06 February 2007

Most of the DPM sites will be aware that Atlas recently asked for everyone to update the ACLs on the home/atlas/dq2 and home/atlas/generated directories of the DPM namespace. The fix to do this was initially provided as a binary (provided by the DPM devels) that would parse a configuration file and make changes in the MySQL database. Initially there were a few problems with this:

1. No source code was provided with the binary (actually being called a script in the atlas email). even though the operation was tagged as being EXTREMELY DELICATE.
2. The binary had already been through one bug fix after limited deployment., so confidence in it wasn't exactly high.
3. Subsequent bugs have been found after running it in the UK. For example, the looking at the atlas/generated directory on the Glasgow DPM:

[...]
drwxrwxr-x 298 143 103 0 Feb 06 11:43 2007-01-29
drwxrwxr-x 13 143 103 0 Feb 06 11:34 2007-01-30
drwxrwxr-x 1 117 117 0 Jan 31 22:40 2007-01-31
drwxrwxr-x 2 117 117 0 Feb 01 22:46 2007-02-01

GID 103 is the normal atlas group. GID 117 is atlas/Role=lcgadmin. (Thanks to Graeme for this).

It would have been better if the tools had been available for site admins to perform this ACL update without having to resort to direct connections to the MySQL DB. dpm-setacl could have been used, but since this does not have a recursive mode it wouldn't have been all that user friendly to use.

I think this is another example of where the administration tools of the storage middleware are lacking.

No comments: