-
Notifications
You must be signed in to change notification settings - Fork 176
DIRAC v6r14
The main new features included in the release are:
- Support for the RFC proxies
- Interpretation of the VOMS info without external voms-proxy-init command
- New FileCatalog Security Policy based on rules
- New implementation of the ARC Computing Element
- New Transformation plugins
New script dirac-populate-component-db was first introduced with v6r13, but due to few issues, the suggestion was to NOT use it until v6r14 is actually used. It allows to populate the newly introduced monitoring system with all the currently installed components in DIRAC. This script should be used only once, after installing the monitoring service, as it will create duplicate entries in the monitoring system after every use.
In v6r14 the InstalledComponents DB has been extended with two new columns to register who the installation and uninstallation of components was made by. In order to support this extension run the following commands in MySQL:
use InstalledComponentsDB
alter table InstalledComponents add column InstalledBy varchar(32), add column UnInstalledBy varchar(32);
This will add the new two columns to the table, allowing for compatibility with the new extension.
It is recommended to restart the 'ComponentMonitoring' service after modifying the database:
runsvctrl t path/to/dirac/runit/Framework/ComponentMonitoring/
- A new SecurityManager is added: PolicyBasedSecurityManager. This allows to define in the CS a python file which will be called to evaluate the permission. The CS attribute is SecurityPolicy. One of such a policy is already defined: VOMSPolicy. This implements some sort of group of group, so that a file can belong to several group at the time. The groups are linked by their VOMS role. Also, this implements a 3 level posix system, except that it is not traversal.
- This adds a much finer grain granularity to permission management. We don't only ask "can I write", but "can I add replica", "can I delete file", etc
- The FileCatalog exposes the method 'hasAccess'
- The DataManager now uses this hasAccess method rather than evaluating the write permission itself. Obviously, the LFC plugin and the other Security managers have been adapted to it.
To enable this VOMS Policy, do the following changes in the CS:
System/DataManagement/Services/FileCatalog/OldSecurityManager = <whateverYouHadBefore>
System/DataManagement/Services/FileCatalog/SecurityManager = PolicyBasedSecurityManager
System/DataManagement/Services/FileCatalog/SecurityPolicy = DIRAC/DataManagementSystem/DB/FileCatalogComponents/SecurityPolicies/VOMSPolicy
The OldSecurityManager parameter is important because it keeps backward compatibility if clients from older versions want to talk with more recent service implementing the PolicyBased system
If you are using this file manager, you should add to your database the procedure 'ps_get_full_lfn_for_file_ids'. Just copy paste the code of the procedure to your DB.
The new implementation of the ARCComputingElement uses the ARC service REST interface through a Python binding provided by the ARC Project. In order to use it, the LCG bindings in the DIRAC installation must be of the version 2015-07-09 or later. The environment variable ARC_PLUGIN_PATH=$DIRACLIB/arc should be set manually in bashrc/cshrc.