GUMS#
- GUMS
- Installation/Upgrade
- Information
- Cleaning up old pool mappings
- Monitoring
- Troubleshooting
- Looking up a User in the GUMS Database
- Starting and Stopping
- Mapping special users (for MiniCLEAN and Ricochet)
Installation/Upgrade#
cfengine/puppet are being used to manage the gums installation. The packages and configuration were chosen according to the OSG documentation:#
https://www.opensciencegrid.org/bin/view/Documentation/Release3/InstallGums#
Information#
GUMS maps grid identities (certificates) to local identities (system accounts).#
Our GUMS service runs on gums.hep.wisc.edu.#
The GUMS configuration is in /etc/gums/gums.config. This file is updated by the gums service when an administrator makes changes through the GUI.#
Cleaning up old pool mappings#
As time goes on, some of the pool accounts appear to be used up by DNs that no longer exist. These need to be manually cleaned up for GUMS to reclaim them.#
update MAPPING left join USERS ON MAPPING.DN = USERS.DN set MAPPING.DN=NULL where USERS.DN IS NULL;
Would be good to clear out the contents of the home directories for the recycled accounts.#
Monitoring of pool account usage is done by a cron job in /cms/cmsprod/cron/monitor-gums.cron, so we get noise when the number of unused accounts becomes low.#
Monitoring#
Administrative interface: https://gums.hep.wisc.edu:8443/gums/#
To look in the database directly, see the DB connection information in gums.config. Example:#
mysql -u root -p -S /var/lib/mysql/mysql.sock GUMS_1_3
Troubleshooting#
Logs are in /var/log/tomcat5#
Looking up a User in the GUMS Database#
A quick way to look for a user in the GUMS database on gums01:#
mysql -u root -p --socket=/var/lib/mysql/mysql.sock -e "select * from USER where DN LIKE '%Bradley%'" GUMS_1_3
Starting and Stopping#
The following init scripts need to be run to start GUMS:#
-
/etc/init.d/mysql -
/etc/init.d/apache -
/etc/init.d/tomcat5
Mapping special users (for MiniCLEAN and Ricochet)#
Use the administrative interface: https://gums.hep.wisc.edu:8443/gums/#
- Click on Manual User Group Mmembers, “add” button on bottom
- Add a “manual” group user: specifiy its DN and set FQAN to .*
- Go to Manual Account Mapping and add the user’s UNIX account name