Argus YAIM Configuration for EMI¶
Warning
As of UMD 4.0, YAIM is no longer supported to configure Argus. This page is kept for reference only.
YAIM Configuration for ARGUS_server¶
Mandatory General Variables¶
SITE_NAMEBDII site nameUSERS_CONFGROUPS_CONFVOSList of supported VO namesVO_<vo-name>_VOMS_CA_DNVOMS CA DN for each VO name listed inVOSVO_<vo-name>_VOMSESVOMS definition for each VO name listed inVOS
More information on these variables available here: https://twiki.cern.ch/twiki/bin/view/LCG/Site-info_configuration_variables
Mandatory Service Specific Variables¶
They can be found in
/opt/glite/yaim/examples/siteinfo/services/glite-argus_server
| Variable Name | Description | Value type | Version |
|---|---|---|---|
ARGUS_HOST |
Hostname of the Argus node. | FQDN Hostname | 1.1.0-1 |
PAP_ADMIN_DN |
User certificate DN of the user that will be the PAP administrator. | Certificate DN | 1.0.0-1 |
Default Service Specific Variables¶
They can be found in
/opt/glite/yaim/defaults/glite-argus_server(.pre|.post)
| Variable Name | Description | Value type | Default Value | Version |
|---|---|---|---|---|
CONFIG_PAP |
Set this variable to no if you don’t want yaim to create the PAP configuration files |
string | yes |
1.0.0-1 |
CONFIG_PDP |
Set this variable to no if you don’t want yaim to create the PDP configuration file |
string | yes |
1.0.0-1 |
CONFIG_PEP |
Set this variable to no if you don’t want yaim to create the PEP Server configuration file |
string | yes |
1.0.0-1 |
PAP_HOME |
Home directory of the pap service | path | ${PAP_HOME:-"/usr/share/argus/pap"} |
1.3.0-1 |
PAP_ENTITY_ID |
This is a unique identifier for the PAP. It must be a URI (URL or URN) and the same entity ID should be used for all PAP instances that make up a single logical PAP. If a URL is used it doesn’t neet to resolve to any specific webpage. | URI | ${PAP_ENTITY_ID:-"http://${ARGUS_HOST}/pap"} |
1.1.0-1 |
PAP_HOST |
Set this variable to another value if PAP_HOST is not installed in the same host as PDP and PEP. | IP/DNS name | ${ARGUS_HOST} |
1.0.0-1 |
PAP_CONF_INI |
Configuration file for the pap service | path | ${PAP_CONF_INI:-"${PAP_HOME}/conf/pap_configuration.ini"} |
1.0.0-1 |
PAP_AUTHZ_INI |
Configuration file for the pap service authorization policies | path | ${PAP_AUTHZ_INI:-"${PAP_HOME}/conf/pap_authorization.ini"} |
1.0.0-1 |
PAP_ADMIN_PROPS |
Configuration properties for the pap-admin client | path | ${PAP_ADMIN_PROPS:-"${PAP_HOME}/conf/pap-admin.properties"} |
1.3.0-1 |
PAP_REPO_LOCATION |
Path to the repository directory | path | ${PAP_REPO_LOCATION:-"${PAP_HOME}/repository"} |
1.0.0-1 |
PAP_POLL_INTERVAL |
The polling interval (in seconds) for retrieving remote policies | number | 14400 |
1.0.0-1 |
PAP_ORDERING |
Comma separated list of pap aliases. Example: alias-1, alias-2, ..., alias-n. Defines the order of evaluation of the policies of the paps, that means that the policies of pap “alias-1” are evaluated for first, then the policies of pap “alias-2” and so on. | string | default |
1.0.0-1 |
PAP_CONSISTENCY_CHECK |
Forces a consistency check of the repository at startup. | boolean | false |
1.0.0-1 |
PAP_CONSISTENCY_CHECK_REPAIR |
if set to true automatically fixes problems detected by the consistency check (usually means deleting the corrupted policies). | boolean | false |
1.0.0-1 |
PAP_PORT |
PAP standalone service port | port | 8150 |
