Presentation is loading. Please wait.

Presentation is loading. Please wait.

VOMS Alessandra Forti HEP Sysman meeting 27-28 April 2005.

Published byMoris Reed Modified over 8 years ago

Similar presentations

Presentation on theme: "VOMS Alessandra Forti HEP Sysman meeting 27-28 April 2005."— Presentation transcript:

1 VOMS Alessandra Forti HEP Sysman meeting 27-28 April 2005

2 Situation At the moment a user to get access to resources has to At the moment a user to get access to resources has to Be in a VO LDAP database Be in a VO LDAP database Register at CERN after having read the LCG Usage Rules Register at CERN after having read the LCG Usage Rules After this they get access to the resources through the grid-mapfile mechanism and they are mapped on local pool accounts. After this they get access to the resources through the grid-mapfile mechanism and they are mapped on local pool accounts.

3 Problems A user cannot belong to more than one VO A user cannot belong to more than one VO A user cannot have more than 1 role in a VO A user cannot have more than 1 role in a VO A VO cannot have subgroups A VO cannot have subgroups A VO is not in charge of the whole registration process. A VO is not in charge of the whole registration process. If the VO is an LHC experiment that’s fine but other VOs struggle especially small ones If the VO is an LHC experiment that’s fine but other VOs struggle especially small ones

4 VOMS Plus Plus Can solve the above problems Can solve the above problems It is now at the stage of being deployed also by common mortals It is now at the stage of being deployed also by common mortals It is well documented It is well documented The developers are quite responsive The developers are quite responsive Italians Italians Minus Minus It is not fully integrated in the LCG software It is not fully integrated in the LCG software There are 2 distributions gLite and LCG gLite is better but probably incompatible with LCG There are 2 distributions gLite and LCG gLite is better but probably incompatible with LCG

5 Not fully integrated? It can be deployed in three ways: It can be deployed in three ways: Obsolete: extract the information from VOMS put it in ldap server and point mkgridmapfile.conf to the ldap server Obsolete: extract the information from VOMS put it in ldap server and point mkgridmapfile.conf to the ldap server Current: point the mkgridmapfile.conf directly to the VOMS server Current: point the mkgridmapfile.conf directly to the VOMS server Future: forget about mkgridmapfile.conf and use only VOMS through LCAS/LCMAPS Future: forget about mkgridmapfile.conf and use only VOMS through LCAS/LCMAPS This is there since LCG2_4_0 but haven’t tried yet. This is there since LCG2_4_0 but haven’t tried yet.

6 What is there now VOMS server has been installed in Manchester VOMS server has been installed in Manchester Originally for the UK testzone should have supported only a gridpp VO Originally for the UK testzone should have supported only a gridpp VO Now we have started to use it to support MICE VO Now we have started to use it to support MICE VO It still uses the current method of building the grid-mapfile directly from the VOMS because that is the easiest way of deploying at the moment. It still uses the current method of building the grid-mapfile directly from the VOMS because that is the easiest way of deploying at the moment.

7 What is there now (2) It can support multiple VOs and the VO manager doesn’t have to be local to the machine. It can support multiple VOs and the VO manager doesn’t have to be local to the machine. It is not production service yet. It is not production service yet. It has been demonstrated to work last week It has been demonstrated to work last week The MICE and GridPP VO have been created informally and it is not an “official” VO The MICE and GridPP VO have been created informally and it is not an “official” VO There are procedures to become an official EGEE VO There are procedures to become an official EGEE VO We still need at least an RB that inserts the VOMS entries in its grid-mapfile We still need at least an RB that inserts the VOMS entries in its grid-mapfile Apart from these small problems it can be used Apart from these small problems it can be used

8 How to use it To register to a VO load your certificate in your browser go to To register to a VO load your certificate in your browser go to https://voms.tier2.hep.man.ac.uk:8443/edg-voms- admin/VO-name/index.html https://voms.tier2.hep.man.ac.uk:8443/edg-voms- admin/VO-name/index.html https://voms.tier2.hep.man.ac.uk:8443/edg-voms- admin/VO-name/index.html https://voms.tier2.hep.man.ac.uk:8443/edg-voms- admin/VO-name/index.html VO-name is either mice or gridpp VO-name is either mice or gridpp Follow the links on the left bar side Follow the links on the left bar side Request to admin Request to admin Requesting VO membership Requesting VO membership They’ll bring you to a form that you have to fill They’ll bring you to a form that you have to fill After that the VO manager (me for now) will approve or reject your request. After that the VO manager (me for now) will approve or reject your request. After approval you will receive an email for confirmation (like for some mailing list) After approval you will receive an email for confirmation (like for some mailing list)

9 How to use it UI client software is included in LCG2_4_0 UI client software is included in LCG2_4_0 Create a file /opt/edg/etc/vomses/VO- name.voms.tier2.hep.man.ac.uk with the informations for that VO Create a file /opt/edg/etc/vomses/VO- name.voms.tier2.hep.man.ac.uk with the informations for that VO VO-name Vo-server-name VO-port VO-server-dn VO- name VO-name Vo-server-name VO-port VO-server-dn VO- name

10 How to use it CE,SE,RB client software is also included and to create the gridmapfile you have to add to edg-mkgridmap.conf the following line: CE,SE,RB client software is also included and to create the gridmapfile you have to add to edg-mkgridmap.conf the following line: group vomss://voms.tier2.hep.man.ac.uk:8443/edg- voms-admin/VO-name?/VO-name/lcg1.VO- name group vomss://voms.tier2.hep.man.ac.uk:8443/edg- voms-admin/VO-name?/VO-name/lcg1.VO- name

11 Voms-proxy-init To create a proxy the command line is voms-proxy-init To create a proxy the command line is voms-proxy-init Without arguments it behaves like grid-proxy-init Without arguments it behaves like grid-proxy-init With arguments it allows to chose the VO and the role and the subgroup you want the proxy for. With arguments it allows to chose the VO and the role and the subgroup you want the proxy for. Unfortunately because we are not using the full VOMS features the options are a bit useless at the moment Unfortunately because we are not using the full VOMS features the options are a bit useless at the moment

12 Conclusions VOMS is a good system VOMS is a good system We can start to use it and play with it without having to fight with the software installation or configuration because everything is very simple and neat We can start to use it and play with it without having to fight with the software installation or configuration because everything is very simple and neat If you want to try it or if any of your users might be interested let me know. If you want to try it or if any of your users might be interested let me know.

Download ppt "VOMS Alessandra Forti HEP Sysman meeting 27-28 April 2005."

Similar presentations

29 June 2006 GridSite - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.

29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
The LHC experiments AuthZ Interoperation requirements GGF16, Athens 16 February 2006 David Kelsey CCLRC/RAL, UK

The LHC experiments AuthZ Interoperation requirements GGF16, Athens 16 February 2006 David Kelsey CCLRC/RAL, UK
Andrew McNab - Manchester HEP - 22 April 2002 EU DataGrid Testbed EU DataGrid Software releases Testbed 1 Job Lifecycle Authorisation at your site More.

Andrew McNab - Manchester HEP - 22 April 2002 EU DataGrid Testbed EU DataGrid Software releases Testbed 1 Job Lifecycle Authorisation at your site More.
Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.

Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.
GUMS status Gabriele Carcassi PPDG Common Project 12/9/2004.

GUMS status Gabriele Carcassi PPDG Common Project 12/9/2004.
Guide to using the myNATE website

Guide to using the myNATE website
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
20 March 2007 VOMS etc - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.

20 March 2007 VOMS etc Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.
Security Mechanisms The European DataGrid Project Team

Security Mechanisms The European DataGrid Project Team
Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.

Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Practicals on VOMS and MyProxy Emidio Giorgio INFN Retreat between GILDA and ESR VO, Bratislava,

INFSO-RI Enabling Grids for E-sciencE Practicals on VOMS and MyProxy Emidio Giorgio INFN Retreat between GILDA and ESR VO, Bratislava,
Security Middleware and VOMS service status Andrew McNab Grid Security Research Fellow University of Manchester.

Security Middleware and VOMS service status Andrew McNab Grid Security Research Fellow University of Manchester.
A SIR web based leave/absence management system. By Dave Doulton University of Southampton.

A SIR web based leave/absence management system. By Dave Doulton University of Southampton.
FP6−2004−Infrastructures−6-SSA-026409 www.eu-eela.org E-infrastructure shared between Europe and Latin America GENIUS server installation and configuration.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America GENIUS server installation and configuration.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org The GENIUS Grid portal Tony Calanducci INFN Catania - Italy First Latin American Workshop.

INFSO-RI Enabling Grids for E-sciencE The GENIUS Grid portal Tony Calanducci INFN Catania - Italy First Latin American Workshop.
CERN Manual Installation of a UI – Oxford 19-21 July - 1 LCG2 Administrator’s Course Oxford University, 19 th – 21 st July 2004. Developed.

CERN Manual Installation of a UI – Oxford July - 1 LCG2 Administrator’s Course Oxford University, 19 th – 21 st July Developed.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Voms & Voms-admin report Vincenzo Ciaschini.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Voms & Voms-admin report Vincenzo Ciaschini.
Responsibilities of ROC and CIC in EGEE infrastructure A.Kryukov, SINP MSU, CIC Manager Yu.Lazin, IHEP, ROC Manager

Responsibilities of ROC and CIC in EGEE infrastructure A.Kryukov, SINP MSU, CIC Manager Yu.Lazin, IHEP, ROC Manager
Grid User Management System Gabriele Carcassi HEPIX 2004 18 October 2004.

Grid User Management System Gabriele Carcassi HEPIX October 2004.
Browser User Certificate Mail Box VOMS-Admin Host Tomcat TR1) Users Trusts “VOMS-Admin” server identity. step1 TR2) User Trusts data (Data1, HTML response)

Browser User Certificate Mail Box VOMS-Admin Host Tomcat TR1) Users Trusts “VOMS-Admin” server identity. step1 TR2) User Trusts data (Data1, HTML response)

Similar presentations

Ads by Google