Priorityuser .
Description
Our goal here is allocate 25% of our pledge resources to users with
priorityuser
voms role. The first part is make this users authenticate to a special user in our farm, using gums. First editing our
$VDT_LOCATION/tomcat/v55/webapps/gums/WEB-INF/config/gums.config
like that
%CODE{html}%
<vomsUserGroup
name='priorityuser'
access='read self'
description=''
vomsServer='cms'
matchFQAN='exact'
acceptProxyWithoutFQAN='false'
voGroup='/cms'
role='priorityuser'/>
<groupAccountMapper
name='priorityuser'
description=''
accountName='cmsprio'/>
<groupToAccountMapping
name='priorityuser'
description=''
accountingVoSubgroup='uscms'
accountingVo='CMS'
userGroups='priorityuser'
accountMappers='priorityuser'/>
%ENDCODE%
and add in the end of this file, after = groupToAccountMappings= , in some place into your mappings the entry
priorityuser
It will be necessary restart your tomcat and mysql,
/etc/init.d/tomcat-55 stop; /etc/init.d/mysql stop; /etc/init.d/mysql start; /etc/init.d/tomcat-55 start
and don't forget to add
cmsprio
as your common user:
adduser cmsprio
Just if you use NIS,
cd /var/yp
make
Make sure that you can log in into your worker nodes as this user.
The second part is make your condor jobmanager assign, based in the user name, a dedidated group to its jobs:
%CODE{perl}%
vim $VDT_LOCATION/globus/lib/perl/Globus/GRAM/JobManager/condor.pm
map {
if ($_->[0] eq "LOGNAME") {$logname = $_->[1]; }
}
@environment;
if ($logname =~ m/cmsprio./) { $AccountingGroup = "group_cmsprio." . $logname; }
%ENDCODE%
and adding it, in the same file above:
%CODE{perl}%
print SCRIPT_FILE "+AccountingGroup = \"$AccountingGroup\"\n";
%ENDCODE%
After that, we have to define in our
condor_negotiator
machine (in our case, our gatekeeper) these groups and quotas:
vim /scratch/condor/condor_config.local
GROUP_NAMES = group_cmsprio
GROUP_QUOTA_group_cmsprio = 50
GROUP_AUTOREGROUP_group_cmsprio = True
and make condor re-read its configuration file, using :
condor_reconfig
In this case we have dedicated 50 job slots (25% of our 200 job slots) to
cmsprio
user.
About the storage area, we created it in our dCache admin the correspondent directory
mkdir /pnfs/sprace.org.br/data/cms/store/user/priorityuser
and edit our
/etc/grid-security/storage-authzdb
in our gridftp servers to grant permission to
cmsprio
write/read it:
authorize cmsprio read-write 0 110 111 / /pnfs/sprace.org.br/data/store/user/priorityuser /pnfs/sprace.org.br/data/
The same must be done to
/store/group
and
/store/results