TWiki> EGEE Web>Egee3Jra1>AuthorizationFrameworkArchive>ArgusEMIDeployment>ArgusEMIYaimConfiguration (2013-02-06, ValeryTschoppExCern) EditAttachPDF

Argus YAIM Configuration for EMI

YAIM Configuration for ARGUS_server

Mandatory General Variables

  • SITE_NAME BDII site name
  • USERS_CONF
  • GROUPS_CONF
  • VOS List of supported VO names
  • VO_<vo-name>_VOMS_CA_DN VOMS CA DN for each VO name listed in VOS
  • VO_<vo-name>_VOMSES VOMS definition for each VO name listed in VOS

More information on these variables available here: https://twiki.cern.ch/twiki/bin/view/LCG/Site-info_configuration_variables

Mandatory Service Specific Variables

They can be found in /opt/glite/yaim/examples/siteinfo/services/glite-argus_server

Variable Name Description Value type Version
ARGUS_HOST Hostname of the Argus node. FQDN Hostname 1.1.0-1
PAP_ADMIN_DN User certificate DN of the user that will be the PAP administrator. Certificate DN 1.0.0-1

Default Service Specific Variables

They can be found in /opt/glite/yaim/defaults/glite-argus_server(.pre|.post)

Variable Name Description Value type Default Value Version
CONFIG_PAP Set this variable to no if you don't want yaim to create the PAP configuration files string yes 1.0.0-1
CONFIG_PDP Set this variable to no if you don't want yaim to create the PDP configuration file string yes 1.0.0-1
CONFIG_PEP Set this variable to no if you don't want yaim to create the PEP Server configuration file string yes 1.0.0-1
PAP_HOME Home directory of the pap service path ${PAP_HOME:-"/usr/share/argus/pap"} 1.3.0-1
PAP_ENTITY_ID This is a unique identifier for the PAP. It must be a URI (URL or URN) and the same entity ID should be used for all PAP instances that make up a single logical PAP. If a URL is used it doesn't neet to resolve to any specific webpage. URI ${PAP_ENTITY_ID:-"http://${ARGUS_HOST}/pap"} 1.1.0-1
PAP_HOST Set this variable to another value if PAP_HOST is not installed in the same host as PDP and PEP. IP/DNS name ${ARGUS_HOST} 1.0.0-1
PAP_CONF_INI Configuration file for the pap service path ${PAP_CONF_INI:-"${PAP_HOME}/conf/pap_configuration.ini"} 1.0.0-1
PAP_AUTHZ_INI Configuration file for the pap service authorization policies path ${PAP_AUTHZ_INI:-"${PAP_HOME}/conf/pap_authorization.ini"} 1.0.0-1
PAP_ADMIN_PROPS Configuration properties for the pap-admin client path ${PAP_ADMIN_PROPS:-"${PAP_HOME}/conf/pap-admin.properties"} 1.3.0-1
PAP_REPO_LOCATION Path to the repository directory path ${PAP_REPO_LOCATION:-"${PAP_HOME}/repository"} 1.0.0-1
PAP_POLL_INTERVAL The polling interval (in seconds) for retrieving remote policies number 14400 1.0.0-1
PAP_ORDERING Comma separated list of pap aliases. Example: alias-1, alias-2, ..., alias-n. Defines the order of evaluation of the policies of the paps, that means that the policies of pap "alias-1" are evaluated for first, then the policies of pap "alias-2" and so on. string default 1.0.0-1
PAP_CONSISTENCY_CHECK Forces a consistency check of the repository at startup. boolean false 1.0.0-1
PAP_CONSISTENCY_CHECK_REPAIR if set to true automatically fixes problems detected by the consistency check (usually means deleting the corrupted policies). boolean false 1.0.0-1
PAP_PORT PAP standalone service port port 8150 1.0.0-1
PAP_SHUTDOWN_PORT PAP standalone shutdown service port port 8151 1.0.0-1
PAP_SHUTDOWN_COMMAND PAP standalone shutdown command (password) port generated pseudo random 1.1.0-1
PDP_HOME Home directory of the pdp service path ${PDP_HOME:-"/usr/share/argus/pdp"} 1.3.0-1
PDP_CONF_INI Configuration file for the PDP service path ${PDP_CONF_INI:-"/etc/argus/pdp/pdp.ini"} 1.3.0-1
PDP_ENTITY_ID This is a unique identifier for the PEP. It must be a URI (URL or URN) and the same entity ID should be used for all PEP instances that make up a single logical PEP. If a URL is used it need not resolve to any specific webpage. URI ${PDP_ENTITY_ID:-"http://${ARGUS_HOST}/pdp"} 1.1.0-1
PDP_HOST Set this variable to another value if PDP_HOST is not installed in the same host as PAP and PEP. IP/DNS name ${ARGUS_HOST} 1.4.0-1
PDP_PORT PDP standalone service port port 8152 1.0.0-1
PDP_ADMIN_PORT PDP admin service port port 8153 1.1.0-1
PDP_ADMIN_PASSWORD PDP admin service password for shutdown, reload policy, ..., commands port generated pseudo random 1.1.0-1
PDP_RETENTION_INTERVAL The number of minutes the PDP will retain (cache) a policy retrieved from the PAP. After this time is passed the PDP will again call out to the PAP and retrieve the policy number 240 1.0.0-1
PDP_PAP_ENDPOINTS Space separated list of PAP endpoint URLs for the PDP to use. Endpoints will be tried in turn until one returns a successful response. This provides limited failover support. If more intelligent failover is necessary or load balancing is required, a dedicated load-balancer/failover appliance should be used. URLs ${PDP_PAP_ENDPOINTS:-"https://${PAP_HOST}:8150/pap/services/ProvisioningService"} 1.1.0-1
PEP_HOME Home directory for the pep service path ${PEP_HOME:-"/usr/share/argus/pepd"} 1.3.0-1
PEP_CONF_INI Configuration for the pep service path ${PEP_CONF_INI:-"/etc/argus/pepd/pepd.ini"} 1.3.0-1
PEP_ENTITY_ID This is a unique identifier for the PEP. It must be a URI (URL or URN) and the same entity ID should be used for all PEP instances that make up a single logical PEP. If a URL is used it need not resolve to any specific webpage. URI ${PEP_ENTITY_ID:-"http://${ARGUS_HOST}/pepd"} 1.1.0-1
PEP_HOST Set this variable to another value if PEP_HOST is not installed in the same host as PAP and PDP. But remember to use the hostname and not 127.0.0.1 ! IP/DNS name ${ARGUS_HOST} 1.1.0-1
PEP_PORT PEP service port port 8154 1.0.0-1
PEP_ADMIN_PORT PEP admin service port port 8155 1.1.0-1
PEP_ADMIN_PASSWORD PEP admin service password for shutdown, clear cache, ..., commands port generated pseudo random 1.1.0-1
PEP_MAX_CACHEDRESP The maximum number of responses from any PDP that will be cached. Setting this value to 0 (zero) will disable caching. number 500 1.0.0-1
PEP_PDP_ENDPOINTS Space separated list of PDP endpoint URLs for the PEP to use. Endpoints will be tried in turn until one returns a successful response. This provides limited failover support. If more intelligent failover is necessary or load balancing is required, a dedicated load-balancer/failover appliance should be used. URLs ${PEP_PDP_ENDPOINTS:-"https://${PDP_HOST}:8152/authz"} 1.1.0-1

-- ValeryTschopp - 11-Mar-2011

Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r5 - 2013-02-06 - ValeryTschoppExCern
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EGEE All webs login

This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Ask a support question or Send feedback