edg-mkgridmap - Man Page

a tool to build the grid-mapfile

Synopsis

edg-mkgridmap [--help] [--version]
             [--conf=config_file]
             [--output[=output_file]]
             [--quiet] [--verbose]
             [--safe] [--nosafe]
             [--cache] [--nocache]
             [--proxy] [--noproxy]
             [--usermode]

Description

edg-mkgridmap is a tool to build the grid-mapfile from VO servers, taking into account both VO and local policies.

Configuration

edg-mkgridmap.conf file contains configuration information for edg-mkgridmap.

The syntax of the edg-mkgridmap.conf file is discussed seperately. The edg-mkgridmap.conf(5) documentation should be consulted for detailed reference information.

The default location is /etc/edg-mkgridmap.conf.

The file essentially consists of a list of directives composed by a keyword and one or more arguments. Optional arguments are put in square brackets.

* group URI [lcluser]

* default_lcluser default_lcluser

* auth URI

* allowdeny pattern_to_match

* gmf_local grid-mapfile-local

Options

--help

Print a summary of the command line options end exit.

--version

Print the version of edg-mkgridmap end exit.

--conf=config_file

Specifies the configuration file that is used by edg-mkgridmap. If omitted, edg-mkgridmap checks /var/lib/edg-mkgridmap/etc/edg-mkgridmap.conf to see if a machine-specific configuration has been setup. If such a file is not present, edg-mkgridmap uses the default configuration file /etc/edg-mkgridmap.conf.

--output[=output_file]

Specifies the output file. If omitted, stdout is used. If the optional argument output_file is omitted, the value of the environment variable GRIDMAP is used. If GRIDMAP is not set, then the default value /etc/grid-security/grid-mapfile is used.

--quiet

Turn off error messages.

--verbose

Print lots of useful informations. Ignored if --quiet is specified.

--safe,  --nosafe

Per group keep (--safe) or remove (--nosafe) the old grid-mapfile entries that are not found back, when at least one of the sources for that group directive had a problem. Default is remove (--nosafe).

--cache,  --nocache

Disable (--cache) or enable (--nocache) the grid-mapfile update when its contents remain unchanged. Default is enable (--nocache).

--proxy,  --noproxy

Enable (--proxy) or disable (--noproxy) proxy support for HTTP/HTTPS and VOMS/VOMSS connections. Default is disable (--noproxy).

The proxy support must be configured through appropriate environmental variables.

--usermode

Facilitate running the script as an ordinary user by having the relevant environment variables point to the user's X509 proxy instead of using the personal certificate and key.  The user's proxy is taken from the X509_USER_PROXY environment variable, if defined, else from the default location /tmp/x509up_u$UID.

Errors

In case of one or more errors, edg-mkgridmap returns an exit code which is computed adding these possible values:

* 1

per group directive for which a server could not be contacted.

* 16

error reading the configuration file.

* 32

error writing the grid-mapfile.

* 64

error with a group directive.

* 128

error with an auth directive.

Diagnostics

The --verbose option produces some useful diagnostics.

Any error message generated by edg-mkgridmap is logged to the syslogd.

Environment

EDG_MKGRIDMAP_OPTIONS

Used to specify command line options.

GRIDMAP

Used to determine the location of the grid-mapfile. If not set, then the default value /etc/grid-security/grid-mapfile is used.

CERTDIR

Used to determine the directory containing CA certificates. If not set, then the default value /etc/grid-security/certificates is used.

X509_USER_CERT

Used to determine the location of the host certificate. If not set, then the default value /etc/grid-security/hostcert.pem is used.

X509_USER_KEY

Used to determine the location of the host private key. If not set, then the default value /etc/grid-security/hostkey.pem is used.

X509_USER_PROXY

Used to determine the location of the user's proxy when the --usermode option is given.  If not set, the default value /tmp/x509up_u$UID is used.

http_proxy

Used to determine the proxy for HTTP connections. The syntax is:

  http_proxy="[http://]<host>:<port>"
https_proxy

Used to determine the proxy for HTTPS connections. The syntax is:

  https_proxy="[http://]<host>:<port>"

Examples

  edg-mkgridmap

Writes the grid-mapfile to the standard output.

  edg-mkgridmap --output=-

Writes the grid-mapfile to the standard output.

  edg-mkgridmap --output

Writes the grid-mapfile to the default location of the grid-mapfile.

  edg-mkgridmap --output=<output_file>

Writes the grid-mapfile to <output_file>.

Files

/var/lib/edg-mkgridmap/etc/edg-mkgridmap.conf

/etc/edg-mkgridmap.conf

/usr/libexec/edg-mkgridmap/local-subject2user

See Also

edg-mkgridmap.conf(5)

Authors

EU DataGrid Authorization Working Group, EGEE Middleware Security Group, Maarten Litmaath (CERN/WLCG)

Referenced By

edg-mkgridmap.conf(5).

2011-04-03