VOMS and MyProxy Server installation and configuration
-
Upload
flynn-christian -
Category
Documents
-
view
49 -
download
0
description
Transcript of VOMS and MyProxy Server installation and configuration
![Page 1: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/1.jpg)
IST-2006-026409 www.eu-eela.org
E-infrastructure shared between Europe and Latin America
VOMS and MyProxy Server installation and configuration
Pedro Henrique Rausch Bello
Instituto de Física - UFRJ
Third EELA Tutorial for users and managers
Rio de Janeiro, 30.06.2006
![Page 2: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/2.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 2IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
• Why MyProxy?– Proxy Renewal mechanism
• Why VOMS?– Supporting new Virtual Organisations
• MyProxy Server Installation.– Setting server parameters– Startup scripts – Server start
• Testing MyProxy Server.– myproxy-init -s <myproxy server>– myproxy-get-delegation –s <myproxy server>
Outline
![Page 3: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/3.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 3IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
• VOMS Server Installation– Setting server parameters– Supporting new VO’s
• Adding a new VO
• Testing the VOMS server
Outline
![Page 4: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/4.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 4IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
Why MyProxy? - Long term proxy
• Proxy has limited lifetime (default is 12 h)– Long jobs may outlive the validity of the initial proxy; if it
happens the job will die prematurely.– WMS allows proxies to be renewed automatically if user’s
credentials are stored on a myproxy server (proxy renewal service).
• When a user’s proxy is about to expire, the proxy renewal daemon contacts the MyProxy server and performs credentials renewal
• User has to store credential using the command:myproxy-init -s <server> -t <hours> -d -n
and specify which MyProxy server has to be contacted in jobs JDL:
MyProxyServer = “grid001.ct.infn.it”;
![Page 5: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/5.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 5IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
• Virtual Organization Membership Service (VOMS)– Account Database
Serving information in a special format (VOMS credentials)
Can be administered via command line & via web interface
– Provides information on the user’s relationship with his/her Virtual Organization (VO) VO - Membership Group membership Roles of user
![Page 6: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/6.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 6IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
VOMS - components
● VOMS Core Services● Server - returns authorization info to the client.● Client
• voms-proxy-initqueries the server for authorization info and create a proxy certificate including it.
• voms-proxy-infoshows the info included in a proxy.
• voms-proxy-destroy
● VOMS AdminA Java server application used to manage users and their privileges for a VO.
![Page 7: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/7.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 7IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
VOMS Server architecture
The server is essentially a front-end where all the information about users are kept.
![Page 8: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/8.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 8IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
Registration process
Request confirmation
via email
Membership request via Web interface
VOMS SERVERVO USER VO ADMIN
Confirmation of email addressRequest notification
accept / deny via web interface
create user
(if accepted)
Notification of accept/deny
![Page 9: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/9.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 9IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
Groups
• The number of users of a VO can be very high:– E.g. the experiment ATLAS has 2000 member
• Make VO manageable by organizing users in groups:Examples:– VO BIOMED-FRANCE
Group Paris• Sorbonne University
o Group Prof. de Gaulle• Central University
Group Lyon Group Marseille
– VO BIOMED-FRANCE BIOMED-FRANCE/STAFF can write to normal storage BIOMED-FRANCE/STUDENT can only to volatile space
• Groups can have a hierarchical structure
• Group membership is added automatically to your proxy when doing a voms-proxy-init
![Page 10: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/10.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 10
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
Roles
• Roles are specific roles a user has and that distinguishes him from others in his group:
– Software manager– Administrator– Manager
• Difference between roles and groups:
– Roles have no hierarchical structure – there is no sub-role– Roles are not used in ‘normal operation’
They are not added to the proxy by default when running voms-proxy-init
But they can be added to the proxy for special purposes when running voms-proxy-init
