MyProxy Server Installation

Slides:



Advertisements
Similar presentations
12th EELA Tutorial, Lima, FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America.
Advertisements

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America FiReMan Installation Emidio Giorgio INFN.
GLite authentication and authorization Discipline: Grid Computing, 07/08-2 Practical classes Inês Dutra, DCC/FCUP.
FP6−2004−Infrastructures−6-SSA User Interface Installation Valeria Ardizzone INFN – Catania Grid tutorial for users and.
INFSO-RI Enabling Grids for E-sciencE Practicals on VOMS and MyProxy Emidio Giorgio INFN Retreat between GILDA and ESR VO, Bratislava,
Ninth EELA Tutorial for Users and Managers E-infrastructure shared between Europe and Latin America User Interface installation and configuration.
Ninth EELA Tutorial for Users and Managers E-infrastructure shared between Europe and Latin America LFC Server Installation and Configuration.
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) VOMS Installation and configuration Bouchra
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Luciano Díaz ICN-UNAM Based on Domenico.
IST E-infrastructure shared between Europe and Latin America VOMS and MyProxy Server installation and configuration Pedro Henrique.
4th EELA TUTORIAL - USERS AND SYSTEM ADMINISTRATORS E-infrastructure shared between Europe and Latin America BDII Server Installation Vanessa.
E-science grid facility for Europe and Latin America LFC Server Installation and Configuration Antonio Calanducci INFN Catania.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America MyProxy server installation Emidio Giorgio.
INFSO-RI Enabling Grids for E-sciencE Installation and configuration of gLite Resource Broker Emidio Giorgio INFN EGEE-EMBRACE tutorial,
INFSO-RI Enabling Grids for E-sciencE WMS + LB Installation Emidio Giorgio Giuseppe La Rocca INFN EGEE Tutorial, Rome November.2005.
INFSO-RI Enabling Grids for E-sciencE WMS & LB Installation Giuseppe La Rocca INFN Catania - Italy First Latin American Workshop.
E-infrastructure shared between Europe and Latin America Security Hands-on Christian Grunfeld, UNLP 8th EELA Tutorial, La Plata, 11/12-12/12,2006.
9th EELA TUTORIAL - USERS AND SYSTEM ADMINISTRATORS E-infrastructure shared between Europe and Latin America CE + WN installation and configuration.
INFSO-RI Enabling Grids for E-sciencE GILDA Practicals : Security systems GILDA Tutors Singapore, 1st South East Asia Forum -- EGEE.
E-infrastructure shared between Europe and Latin America FP6−2004−Infrastructures−6-SSA Hands-on on security Pedro Rausch IF - UFRJ.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America WMS + LB Installation Emidio Giorgio INFN.
4th EELA TUTORIAL - USERS AND SYSTEM ADMINISTRATORS E-infrastructure shared between Europe and Latin America CE + WN installation and configuration.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Giuseppe La Rocca INFN – Catania
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America User Interface (gLite 1.4) Installation.
E-infrastructure shared between Europe and Latin America Introduction to the tutorial for site managers Vanessa Hamar Universidad de Los.
INFSO-RI Enabling Grids for E-sciencE Installing a gLite VOMS Server Giuseppe La Rocca INFN EGEE Tutorial Rome November 2005.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Introduction to the tutorial for site managers.
INFSO-RI Enabling Grids for E-sciencE User Interface (UI) Installation Giuseppe La Rocca INFN Catania - Italy First Latin American.
Hands-on security Angelines Alberto Morillas Ciemat.
EGEE is a project funded by the European Union under contract IST Grid proxy and MyProxy Roberto Barbera Univ. of Catania and INFN SEE-GRID.
4th EELA TUTORIAL - USERS AND SYSTEM ADMINISTRATORS E-infrastructure shared between Europe and Latin America Security Hands-on Vanessa.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Practicals on Security Miguel Cárdenas Montes.
E-infrastructure shared between Europe and Latin America Security Hands-on Alexandre Duarte CERN Fifth EELA Tutorial Santiago, 06/09-07/09,2006.
EGEE-II INFSO-RI Enabling Grids for E-sciencE MyProxy - a brief introduction.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America R-GMA Server Installation Valeria Ardizzone.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America SRM + gLite IO Server install Emidio Giorgio.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Moisés Hernández Duarte UNAM FES Cuautitlán.
Ninth EELA Tutorial for Users and Managers E-infrastructure shared between Europe and Latin America BDII Server Installation Yubiryn Ramírez.
Third EELA Tutorial for Managers and Users E-infrastructure shared between Europe and Latin America CE + WN installation and configuration.
12th EELA TUTORIAL - USERS AND SYSTEM ADMINISTRATORS FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin.
INFSO-RI Enabling Grids for E-sciencE VOMS & MyProxy interaction Emidio Giorgio INFN NA4 Generic Applications Meeting 10 January.
Enabling Grids for E-sciencE Sofia, 17 March 2009 INFSO-RI Introduction to Grid Computing, EGEE and Bulgarian Grid Initiatives –
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America WMS+LB Server Installation Eduardo Murrieta.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America BDII Server Installation Claudio Cherubino.
12th EELA Tutorial for Users and Managers E-infrastructure shared between Europe and Latin America LFC Server Installation and Configuration.
Hands-on security Carlos Fuentes RedIRIS Madrid,26 – 30 de Octubre de 2008.
Hands on Security, Authentication and Authorization Virginia Martín-Rubio Pascual RedIRIS/Red.es Curso Grid y e-Ciencia.
EGI-InSPIRE RI Grid Training for Power Users EGI-InSPIRE N G I A E G I S Grid Training for Power Users Institute of Physics Belgrade.
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) 马兰馨 IHEP, CAS Hands on gLite Security.
Enabling Grids for E-sciencE gLite security pratical tutorial Dario Russo INFN Catania Catania,
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks File Transfer Service Installation (v. 1.4)
EGEE is a project funded by the European Union under contract IST Job Submission Giuseppe La Rocca EGEE NA4 Generic Applications INFN Catania.
16-26 June 2008, Catania (Italy) First South Africa Grid Training LFC Server Installation and Configuration Antonio Calanducci INFN Catania.
EGEE is a project funded by the European Union under contract IST Grid proxy and MyProxy Giuseppe La Rocca EGEE NA4 Generic Applications GENIUS/GILDA.
LFC Server Installation & Configuration
How to connect your DG to EDGeS? Zoltán Farkas, MTA SZTAKI
Practicals on VOMS and MyProxy
gLite 1.4. Data Mangement Exercises
Corso di Calcolo Parallelo Grid Computing
UI Installation and Configuration
R-GMA Server Installation (v. 1.4)
Installing a gLite VOMS Server
Update on EDG Security (VOMS)
Long term job submission and monitoring uing grid services
Certificates Usage and Simple Job Submission
Certificates Usage and Simple Job Submission
The GENIUS Security Services
Certificates Usage and Simple Job Submission
UI Installation and Configuration
WMS+LB Server Installation and Configuration
Presentation transcript:

MyProxy Server Installation Emidio Giorgio INFN First Latin American Workshop for Grid Administrators 21-25 November 2005

Outline Why MyProxy ? MyProxy Server Installation. Proxy Renewal mechanism. Remote authentication to the Grid MyProxy Server Installation. Server settings  /etc/myproxy-server.config Starting parameters /etc/init.d/myproxy Server start. Testing MyProxy Server. myproxy-init -s <myproxy server> myproxy-get-delegation –s <myproxy server> First Latin American Workshop for Grid Administrators

Long term proxy Proxy has limited lifetime (default is 12 h) Long jobs may outlive the validity of the initial proxy; if happens the job will die prematurely. Bad idea to have longer proxy. To solve this WMS allows proxies to be renewed automatically if user’s credentials are stored on a myproxy server (proxy renewal service). When a job proxy is going to expire, proxy renewal daemon contacts MyProxy server and performs credentials renew For proxy renewal service user has to store credential using the command: myproxy-init –s <server> -t <hours> -d –n and specify which MyProxy server has to be contacted in jobs JDL: MyProxyServer = “grid001.ct.infn.it”; First Latin American Workshop for Grid Administrators

Grid authentication with MyProxy UI MyProxy Server myproxy-init myproxy-get-delegation GENIUS Server (UI) WEB Browser the Grid execution Local WS output any grid service First Latin American Workshop for Grid Administrators

Installing MyProxy Server First Latin American Workshop for Grid Administrators

Installing MyProxy Server MyProxy is not gLite/lcg native (external dependencies) It is distributed together with the most of gLite services (UI,WMS..) Check that $LD_LIBRARY_PATH exports globus and myproxy lib %echo $LD_LIBRARY_PATH /usr/lib:/opt/glite/lib:/opt/glite/externals/lib:/opt/globus/lib:/opt/glite/externals/myproxy-1.14/lib Ckeck that globus bin directory is into $PATH %echo $PATH /opt/globus/bin:/usr/java/j2sdk1.4.2_08/bin:/usr/bin:/opt/glite/bin:/opt/glite/externals/bin:/usr/java/j2sdk1.4.2_08/bin:/opt/glite/externals/bin:/opt/glite/bin:/opt/glite/externals/myproxy-1.14/bin:/opt/globus/bin:/usr/sue/sbin First Latin American Workshop for Grid Administrators

Installing MyProxy Server (cont.) Request host certificates for MyProxy Server. https://gilda.ct.infn.it/CA/mgt/restricted/srvreq.php Copy host certificate (hostcert.pem and hostkey.pem) in /etc/grid-certificates. chmod 644 hostcert.pem chmod 400 hostkey.pem If planning to use certificates released by unsupported EGEE CA’s, be sure that their public key and CRLs (usually distributed with an rpm) are installed. The CRL of the VO GILDA are available from https://gilda.ct.infn.it/RPMS/ca_GILDA-0.28.1.i386.rpm First Latin American Workshop for Grid Administrators

myproxy-server.config Copy /opt/glite/externals/myproxy-1.14/etc/myproxy-server.config to /etc. Edit /etc/myproxy-server.config and define the access policies accepted_credentials "/C=BE/O=BEGRID/*" accepted_credentials "/C=AT/O=AustrianGrid/*" accepted_credentials "/C=TW/*" accepted_credentials "/C=CN/O=IHEP/OU=CC/*" accepted_credentials "/C=AM/O=ArmeSFo/*" accepted_credentials "/C=it/O=GILDA/*" accepted_credentials "/C=IT/O=GILDA/*" proxy certificate subjects accepted to be stored authorized_retrievers "*" certificate subject allowed to request credentials delegation authorized_renewevers "*" certificate subject allowed to request credentials renew First Latin American Workshop for Grid Administrators

Myproxy server init script Download and install the configuration script. rpm –ivh http://grid-deployment.web.cern.ch/grid-deployment/download/RpmDir_i386-rh73-manual/external/myproxy-config-1.1.8-13.edg1.noarch.rpm Edit /etc/init.d/myproxy Comment .${GLOBUS_LOCATION}/libexec/globus-script-initializer .${libexecdir}/globus-sh-tools.sh MKCONFIG="/etc/rc.d/init.d/myproxy-generate-config.pl $CERTDIR $X509_USER_CERT $EDG_LOCATION/etc/edg-myproxy.conf $CONFIG" MYPROXY=/opt/glite/externals/myproxy-1.14/sbin/myproxy-server Comment Comment MKCONFIG line on init script, or you’ll be forced to re-write configuration file for every service restart Replace First Latin American Workshop for Grid Administrators

Before start… Listening port, storing directory for credentials and configuration file could be changed setting the appropriate variables (PORT, STORE, CONFIG) on init script. PORT=“-p 751X” STORE=“-s /var/myproxy” CONFIG=“-c $CONFIG” Pay attention to ownerships/permissions for $STORE ! (root / 700). First Latin American Workshop for Grid Administrators

Before start… -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 7513 -j ACCEPT service iptables restart /etc/init.d/myproxy start First Latin American Workshop for Grid Administrators

Testing MyProxy Server First Latin American Workshop for Grid Administrators

MyProxy commands myproxy-init -s <host_name> -s: <host_name> specifies the hostname of the myproxy server myproxy-info -s <host_name> Get information about stored long living proxy myproxy-get-delegation -s <host_name> Get a new proxy from the MyProxy server myproxy-destroy -s <host_name> Destroy the credential into the server Check out the myproxy-xxx - - help option First Latin American Workshop for Grid Administrators

Store credentials on MyProxy Server %voms-proxy-destroy (remove local credentials) %myproxy-init -s <server name> -p <port> ... Enter GRID pass phrase for this identity: Enter MyProxy pass phrase: A proxy valid for 168 hours (7.0 days) for user xxx now exists on ui-test.trigrid.it. Now your credentials are stored on MyProxy server, and are available for delegation or renewal by RB First Latin American Workshop for Grid Administrators

Get delegation %myproxy-get-delegation -s <server name> -p <port> Enter MyProxy pass phrase: A proxy has been received for user XXX in /tmp/x509up_u5XX First Latin American Workshop for Grid Administrators

Inspect your delegated proxy %voms-proxy-info –all subject : /C=IT/O=GILDA/OU=Personal Certificate/L=INFN/CN=Emidio Giorgio/Email=emidio.giorgio@ct.infn.it/CN=proxy/CN=proxy/CN=proxy issuer : /C=IT/O=GILDA/OU=Personal Certificate/L=INFN/CN=Emidio Giorgio/Email=emidio.giorgio@ct.infn.it/CN=proxy/CN=proxy identity : /C=IT/O=GILDA/OU=Personal Certificate/L=INFN/CN=Emidio Giorgio/Email=emidio.giorgio@ct.infn.it First Latin American Workshop for Grid Administrators

Questions… First Latin American Workshop for Grid Administrators

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.