Presentation is loading. Please wait.

Presentation is loading. Please wait.

MyProxy Server Installation

Published byDarren Roger Maxwell Modified over 6 years ago

Similar presentations

Presentation on theme: "MyProxy Server Installation"— Presentation transcript:

1 MyProxy Server Installation
Emidio Giorgio INFN First Latin American Workshop for Grid Administrators 21-25 November 2005

2 Outline Why MyProxy ? MyProxy Server Installation.
Proxy Renewal mechanism. Remote authentication to the Grid MyProxy Server Installation. Server settings  /etc/myproxy-server.config Starting parameters /etc/init.d/myproxy Server start. Testing MyProxy Server. myproxy-init -s <myproxy server> myproxy-get-delegation –s <myproxy server> First Latin American Workshop for Grid Administrators

3 Long term proxy Proxy has limited lifetime (default is 12 h)
Long jobs may outlive the validity of the initial proxy; if happens the job will die prematurely. Bad idea to have longer proxy. To solve this WMS allows proxies to be renewed automatically if user’s credentials are stored on a myproxy server (proxy renewal service). When a job proxy is going to expire, proxy renewal daemon contacts MyProxy server and performs credentials renew For proxy renewal service user has to store credential using the command: myproxy-init –s <server> -t <hours> -d –n and specify which MyProxy server has to be contacted in jobs JDL: MyProxyServer = “grid001.ct.infn.it”; First Latin American Workshop for Grid Administrators

4 Grid authentication with MyProxy
UI MyProxy Server myproxy-init myproxy-get-delegation GENIUS Server (UI) WEB Browser the Grid execution Local WS output any grid service First Latin American Workshop for Grid Administrators

5 Installing MyProxy Server
First Latin American Workshop for Grid Administrators

6 Installing MyProxy Server
MyProxy is not gLite/lcg native (external dependencies) It is distributed together with the most of gLite services (UI,WMS..) Check that $LD_LIBRARY_PATH exports globus and myproxy lib %echo $LD_LIBRARY_PATH /usr/lib:/opt/glite/lib:/opt/glite/externals/lib:/opt/globus/lib:/opt/glite/externals/myproxy-1.14/lib Ckeck that globus bin directory is into $PATH %echo $PATH /opt/globus/bin:/usr/java/j2sdk1.4.2_08/bin:/usr/bin:/opt/glite/bin:/opt/glite/externals/bin:/usr/java/j2sdk1.4.2_08/bin:/opt/glite/externals/bin:/opt/glite/bin:/opt/glite/externals/myproxy-1.14/bin:/opt/globus/bin:/usr/sue/sbin First Latin American Workshop for Grid Administrators

7 Installing MyProxy Server (cont.)
Request host certificates for MyProxy Server. Copy host certificate (hostcert.pem and hostkey.pem) in /etc/grid-certificates. chmod 644 hostcert.pem chmod 400 hostkey.pem If planning to use certificates released by unsupported EGEE CA’s, be sure that their public key and CRLs (usually distributed with an rpm) are installed. The CRL of the VO GILDA are available from First Latin American Workshop for Grid Administrators

8 myproxy-server.config
Copy /opt/glite/externals/myproxy-1.14/etc/myproxy-server.config to /etc. Edit /etc/myproxy-server.config and define the access policies accepted_credentials "/C=BE/O=BEGRID/*" accepted_credentials "/C=AT/O=AustrianGrid/*" accepted_credentials "/C=TW/*" accepted_credentials "/C=CN/O=IHEP/OU=CC/*" accepted_credentials "/C=AM/O=ArmeSFo/*" accepted_credentials "/C=it/O=GILDA/*" accepted_credentials "/C=IT/O=GILDA/*" proxy certificate subjects accepted to be stored authorized_retrievers "*" certificate subject allowed to request credentials delegation authorized_renewevers "*" certificate subject allowed to request credentials renew First Latin American Workshop for Grid Administrators