![Page 11: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/11.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 11
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
Installing MyProxy ServerWith GILDA middleware
![Page 12: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/12.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 12
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
Installation Pre-requisites
• Start from the base machine you installed in the INTRODUCTORY tutorial
• Verify that these packages are installed and properly configured:– Java SDK– Ntp daemon
– glite-yaim-3.0.0– gilda_ig-yaim-3.0.0
• Also check that your host certificates are present in /etc/grid-security and have proper permissions:
-rw-r--r-- 1 root root 1127 Jun 14 12:27 hostcert.pem-r-------- 1 root root 887 Jun 14 12:28 hostkey.pem
![Page 13: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/13.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 13
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
site-info.def customization
• Copy /opt/glite/yaim/examples/site-info.def into /root/site-info.def and edit these fields:
• MY_DOMAIN=eela.if.ufrj.br• PX_HOST=eelatut10.$MY_DOMAIN• MON_HOST=eelatut03.$MY_DOMAIN• NTP_HOSTS=“146.164.36.25”• JAVA_LOCATION="/usr/java/j2sdk1.4.2_08“
• INSTALL_SERVER_HOST=gaia.$MY_DOMAIN
• OS_REPOSITORY="rpm http://$INSTALL_SERVER_HOST/yam sl305-i386 os updates contrib"
• LCG_REPOSITORY="rpm http://$INSTALL_SERVER_HOST/yam glite_sl3-i386 3_0 3_0_externals 3_0_updates"
• IG_REPOSITORY="rpm http://$INSTALL_SERVER_HOST/yam ig_sl3-i386 3_0_0 utils"
• GILDA_REPOSITORY="rpm http://$INSTALL_SERVER_HOST/yam gilda_sl3-i386 app 3_0_0"
• CA_REPOSITORY="rpm http://$INSTALL_SERVER_HOST/yam glite_sl3-i386 security"
![Page 14: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/14.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 14
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
Middleware installation with YAIM
• We are ready to install the MyProxyServer:
/opt/glite/yaim/scripts/gilda_ig_install_node /root/site-info.def GILDA_ig_PX
• This command will download and install all the needed packages.
• Now we can configure the node:
/opt/glite/yaim/scripts/gilda_ig_configure_node /root/site-info.def GILDA_ig_PX
![Page 15: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/15.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 15
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
Installing MyProxy ServerWith plain gLite middleware
![Page 16: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/16.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 16
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
Installation Pre-requisites
• Start from the base machine you installed in the INTRODUCTORY tutorial
• Verify that these packages are installed and properly configured:– Java SDK– Ntp daemon
– glite-yaim-3.0.0
• Also check that your host certificates are present in /etc/grid-security and have proper permissions:
-rw-r--r-- 1 root root 1127 Jun 14 12:27 hostcert.pem
-r-------- 1 root root 887 Jun 14 12:28 hostkey.pem
![Page 17: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/17.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 17
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
site-info.def customization
• Copy /opt/glite/yaim/examples/site-info.def into /root/site-info.def and edit these fields:
• MY_DOMAIN=eela.if.ufrj.br• PX_HOST=eelatut10.$MY_DOMAIN• MON_HOST=eelatut03.$MY_DOMAIN• JAVA_LOCATION="/usr/java/j2sdk1.4.2_08“• OS_REPOSITORY="rpm http://gaia.eela.if.ufrj.br/yam
sl305-i386 os updates contrib"• LCG_REPOSITORY="rpm http://gaia.eela.if.ufrj.br/yam
glite_sl3-i386 3_0 3_0_externals 3_0_updates"• CA_REPOSITORY="rpm http://gaia.eela.if.ufrj.br/yam
glite_sl3-i386 security"
![Page 18: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/18.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 18
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
Middleware installation with YAIM
• We are ready to install the MyProxy Server:
/opt/glite/yaim/scripts/install_node /root/site-info.def glite-PX
• This command will download and install all the needed packages.
• Now we can configure the node:
/opt/glite/yaim/scripts/configure_node /root/site-info.def PX
![Page 19: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/19.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 19
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
Notes on MyProxy Server Installation
![Page 20: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/20.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 20
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
Changes made to the system
• The following changes were made to the system:– Software installed in /opt;– Services added to /etc/init.d/
globus-mds () rgma-gin () myproxy () globus-gatekeeper and globus-gridftp are installed, but not
configured for the myproxy installation
– MyProxy configuration file: /etc/myproxy-server.config
![Page 21: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/21.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 21
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
Firewall Configuration
• Be sure that your firewall is open for myproxy listening port (7512).
• For instance, add the following line to /etc/sysconfig/iptables:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp
-p tcp --dport 7512 -j ACCEPT
![Page 22: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/22.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 22
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
Testing MyProxy Server
![Page 23: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/23.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 23
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
Changes in myproxy-server.config
• Copy /opt/globus/etc/myproxy-server.config to /etc overwriting the existing file
• Edit /etc/myproxy-server.config to define the access policies according to your needs.
• To authorize all retrievers and renewers uncomment:
accepted_credentials "*“ (proxy certificate subjects accepted for storing)
authorized_retrievers "*“ (certificate subject allowed to request credentials delegation)
default_retrievers "*"
authorized_renewers "*“ (certificate subject allowed to request)
default_renewers "none"
![Page 24: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/24.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 24
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
Changes to MyProxy Server init script
• Edit /etc/init.d/myproxy
• Comment this line:
• MKCONFIG="/etc/rc.d/init.d/myproxy-generate-config.pl $CERTDIR $X509_USER_CERT $EDG_LOCATION/etc/edg-myproxy.conf $CONFIG“
![Page 25: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/25.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 25
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
MyProxy commands
– myproxy-init -s <host_name> -s: <host_name> specifies the hostname of the
myproxy server
– myproxy-info -s <host_name> Get information about stored long living proxy
– myproxy-get-delegation -s <host_name> Get a new proxy from the MyProxy server
– myproxy-destroy -s <host_name> Destroy the credential into the server
![Page 26: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/26.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 26
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
Storing credentials on MyProxy Server
myproxy-init -s <server name> -p <port> --voms gilda
...
Enter GRID pass phrase for this identity:
...
Enter MyProxy pass phrase:
...
A proxy valid for 168 hours (7.0 days) for user xxx now exists on eelatut10.eela.if.ufrj.br.
Now your credentials are stored on MyProxy server, and are available for delegation or renewal by WMS
![Page 27: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/27.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 27
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
Getting a delegation
myproxy-get-delegation -s <server name> -p <port>
Enter MyProxy pass phrase:
…
A proxy has been received for user XXX in /tmp/x509up_u5XX
![Page 28: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/28.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 28
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
Installing VOMS ServerWith GILDA middleware
![Page 29: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/29.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 29
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
Installation Pre-requisites
• Start from the base machine you installed in the INTRODUCTORY tutorial
• Verify that these packages are installed and properly configured:– Java SDK– Ntp daemon
• Also check that your host certificates are present in /etc/grid-security and have proper permissions:
-rw-r--r-- 1 root root 1127 Jun 14 12:27 hostcert.pem-r-------- 1 root root 887 Jun 14 12:28 hostkey.pem
![Page 30: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/30.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 30
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
Manual Installation
• Currently, There’s no YAIM profile for the installation of VOMS
• We are going to proceed with the manual installation
• First, we have to add the following files to /etc/apt/sources.list.d/– rm –f /etc/apt/sources.list.d/*– sl.list:
rpm http://gaia.eela.if.ufrj.br/yam sl305-i386 os contrib updates
– glite.list: rpm http://gaia.eela.if.ufrj.br/yam glite_sl3-i386 3_0
3_0_updates 3_0_externals security
![Page 31: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/31.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 31
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
Manual Installation
• Next, update the apt package databases:– apt-get update
• Install the base package for VOMS:– apt-get install glite-VOMS_mysql lcg-CA
– Also install GILDA VO and CA RPMs:– rpm –ivh
http://gaia.eela.if.ufrj.br/yam/gilda_sl3-i386/RPMS.all/ca_GILDA-1.0-2.i386.rpm http://gaia.eela.if.ufrj.br/yam/gilda_sl3-i386/RPMS.all/lcg-voms-vo-gilda-1.0-0.noarch.rpm (all in one line)
![Page 32: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/32.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 32
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
NTP Configuration
• Add the following lines to /etc/ntp.confrestrict 146.164.36.25 mask 255.255.255.255 nomodify notrap noquery
server 146.164.36.25
• Add the following line to /etc/ntp/step-tickers146.164.36.25
![Page 33: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/33.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 33
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
Middleware configuration
• Go to configuration directory and copy templates– cd /opt/glite/etc/config– cp templates/*.xml .
