Site-wide considerations

If you want to deploy a low-maintenance site or cloud site, you will want to skip a lot of steps that big sites usually want to go through. Bla bla bla

You definitely don't want to use GUMS. Too much operational overhead for a small/temporary site. edg-mkgridmap will do a good job here. It's also a good idea to cron a daily rsync from the /etc/grid-security/grid-mapfile in the CE to a NFS area. This way you only need to maintain it in a single place. Clients will read from there. If you have a simpler way to distribute it or just a very easy way to deploy edg-mkgridmap (puppet?) it might be worth to save all the iops in the NFS.

gLexec

Probably one of the most important points. The trickiest part is to make this work with grid-mapfile instead of GUMS. Basically use the rule 3 of the default configuration, or :

osg_default:
## Policy 3: grid-mapfile
gridmapfile -> posix_enf

glexec:
## Policy 3: grid-mapfile
verifyproxy -> gridmapfile
gridmapfile -> glexectracking

In /etc/lcmaps.db

You will also want to point your gridmapfile to an unusual place, probably the NFS so you don't need to maintain edg-mkgridmap in all nodes :

gridmapfile = "lcmaps_localaccount.mod"
              "-gridmap /nfs/system/common/hep-node/config/files/grid-mapfile"

-- Main.samir - 2015-02-12