg1,o=atlas,dc=eu-datagrid,dc=org"
source="file:///etc/grid-security/priviliged_users.dn"
source="vo://NorduGrid_Community"
source="nordugrid"

# mapped_unixid unixid - the local UNIXID which is used in the generated 
# grid-mapfile by the nordugridmap utility.
#
# if any of the sources have already provided mapping information (file:// 
# or vo://) behavior depends on 'mapuser_processing' nordugridmap conguration:
#    mapuser_processing = 'overwrite': ignore already provided mapping and 
#                         apply mapped_unixid for all sources
#    mapuser_processing = 'keep': apply mapped_unixid only for sources that
#                         does not contain mapping information
#
# [vo] block can only have one UNIXID
# if 'mapped_unixid' is not specified behavior depends on 'allow_empty_unixid'
# nordugridmap conguration value:
#    allow_empty_unixid = 'yes': empty value will be used for mapped_unixid
#                         which means that nordugridmap will generate only 
#                         the list of DNs without mapping (consider using  
#                         mapuser_processing='overwrite' or sources that
#                         does not provide mapping information)
#    allow_empty_unixid = 'no': skip users without mapping information (no
#                         mapping information provided by sources or/and
#                         mapuser_processing='overwrite' is enabled)
mapped_unixid="gridtest"

# voms_fqan_map FQAN unixid - the local UNIXID which is used to map voms(s)
# sources with specific FQAN given. 
# 
# Several voms_fqan_map can be specified for a [vo] block.
# For each voms(s) sources in [vo] block and every voms_fqan_map record 
# separate source record will be authomatically generated with mapped_unixid 
# overrided to specified one.
#
# Sources are generated in given voms_fqan_map order. Original voms(s) source
# URL are processed last after all FQANs.
#
# This allow to simplify configuration, especially in redundancy cases when 
# several VOMS servers are used for the same VO.
#
voms_fqan_map="/atlas/Role=VO-Admin atlasadmin"
voms_fqan_map="/atlas/Role=production atlasprod"


# require_issuerdn yes/no - another nordugridmap option. YES would map only
# those DNs obtained from the urls which have the corresponding public CA 
# packages installed. Default is 'no'.
#
# Note, that some sources does not provide issuer information ( like 
# voms(s):// or file:// ). If this sources are used within [vo] block
# and require_issuerdn is set to 'yes' behavior depends on issuer_processing
# nordugridmap conguration:
#    issuer_processing = 'relaxed': check only those records that have issuer 
#                        information provided, allow other sources
#    issuer_processing = 'strict': if issuer information was not found record 
#                        is filtered and does not pass into mapfile
#
require_issuerdn="no"

# filter  ACL string - An ACL filter for the nordugridmap utility. 
# Multiple allow/deny statements are possible. The fetched DNs are filtered 
# against the specified rules before they are added to the generated mapfile.
#
# * can be used as a wildcard. You may run the nordugridmap with the --test
# command line option to see how the filters you specified works.
filter="deny  *infn*"
filter="allow *NorduGrid*"

# another example of VO block
[vo]
id="vo_2"
vo="NorduGrid_Community"
file="/etc/grid-security/VOs/community.dn"
source="http://www.nordugrid.org/community.dn"
source="nordugrid"
source="file:///etc/grid-security/priviliged_users.dn < mapped_unixid=privelegeduser mapuser_processing=overwrite"
source="vomss://lcg-voms.cern.ch:8443/voms/atlas?/atlas/Role=VO-Admin < mapped_unixid=atlasadmin voms_method=soap"
mapped_unixid="communityuser"
require_issuerdn="no"
filter="deny /O=Grid/O=NorduGrid/OU=bad.site/CN=Bad User"

# one more example of VO block
[vo]
id="vo_3"
vo="all_users"
file="/etc/grid-security/grid-mapfile"
source="vo://NorduGrid_Community"
source="vo://atlas"
source="file:///etc/grid-security/local-grid-mapfile.dn"
mapped_unixid="grid"

# FQAN-map use-case example
[vo]
id="vo_4"
vo="moldyngrid"
source="vomss://grid.org.ua/voms/moldyngrid"
source="vomss://moldyngrid.org/voms/moldyngrid"
voms_fqan_map="/moldyngrid/Role=VO-Admin .mdgadm"
voms_fqan_map="/moldyngrid/Role=production .mdgprd"
voms_fqan_map="/moldyngrid/md .mdgmd"
mapped_unixid=".mdg"
file="/etc/grid-security/VOs/moldyngrid"A

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional