[INSTRM-22] [ICD] Standard configuration (uid/gid/NFS) of summit ICS hosts Created: 18/Nov/16  Updated: 18/Mar/23  Resolved: 18/Mar/23

Status: Done
Project: Instrument control development
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Normal
Reporter: shimono Assignee: cloomis
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Blocks
blocks INSTRM-112 Develop and fix configurations of ICS... Done
Relates
relates to INSTRM-592 Pin down pfs and pfs-data uid/gids be... Open
relates to INSTRM-349 Unify LDAP and local UIDs and GIDs Done

 Description   

from github@ics_doc

At summit, most of all ICS hosts are supposed to mount one NFS storage for saving data, e.g. FITS image from [BR]CU, log files, archived data. We need to define standard configuration on them.

fmadec cloomis if you have any preference on uid issue, comment here.

Just to keep the reference configuration both visible and updatable, I'll add what we are using to this description. Obviously this will become a proper doc sometime, somewhere.

  1. Due to Subaru LDAP constraints, the pfs user has user and group IDs of 2085 (NOT 1000 as we had earlier)
  2. All operational PFS hosts mount /software and /data
  3. All operational software must run from /software
  4. All data files must be written to /data
  5. All MHS software must be run by the pfs user for operations, and by the developer for development.
  6. Image files will be written by the pfs-data user (uid/gid 2087) for the actors which write into /data]
  7. All users must have their own group ids, be in the pfs group, and have a umask of 002.
  8. All shared directories must be group pfs and have g+rwx.

 Comments   
Comment by cloomis [ 18/Nov/16 ]

We have been using the following rules at LAM, and pretty much at JHU:

  1. user pfs with uid=1000 gid=1000 holds the anaconda/eups product trees.
  2. user pfs-data with uid=1001 gid=1001, also in group pfs. This is the only user which can write to data directories, The ccd actors run as as pfs-data, we have not settled on whether all actors should. In practice at LAM, they do.
  3. development/modification is done by named users (e.g. cloomis, alefur, fmadec) in the pfs group. Identify who to blame!!
  4. Obviously all users must have umask=2, and the pfs directories must be g+sxw
Comment by shimono [ 07/May/18 ]

philipkyono could you give a guideline(s) related on subaru ldap for accounts (incl, uid=20000-2004 things?) here?

Comment by hassan [ 22/Jul/21 ]

cloomis: I think this ticket has already been addressed, correct?

Comment by arnaud.lefur [ 18/Mar/23 ]

has been done for each new system delivered to the mountain.

Generated at Sat Feb 10 16:20:42 JST 2024 using Jira 8.3.4#803005-sha1:1f96e09b3c60279a408a2ae47be3c745f571388b.