Difference: UserGuideEMI2 (17 vs. 18)

Revision 182012-03-28 - AlviseDorigo

Line: 1 to 1
META TOPICPARENT name="UserDocumentation"

CREAM User's Guide for EMI-2

Line: 1772 to 1772
  We've just seen the meaning of the former. The CLIENT-DATAPULL-DONE is to be sent when the activity is terminated, and output files, available on the CE in the "STAGEOUT Dir", have been retrieved by the user.

Creating and handling a delegation

A delegation (or delegated proxy) is a temporary proxy certificate created by the server and signed by the user with his/her personal certificate. This delegation resides on the server and is used by ES to perform operations that require authentication. Then, these operations will be performed on behalf of the user that signed the delegation. Actually the only operations that need a delegation are file transmission to/from storage elements that require authentication. In fact a delegation must be specified in the ADL only if there're Intput/Output sandboxes to move around (see above).

A delegation is always associated to a delegation identifier string (1:1). The delegation identifier is the handle the user can use in the ADL, or as argument to ask information about the related delegation or to renew it.

Creating a delegation

The command to create a delegation is glite-es-delegate-proxy; it requires only one argument: the endpoint; it returns the delegation identifier string:
$ glite-es-delegate-proxy cream-52.pd.infn.it
DelegationID = 8070042623506658
The user's proxy must be valid before to create a delegation otherwise an error message like this will occur:
$ glite-es-delegate-proxy cream-05.pd.infn.it
There's a problem with proxyfile [/tmp/x509up_u501]: The proxy has EXPIRED!
---+++ Asking information about a delegation With the command glite-es-delegation-info the user can ask for delegation's information:
$ glite-es-delegation-info -e cream-52.pd.infn.it 8070042623506658
Lifetime = Wed Mar 28 21:31:19 2012
Issuer   = CN=proxy,CN=proxy,CN=Alvise Dorigo,L=Padova,OU=Personal Certificate,O=INFN,C=IT
Subject  = CN=Alvise Dorigo,L=Padova,OU=Personal Certificate,O=INFN,C=IT

Delegation renew

If the user renewed recently his proxy, he/she can also renew the delegation residing on the CE machine, by mean of the command glite-es-delegation-renew:
dorigoa@lxgrid05 9:39:16 ~/emi/creamui_emi2>stage/usr/bin/glite-es-delegation-renew -e cream-52.pd.infn.it 8070042623506658
Delegation with identifier [8070042623506658] successfully renewed

Advanced usage of commands

In this section we will describe the options the user can use to improve his/her usage of the ES client commands; they can apply to all the commands.

  • --debug|-d activates a highly verbose output on the console. Please take into account that this output is only for debugging purposes and could change with future updates
  • --proxyfile|-p <alternate_proxyfile> instructs the command to use the file <alternate_proxyfile> as proxy file instead of the default one (/tmp/x509up_u<USER_UNIX_ID>)
  • --timeout|-t N sets the SOAP's connection timeout to N seconds (the default is 30 seconds); when the CLI is connecting to (and exchanging data with) a remote ES service, if the transmission hungs up for a time greater than the SOAP connection timeout, the command will exit with an error message
  • --certfile|-c <user_certificate_file> and --keyfile|-c <user_key_file> set the couple certificate/key to use for authentication (instead of the proxyfile). Some ES servers do not support yet (and probably will not support never) the proxy certificates. These 2 options must be use together or not at all; they are mutually exclusive with the --proxyfile option.
  • --donot-verify-ac-sign|-A disable the certification authority check

-- MassimoSgaravatto - 2011-04-07

This site is powered by the TWiki collaboration platformCopyright © 2008-2022 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback