Argus YAIM Configuration for EMI

Warning

As of UMD 4.0, and in particular on CENTOS 7, YAIM is no longer supported to configure Argus. This page is kept for reference only.

YAIM Configuration for ARGUS_server

Mandatory General Variables

  • SITE_NAME BDII site name
  • USERS_CONF
  • GROUPS_CONF
  • VOS List of supported VO names
  • VO_<vo-name>_VOMS_CA_DN VOMS CA DN for each VO name listed in VOS
  • VO_<vo-name>_VOMSES VOMS definition for each VO name listed in VOS

More information on these variables available here: https://twiki.cern.ch/twiki/bin/view/LCG/Site-info_configuration_variables

Mandatory Service Specific Variables

They can be found in /opt/glite/yaim/examples/siteinfo/services/glite-argus_server

Variable Name Description Value type Version
ARGUS_HOST Hostname of the Argus node. FQDN Hostname 1.1.0-1
PAP_ADMIN_DN User certificate DN of the user that will be the PAP administrator. Certificate DN 1.0.0-1

Default Service Specific Variables

They can be found in /opt/glite/yaim/defaults/glite-argus_server(.pre|.post)

Variable Name Description Value type Default Value Version
CONFIG_PAP Set this variable to no if you don’t want yaim to create the PAP configuration files string yes 1.0.0-1
CONFIG_PDP Set this variable to no if you don’t want yaim to create the PDP configuration file string yes 1.0.0-1
CONFIG_PEP Set this variable to no if you don’t want yaim to create the PEP Server configuration file string yes 1.0.0-1
PAP_HOME Home directory of the pap service path ${PAP_HOME:-"/usr/share/argus/pap"} 1.3.0-1
PAP_ENTITY_ID This is a unique identifier for the PAP. It must be a URI (URL or URN) and the same entity ID should be used for all PAP instances that make up a single logical PAP. If a URL is used it doesn’t neet to resolve to any specific webpage. URI ${PAP_ENTITY_ID:-"http://${ARGUS_HOST}/pap"} 1.1.0-1
PAP_HOST Set this variable to another value if PAP_HOST is not installed in the same host as PDP and PEP. IP/DNS name ${ARGUS_HOST} 1.0.0-1
PAP_CONF_INI Configuration file for the pap service path ${PAP_CONF_INI:-"${PAP_HOME}/conf/pap_configuration.ini"} 1.0.0-1
PAP_AUTHZ_INI Configuration file for the pap service authorization policies path ${PAP_AUTHZ_INI:-"${PAP_HOME}/conf/pap_authorization.ini"} 1.0.0-1
PAP_ADMIN_PROPS Configuration properties for the pap-admin client path ${PAP_ADMIN_PROPS:-"${PAP_HOME}/conf/pap-admin.properties"} 1.3.0-1
PAP_REPO_LOCATION Path to the repository directory path ${PAP_REPO_LOCATION:-"${PAP_HOME}/repository"} 1.0.0-1
PAP_POLL_INTERVAL The polling interval (in seconds) for retrieving remote policies number 14400 1.0.0-1
PAP_ORDERING Comma separated list of pap aliases. Example: alias-1, alias-2, …, alias-n. Defines the order of evaluation of the policies of the paps, that means that the policies of pap “alias-1” are evaluated for first, then the policies of pap “alias-2” and so on. string default 1.0.0-1
PAP_CONSISTENCY_CHECK Forces a consistency check of the repository at startup. boolean false 1.0.0-1
PAP_CONSISTENCY_CHECK_REPAIR if set to true automatically fixes problems detected by the consistency check (usually means deleting the corrupted policies). boolean false 1.0.0-1
PAP_PORT PAP standalone service port port 8150 1.0.0-1
PAP_SHUTDOWN_PORT PAP standalone shutdown service port port 8151 1.0.0-1
PAP_SHUTDOWN_COMMAND PAP standalone shutdown command (password) port generated pseudo random 1.1.0-1
PDP_HOME Home directory of the pdp service path ${PDP_HOME:-"/usr/share/argus/pdp"} 1.3.0-1
PDP_CONF_INI Configuration file for the PDP service path ${PDP_CONF_INI:-"/etc/argus/pdp/pdp.ini"} 1.3.0-1
PDP_ENTITY_ID This is a unique identifier for the PEP. It must be a URI (URL or URN) and the same entity ID should be used for all PEP instances that make up a single logical PEP. If a URL is used it need not resolve to any specific webpage. URI ${PDP_ENTITY_ID:-"http://${ARGUS_HOST}/pdp"} 1.1.0-1
PDP_HOST Set this variable to another value if PDP_HOST is not installed in the same host as PAP and PEP. IP/DNS name ${ARGUS_HOST} 1.4.0-1
PDP_PORT PDP standalone service port port 8152 1.0.0-1
PDP_ADMIN_PORT PDP admin service port port 8153 1.1.0-1
PDP_ADMIN_PASSWORD PDP admin service password for shutdown, reload policy, …, commands port generated pseudo random 1.1.0-1
PDP_RETENTION_INTERVAL The number of minutes the PDP will retain (cache) a policy retrieved from the PAP. After this time is passed the PDP will again call out to the PAP and retrieve the policy number 240 1.0.0-1
PDP_PAP_ENDPOINTS Space separated list of PAP endpoint URLs for the PDP to use. Endpoints will be tried in turn until one returns a successful response. This provides limited failover support. If more intelligent failover is necessary or load balancing is required, a dedicated load-balancer/failover appliance should be used. URLs ${PDP_PAP_ENDPOINTS:-"https://${PAP_HOST}:8150/pap/services/ProvisioningService"} 1.1.0-1
PEP_HOME Home directory for the pep service path ${PEP_HOME:-"/usr/share/argus/pepd"} 1.3.0-1
PEP_CONF_INI Configuration for the pep service path ${PEP_CONF_INI:-"/etc/argus/pepd/pepd.ini"} 1.3.0-1
PEP_ENTITY_ID This is a unique identifier for the PEP. It must be a URI (URL or URN) and the same entity ID should be used for all PEP instances that make up a single logical PEP. If a URL is used it need not resolve to any specific webpage. URI ${PEP_ENTITY_ID:-"http://${ARGUS_HOST}/pepd"} 1.1.0-1
PEP_HOST Set this variable to another value if PEP_HOST is not installed in the same host as PAP and PDP. But remember to use the hostname and not 127.0.0.1 ! IP/DNS name ${ARGUS_HOST} 1.1.0-1
PEP_PORT PEP service port port 8154 1.0.0-1
PEP_ADMIN_PORT PEP admin service port port 8155 1.1.0-1
PEP_ADMIN_PASSWORD PEP admin service password for shutdown, clear cache, …, commands port generated pseudo random 1.1.0-1
PEP_MAX_CACHEDRESP The maximum number of responses from any PDP that will be cached. Setting this value to 0 (zero) will disable caching. number 500 1.0.0-1
PEP_PDP_ENDPOINTS Space separated list of PDP endpoint URLs for the PEP to use. Endpoints will be tried in turn until one returns a successful response. This provides limited failover support. If more intelligent failover is necessary or load balancing is required, a dedicated load-balancer/failover appliance should be used. URLs ${PEP_PDP_ENDPOINTS:-"https://${PDP_HOST}:8152/authz"} 1.1.0-1

– Main.ValeryTschopp - 11-Mar-2011