Notes about Installation and Configuration of myproxy
- These notes are provided by site admins on a best effort base as a contribution to the IGI communities and MUST not be considered as a subsitute of the Official IGI documentation
.
- This document is addressed to site administrators responsible for middleware installation and configuration.
- The goal of this page is to provide some hints and examples on how to install and configure an IGI myproxy service based on UMD middleware.
myproxy.cnaf.infn.it and MUST be used by all Resource Centers and Services part of the IGI infrastructure.
References
- EMI 1 Kebnekaise Products - glite-proxyrenewal update v.1.3.25
- YAIM configuration variables
- About IGI - Italian Grid infrastructure
- About IGI Release
- IGI Official Installation and Configuration guide
- Troubleshooting Guide for Operational Errors on EGI Sites
- Grid Administration FAQs page
Recommendations
- The service needs at least:
- 3 cores
- 3 GB RAM
- 10 GB disk space.
Service installation
O.S. and Repos
- Starts from a fresh installation of Scientific Linux 5.x (x86_64).
# cat /etc/redhat-release Scientific Linux SL release 5.7 (Boron)* Install the additional repositories: EPEL, Certification Authority, UMD
# cd /etc/yum.repos.d/ # rpm -ivh http://mirror.switch.ch/ftp/mirror/epel//5/x86_64/epel-release-5-4.noarch.rpm # wget http://repo-pd.italiangrid.it/mrepo/repos/egi-trustanchors.repo # rpm -ivh http://repo-pd.italiangrid.it/mrepo/EMI/1/sl5/x86_64/updates/emi-release-1.0.1-1.sl5.noarch.rpm # yum install yum-priorities yum-protectbase
- Be sure that SELINUX is disabled (or permissive). Details on how to disable SELINUX are here:
# getenforce Disabled
- Check the repos list (sl-*.repo are the repos of the O.S. and they should be present by default).
# ls /etc/yum.repos.d/ egi-trustanchors.repo emi1-third-party.repo emi1-base.repo emi1-updates.repo epel.repo epel-testing.repo sl-contrib.repo sl-fastbugs.repo sl-security.repo sl-testing.repo sl-debuginfo.repo sl.repo sl-srpms.repo
yum install
# yum clean all Loaded plugins: downloadonly, kernel-module, priorities, protect-packages, protectbase, security, verify, versionlock Cleaning up Everything # yum install ca-policy-egi-core emi-px Loaded plugins: downloadonly, kernel-module, priorities, protectbase sl-security | 1.9 kB 00:00 sl-security/primary_db | 299 kB 00:01 242 packages excluded due to repository priority protections 0 packages excluded due to repository protections Setting up Install Process Package ca-policy-egi-core-1.43-1.noarch already installed and latest version Resolving Dependencies --> Running transaction check ---> Package emi-px.x86_64 0:1.0.0-1.sl5 set to be updated --> Processing Dependency: glite-px-myproxy-yaim for package: emi-px --> Processing Dependency: emi-version for package: emi-px --> Processing Dependency: myproxy-admin for package: emi-px --> Processing Dependency: fetch-crl for package: emi-px --> Processing Dependency: bdii for package: emi-px --> Processing Dependency: myproxy-server for package: emi-px --> Processing Dependency: glue-schema for package: emi-px --> Processing Dependency: glite-info-provider-service for package: emi-px --> Running transaction check ---> Package bdii.noarch 0:5.2.5-2.el5 set to be updated --> Processing Dependency: openldap-servers for package: bdii --> Processing Dependency: expect for package: bdii --> Processing Dependency: openldap-clients for package: bdii ---> Package emi-version.x86_64 0:1.7.0-1.sl5 set to be updated ---> Package fetch-crl.noarch 0:2.8.4-2.el5 set to be updated ---> Package glite-info-provider-service.noarch 0:1.7.0-1.el5 set to be updated ---> Package glite-px-myproxy-yaim.x86_64 0:4.1.4-2.sl5 set to be updated --> Processing Dependency: glite-yaim-core for package: glite-px-myproxy-yaim --> Processing Dependency: glite-yaim-bdii for package: glite-px-myproxy-yaim ---> Package glue-schema.noarch 0:2.0.8-1.el5 set to be updated ---> Package myproxy-admin.x86_64 0:5.5-1.el5 set to be updated --> Processing Dependency: myproxy-libs = 5.5-1.el5 for package: myproxy-admin --> Processing Dependency: myproxy = 5.5-1.el5 for package: myproxy-admin --> Processing Dependency: globus-gsi-cert-utils-progs for package: myproxy-admin --> Processing Dependency: libglobus_gsi_credential.so.1()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_gsi_cert_utils.so.0()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_gsi_sysconfig.so.1()(64bit) for package: myproxy-admin --> Processing Dependency: libltdl.so.3()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_openssl.so.0()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_proxy_ssl.so.1()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_gsi_callback.so.0()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_gsi_proxy_core.so.0()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_xio.so.0()(64bit) for package: myproxy-admin --> Processing Dependency: libmyproxy.so.5()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_openssl_error.so.0()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_oldgaa.so.0()(64bit) for package: myproxy-admin --> Processing Dependency: libvomsapi.so.1()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_gssapi_gsi.so.4()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_common.so.0()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_gss_assist.so.3()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_callout.so.0()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_usage.so.0()(64bit) for package: myproxy-admin ---> Package myproxy-server.x86_64 0:5.5-1.el5 set to be updated --> Running transaction check ---> Package expect.x86_64 0:5.43.0-5.1 set to be updated ---> Package glite-yaim-bdii.noarch 0:4.3.4-1.el5 set to be updated ---> Package glite-yaim-core.noarch 0:5.0.2-1.sl5 set to be updated ---> Package globus-callout.x86_64 0:0.7-8.el5 set to be updated --> Processing Dependency: globus-libtool >= 1 for package: globus-callout ---> Package globus-common.x86_64 0:11.6-5.el5 set to be updated ---> Package globus-gsi-callback.x86_64 0:2.8-2.el5 set to be updated --> Processing Dependency: globus-openssl >= 1 for package: globus-gsi-callback ---> Package globus-gsi-cert-utils.x86_64 0:6.7-2.el5 set to be updated ---> Package globus-gsi-cert-utils-progs.x86_64 0:6.7-2.el5 set to be updated --> Processing Dependency: globus-common-setup >= 2 for package: globus-gsi-cert-utils-progs --> Processing Dependency: globus-openssl-progs >= 1 for package: globus-gsi-cert-utils-progs ---> Package globus-gsi-credential.x86_64 0:3.5-3.el5 set to be updated ---> Package globus-gsi-openssl-error.x86_64 0:0.14-8.el5 set to be updated ---> Package globus-gsi-proxy-core.x86_64 0:4.7-2.el5 set to be updated ---> Package globus-gsi-proxy-ssl.x86_64 0:2.3-3.el5 set to be updated ---> Package globus-gsi-sysconfig.x86_64 0:3.2-1.el5 set to be updated ---> Package globus-gss-assist.x86_64 0:5.10-1.el5 set to be updated ---> Package globus-gssapi-gsi.x86_64 0:7.8-1.el5 set to be updated ---> Package globus-openssl-module.x86_64 0:1.3-3.el5 set to be updated ---> Package globus-usage.x86_64 0:1.4-2.el5 set to be updated ---> Package globus-xio.x86_64 0:2.8-4.el5 set to be updated ---> Package libtool-ltdl.x86_64 0:1.5.22-7.el5_4 set to be updated ---> Package myproxy.x86_64 0:5.5-1.el5 set to be updated --> Processing Dependency: globus-proxy-utils for package: myproxy --> Processing Dependency: voms-clients for package: myproxy ---> Package myproxy-libs.x86_64 0:5.5-1.el5 set to be updated ---> Package openldap-clients.x86_64 0:2.3.43-12.el5_6.7 set to be updated ---> Package openldap-servers.x86_64 0:2.3.43-12.el5_6.7 set to be updated EGI-trustanchors/filelists | 14 kB 00:00 EMI-1-base/filelists_db | 181 kB 00:00 EMI-1-third-party/filelists_db | 57 kB 00:00 EMI-1-updates/filelists_db | 113 kB 00:00 epel/filelists_db | 5.5 MB 00:00 sl-base/filelists | 3.3 MB 00:02 sl-security/filelists_db | 1.1 MB 00:01 ---> Package voms.x86_64 0:2.0.2-1.sl5 set to be updated --> Running transaction check ---> Package globus-common-progs.x86_64 0:11.6-5.el5 set to be updated --> Processing Dependency: autoconf for package: globus-common-progs --> Processing Dependency: finger for package: globus-common-progs --> Processing Dependency: cvs for package: globus-common-progs ---> Package globus-libtool.x86_64 0:1.2-4.el5 set to be updated ---> Package globus-openssl.x86_64 0:5.1-2.el5 set to be updated ---> Package globus-openssl-progs.x86_64 0:5.1-2.el5 set to be updated ---> Package globus-proxy-utils.x86_64 0:3.10-1.el5 set to be updated ---> Package voms-clients.x86_64 0:2.0.0-1.sl5 set to be updated --> Running transaction check ---> Package autoconf.noarch 0:2.59-12 set to be updated --> Processing Dependency: imake for package: autoconf ---> Package cvs.x86_64 0:1.11.22-7.el5 set to be updated ---> Package finger.x86_64 0:0.17-33 set to be updated --> Running transaction check ---> Package imake.x86_64 0:1.0.2-3 set to be updated --> Finished Dependency Resolution Beginning Kernel Module Plugin Finished Kernel Module Plugin Dependencies Resolved ================================================================================================================================================================================== Package Arch Version Repository Size ================================================================================================================================================================================== Installing: emi-px x86_64 1.0.0-1.sl5 EMI-1-base 1.7 k Installing for dependencies: autoconf noarch 2.59-12 sl-base 648 k bdii noarch 5.2.5-2.el5 EMI-1-updates 20 k cvs x86_64 1.11.22-7.el5 sl-base 737 k emi-version x86_64 1.7.0-1.sl5 EMI-1-updates 2.1 k expect x86_64 5.43.0-5.1 sl-base 160 k fetch-crl noarch 2.8.4-2.el5 epel 24 k finger x86_64 0.17-33 sl-base 21 k glite-info-provider-service noarch 1.7.0-1.el5 EMI-1-updates 53 k glite-px-myproxy-yaim x86_64 4.1.4-2.sl5 EMI-1-base 8.1 k glite-yaim-bdii noarch 4.3.4-1.el5 EMI-1-updates 10 k glite-yaim-core noarch 5.0.2-1.sl5 EMI-1-updates 116 k globus-callout x86_64 0.7-8.el5 epel 16 k globus-common x86_64 11.6-5.el5 epel 109 k globus-common-progs x86_64 11.6-5.el5 epel 67 k globus-gsi-callback x86_64 2.8-2.el5 epel 39 k globus-gsi-cert-utils x86_64 6.7-2.el5 epel 18 k globus-gsi-cert-utils-progs x86_64 6.7-2.el5 epel 26 k globus-gsi-credential x86_64 3.5-3.el5 epel 32 k globus-gsi-openssl-error x86_64 0.14-8.el5 epel 15 k globus-gsi-proxy-core x86_64 4.7-2.el5 epel 33 k globus-gsi-proxy-ssl x86_64 2.3-3.el5 epel 17 k globus-gsi-sysconfig x86_64 3.2-1.el5 epel 28 k globus-gss-assist x86_64 5.10-1.el5 epel 31 k globus-gssapi-gsi x86_64 7.8-1.el5 epel 55 k globus-libtool x86_64 1.2-4.el5 epel 4.2 k globus-openssl x86_64 5.1-2.el5 epel 4.6 k globus-openssl-module x86_64 1.3-3.el5 epel 13 k globus-openssl-progs x86_64 5.1-2.el5 epel 4.3 k globus-proxy-utils x86_64 3.10-1.el5 epel 45 k globus-usage x86_64 1.4-2.el5 epel 15 k globus-xio x86_64 2.8-4.el5 epel 123 k glue-schema noarch 2.0.8-1.el5 EMI-1-updates 33 k imake x86_64 1.0.2-3 sl-base 318 k libtool-ltdl x86_64 1.5.22-7.el5_4 sl-base 38 k myproxy x86_64 5.5-1.el5 epel 86 k myproxy-admin x86_64 5.5-1.el5 epel 55 k myproxy-libs x86_64 5.5-1.el5 epel 121 k myproxy-server x86_64 5.5-1.el5 epel 52 k openldap-clients x86_64 2.3.43-12.el5_6.7 sl-base 223 k openldap-servers x86_64 2.3.43-12.el5_6.7 sl-base 2.2 M voms x86_64 2.0.2-1.sl5 EMI-1-base 165 k voms-clients x86_64 2.0.0-1.sl5 EMI-1-base 178 k Transaction Summary ================================================================================================================================================================================== Install 43 Package(s) Upgrade 0 Package(s) Total download size: 5.9 M Is this ok [y/N]: Downloading Packages: (1/43): emi-px-1.0.0-1.sl5.x86_64.rpm | 1.7 kB 00:00 (2/43): emi-version-1.7.0-1.sl5.x86_64.rpm | 2.1 kB 00:00 (3/43): globus-libtool-1.2-4.el5.x86_64.rpm | 4.2 kB 00:00 (4/43): globus-openssl-progs-5.1-2.el5.x86_64.rpm | 4.3 kB 00:00 (5/43): globus-openssl-5.1-2.el5.x86_64.rpm | 4.6 kB 00:00 (6/43): glite-px-myproxy-yaim-4.1.4-2.sl5.x86_64.rpm | 8.1 kB 00:00 (7/43): glite-yaim-bdii-4.3.4-1.el5.noarch.rpm | 10 kB 00:00 (8/43): globus-openssl-module-1.3-3.el5.x86_64.rpm | 13 kB 00:00 (9/43): globus-gsi-openssl-error-0.14-8.el5.x86_64.rpm | 15 kB 00:00 (10/43): globus-usage-1.4-2.el5.x86_64.rpm | 15 kB 00:00 (11/43): globus-callout-0.7-8.el5.x86_64.rpm | 16 kB 00:00 (12/43): globus-gsi-proxy-ssl-2.3-3.el5.x86_64.rpm | 17 kB 00:00 (13/43): globus-gsi-cert-utils-6.7-2.el5.x86_64.rpm | 18 kB 00:00 (14/43): bdii-5.2.5-2.el5.noarch.rpm | 20 kB 00:00 (15/43): finger-0.17-33.x86_64.rpm | 21 kB 00:00 (16/43): fetch-crl-2.8.4-2.el5.noarch.rpm | 24 kB 00:00 (17/43): globus-gsi-cert-utils-progs-6.7-2.el5.x86_64.rpm | 26 kB 00:00 (18/43): globus-gsi-sysconfig-3.2-1.el5.x86_64.rpm | 28 kB 00:00 (19/43): globus-gss-assist-5.10-1.el5.x86_64.rpm | 31 kB 00:00 (20/43): globus-gsi-credential-3.5-3.el5.x86_64.rpm | 32 kB 00:00 (21/43): globus-gsi-proxy-core-4.7-2.el5.x86_64.rpm | 33 kB 00:00 (22/43): glue-schema-2.0.8-1.el5.noarch.rpm | 33 kB 00:00 (23/43): libtool-ltdl-1.5.22-7.el5_4.x86_64.rpm | 38 kB 00:00 (24/43): globus-gsi-callback-2.8-2.el5.x86_64.rpm | 39 kB 00:00 (25/43): globus-proxy-utils-3.10-1.el5.x86_64.rpm | 45 kB 00:00 (26/43): myproxy-server-5.5-1.el5.x86_64.rpm | 52 kB 00:00 (27/43): glite-info-provider-service-1.7.0-1.el5.noarch.rpm | 53 kB 00:00 (28/43): globus-gssapi-gsi-7.8-1.el5.x86_64.rpm | 55 kB 00:00 (29/43): myproxy-admin-5.5-1.el5.x86_64.rpm | 55 kB 00:00 (30/43): globus-common-progs-11.6-5.el5.x86_64.rpm | 67 kB 00:00 (31/43): myproxy-5.5-1.el5.x86_64.rpm | 86 kB 00:00 (32/43): globus-common-11.6-5.el5.x86_64.rpm | 109 kB 00:00 (33/43): glite-yaim-core-5.0.2-1.sl5.noarch.rpm | 116 kB 00:00 (34/43): myproxy-libs-5.5-1.el5.x86_64.rpm | 121 kB 00:00 (35/43): globus-xio-2.8-4.el5.x86_64.rpm | 123 kB 