The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite VOMS Installation and Configuration Riccardo Bruno

Slides:

Advertisements

Similar presentations

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America FiReMan Installation Emidio Giorgio INFN.

Advertisements

FP6−2004−Infrastructures−6-SSA User Interface Installation Valeria Ardizzone INFN – Catania Grid tutorial for users and.

1 Kolkata, Asia Joint CHAIN/EU-IndiaGrid2/EPIKH School for Grid Site Administrators, The EPIKH Project (Exchange Programme.

INFSO-RI Enabling Grids for E-sciencE Practicals on VOMS and MyProxy Emidio Giorgio INFN Retreat between GILDA and ESR VO, Bratislava,

1 Worker Nodes Installation&Configuration Sara Bertocco INFN Padova 11 th International GridKa School 2013 – Big Data, Clouds and Grids.

Ninth EELA Tutorial for Users and Managers E-infrastructure shared between Europe and Latin America User Interface installation and configuration.

E-science grid facility for Europe and Latin America UI PnP and UI Installation User and Site Admin Tutorial Riccardo Bruno – INFN Catania.

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) Overview of software tools for gLite installation & configuration.

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) VOMS Installation and configuration Bouchra

E-science grid facility for Europe and Latin America Installation and configuration of a top BDII Gianni M. Ricciardi – Consorzio COMETA.

IST E-infrastructure shared between Europe and Latin America VOMS and MyProxy Server installation and configuration Pedro Henrique.

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) Workload Management System + Logging&Bookkeeping Installation.

E-science grid facility for Europe and Latin America LFC Server Installation and Configuration Antonio Calanducci INFN Catania.

E-science grid facility for Europe and Latin America gLite WMS Installation and configuration Riccardo Bruno – INFN.CT 30/06/2008 – 04/07/2008.

EPIKH School for Grid Site Administrators, Amman, /32 Introductions BDII Installation and Configuration Miguel Angel Díaz Corchero

INFSO-RI Enabling Grids for E-sciencE WMS + LB Installation Emidio Giorgio Giuseppe La Rocca INFN EGEE Tutorial, Rome November.2005.

INFSO-RI Enabling Grids for E-sciencE How to join GILDA Riccardo Bruno INFN gLite Tutorial at the First EGEE User Forum CERN,

E-infrastructure shared between Europe and Latin America Security Hands-on Christian Grunfeld, UNLP 8th EELA Tutorial, La Plata, 11/12-12/12,2006.

9th EELA TUTORIAL - USERS AND SYSTEM ADMINISTRATORS E-infrastructure shared between Europe and Latin America CE + WN installation and configuration.

E-infrastructure shared between Europe and Latin America FP6−2004−Infrastructures−6-SSA Hands-on on security Pedro Rausch IF - UFRJ.

12th EELA Tutorial for Users and System Administrators E-infrastructure shared between Europe and Latin America User Interface installation.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America WMS + LB Installation Emidio Giorgio INFN.

4th EELA TUTORIAL - USERS AND SYSTEM ADMINISTRATORS E-infrastructure shared between Europe and Latin America CE + WN installation and configuration.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America BDII Server Installation and Configuration.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America User Interface (gLite 1.4) Installation.

E-infrastructure shared between Europe and Latin America Introduction to the tutorial for site managers Vanessa Hamar Universidad de Los.

INFSO-RI Enabling Grids for E-sciencE Installing a gLite VOMS Server Giuseppe La Rocca INFN EGEE Tutorial Rome November 2005.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Introduction to the tutorial for site managers.

INFSO-RI Enabling Grids for E-sciencE Installing a gLite VOMS server Joachim Flammer Integration Team, CERN EMBRACE Tutorial, Clermont-Ferrand.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

INFSO-RI Enabling Grids for E-sciencE User Interface (UI) Installation Giuseppe La Rocca INFN Catania - Italy First Latin American.

4th EELA TUTORIAL - USERS AND SYSTEM ADMINISTRATORS E-infrastructure shared between Europe and Latin America Security Hands-on Vanessa.

CREAM Installation&Configuration Sara Bertocco INFN Padova 11 th International GridKa School 2013 – Big Data, Clouds and Grids.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America R-GMA Server Installation Valeria Ardizzone.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America SRM + gLite IO Server install Emidio Giorgio.

EGEE-II INFSO-RI Enabling Grids for E-sciencE YAIM Overview MiMOS Grid tutorial HungChe, ASGC OPS Team.

12th EELA TUTORIAL - USERS AND SYSTEM ADMINISTRATORS FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin.

EGI-InSPIRE RI Grid Training for Power Users EGI-InSPIRE N G I A E G I S Grid Training for Power Users Institute of Physics Belgrade.

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) 马兰馨 IHEP, CAS Hands on gLite Security.

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) UI Installation and Configuration Dong Xu IHEP,

Enabling Grids for E-sciencE gLite security pratical tutorial Dario Russo INFN Catania Catania,

GLite WN Installation Giuseppe LA ROCCA INFN Catania ACGRID-II School 2-14 November 2009 Kuala Lumpur - Malaysia.

First South Africa Grid Training Installation and configuration of BDII Gianni M. Ricciardi Consorzio COMETA First South Africa Grid Training Catania,

SEE-GRID-SCI MON Hands-on Session Vladimir Slavnić Institute of Physics Belgrade Serbia The SEE-GRID-SCI initiative.

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) 马兰馨 IHEP, CAS Setting Up a Repository.

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) WMS LB BDII Installation and Configuration Salma Saber

Site BDII and CE Installation Muhammad Farhan Sjaugi, UPM 2009 November , UM Malaysia 1.

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) Overview of software tools for gLite installation & configuration.

Overview about other gLite services Giuseppe LA ROCCA INFN Catania ACGRID-II School 2-14 November 2009 Kuala Lumpur - Malaysia.

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) Continue by your own… Riccardo Bruno

User Interface (UI) Installation Bandung ITB Desember 2009.

16-26 June 2008, Catania (Italy) First South Africa Grid Training LFC Server Installation and Configuration Antonio Calanducci INFN Catania.

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) Elisa Ingrà Consortium GARR- Roma WMS LB.

EGI-InSPIRE RI EGI Training for AEGIS Site Administrators EGI-InSPIRE N G I A E G I S EGI Training for AEGIS Site Administrators Institute.

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) Workload Management System + Logging&Bookkeeping Installation.

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) VOMS Installation and configuration Riccardo Rotondo

Overview of software tools for gLite installation & configuration

COP 4343 Unix System Administration

VOMS Installation and configuration

MyProxy Server Installation

Practicals on VOMS and MyProxy

WMS Installation and Configuration

UI Installation and Configuration

gLite User Interface Installation

R-GMA Server Installation (v. 1.4)

Installing a gLite VOMS Server

gLite VOMS Installation and Configuration

WMS LB topBDII Installation and Configuration

UI Installation and Configuration

EUMEDGRID-Support Site Information

Presentation transcript:

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite VOMS Installation and Configuration Riccardo Bruno INFN Dept. of Catania Joint EPIKH/EUMEDGRID-Support Event in Algeria Algiers,

Virtual Organization Membership Service (VOMS) –Account Database  Serving information in a special format (VOMS credentials)  Can be administered via command line & via web interface –Provides information on the user’s relationship with his/her Virtual Organization (VO)  VO - Membership  Group membership  Roles of user VOMS Algiers, Joint EPiKH/EUMEDGRID-Support in Algeria,

