LCG Production Services - LCG Grid Deployment

How to add/remove root access to machines managed by quattor

From lxadm

  • Add root or interactive access:
                LEAFAddAccess --objecttype=host --objectname=<hostname> --root=<login1, ...,loginN>
                LEAFAddAccess --objecttype=host --objectname=<hostname> --interactive=<login1, ...,loginN>

  • Remove root or interactive access:
                LEAFAddAccess --objecttype=host --objectname=<hostname> --rm_root=<login1, ...,loginN>
                LEAFAddAccess --objecttype=host --objectname=<hostname> --rm_interactive=<login1, ...,loginN>

By manipulating CDB template

  • Cluster gridrb (template pro_type_gridrb_slc3.tpl)

You should add/update the following lines in CDB:

                "/software/components/access_control/roles/ce30_root" = list("login1","login2","login3");
                # root access for AFS login login1, login2 and login3   
                "/software/components/access_control/privileges/acl_root/role/ce30_root/0/targets" = list("+cluster::gridrb");

On the target node, you must execute the following commands:

                ccm-fetch
                ncm-ncd --configure access_control

Note that in this example, the role ce30_root is defined.

  • Cluster lcgrb (template pro_type_lcgrb_slc3.tpl)

                "/software/components/access_control/roles/ycalas/0"="ycalas";   
                # root access for AFS login ycalas
                "/software/components/access_control/privileges/acl_root/role/ycalas/0/targets"=list("+cluster::lcgrb");
                # interactive access for AFS login ycalas
                "/software/components/access_control/privileges/acl_interactive/role/ycalas/0/targets"=list("+cluster::lcgrb");

How to manipulate CDB profiles

  • Login on the cdbserv from lxplus: cdbop.
  • Get a CDB template: get