https://pfspipe.ipmu.jp/jira This file is an XML representation of an issue en-us 8.3.4 803005 13-09-2019 https://pfspipe.ipmu.jp/jira/browse/INSTRM-592 Instrument control development <p><a href="https://pfspipe.ipmu.jp/jira/browse/INSTRM-22" title="[ICD] Standard configuration (uid/gid/NFS) of summit ICS hosts" class="issue-link" data-issue-key="INSTRM-22"><del>INSTRM-22</del></a> lists some OS conventions for ICS machines and software, and was written before PFS computers started being integrated at Subaru. LAM and JHU had settled on the <tt>pfs</tt> and <tt>pfs-data</tt> accounts having uid/gids of 1000 and 1001, respectively. But at Subaru user accounts are managed through a central LDAP server, and the two accounts were assigned 2085 and 2087. The ids will conflict when we deliver the SM1 BEEs.</p> <p>I can think of four solutions:</p> <ul class="alternate" type="square"> <li>renumber existing accounts at JHU and LAM. Ugh, especially at LAM.</li> <li>use NFSv4 id mapping. NFSv4 uses <tt>user@domain</tt> <em>names</em>, and has mechanisms for mapping those to ids. We can try/test how well this works.</li> <li>do <em>not</em> treat the <tt>pfs</tt> and <tt>pfs-data</tt> accounts as LDAP-managed accounts at Subaru, and leave them at 1000/1001.</li> <li>reconfigure the ids just on the BEEs on arrival at Subaru, or re-image them. We might be able to convince ourselves this is safe, testing-wise.</li> </ul> <p>I think that re-imaging is the right choice. If not that, renumbering. We still need to build a decent way to re-image the BEEs in any case, and being able to set the user ids dynamically would be a modest requirement.</p> <p><a href="https://pfspipe.ipmu.jp/jira/secure/ViewProfile.jspa?name=fmadec" class="user-hover" rel="fmadec">fmadec</a>? <a href="https://pfspipe.ipmu.jp/jira/secure/ViewProfile.jspa?name=kiaina" class="user-hover" rel="kiaina">Kiaina Schubert</a>?</p> INSTRM-592

Pin down pfs and pfs-data uid/gids before shipping to Subaru.

Task Normal Open Unresolved Unassigned cloomis Thu, 10 Jan 2019 17:31:40 +0000 Mon, 14 Jan 2019 16:50:29 +0000 0 2 <p>I do not have strong opinion.</p> <p>renumbering is bit painful but acceptable. As you said, only bee is concerned because we do not deliver computer to SUBARU (of course ids have to match on each site). </p> <p>why do you need to re-image the bees in any case?</p> <p>We do not <em>need</em> to re-image before delivery, but we do need to have/provide a good scheme to create/install an image in the first place. Currently we PXE boot to a rescue disk and tftp/dd a premade image right onto the disk device. Crude, and if I were at Subaru barely or not acceptable.</p> <p>If that were to be redone properly, allowing for specifying uid/gids would not be much extra work.</p> <p>If LAM and JHU were to renumber, we <em>might</em> have to renumber more than just the BEE ids, unless we used NFSv4 id mapping. Stuff in /software and /data, programs which are reading from /data, etc. Yes, we probably only need to renumber <tt>pfs-data</tt> everywhere, and to be careful on other machines, but it might leak: we would be writing into /data with pfs gid=2085.</p> Relates INSTRM-321 INSTRM-22 Development Rank 0|s001zs: