NCM::Component::lcmaps¶
NAME¶
lcmaps: NCM component to manage LCMAPS configuration file(s)
DESCRIPTION¶
The lcmaps component writes the LCMAPS configuration file(s). The primary file is the LCMAPS database, listing the plugin modules to be defines and the policies to describe (in the specific order as specified in the list in the CDB).
RESOURCES¶
/software/components/lcmaps/dbpath¶
Location of the main LCMAPS database (list of plugin modules). Default: /opt/edg/etc/lcmaps/lcmaps.db
/software/components/lcmaps/modulepath¶
The LCMAPS module search path.
/software/components/lcmaps/module¶
Named list (nlist) of modules to be used in the LCMAPS policies. The names here are the module symbolic references that are used to define the policies
/software/components/lcmaps/module/{}/path¶
Path of the module to load.
/software/components/lcmaps/module/{}/args¶
Arguments to the module (these are concatenated to the module path itself and quoted.
/software/components/lcmaps/policies¶
List (ordered) of LCMAPS policies
/software/components/lcmaps/policies/[]/name¶
Name of the policy.
/software/components/lcmaps/policies/[]/ruleset¶
List (ordered) of rulesets for this policy.
EXAMPLE¶
"/software/components/lcmaps/dbpath" = "/opt/edg/etc/lcmaps/policy.conf";
"/software/components/lcmaps/modulepath" = "/opt/edg/lib/lcmaps/modules";
"/software/components/lcmaps/module/localaccount/path" =
"lcmaps_localaccount.mod";
"/software/components/lcmaps/module/localaccount/args" =
"-gridmapfile `/etc/grid`-security/grid-mapfile";
"/software/components/lcmaps/module/poolaccount/path" = "lcmaps_poolaccount.mod";
"/software/components/lcmaps/module/poolaccount/args" =
" -override_inconsistency" +
" -gridmapfile `/etc/grid`-security/grid-mapfile" +
" -gridmapdir `/etc/grid`-security/gridmapdir";
"/software/components/lcmaps/module/posixenf/path" = "lcmaps_posix_enf.mod";
"/software/components/lcmaps/module/posixenf/args" =
" -maxuid 1 -maxpgid 1 -maxsgid 32";
"/software/components/lcmaps/policies" = list (
nlist(
"name", "standard",
"ruleset", list (
"localaccount -> posixenf | poolaccount",
"poolaccount -> posixenf"
)
),
nlist(
"name", "GridFTPacquisition",
"ruleset", list (
"vomsextract -> vomslocalgroup",
"vomslocalgroup -> vomspoolgroup",
"vomspoolgroup -> vomspoolaccount",
"vomspoolaccount -> ldap_enf"
)
)
);
Multi-file mode¶
If “/software/components/lcmaps/multifile” is set to True, the LCMAPS component will work in the experimental “multi-file” mode. The regular resources like “/software/components/lcmaps/dbpath” are ignored, and relocated, but similarly named ones in the array “/software/components/lcmaps/config[]” are used. Thus, multiple LCMAPS policy files can be written to support for example separate services (gatekeeper, gridftp) on the same host. For example, the “…/dbpath” resource becomes:
"/software/components/lcmaps/config/0/dbpath" = "/opt/edg/etc/lcmaps/policy.gridftp";
"/software/components/lcmaps/config/0/modulepath" = "/opt/edg/lib/lcmaps/modules";
...
"/software/components/lcmaps/config/1/dbpath" = "/opt/edg/etc/lcmaps/policy.gatekeeper";
...