00:00 (36/43): expect-5.43.0-5.1.x86_64.rpm | 160 kB 00:00 (37/43): voms-2.0.2-1.sl5.x86_64.rpm | 165 kB 00:00 (38/43): voms-clients-2.0.0-1.sl5.x86_64.rpm | 178 kB 00:00 (39/43): openldap-clients-2.3.43-12.el5_6.7.x86_64.rpm | 223 kB 00:00 (40/43): imake-1.0.2-3.x86_64.rpm | 318 kB 00:00 (41/43): autoconf-2.59-12.noarch.rpm | 648 kB 00:00 (42/43): cvs-1.11.22-7.el5.x86_64.rpm | 737 kB 00:00 (43/43): openldap-servers-2.3.43-12.el5_6.7.x86_64.rpm | 2.2 MB 00:00 ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 727 kB/s | 5.9 MB 00:08 warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 217521f6 epel/gpgkey | 1.7 kB 00:00 Importing GPG key 0x217521F6 "Fedora EPEL <epel@fedoraproject.org>" from /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL Is this ok [y/N]: y warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID df9e12ef EMI-1-updates/gpgkey | 1.7 kB 00:00 Importing GPG key 0xDF9E12EF "Doina Cristina Aiftimiei (EMI Release Manager) <aiftim@pd.infn.it>" from /etc/pki/rpm-gpg/RPM-GPG-KEY-emi Is this ok [y/N]: y Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing : libtool-ltdl 1/43 Installing : voms 2/43 Installing : globus-openssl 3/43 Installing : globus-gsi-proxy-ssl 4/43 Installing : globus-libtool 5/43 Installing : globus-common 6/43 Installing : globus-gsi-openssl-error 7/43 Installing : globus-gsi-sysconfig 8/43 Installing : globus-openssl-module 9/43 Installing : globus-gsi-cert-utils 10/43 Installing : globus-gsi-callback 11/43 Installing : globus-gsi-credential 12/43 Installing : globus-gsi-proxy-core 13/43 Installing : globus-gssapi-gsi 14/43 Installing : globus-callout 15/43 Installing : globus-gss-assist 16/43 Installing : globus-xio 17/43 Installing : globus-usage 18/43 Installing : myproxy-libs 19/43 Installing : myproxy-server 20/43 Installing : glue-schema 21/43 Installing : globus-proxy-utils 22/43 Installing : voms-clients 23/43 Installing : myproxy 24/43 Installing : openldap-servers 25/43 Installing : expect 26/43 Installing : openldap-clients 27/43 Installing : imake 28/43 Installing : cvs 29/43 Installing : finger 30/43 Installing : autoconf 31/43 Installing : globus-common-progs 32/43 Installing : bdii 33/43 Installing : globus-openssl-progs 34/43 Installing : globus-gsi-cert-utils-progs 35/43 Installing : myproxy-admin 36/43 Installing : glite-yaim-bdii 37/43 Installing : glite-yaim-core 38/43 Installing : glite-px-myproxy-yaim 39/43 Installing : emi-version 40/43 Installing : glite-info-provider-service 41/43 Installing : fetch-crl 42/43 Installing : emi-px 43/43 Installed: emi-px.x86_64 0:1.0.0-1.sl5 Dependency Installed: autoconf.noarch 0:2.59-12 bdii.noarch 0:5.2.5-2.el5 cvs.x86_64 0:1.11.22-7.el5 emi-version.x86_64 0:1.7.0-1.sl5 expect.x86_64 0:5.43.0-5.1 fetch-crl.noarch 0:2.8.4-2.el5 finger.x86_64 0:0.17-33 glite-info-provider-service.noarch 0:1.7.0-1.el5 glite-px-myproxy-yaim.x86_64 0:4.1.4-2.sl5 glite-yaim-bdii.noarch 0:4.3.4-1.el5 glite-yaim-core.noarch 0:5.0.2-1.sl5 globus-callout.x86_64 0:0.7-8.el5 globus-common.x86_64 0:11.6-5.el5 globus-common-progs.x86_64 0:11.6-5.el5 globus-gsi-callback.x86_64 0:2.8-2.el5 globus-gsi-cert-utils.x86_64 0:6.7-2.el5 globus-gsi-cert-utils-progs.x86_64 0:6.7-2.el5 globus-gsi-credential.x86_64 0:3.5-3.el5 globus-gsi-openssl-error.x86_64 0:0.14-8.el5 globus-gsi-proxy-core.x86_64 0:4.7-2.el5 globus-gsi-proxy-ssl.x86_64 0:2.3-3.el5 globus-gsi-sysconfig.x86_64 0:3.2-1.el5 globus-gss-assist.x86_64 0:5.10-1.el5 globus-gssapi-gsi.x86_64 0:7.8-1.el5 globus-libtool.x86_64 0:1.2-4.el5 globus-openssl.x86_64 0:5.1-2.el5 globus-openssl-module.x86_64 0:1.3-3.el5 globus-openssl-progs.x86_64 0:5.1-2.el5 globus-proxy-utils.x86_64 0:3.10-1.el5 globus-usage.x86_64 0:1.4-2.el5 globus-xio.x86_64 0:2.8-4.el5 glue-schema.noarch 0:2.0.8-1.el5 imake.x86_64 0:1.0.2-3 libtool-ltdl.x86_64 0:1.5.22-7.el5_4 myproxy.x86_64 0:5.5-1.el5 myproxy-admin.x86_64 0:5.5-1.el5 myproxy-libs.x86_64 0:5.5-1.el5 myproxy-server.x86_64 0:5.5-1.el5 openldap-clients.x86_64 0:2.3.43-12.el5_6.7 openldap-servers.x86_64 0:2.3.43-12.el5_6.7 voms.x86_64 0:2.0.2-1.sl5 voms-clients.x86_64 0:2.0.0-1.sl5 Complete!
Service configuration
The configuration file for this service is really basic. For autorization:- DN list of authorized renewals (WMS and nagios)
- DN list of trusted retrievers (nagios)
site-info.def
# cp -vr /opt/glite/yaim/examples/siteinfo /root/ `/opt/glite/yaim/examples/siteinfo' -> `/root/siteinfo' `/opt/glite/yaim/examples/siteinfo/site-info.def' -> `/root/siteinfo/site-info.def' `/opt/glite/yaim/examples/siteinfo/services' -> `/root/siteinfo/services' `/opt/glite/yaim/examples/siteinfo/services/glite-px' -> `/root/siteinfo/services/glite-px' `/opt/glite/yaim/examples/siteinfo/services/glite-bdii_site' -> `/root/siteinfo/services/glite-bdii_site' # cat /root/siteinfo/site-info.def SITE_NAME=INFN-CNAF PX_HOST=`hostname -f` BDII_DELETE_DELAY=0
glite-px
# cat siteinfo/services/glite-px ############################################################################## # Copyright (c) Members of the EGEE Collaboration. 2004. # See http://www.eu-egee.org/partners/ for details on the copyright # holders. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS # OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ############################################################################## # # NAME : glite-px # # DESCRIPTION : This configuration file contains the list of variables needed # to configure Myproxy together with site-info.def. # # AUTHORS : yaim-contact@cern.ch # # NOTES : # # YAIM MODULE: glite-yaim-myproxy # ############################################################################## GRID_AUTHORIZED_RETRIEVERS="\*" GRID_AUTHORIZED_RENEWERS=" '/C=IT/O=INFN/OU=Host/L=CNAF/CN=gridit-wms-01.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee-wms-01.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=Ferrara/CN=gridrb.fe.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee-rb-01.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee-rb-02.cnaf.infn.it' '/C=IT/O=INFN/OU=grid014.ct.infn.it/L=Catania/CN=grid014.ct.infn.it/emailAddress=giuseppe.platania@ct.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=gridit-cert-rb.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=eumed-rb-1.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=euchina-rb-1.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee-rb-03.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee-rb-04.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee-rb-05.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee-rb-06.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=gridit-rb-01.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=Padova/CN=egrid-rb-01.pd.infn.it' '/C=IT/O=INFN/OU=Host/L=Padova/CN=prod-rb-01.pd.infn.it' '/C=IT/O=INFN/OU=Host/L=Padova/CN=prod-rb-02.pd.infn.it' '/C=IT/O=INFN/OU=Host/L=Padova/CN=prod-wms-01.pd.infn.it' '/C=IT/O=INFN/OU=Host/L=Padova/CN=eu-india-02.pd.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=sc2.cr.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=Bari/CN=wms1.ba.infn.it' '/C=IT/O=INFN/OU=Host/L=Bari/CN=wms2.ba.infn.it' '/C=IT/O=INFN/OU=Host/L=Bari/CN=wms3.ba.infn.it' '/C=CH/O=CERN/OU=GRID/CN=host/lxn1185.cern.ch' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee-rb-07.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee-rb-08.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee-rb-09.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=cert-rb-06.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=glite-rb-00.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=glite-rb-01.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=devel07.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=devel09.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=devel10.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=devel11.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=devel12.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=devel14.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=devel18.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=devel19.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=devel20.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=Padova/CN=cream-06.pd.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms001.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms002.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms003.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms004.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms005.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms006.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms007.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms008.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms009.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms011.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms012.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms013.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms014.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms015.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms016.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms017.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=cert-02.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=pps-fts.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=tigerman.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=Milano/CN=egee-rb-01.mi.infn.it' '/C=IT/O=INFN/OU=Host/L=CIRMMP/CN=wms-enmr.cerm.unifi.it' '/DC=ch/DC=cern/OU=computers/CN=wms101.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms102.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms103.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms104.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms105.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms106.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms107.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms108.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms109.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms110.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms111.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms112.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms113.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms114.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms115.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms116.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms117.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms118.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms119.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms121.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms122.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms123.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms124.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms125.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms126.cern.ch' '/O=dutchgrid/O=hosts/OU=nikhef.nl/CN=graszode.nikhef.nl' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=mon-it.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=mon-cnaf.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=bbrbuild01.cr.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=bbr-serv09.cr.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee017.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=sb-serv01.cr.cnaf.infn.it' " GRID_TRUSTED_RETRIEVERS=" '/C=IT/O=INFN/OU=Host/L=CNAF/CN=mon-it.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=mon-cnaf.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=bbrbuild01.cr.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=bbr-serv09.cr.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee017.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=sb-serv01.cr.cnaf.infn.it' "
host certificate required
# ll /etc/grid-security/host* -rw-r--r-- 1 root root 1440 Dec 29 09:30 /etc/grid-security/hostcert.pem -r-------- 1 root root 887 Dec 29 09:30 /etc/grid-security/hostkey.pem
Service configuration
yaim check
# chmod -R 600 /root/siteinfo
# /opt/glite/yaim/bin/yaim -v -s /root/siteinfo/site-info.def -n glite-PX
INFO: Using site configuration file: /root/siteinfo/site-info.def
INFO: Sourcing service specific configuration file: /root/siteinfo/services/glite-px
INFO:
###################################################################
. /'.-. ')
. yA,-"-,( ,m,:/ ) .oo. oo o ooo o. .oo
. / .-Y a a Y-. 8. .8' 8'8. 8 8b d'8
. / ~ ~ / 8' .8oo88. 8 8 8' 8
. (_/ '====' 8 .8' 8. 8 8 Y 8
. Y,-''-,Yy,-.,/ o8o o8o o88o o8o o8o o8o
. I_))_) I_))_)
current working directory: /root
site-info.def date: Dec 29 09:36 /root/siteinfo/site-info.def
yaim command: -v -s /root/siteinfo/site-info.def -n glite-PX
log file: /opt/glite/yaim/bin/../log/yaimlog
Thu Dec 29 09:44:38 CET 2011 : /opt/glite/yaim/bin/yaim
Installed YAIM versions:
glite-px-myproxy-yaim -
glite-yaim-bdii 4.3.4-1
glite-yaim-core 5.0.2-1
####################################################################
INFO: The default location of the grid-env.(c)sh files will be: /usr/libexec
INFO: Sourcing the utilities in /opt/glite/yaim/functions/utils
INFO: Detecting environment
INFO: Executing function: config_host_certs_check
INFO: Executing function: config_edgusers_check
INFO: Executing function: config_proxy_server_check
INFO: Executing function: config_bdii_5.2_check
INFO: Executing function: config_info_service_px_check
INFO: Checking is done.
INFO: All the necessary variables to configure PX are defined in your configuration files.
INFO: Please, bear in mind that YAIM only guarantees the definition of variables
INFO: controlled in the _check functions.
INFO: YAIM terminated succesfully.
</>
yaim config
Please use the debug flag ("-d 6") to configure the services in order to have detailed information. For your convenience yo can save all the configuration information in a log file you can look at any time, separated from the yaimlog defulat one.
