edg-mkgridmap (8) Linux Manual Page
edg-mkgridmap – a tool to build the grid-mapfile
Synopsis
edg-mkgridmap [–help] [–version]
–conf=config_file]
–output[=output_file]]
–quiet] –verbose]
–safe] –nosafe]
–cache] –nocache]
–proxy] –noproxy]
–usermode]
Description
edg-mkgridmap is a tool to build the grid-mapfile from VO servers, taking into account both VO and local policies.
Configuration
edg-mkgridmap.conf file contains configuration information for edg-mkgridmap.
The syntax of the edg-mkgridmap.conf file is discussed seperately. The edg-mkgridmap.conf(5) documentation should be consulted for detailed reference information.
The default location is /etc/edg-mkgridmap.conf.
The file essentially consists of a list of directives composed by a keyword and one or more arguments. Optional arguments are put in square brackets.
- *
groupURI [lcluser] - *
default_lcluserdefault_lcluser - *
authURI - *
allow|denypattern_to_match - *
gmf_localgrid-mapfile-local
Options
–help- Print a summary of the command line options end exit.
–version- Print the version of
edg-mkgridmapend exit. –conf=config_file- Specifies the configuration file that is used by
edg-mkgridmap. If omitted,edg-mkgridmapchecks /var/lib/edg-mkgridmap/etc/edg-mkgridmap.conf to see if a machine-specific configuration has been setup. If such a file is not present,edg-mkgridmapuses the default configuration file /etc/edg-mkgridmap.conf. –output[=output_file]- Specifies the output file. If omitted, stdout is used. If the optional argument output_file is omitted, the value of the environment variable
GRIDMAPis used. IfGRIDMAPis not set, then the default value /etc/grid-security/grid-mapfile is used. –quiet- Turn off error messages.
–verbose- Print lots of useful informations. Ignored if
–quietis specified. –safe,–nosafe- Per
groupkeep (–safe) or remove (–nosafe) the old grid-mapfile entries that are not found back, when at least one of the sources for thatgroupdirective had a problem. Default is remove (–nosafe). –cache,–nocache- Disable (
–cache) or enable (–nocache) the grid-mapfile update when its contents remain unchanged. Default is enable (–nocache). –proxy,–noproxy- Enable (
–proxy) or disable (–noproxy) proxy support for HTTP/HTTPS and VOMS/VOMSS connections. Default is disable (–noproxy).The proxy support must be configured through appropriate environmental variables.
–usermode- Facilitate running the script as an ordinary user by having the relevant environment variables point to the user’s X509 proxy instead of using the personal certificate and key. The user’s proxy is taken from the
X509_USER_PROXYenvironment variable, if defined, else from the default location /tmp/x509up_u$UID.
Errors
In case of one or more errors, edg-mkgridmap returns an exit code which is computed adding these possible values:
- *
1 - per
groupdirective for which a server could not be contacted. - *
16 - error reading the configuration file.
- *
32 - error writing the grid-mapfile.
- *
64 - error with a
groupdirective. - *
128 - error with an
authdirective.
Diagnostics
The –verbose option produces some useful diagnostics.
Any error message generated by edg-mkgridmap is logged to the syslogd.
Environment
EDG_MKGRIDMAP_OPTIONS- Used to specify command line options.
GRIDMAP- Used to determine the location of the grid-mapfile. If not set, then the default value /etc/grid-security/grid-mapfile is used.
CERTDIR- Used to determine the directory containing CA certificates. If not set, then the default value /etc/grid-security/certificates is used.
X509_USER_CERT- Used to determine the location of the host certificate. If not set, then the default value /etc/grid-security/hostcert.pem is used.
X509_USER_KEY- Used to determine the location of the host private key. If not set, then the default value /etc/grid-security/hostkey.pem is used.
X509_USER_PROXY- Used to determine the location of the user’s proxy when the
–usermodeoption is given. If not set, the default value /tmp/x509up_u$UID is used. http_proxy- Used to determine the proxy for HTTP connections. The syntax is:
http_proxy="[http://]<host>:<port>"
https_proxy- Used to determine the proxy for HTTPS connections. The syntax is:
https_proxy="[http://]<host>:<port>"
Examples
edg-mkgridmap
Writes the grid-mapfile to the standard output.
edg-mkgridmap --output=-
Writes the grid-mapfile to the standard output.
edg-mkgridmap --output
Writes the grid-mapfile to the default location of the grid-mapfile.
edg-mkgridmap --output=<output_file>
Writes the grid-mapfile to <output_file>.
Files
/var/lib/edg-mkgridmap/etc/edg-mkgridmap.conf
/etc/edg-mkgridmap.conf
/usr/libexec/edg-mkgridmap/local-subject2user
See Also
Authors
EU DataGrid Authorization Working Group, EGEE Middleware Security Group, Maarten Litmaath (CERN/WLCG)