With YUM it is possible to exploit its package caching mechanism to speed up the installation process –Download cached files with:  –Install cached packages: The installed packages will avoid YUM to download files from the network before to install them YUM cache  tar xvfz  tar xvfz  tar xvfz UI_yum_cache.tar.gz –C /var/cache/yum Algiers, Joint EPiKH/EUMEDGRID-Support in Algeria,

jpackage Provide a coherent set of Java software packages –Remote Site installations using your own Machines Algiers, Joint EPiKH/EUMEDGRID-Support in Algeria, jpackage official repository is currently broken and not usable Use It’s mirror at GARR cat > /etc/yum.repos.d/jpackage.repo <<EOF # # JPackage repositories # [jpackage5_generic_free] name = JPackage 5 (generic free) baseurl = gpgkey = gpgcheck = 1 enabled = 1 protect = 1 [jpackage5_generic_non-free] name = JPackage 5 (generic non-free) baseurl = gpgkey = gpgcheck = 1 enabled = 0 protect = 1 EOF Use It’s mirror at GARR cat > /etc/yum.repos.d/jpackage.repo <<EOF # # JPackage repositories # [jpackage5_generic_free] name = JPackage 5 (generic free) baseurl = gpgkey = gpgcheck = 1 enabled = 1 protect = 1 [jpackage5_generic_non-free] name = JPackage 5 (generic non-free) baseurl = gpgkey = gpgcheck = 1 enabled = 0 protect = 1 EOF

LCG-CA Install the LCG-CA packages Install the GILDA CA VOMS will only recognize subscriptions made by people having certificates delivered by these CAs Algiers, Joint EPiKH/EUMEDGRID-Support in Algeria,  cd /etc/yum.repos.d  wget deployment/glite/repos/3.1/lcg-CA.repo -O /etc/yum.repos.d/lcg-CA.repohttp://grid-deployment.web.cern.ch/grid- deployment/glite/repos/3.1/lcg-CA.repo  yum install -y lcg-CA  cd /etc/yum.repos.d  wget deployment/glite/repos/3.1/lcg-CA.repo -O /etc/yum.repos.d/lcg-CA.repohttp://grid-deployment.web.cern.ch/grid- deployment/glite/repos/3.1/lcg-CA.repo  yum install -y lcg-CA wget current/worthless/RPMS/ca_GILDA-CA noarch.rpm --no-check-certificate rpm -ivh ca_GILDA-CA noarch.rpm wget current/worthless/RPMS/ca_GILDA-CA noarch.rpm --no-check-certificate rpm -ivh ca_GILDA-CA noarch.rpm

VOMS Packages and Installations  cd /etc/yum.repos.d  wget it.cnaf.infn.it/mrepo/repos/glite-generic.repo  wget it.cnaf.infn.it/mrepo/repos/glite-voms_mysql.repo  yum install glite-VOMS_mysql --enablerepo=dag  cd /etc/yum.repos.d  wget it.cnaf.infn.it/mrepo/repos/glite-generic.repo  wget it.cnaf.infn.it/mrepo/repos/glite-voms_mysql.repo  yum install glite-VOMS_mysql --enablerepo=dag Dependency error glite-security-voms-api-noglobus  wget VOMS_mysql/sl4/i386/RPMS.release/glite-security- voms-api-noglobus slc4.i386.rpm rpm -ivh glite-security-voms-api-noglobus slc4.i386.rpm yum install gliteVOMS_mysql --enablerepo=dag  wget VOMS_mysql/sl4/i386/RPMS.release/glite-security- voms-api-noglobus slc4.i386.rpm rpm -ivh glite-security-voms-api-noglobus slc4.i386.rpm yum install gliteVOMS_mysql --enablerepo=dag Algiers, Joint EPiKH/EUMEDGRID-Support in Algeria,

MySQL Server Algiers, Joint EPiKH/EUMEDGRID-Support in Algeria,  yum install mysql-server  service mysqld start  chkconfig mysqld on  yum install mysql-server  service mysqld start  chkconfig mysqld on  /usr/bin/mysqladmin -u root -h localhost password 'secure' Install MySQL Server Setup the MySQL root password

Mail Server/NTP Install Mail server ‘sendmail’ Install NTP server Algiers, Joint EPiKH/EUMEDGRID-Support in Algeria,  service sendmail start  chkconfig sendmail on  service sendmail start  chkconfig sendmail on  yum install ntp  cat /etc/ntp.conf  server ntp-1.infn.it  EOF  service ntpd start  Chkconfig ntpd on  yum install ntp  cat /etc/ntp.conf  server ntp-1.infn.it  EOF  service ntpd start  Chkconfig ntpd on

Configuration VOMS configuration does not uses YAIM, manual XML configuration is required as old gLite installations –Copy Certificates in: /etc/grid-security Algiers, Joint EPiKH/EUMEDGRID-Support in Algeria,  wget rist02.grid.arn.dz/ceristXX.grid.arn.dz-cert.pem - O /etc/grid-security/hostcert.pem rist02.grid.arn.dz/ceristXX.grid.arn.dz-cert.pem - O /etc/grid-security/hostcert.pem  wget rist02.grid.arn.dz/ceristXX.grid.arn.dz-key.pem -O /etc/grid-security/hostkey.pem rist02.grid.arn.dz/ceristXX.grid.arn.dz-key.pem -O /etc/grid-security/hostkey.pem  chmod 644 /etc/grid-security/hostcert.pem  chmod 400 /etc/grid-security/hostkey.pem  wget rist02.grid.arn.dz/ceristXX.grid.arn.dz-cert.pem - O /etc/grid-security/hostcert.pem rist02.grid.arn.dz/ceristXX.grid.arn.dz-cert.pem - O /etc/grid-security/hostcert.pem  wget rist02.grid.arn.dz/ceristXX.grid.arn.dz-key.pem -O /etc/grid-security/hostkey.pem rist02.grid.arn.dz/ceristXX.grid.arn.dz-key.pem -O /etc/grid-security/hostkey.pem  chmod 644 /etc/grid-security/hostcert.pem  chmod 400 /etc/grid-security/hostkey.pem

Configuration Make a copy of template XML files Values to change are flagged by value ”changeme“ Algiers, Joint EPiKH/EUMEDGRID-Support in Algeria,  cd /opt/glite/etc/config/templates  cp *.xml..  cd..  cd /opt/glite/etc/config/templates  cp *.xml..  cd..

glite-global.cfg.xml Open configuration file with a text editor ( vi, nano,… ) JAVA_HOME - value="/usr/java/jdk1.6.0_20" ! PLEASE VERIFY THE Java VERSION /usr/java/jdk… Algiers, Joint EPiKH/EUMEDGRID-Support in Algeria,

glite-security-utils.cfg.xml Algiers, Joint EPiKH/EUMEDGRID-Support in Algeria, cron.mailto  value=" "

glite-voms-server.cfg.xml Algiers, Joint EPiKH/EUMEDGRID-Support in Algeria, This XML seems corrupted, AT THE TOP it should look like:

glite-voms-server.cfg.xml Algiers, Joint EPiKH/EUMEDGRID-Support in Algeria, Other values to customize … voms.db.type - value="mysql" voms.db.host - value="localhost" voms.admin.smtp.host - value="localhost" voms.mysql.admin.password - value="secure" voms.db.type - value="mysql" voms.db.host - value="localhost" voms.admin.smtp.host - value="localhost" voms.mysql.admin.password - value="secure"

vo-list.cfg.xml Algiers, Joint EPiKH/EUMEDGRID-Support in Algeria, Other values to customize … Go back to terminal and get server Certificate suject: vo.name - value="cerist" voms.hostname - value="ceristXX.grid.arn.dz" port.number - value="15000" voms.cert.url - value="" vo - value="voname" vo.name - value="voname" voms.cert.url - value=” " vo.name - value="cerist" voms.hostname - value="ceristXX.grid.arn.dz" port.number - value="15000" voms.cert.url - value="" vo - value="voname" vo.name - value="voname" voms.cert.url - value=” " openssl x509 -in /etc/grid- security/hostcert.pem -subject -noout

vo-list.cfg.xml Algiers, Joint EPiKH/EUMEDGRID-Support in Algeria, Complete with other values to customize … voms.cert.subj - value=” " voms.db.name - value="vomsdb" voms.db.user.name - value="vomsusr" voms.db.user.password - value="vomsusrpwd" vo.sgm.vo.role - value="LCGAdmin" pool.account.basename - value="" pool.account.group - value="" pool.account.number - value="1" pool.lsfgid - value="" voms.db.host - value="localhost" voms.admin.smtp.host - value="localhost" voms.admin.notification. - value=" " voms.cert.subj - value=” " voms.db.name - value="vomsdb" voms.db.user.name - value="vomsusr" voms.db.user.password - value="vomsusrpwd" vo.sgm.vo.role - value="LCGAdmin" pool.account.basename - value="" pool.account.group - value="" pool.account.number - value="1" pool.lsfgid - value="" voms.db.host - value="localhost" voms.admin.smtp.host - value="localhost" voms.admin.notification. - value=" "

vo-list.cfg.xml Algiers, Joint EPiKH/EUMEDGRID-Support in Algeria, Get the Admin User Certificate Complete the values … scp /etc/grid-security/usercert.pem voms.admin.certificate="/etc/grid-security/usercert.pem"

VOMS Configuration and Execution Just execute a python configuration script Then execute the VOMS server To check the status To use the built-in command line tools ‘source’ in root’.bashrc file the following file Algiers, Joint EPiKH/EUMEDGRID-Support in Algeria, scripts/glite-voms-server-config.py --configure scripts/glite-voms-server-config.py --start scripts/glite-voms-server-config.py --configure scripts/glite-voms-server-config.py --start source /etc/glite/profile.d/glite_setenv.sh scripts/glite-voms-server-config.py --status

Testing (Admin) Load the Admin User certificate in your Browser Connect with this brower to: – :8443/voms/cerist :8443/voms/cerist –( ceristXX.grid.arn.dz ) The service works if the Admin page appears … Subscribe your VO with ‘Register!’ button Algiers, Joint EPiKH/EUMEDGRID-Support in Algeria,

Request confirmation via Membership request via Web interface VOMS SERVER VO USER VO ADMIN Confirmation of address Request notification accept / deny via web interface create user (if accepted) Notification of accept/deny Registration procedure Algiers, Joint EPiKH/EUMEDGRID-Support in Algeria,

Registration Confirmation Algiers, Joint EPiKH/EUMEDGRID-Support in Algeria, Acknowledge Approval …

Usage and Maintenance People having user certificates delivered by a recognized Cas (LCG-CA) may request to subscribe your VO Requests will be notified via both for requestor and administrator More than one VO can be created From the Web GUI different Roles may be defined to the users Grid services supporting the new VO must have the specific VO setting properly configured in the site-info.def file Algiers, Joint EPiKH/EUMEDGRID-Support in Algeria, ############## # VONAME # ############## VO_ _SW_DIR=$VO_SW_DIR/africacert VO_ _DEFAULT_SE=$SE_HOST VO_ _STORAGE_DIR=$CLASSIC_STORAGE_DIR/africacert VO_ _VOMS_SERVERS="'vomss://voms.ct.infn.it:8443/voms/africacert?/africacert'" VO_ _VOMSES="'africacert voms.ct.infn.it /C=IT/O=INFN/OU=Host/L=Catania/CN=voms.ct.infn.it africacert'" VO_ _VOMS_CA_DN="'/C=IT/O=INFN/CN=INFN CA'" ############## # VONAME # ############## VO_ _SW_DIR=$VO_SW_DIR/africacert VO_ _DEFAULT_SE=$SE_HOST VO_ _STORAGE_DIR=$CLASSIC_STORAGE_DIR/africacert VO_ _VOMS_SERVERS="'vomss://voms.ct.infn.it:8443/voms/africacert?/africacert'" VO_ _VOMSES="'africacert voms.ct.infn.it /C=IT/O=INFN/OU=Host/L=Catania/CN=voms.ct.infn.it africacert'" VO_ _VOMS_CA_DN="'/C=IT/O=INFN/CN=INFN CA'"

Administration GUI Algiers, Joint EPiKH/EUMEDGRID-Support in Algeria, Users list User details

Take VOMSES string from ‘Configuration’ menu on the web GUI Copy it into. glite/vomses file in your UI’s $HOME account; create it if necessary UI Testing (User) voms-proxy-init --voms cerist Enter GRID pass phrase: Your identity: /C=IT/O=GILDA/OU=Personal Certificate/L=INFN/CN=Riccardo Bruno Creating temporary proxy Done Contacting cerist02.grid.arn.dz:15000 [/C=IT/O=GILDA/OU=Host/L=ALGIERS/CN=cerist02.grid.arn.dz] "cerist" Failed Creating proxy Done Your proxy is valid until Tue Jun 29 04:34: voms-proxy-init --voms cerist Enter GRID pass phrase: Your identity: /C=IT/O=GILDA/OU=Personal Certificate/L=INFN/CN=Riccardo Bruno Creating temporary proxy Done Contacting cerist02.grid.arn.dz:15000 [/C=IT/O=GILDA/OU=Host/L=ALGIERS/CN=cerist02.grid.arn.dz] "cerist" Failed Creating proxy Done Your proxy is valid until Tue Jun 29 04:34: Algiers, Joint EPiKH/EUMEDGRID-Support in Algeria,

Log files can be found in /var/log/messages /var/log/glite/voms. Init scripts can be found in /opt/glite/etc/config/scripts/ Log and scripts Algiers, Joint EPiKH/EUMEDGRID-Support in Algeria,

Command Line Interface Algiers, Joint EPiKH/EUMEDGRID-Support in Algeria, # voms-admin --help voms-admin v Usage: voms-admin [OPTIONS] --vo=NAME [--host HOST] [--port PORT] COMMAND PARAM... Options: --help Print this short help message. --list-commands Print a list of available commands. --help-command CMD Print help about command CMD. --help-commands Print help for all available commands. --version Print version string. --verbose Print more messages. --nousercert Don't extract DNs from supplied certificates. # voms-admin --help voms-admin v Usage: voms-admin [OPTIONS] --vo=NAME [--host HOST] [--port PORT] COMMAND PARAM... Options: --help Print this short help message. --list-commands Print a list of available commands. --help-command CMD Print help about command CMD. --help-commands Print help for all available commands. --version Print version string. --verbose Print more messages. --nousercert Don't extract DNs from supplied certificates.

CLI examples Algiers, Joint EPiKH/EUMEDGRID-Support in Algeria, # voms-admin --vo cerist get-vo-name /cerist # voms-admin --vo cerist list-users /C=IT/O=GILDA/OU=Personal Certificate/L=INFN/CN=Riccardo Bruno, /C=IT/O=GILDA/CN=GILDA CA - # voms-admin --vo cerist list-roles Role=VO-Admin #voms-admin --vo cerist create-user Missing X509 cert argument! It is missing the usercert.pem voms-admin --vo cerist create-user usercert.pemf # voms-admin --vo cerist get-vo-name /cerist # voms-admin --vo cerist list-users /C=IT/O=GILDA/OU=Personal Certificate/L=INFN/CN=Riccardo Bruno, /C=IT/O=GILDA/CN=GILDA CA - # voms-admin --vo cerist list-roles Role=VO-Admin #voms-admin --vo cerist create-user Missing X509 cert argument! It is missing the usercert.pem voms-admin --vo cerist create-user usercert.pemf

References VOMS Installation guide – configuration-guide.pdfhttps://edms.cern.ch/file/974982/1/voms-installation- configuration-guide.pdf EUMEDGRID-Support Wiki – – dSiteInstallationhttp://wiki.eumedgrid.eu/twiki/bin/view/InfrastructureStatus/Eume dSiteInstallation EUMEDGRID – Algiers, Joint EPiKH/EUMEDGRID-Support in Algeria,

Algiers, Joint EPiKH/EUMEDGRID-Support in Algeria,