• Customize configuration files by replacing all ‘changeme’ values with the proper values
![Page 34: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/34.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 34
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
glite-global.cfg.xml
• Change JAVA_HOME variable to the path of the JVM• value="/usr/java/j2re1.4.2_08“• Change also the variable GLITE_LOCATION_VAR• Value=“/opt/glite/var”
![Page 35: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/35.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 35
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
glite-rgma-common.cfg.xml
• Change the following values:– rgma.server.hostname = rgmasrv.ct.infn.it– rgma.schema.hostname = rgmasrv.ct.infn.it– rgma.registry.hostname = rgmasrv.ct.infn.it
![Page 36: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/36.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 36
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
glite-rgma-servicetool.cfg.xml
• Change the following values:– rgma.servicetool.siteId = eelatut03.eela.if.ufrj.br
![Page 37: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/37.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 37
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
glite-rgma-servicetool-externalServices.cfg.xml
• Change the following values:– rgma.servicetool.service_type = org.glite.voms.server
![Page 38: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/38.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 38
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
glite-security-utils.cfg.xml
• Change the following values:– Cron.mailto = [email protected]
![Page 39: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/39.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 39
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
glite-voms-server.cfg.xml
• Change the following values:– voms.db.type = mysql– voms.db.host = localhost– voms.admin.smtp.host = master.if.ufrj.br– voms.mysql.admin.password = “secret”
![Page 40: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/40.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 40
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
vo-list.cfg.xml
• Change the following values:– Vo = gilda– Vo.name = gilda– voms.hostname = eelatut10.eela.if.ufrj.br– voms.port.number = 15001– voms.cert.url = http://eelatut10.eela.if.ufrj.br/voms-server.pem– voms.cert.url = subject=
/C=IT/O=GILDA/OU=Host/L=Universidade Federal do Rio de Janeiro/CN=eelatut15.eela.if.ufrj.br/[email protected]
– Voms.db.name = voms_gilda– Voms.db.user.name = vo_adm– Voms.db.user.password = secret– vo.sgm.vo.role = LCGAdmin
![Page 41: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/41.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 41
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
vo-list.cfg.xml
• Change the following values:– pool.account.basename = gilda– pool.account.group = gilda– pool.account.number = 200– Voms.db.host = localhost– voms.admin.smtp.host = master.if.ufrj.br– voms.admin.notification.e-mail = [email protected]– voms.admin.certificate = /C=IT/O=GILDA/OU=Personal
Certificate/L=RIODEJANEIRO/CN=RIODEJANEIRO04/[email protected]
• You also have to copy the User certificate to the machine:– scp .globus/usercert.pem eelatut15:/etc/grid-security/admin-
usercert.pem
![Page 42: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/42.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 42
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
Firewall Configuration
• Put these lines in /etc/sysconfig/iptables
– A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8443 -j ACCEPT
– A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 15001 -j ACCEPT
• Restart the firewall
![Page 43: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/43.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 43
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
MySQL Configuration
• Set the password for mysql access– mysqladmin –u root password secret
![Page 44: VOMS and MyProxy Server installation and configuration](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813737550346895d9ec7b2/html5/thumbnails/44.jpg)
Rio de Janeiro, 3rd EELA Tutorial, 26.06.2006 44
IST-2006-026409
E-infrastructure shared between Europe and Latin America
www.eu-eela.org
Start the configuration
• Fix bug in glite-voms-server-config.py (line 387)
• Finally, we can start the configuration:– cd /opt/glite/etc/config/scripts– ./glite-voms-server-config.py --configure
• Start the service– ./glite-voms-server-config.py --start