# /opt/glite/yaim/bin/yaim -c -d 6 -s /root/siteinfo/site-info.def -n glite-PX
DEBUG: Checking siteinfo dir is not world readable
DEBUG: Checking site-info.def is syntactically correct
DEBUG: Sourcing /opt/glite/yaim/bin/../defaults/site-info.pre
DEBUG: Sourcing /opt/glite/yaim/bin/../defaults/glite-px.pre
INFO: Using site configuration file: /root/siteinfo/site-info.def
DEBUG: Sourcing site-info.def file: /root/siteinfo/site-info.def
INFO: Sourcing service specific configuration file: /root/siteinfo/services/glite-px
DEBUG: Sourcing /opt/glite/yaim/bin/../defaults/site-info.post
DEBUG: Sourcing /opt/glite/yaim/bin/../defaults/mapping
INFO:
###################################################################
. /'.-. ')
. yA,-"-,( ,m,:/ ) .oo. oo o ooo o. .oo
. / .-Y a a Y-. 8. .8' 8'8. 8 8b d'8
. / ~ ~ / 8' .8oo88. 8 8 8' 8
. (_/ '====' 8 .8' 8. 8 8 Y 8
. Y,-''-,Yy,-.,/ o8o o8o o88o o8o o8o o8o
. I_))_) I_))_)
current working directory: /root
site-info.def date: Dec 29 09:36 /root/siteinfo/site-info.def
yaim command: -c -d 6 -s /root/siteinfo/site-info.def -n glite-PX
log file: /opt/glite/yaim/bin/../log/yaimlog
Thu Dec 29 09:45:30 CET 2011 : /opt/glite/yaim/bin/yaim
Installed YAIM versions:
glite-px-myproxy-yaim -
glite-yaim-bdii 4.3.4-1
glite-yaim-core 5.0.2-1
####################################################################
INFO: The default location of the grid-env.(c)sh files will be: /usr/libexec
INFO: Sourcing the utilities in /opt/glite/yaim/functions/utils
INFO: Detecting environment
DEBUG: Detect platform: OS flavour detected is: emi
DEBUG: Detected architecture is 64BIT
DEBUG: Detect platform: OS type detected: sl5
DEBUG: Resulted NODE_TYPE_LIST is : PX
DEBUG: Setting environment variable GRID_ENV_LOCATION, to value "/usr/libexec".
DEBUG: Unset environment variable GRID_ENV_LOCATION.
DEBUG: Setting environment variable LCG_LOCATION, to value "/usr".
DEBUG: Unset environment variable LCG_LOCATION.
DEBUG: Setting environment variable GLITE_LOCATION, to value "/usr".
DEBUG: Unset environment variable GLITE_LOCATION.
DEBUG: Setting environment variable GLITE_LOCATION_VAR, to value "/var".
DEBUG: Unset environment variable GLITE_LOCATION_VAR.
DEBUG: Appending value "/bin" to environment variable PATH.
DEBUG: Deleting value "/bin" from environment variable PATH.
DEBUG: Appending value "/opt/glite/share/man" to environment variable MANPATH.
DEBUG: Deleting value "/opt/glite/share/man" from environment variable MANPATH.
DEBUG: Sourcing node definition file: /opt/glite/yaim/bin/../node-info.d/glite-px
DEBUG: Skipping function: config_crl_check because it is not defined
INFO: Executing function: config_host_certs_check
INFO: Executing function: config_edgusers_check
INFO: Executing function: config_proxy_server_check
INFO: Executing function: config_bdii_5.2_check
INFO: Executing function: config_info_service_px_check
DEBUG: Skipping function: config_crl_setenv because it is not defined
INFO: Executing function: config_crl
INFO: Now updating the CRLs - this may take a few minutes...
Enabling periodic fetch-crl: [ OK ]
DEBUG: fetch-crl cron enabled
DEBUG: Skipping function: config_host_certs_setenv because it is not defined
INFO: Executing function: config_host_certs
DEBUG: Skipping function: config_edgusers_setenv because it is not defined
INFO: Executing function: config_edgusers
DEBUG: Creating user edguser...
DEBUG: User edguser doesn't exist
DEBUG: YAIM is going to add user edguser
DEBUG: HOME directory ${EDG_HOME_DIR} is specified for the user
DEBUG: Checking whether the group edguser infosys for user edguser already exist...
DEBUG: Group edguser added
DEBUG: Group infosys added
DEBUG: User edguser added
DEBUG: Creating user edginfo...
DEBUG: User edginfo doesn't exist
DEBUG: YAIM is going to add user edginfo
DEBUG: HOME directory ${EDGINFO_HOME_DIR} is specified for the user
DEBUG: Checking whether the group edginfo infosys for user edginfo already exist...
DEBUG: Group edginfo added
DEBUG: Group infosys added
DEBUG: User edginfo added
DEBUG: Creating user glite...
DEBUG: User glite doesn't exist
DEBUG: YAIM is going to add user glite
DEBUG: HOME directory ${GLITE_HOME_DIR} is specified for the user
DEBUG: Checking whether the group glite for user glite already exist...
DEBUG: Group glite added
DEBUG: User glite added
DEBUG: Creating user edguser...
DEBUG: Skipping user edguser since it already exists...
INFO: Executing function: config_proxy_server_setenv
DEBUG: Setting environment variable GLITE_PX_LOCATION, to value "/usr".
DEBUG: Unset environment variable GLITE_PX_LOCATION.
DEBUG: Setting environment variable GLITE_PX_LOCATION_ETC, to value "/etc".
DEBUG: Unset environment variable GLITE_PX_LOCATION_ETC.
DEBUG: Setting environment variable GLITE_PX_LOCATION_VAR, to value "/var/glite".
DEBUG: Unset environment variable GLITE_PX_LOCATION_VAR.
INFO: Executing function: config_proxy_server
DEBUG: Creating Minimal myproxy configuration.
INFO: Reloading MyProxy server
INFO: MyProxy server not running so starting
Starting myproxy-server: [ OK ]
DEBUG: Skipping function: config_bdii_5.2_setenv because it is not defined
INFO: Executing function: config_bdii_5.2
Stopping BDII: BDII already stopped
Starting BDII slapd: [ OK ]
Starting BDII update process: [ OK ]
INFO: Executing function: config_info_service_px_setenv
DEBUG: This function currently doesn't set any environment variables.
INFO: Executing function: config_info_service_px
DEBUG: Delete a previous version of the *.conf if it exists
DEBUG: Create the configuration files out of the template file
DEBUG: Delete a previous version of the glite-info-provider-service-myproxy-wrapper if it exists
DEBUG: Create the /var/lib/bdii/gip/provider in case it doesn't exist
DEBUG: Create the glite-info-provider-service-myproxy-wrapper file
INFO: Configuration Complete. [ OK ]
INFO: YAIM terminated succesfully.
Know Issue and Workaround
Al momento il servizio non parte al boot (baco di yaim, notificato in GGUS.
# chkconfig myproxy-server on
Service checks
myproxy-init
On a user interface:# $ myproxy-init -s myproxy.cnaf.infn.it -k veronesi-test username: veronesi owner: /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi name: veronesi-test timeleft: 167:55:38 (7.0 days) [veronesi@ui ~]$ myproxy-init -s myproxy.cnaf.infn.it -k veronesi-test Your identity: /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi Enter GRID pass phrase for this identity: Creating proxy ............................................................................................ Done Proxy Verify OK Your proxy is valid until: Thu Jan 5 10:03:38 2012 Enter MyProxy pass phrase: Verifying - Enter MyProxy pass phrase: A proxy valid for 168 hours (7.0 days) for user veronesi now exists on myproxy.cnaf.infn.it.On the MyProxy server:
# tail -f /var/log/messages Dec 29 10:03:40 myproxy myproxy-server[9119]: Connection from 131.154.101.141 Dec 29 10:03:41 myproxy myproxy-server[9119]: Authenticated client /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi Dec 29 10:03:42 myproxy myproxy-server[9119]: Received PUT request for username veronesi Dec 29 10:03:43 myproxy myproxy-server[9119]: Client /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi disconnected # ls -ltr /var/lib/myproxy/ total 36 -rw------- 1 myproxy myproxy 132 Dec 29 10:03 veronesi-veronesi-test.data -rw------- 1 myproxy myproxy 5912 Dec 29 10:03 veronesi-veronesi-test.creds
myproxy-info
On a user interface:# myproxy-info -s myproxy.cnaf.infn.it -k veronesi-test username: veronesi owner: /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi name: veronesi-test timeleft: 167:55:38 (7.0 days)On the MyProxy server:
# tail -f /var/log/messages Dec 29 10:42:08 myproxy myproxy-server[9209]: Connection from 131.154.101.141 Dec 29 10:42:08 myproxy myproxy-server[9209]: Authenticated client /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi Dec 29 10:42:08 myproxy myproxy-server[9209]: Received INFO request for username veronesi Dec 29 10:42:08 myproxy myproxy-server[9209]: Client /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi disconnected
myproxy-get-delegation
On a user interface:$ myproxy-get-delegation -s myproxy.cnaf.infn.it -k veronesi-test Enter MyProxy pass phrase: A credential has been received for user veronesi in /tmp/x509up_u23019.On the MyProxy server:
# tail -f /var/log/messages Dec 29 11:01:05 myproxy myproxy-server[31270]: Connection from 131.154.101.141 Dec 29 11:01:05 myproxy myproxy-server[31270]: Authenticated client /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi Dec 29 11:01:08 myproxy myproxy-server[31270]: Received GET request for username veronesi Dec 29 11:01:08 myproxy myproxy-server[31270]: credential passphrase matched Dec 29 11:01:08 myproxy myproxy-server[31270]: Delegating credentials for /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi lifetime=43200 Dec 29 11:01:08 myproxy myproxy-server[31270]: Client /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi disconnected
Additional notes
In order to make the WMS renewal function it is necessary:- To include the DN of the WMS that process the jobs among the authorized renewers on the MyProxy server, i.e. to add
authorized_renewers DNto the configuration and restart the server; - Upload the proxy of the job submitter in the MyProxy server using
myproxy-init -s myproxy_server -d -n - Submit the job with the MyProxy server hostname being given in the JDL
Revision
| Date | Comment |
|---|---|
| 2012-05-03 | myproxy upgraded - EMI 1 Kebnekaise Products - glite-proxyrenewal update v.1.3.25 |
Topic revision: r11 - 2012-06-12 - PaoloVeronesi
Home 
Site map
CEMon web
Create New Topic
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
Account  |
 |
|
|
|
Copyright © 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback