Argus YAIM Configuration for EMI¶
Warning
As of UMD 4.0, and in particular on CENTOS 7, YAIM is no longer supported to configure Argus. This page is kept for reference only.
YAIM Configuration for ARGUS_server¶
Mandatory General Variables¶
SITE_NAME
BDII site nameUSERS_CONF
GROUPS_CONF
VOS
List of supported VO namesVO_<vo-name>_VOMS_CA_DN
VOMS CA DN for each VO name listed inVOS
VO_<vo-name>_VOMSES
VOMS definition for each VO name listed inVOS
More information on these variables available here: https://twiki.cern.ch/twiki/bin/view/LCG/Site-info_configuration_variables
Mandatory Service Specific Variables¶
They can be found in
/opt/glite/yaim/examples/siteinfo/services/glite-argus_server
Variable Name | Description | Value type | Version |
---|---|---|---|
ARGUS_HOST |
Hostname of the Argus node. | FQDN Hostname | 1.1.0-1 |
PAP_ADMIN_DN |
User certificate DN of the user that will be the PAP administrator. | Certificate DN | 1.0.0-1 |
Default Service Specific Variables¶
They can be found in
/opt/glite/yaim/defaults/glite-argus_server(.pre|.post)
Variable Name | Description | Value type | Default Value | Version |
---|---|---|---|---|
CONFIG_PAP |
Set this variable to no if you don’t want yaim to create the PAP configuration files |
string | yes |
1.0.0-1 |
CONFIG_PDP |
Set this variable to no if you don’t want yaim to create the PDP configuration file |
string | yes |
1.0.0-1 |
CONFIG_PEP |
Set this variable to no if you don’t want yaim to create the PEP Server configuration file |
string | yes |
1.0.0-1 |
PAP_HOME |
Home directory of the pap service | path | ${PAP_HOME:-"/usr/share/argus/pap"} |
1.3.0-1 |
PAP_ENTITY_ID |
This is a unique identifier for the PAP. It must be a URI (URL or URN) and the same entity ID should be used for all PAP instances that make up a single logical PAP. If a URL is used it doesn’t neet to resolve to any specific webpage. | URI | ${PAP_ENTITY_ID:-"http://${ARGUS_HOST}/pap"} |
1.1.0-1 |
PAP_HOST |
Set this variable to another value if PAP_HOST is not installed in the same host as PDP and PEP. | IP/DNS name | ${ARGUS_HOST} |
1.0.0-1 |
PAP_CONF_INI |
Configuration file for the pap service | path | ${PAP_CONF_INI:-"${PAP_HOME}/conf/pap_configuration.ini"} |
1.0.0-1 |
PAP_AUTHZ_INI |
Configuration file for the pap service authorization policies | path | ${PAP_AUTHZ_INI:-"${PAP_HOME}/conf/pap_authorization.ini"} |
1.0.0-1 |
PAP_ADMIN_PROPS |
Configuration properties for the pap-admin client | path | ${PAP_ADMIN_PROPS:-"${PAP_HOME}/conf/pap-admin.properties"} |
1.3.0-1 |
PAP_REPO_LOCATION |
Path to the repository directory | path | ${PAP_REPO_LOCATION:-"${PAP_HOME}/repository"} |
1.0.0-1 |
PAP_POLL_INTERVAL |
The polling interval (in seconds) for retrieving remote policies | number | 14400 |
1.0.0-1 |
PAP_ORDERING |
Comma separated list of pap aliases. Example: alias-1, alias-2, …, alias-n. Defines the order of evaluation of the policies of the paps, that means that the policies of pap “alias-1” are evaluated for first, then the policies of pap “alias-2” and so on. | string | default |
1.0.0-1 |
PAP_CONSISTENCY_CHECK |
Forces a consistency check of the repository at startup. | boolean | false |
1.0.0-1 |
PAP_CONSISTENCY_CHECK_REPAIR |
if set to true automatically fixes problems detected by the consistency check (usually means deleting the corrupted policies). | boolean | false |
1.0.0-1 |
PAP_PORT |
PAP standalone service port | port | 8150 |
