Checking and changing the ROAM server

Introduction

Both MDSplus and Globus use the ROAM server to authenticate users. If a user is not in the ROAM database or does not have the proper authorization, MDSplus will give an error and Globus will fail over to the /etc/grid-security/grid-mapfile for authentication. The primary server is roam.fusiongrid.org. The mirror server is cert.fusiongrid.org/roam.php.

Checking the ROAM server

    To check if ROAM server is working

# On transpgrid as randerso
module purge
export MDSPLUS_DIR=/usr/pppl/fusiongrid/1.0-2/fusiongrid
export setup_file=/p/fusiongrid/mdsplus_info/envsyms_roam
source $MDSPLUS_DIR/setup.sh
CN="/DC=org/DC=FusionGrid/OU=People/CN=Lewis Elvin Randerson 210592"
com="check_access_jobmanager('$CN')"

# Find out what server now default
echo $ROAM_SERVER
roam.fusiongrid.org

# Test server
$ echo "$com" | tditest
check_access_jobmanager('/DC=org/DC=FusionGrid/OU=People/CN=Lewis Elvin Randerson 210592')
"pshr0006"
                                                                                
# Test mirror server
$ export ROAM_SERVER=cert.fusiongrid.org/roam.php
$ echo "$com" | tditest
check_access_jobmanager('/DC=org/DC=FusionGrid/OU=People/CN=Lewis Elvin Randerson 210592')
"pshr0006"

Changing the ROAM server from/to the primary or mirror

      To change ROAM server

# On transpgrid as root
cd /usr/pppl/fusiongrid/1.0-2/fusiongrid/local
# Determine which server is active
/bin/grep ROAM_SERVER roam.env{,-primary,-mirror}
roam.env:ROAM_SERVER cert.fusiongrid.org/roam.php
roam.env-primary:ROAM_SERVER roam.fusiongrid.org
roam.env-mirror:ROAM_SERVER cert.fusiongrid.org/roam.php
# Update (in this case go back to primary}
/bin/cp -i roam.env-primery roam.env