1.0.0-1 |
PAP_SHUTDOWN_PORT |
PAP standalone shutdown service port | port | 8151 |
1.0.0-1 |
PAP_SHUTDOWN_COMMAND |
PAP standalone shutdown command (password) | port | generated pseudo random | 1.1.0-1 |
PDP_HOME |
Home directory of the pdp service | path | ${PDP_HOME:-"/usr/share/argus/pdp"} |
1.3.0-1 |
PDP_CONF_INI |
Configuration file for the PDP service | path | ${PDP_CONF_INI:-"/etc/argus/pdp/pdp.ini"} |
1.3.0-1 |
PDP_ENTITY_ID |
This is a unique identifier for the PEP. It must be a URI (URL or URN) and the same entity ID should be used for all PEP instances that make up a single logical PEP. If a URL is used it need not resolve to any specific webpage. | URI | ${PDP_ENTITY_ID:-"http://${ARGUS_HOST}/pdp"} |
1.1.0-1 |
PDP_HOST |
Set this variable to another value if PDP_HOST is not installed in the same host as PAP and PEP. | IP/DNS name | ${ARGUS_HOST} |
1.4.0-1 |
PDP_PORT |
PDP standalone service port | port | 8152 |
1.0.0-1 |
PDP_ADMIN_PORT |
PDP admin service port | port | 8153 |
1.1.0-1 |
PDP_ADMIN_PASSWORD |
PDP admin service password for shutdown, reload policy, ..., commands | port | generated pseudo random | 1.1.0-1 |
PDP_RETENTION_INTERVAL |
The number of minutes the PDP will retain (cache) a policy retrieved from the PAP. After this time is passed the PDP will again call out to the PAP and retrieve the policy | number | 240 |
1.0.0-1 |
PDP_PAP_ENDPOINTS |
Space separated list of PAP endpoint URLs for the PDP to use. Endpoints will be tried in turn until one returns a successful response. This provides limited failover support. If more intelligent failover is necessary or load balancing is required, a dedicated load-balancer/failover appliance should be used. | URLs | ${PDP_PAP_ENDPOINTS:-"https://${PAP_HOST}:8150/pap/services/ProvisioningService"} |
1.1.0-1 |
PEP_HOME |
Home directory for the pep service | path | ${PEP_HOME:-"/usr/share/argus/pepd"} |
1.3.0-1 |
PEP_CONF_INI |
Configuration for the pep service | path | ${PEP_CONF_INI:-"/etc/argus/pepd/pepd.ini"} |
1.3.0-1 |
PEP_ENTITY_ID |
This is a unique identifier for the PEP. It must be a URI (URL or URN) and the same entity ID should be used for all PEP instances that make up a single logical PEP. If a URL is used it need not resolve to any specific webpage. | URI | ${PEP_ENTITY_ID:-"http://${ARGUS_HOST}/pepd"} |
1.1.0-1 |
PEP_HOST |
Set this variable to another value if PEP_HOST is not installed in the same host as PAP and PDP. But remember to use the hostname and not 127.0.0.1 ! | IP/DNS name | ${ARGUS_HOST} |
1.1.0-1 |
PEP_PORT |
PEP service port | port | 8154 |
1.0.0-1 |
PEP_ADMIN_PORT |
PEP admin service port | port | 8155 |
1.1.0-1 |
PEP_ADMIN_PASSWORD |
PEP admin service password for shutdown, clear cache, ..., commands | port | generated pseudo random | 1.1.0-1 |
PEP_MAX_CACHEDRESP |
The maximum number of responses from any PDP that will be cached. Setting this value to 0 (zero) will disable caching. | number | 500 |
1.0.0-1 |
PEP_PDP_ENDPOINTS |
Space separated list of PDP endpoint URLs for the PEP to use. Endpoints will be tried in turn until one returns a successful response. This provides limited failover support. If more intelligent failover is necessary or load balancing is required, a dedicated load-balancer/failover appliance should be used. | URLs | ${PEP_PDP_ENDPOINTS:-"https://${PDP_HOST}:8152/authz"} |
1.1.0-1 |
– Main.ValeryTschopp - 11-Mar-2011