Hi Daniela, So, to explain the context here - we're trying out the GridPP VO Group approach here for Migdal as an experiment to avoid them needing to make a "whole VO" (the context originally was that they need to manage space on Antares, and policy is such that access to that requires VOMS aware credentials, but otherwise Migdal didn't think they needed other features). Tbh, it's a bit surprising to me that we're already growing beyond that use case here! (I suggested GridPP VO groups as a workaround just to get Antares working.) Sam On Tue, 4 Oct 2022, 10:58 Daniela Bauer, <daniela.bauer.grid@googlemail.com> wrote:
This email from daniela.bauer.grid@googlemail.com originates from outside Imperial. Do not click on links and attachments unless you recognise the sender. If you trust the sender, add them to your safe senders list <https://spam.ic.ac.uk/SpamConsole/Senders.aspx> to disable email stamping for this address.
Hi Raja,
We've never worked with groups on our DIRAC instance, but we have a couple of VOs that use a production role. To be honest I am not sure how well groups work, they seem to have fallen out of fashion. This needs to be set up by hand, so I can try to set up this group/role for you. I've made a group called gridpp_migdal_user and put you and Chris Brew in it (copied form the gridpp voms server). Could you try it out ? ( dirac-proxy-init -g gridpp_migdal_user) On a more fundamental level, I'm not sure the gridpp VO is meant to be used for production level work, it's by construction open to all.
Regards, Daniela
On Tue, 4 Oct 2022 at 10:29, Raja Nandakumar <raja.nandakumar@cern.ch> wrote:
Hello Daniela and Simon,
I am a member of GridPP VO. I would like to create a proxy for the Migdal group, with production role. I would like to use this to then register the Migdal files on PPD dCache with the GridPP instance at Imperial.
How would I go about creating the Dirac proxy for this? I tried something along the following lines but it did not work. Migdal is not a VO on its own, but is a group within the gridpp VO.
dirac-proxy-init -g gridpp.migdal_user -M gridpp:/gridpp/migdal/Role=production -U
I am obviously trying to replicate the following voms-proxy-init command within the Dirac environment
voms-proxy-init --voms gridpp:/gridpp/migdal/Role=production --valid 168:0
Any help on this would be wonderful!
Thanks and Cheers, Raja.
--
----------------------------------------------------------- daniela.bauer@imperial.ac.uk HEP Group/Physics Dep Imperial College London, SW7 2BW Tel: Working from home, please use email. http://www.hep.ph.ic.ac.uk/~dbauer/ -- _______________________________________________ Gridpp-Dirac-Users mailing list Gridpp-Dirac-Users@imperial.ac.uk https://mailman.ic.ac.uk/mailman/listinfo/gridpp-dirac-users