1.0.0-1 |
PAP_SHUTDOWN_PORT |
PAP standalone shutdown service port | port | 8151 |
1.0.0-1 |
PAP_SHUTDOWN_COMMAND |
PAP standalone shutdown command (password) | port | generated pseudo random | 1.1.0-1 |
PDP_HOME |
Home directory of the pdp service | path | ${PDP_HOME:-"/usr/share/argus/pdp"} |
1.3.0-1 |
PDP_CONF_INI |
Configuration file for the PDP service | path | ${PDP_CONF_INI:-"/etc/argus/pdp/pdp.ini"} |
1.3.0-1 |
PDP_ENTITY_ID |
This is a unique identifier for the PEP. It must be a URI (URL or URN) and the same entity ID should be used for all PEP instances that make up a single logical PEP. If a URL is used it need not resolve to any specific webpage. | URI | ${PDP_ENTITY_ID:-"http://${ARGUS_HOST}/pdp"} |
1.1.0-1 |
PDP_HOST |
Set this variable to another value if PDP_HOST is not installed in the same host as PAP and PEP. | IP/DNS name | ${ARGUS_HOST} |
1.4.0-1 |
PDP_PORT |
PDP standalone service port | port | 8152 |
1.0.0-1 |
PDP_ADMIN_PORT |
PDP admin service port | port | 8153 |
1.1.0-1 |
PDP_ADMIN_PASSWORD |
PDP admin service password for shutdown, reload policy, …, commands | port | generated pseudo random | 1.1.0-1 |
PDP_RETENTION_INTERVAL |
The number of minutes the PDP will retain (cache) a policy retrieved from the PAP. After this time is passed the PDP will again call out to the PAP and retrieve the policy | number | 240 |
1.0.0-1 |
PDP_PAP_ENDPOINTS |
Space separated list of PAP endpoint URLs for the PDP to use. Endpoints will be tried in turn until one returns a successful response. This provides limited failover support. If more intelligent failover is necessary or load balancing is required, a dedicated load-balancer/failover appliance should be used. | URLs | ${PDP_PAP_ENDPOINTS:-"https://${PAP_HOST}:8150/pap/services/ProvisioningService"} |
1.1.0-1 |
PEP_HOME |
Home directory for the pep service | path | ${PEP_HOME:-"/usr/share/argus/pepd"} |
1.3.0-1 |
PEP_CONF_INI |
Configuration for the pep service | path | ${PEP_CONF_INI:-"/etc/argus/pepd/pepd.ini"} |
1.3.0-1 |
PEP_ENTITY_ID |
This is a unique identifier for the PEP. It must be a URI (URL or URN) and the same entity ID should be used for all PEP instances that make up a single logical PEP. If a URL is used it need not resolve to any specific webpage. | URI | ${PEP_ENTITY_ID:-"http://${ARGUS_HOST}/pepd"} |
1.1.0-1 |
PEP_HOST |
Set this variable to another value if PEP_HOST is not installed in the same host as PAP and PDP. But remember to use the hostname and not 127.0.0.1 ! | IP/DNS name | ${ARGUS_HOST} |
1.1.0-1 |
PEP_PORT |
PEP service port | port | 8154 |
1.0.0-1 |
PEP_ADMIN_PORT |
PEP admin service port | port | 8155 |
1.1.0-1 |
PEP_ADMIN_PASSWORD |
PEP admin service password for shutdown, clear cache, …, commands | port | generated pseudo random | 1.1.0-1 |
PEP_MAX_CACHEDRESP |
The maximum number of responses from any PDP that will be cached. Setting this value to 0 (zero) will disable caching. | number | 500 |
1.0.0-1 |
PEP_PDP_ENDPOINTS |
Space separated list of PDP endpoint URLs for the PEP to use. Endpoints will be tried in turn until one returns a successful response. This provides limited failover support. If more intelligent failover is necessary or load balancing is required, a dedicated load-balancer/failover appliance should be used. | URLs | ${PEP_PDP_ENDPOINTS:-"https://${PDP_HOST}:8152/authz"} |
1.1.0-1 |
– Main.ValeryTschopp - 11-Mar-2011