9 Myproxy server init script
Download and install the configuration script. rpm –ivh Edit /etc/init.d/myproxy Comment .${GLOBUS_LOCATION}/libexec/globus-script-initializer .${libexecdir}/globus-sh-tools.sh MKCONFIG="/etc/rc.d/init.d/myproxy-generate-config.pl $CERTDIR $X509_USER_CERT $EDG_LOCATION/etc/edg-myproxy.conf $CONFIG" MYPROXY=/opt/glite/externals/myproxy-1.14/sbin/myproxy-server Comment Comment MKCONFIG line on init script, or you’ll be forced to re-write configuration file for every service restart Replace First Latin American Workshop for Grid Administrators

10 Before start… Listening port, storing directory for credentials and configuration file could be changed setting the appropriate variables (PORT, STORE, CONFIG) on init script. PORT=“-p 751X” STORE=“-s /var/myproxy” CONFIG=“-c $CONFIG” Pay attention to ownerships/permissions for $STORE ! (root / 700). First Latin American Workshop for Grid Administrators

11 Before start… -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport j ACCEPT service iptables restart /etc/init.d/myproxy start First Latin American Workshop for Grid Administrators

12 Testing MyProxy Server
First Latin American Workshop for Grid Administrators

13 MyProxy commands myproxy-init -s <host_name>
-s: <host_name> specifies the hostname of the myproxy server myproxy-info -s <host_name> Get information about stored long living proxy myproxy-get-delegation -s <host_name> Get a new proxy from the MyProxy server myproxy-destroy -s <host_name> Destroy the credential into the server Check out the myproxy-xxx - - help option First Latin American Workshop for Grid Administrators

14 Store credentials on MyProxy Server
%voms-proxy-destroy (remove local credentials) %myproxy-init -s <server name> -p <port> ... Enter GRID pass phrase for this identity: Enter MyProxy pass phrase: A proxy valid for 168 hours (7.0 days) for user xxx now exists on ui-test.trigrid.it. Now your credentials are stored on MyProxy server, and are available for delegation or renewal by RB First Latin American Workshop for Grid Administrators

15 Get delegation %myproxy-get-delegation -s <server name> -p <port> Enter MyProxy pass phrase: A proxy has been received for user XXX in /tmp/x509up_u5XX First Latin American Workshop for Grid Administrators

16 Inspect your delegated proxy
%voms-proxy-info –all subject : /C=IT/O=GILDA/OU=Personal Certificate/L=INFN/CN=Emidio issuer : /C=IT/O=GILDA/OU=Personal Certificate/L=INFN/CN=Emidio identity : /C=IT/O=GILDA/OU=Personal Certificate/L=INFN/CN=Emidio First Latin American Workshop for Grid Administrators

17 Questions… First Latin American Workshop for Grid Administrators

Download ppt "MyProxy Server Installation"

Similar presentations

12th EELA Tutorial, Lima, 24-28.09.2007 FP6−2004−Infrastructures−6-SSA-026409 www.eu-eela.org E-infrastructure shared between Europe and Latin America.

12th EELA Tutorial, Lima, FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America.
FP6−2004−Infrastructures−6-SSA-026409 www.eu-eela.org E-infrastructure shared between Europe and Latin America FiReMan Installation Emidio Giorgio INFN.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America FiReMan Installation Emidio Giorgio INFN.
GLite authentication and authorization Discipline: Grid Computing, 07/08-2 Practical classes Inês Dutra, DCC/FCUP.

GLite authentication and authorization Discipline: Grid Computing, 07/08-2 Practical classes Inês Dutra, DCC/FCUP.
FP6−2004−Infrastructures−6-SSA-026634 User Interface Installation Valeria Ardizzone INFN – Catania Grid tutorial for users and.

FP6−2004−Infrastructures−6-SSA User Interface Installation Valeria Ardizzone INFN – Catania Grid tutorial for users and.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Practicals on VOMS and MyProxy Emidio Giorgio INFN Retreat between GILDA and ESR VO, Bratislava,

INFSO-RI Enabling Grids for E-sciencE Practicals on VOMS and MyProxy Emidio Giorgio INFN Retreat between GILDA and ESR VO, Bratislava,
Ninth EELA Tutorial for Users and Managers www.eu-eela.org E-infrastructure shared between Europe and Latin America User Interface installation and configuration.

Ninth EELA Tutorial for Users and Managers E-infrastructure shared between Europe and Latin America User Interface installation and configuration.
Ninth EELA Tutorial for Users and Managers www.eu-eela.org E-infrastructure shared between Europe and Latin America LFC Server Installation and Configuration.

Ninth EELA Tutorial for Users and Managers E-infrastructure shared between Europe and Latin America LFC Server Installation and Configuration.
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) VOMS Installation and configuration Bouchra

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) VOMS Installation and configuration Bouchra
FP6−2004−Infrastructures−6-SSA-026409 www.eu-eela.org E-infrastructure shared between Europe and Latin America Luciano Díaz ICN-UNAM Based on Domenico.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Luciano Díaz ICN-UNAM Based on Domenico.
IST-2006-026409 www.eu-eela.org E-infrastructure shared between Europe and Latin America VOMS and MyProxy Server installation and configuration Pedro Henrique.

IST E-infrastructure shared between Europe and Latin America VOMS and MyProxy Server installation and configuration Pedro Henrique.
4th EELA TUTORIAL - USERS AND SYSTEM ADMINISTRATORS www.eu-eela.org E-infrastructure shared between Europe and Latin America BDII Server Installation Vanessa.

4th EELA TUTORIAL - USERS AND SYSTEM ADMINISTRATORS E-infrastructure shared between Europe and Latin America BDII Server Installation Vanessa.
Www.eu-eela.eu E-science grid facility for Europe and Latin America LFC Server Installation and Configuration Antonio Calanducci INFN Catania.

E-science grid facility for Europe and Latin America LFC Server Installation and Configuration Antonio Calanducci INFN Catania.
FP6−2004−Infrastructures−6-SSA-026409 www.eu-eela.org E-infrastructure shared between Europe and Latin America MyProxy server installation Emidio Giorgio.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America MyProxy server installation Emidio Giorgio.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Installation and configuration of gLite Resource Broker Emidio Giorgio INFN EGEE-EMBRACE tutorial,

INFSO-RI Enabling Grids for E-sciencE Installation and configuration of gLite Resource Broker Emidio Giorgio INFN EGEE-EMBRACE tutorial,
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org WMS + LB Installation Emidio Giorgio Giuseppe La Rocca INFN EGEE Tutorial, Rome 02-04.November.2005.

INFSO-RI Enabling Grids for E-sciencE WMS + LB Installation Emidio Giorgio Giuseppe La Rocca INFN EGEE Tutorial, Rome November.2005.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org WMS & LB Installation Giuseppe La Rocca INFN Catania - Italy First Latin American Workshop.

INFSO-RI Enabling Grids for E-sciencE WMS & LB Installation Giuseppe La Rocca INFN Catania - Italy First Latin American Workshop.
Www.eu-eela.org E-infrastructure shared between Europe and Latin America Security Hands-on Christian Grunfeld, UNLP 8th EELA Tutorial, La Plata, 11/12-12/12,2006.

E-infrastructure shared between Europe and Latin America Security Hands-on Christian Grunfeld, UNLP 8th EELA Tutorial, La Plata, 11/12-12/12,2006.
9th EELA TUTORIAL - USERS AND SYSTEM ADMINISTRATORS www.eu-eela.org E-infrastructure shared between Europe and Latin America CE + WN installation and configuration.

9th EELA TUTORIAL - USERS AND SYSTEM ADMINISTRATORS E-infrastructure shared between Europe and Latin America CE + WN installation and configuration.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org GILDA Practicals : Security systems GILDA Tutors Singapore, 1st South East Asia Forum -- EGEE.

INFSO-RI Enabling Grids for E-sciencE GILDA Practicals : Security systems GILDA Tutors Singapore, 1st South East Asia Forum -- EGEE.
Www.eu-eela.org E-infrastructure shared between Europe and Latin America FP6−2004−Infrastructures−6-SSA-026409 Hands-on on security Pedro Rausch IF - UFRJ.

E-infrastructure shared between Europe and Latin America FP6−2004−Infrastructures−6-SSA Hands-on on security Pedro Rausch IF - UFRJ.

Similar presentations

Ads by Google