CERN VOMS service during

Xmas 2005 and New Year 2006

The service will be left up and running unattended.

VOMS installations' situation:

Hostnames and VOMS versions installed at CERN in November 2005
lcg-voms.cern.ch

voms.cern.ch

voms-slave.cern.ch voms-test.cern.ch

Runs
glite voms-oracle R1.4.1 and VOMRS 1.2

This is the official server. VODB is built using VOMRS and ORGDB link.

VOs defined:
alice
atlas
cms
lhcb
dteam
sixt
unosat
geant4
test

Data reside on grid8.cern.ch. There are 100 entries across VOs is this db now.

Runs glite voms-oracle R1.4.1.
VODB populated via ldap-sync.

VOs defined:
alice
atlas
cms
lhcb
dteam

Data reside on grid8.cern.ch (different db) . There are 1500 entries across VOs is this db now.

This is the hot-spare for lcg-voms.cern.ch.

Runs
glite voms-oracle R1.4.1, and VOMRS 1.2.

Identical configuration and VOs as on lcg-voms.cern.ch.

The Oracle db is shared with lcg-voms.cern.ch.

Runs
glite voms-oracle R1.4.1.

This is a TEST machine not visible from outside CERN.

It can crash without impact on the service.

Actions in case of VOMS servers failure

The VOMS servers' configuration files reside on https://lxb2051.cern.ch:8383/ so, if a reboot is needed, lxb2051 should be up.

New VOMRS registration or deletion requests will not be processed during the period 22/12/2005-09/01/2006 for dteam, sixt, unosat and geant4 VOs. If a registered user has to be banned during this time due to a security incidents, action should be taken at the sites. All sys. admins have instructions for such cases.

voms-admin availability on lcg-voms.cern.ch is needed at all times for the gridmap file generation. However, as there will be no new/removed entries, if the machine fails to respond, the script edg-mkgridmap.pl will exit leaving the same file as before which will still be the up-to-date file.

If there is a 'global' power or hardware failure on all of these hosts, the last available version of the gridmap file will be still available at the sites so global Grid operation will continue as far as Authentication and Authorisation services is concerned, with the exception of the 'voms-proxy-init' commands that require contacting the VOMS server.

Maria Dimou, IT/GD, Grid Infrastructure Services