Tags:
,
view all tags
---+!! Notes about Installation and Configuration of myproxy * *These notes are provided by site admins on a best effort base as a contribution to the IGI communities and MUST not be considered as a subsitute of the [[http://wiki.italiangrid.it/twiki/bin/view/IGIRelease/IgiEmi][Official IGI documentation]].* * This document is addressed to site administrators responsible for middleware installation and configuration. * The goal of this page is to provide some hints and examples on how to install and configure an IGI *myproxy* service based on UMD middleware. *NB:* The myproxy service is a *CORE* service, it should not be installed at Resource Center level. The official endpoint provided by IGI is =myproxy.cnaf.infn.it= and *MUST* be used by all Resource Centers and Services part of the IGI infrastructure. %TOC% ---++ References 1. [[http://www.italiangrid.it/][About IGI - Italian Grid infrastructure]] 1. [[http://wiki.italiangrid.it/twiki/bin/view/IGIRelease/WebHome][About IGI Release]] 1. [[http://wiki.italiangrid.it/twiki/bin/view/IGIRelease/IgiEmi][IGI Official Installation and Configuration guide]] 1. [[https://wiki.egi.eu/wiki/Tools/Manuals/SiteProblemsFollowUp][Troubleshooting Guide for Operational Errors on EGI Sites]] 1. [[https://wiki.egi.eu/wiki/Tools/Manuals/AdministrationFaq][Grid Administration FAQs page]] %TWISTY{ mode="div" showlink=" *Recommendations* " hidelink=" *Recommendations* " remember="off" firststart="hide" showimgright="%ICONURLPATH{toggleopen}%" hideimgright="%ICONURLPATH{toggleclose}%" }% ---+++ Recommendations * The service needs at least: * 3 cores * 3 GB RAM * 10 GB disk space. A full virtualized machine based on KVM has been used in the following notes. %ENDTWISTY% ---+++Service installation %TWISTY{ mode="div" showlink=" *O.S. and Repos* " hidelink=" *O.S. and Repos* " remember="off" firststart="hide" showimgright="%ICONURLPATH{toggleopen}%" hideimgright="%ICONURLPATH{toggleclose}%" }% ---++++ O.S. and Repos * Starts from a fresh installation of Scientific Linux 5.x (x86_64). <verbatim> # cat /etc/redhat-release Scientific Linux SL release 5.7 (Boron) </verbatim> * Install the additional repositories: EPEL, Certification Authority, UMD <verbatim> # cd /etc/yum.repos.d/ # rpm -ivh http://mirror.switch.ch/ftp/mirror/epel//5/x86_64/epel-release-5-4.noarch.rpm # wget http://repo-pd.italiangrid.it/mrepo/repos/egi-trustanchors.repo # rpm -ivh http://repo-pd.italiangrid.it/mrepo/EMI/1/sl5/x86_64/updates/emi-release-1.0.1-1.sl5.noarch.rpm # yum install yum-priorities yum-protectbase </verbatim> * Be sure that SELINUX is disabled (or permissive). Details on how to disable SELINUX are [[http://fedoraproject.org/wiki/SELinux/setenforce][here]]: <verbatim> # getenforce Disabled </verbatim> * Check the repos list (sl-*.repo are the repos of the O.S. and they should be present by default). <verbatim> # ls /etc/yum.repos.d/ egi-trustanchors.repo emi1-third-party.repo emi1-base.repo emi1-updates.repo epel.repo epel-testing.repo sl-contrib.repo sl-fastbugs.repo sl-security.repo sl-testing.repo sl-debuginfo.repo sl.repo sl-srpms.repo </verbatim> %ENDTWISTY% %TWISTY{ mode="div" showlink=" *yum install* " hidelink=" *yum install* " remember="off" firststart="hide" showimgright="%ICONURLPATH{toggleopen}%" hideimgright="%ICONURLPATH{toggleclose}%" }% ---++++ yum install <verbatim> # yum clean all Loaded plugins: downloadonly, kernel-module, priorities, protect-packages, protectbase, security, verify, versionlock Cleaning up Everything # yum install ca-policy-egi-core emi-px Loaded plugins: downloadonly, kernel-module, priorities, protectbase sl-security | 1.9 kB 00:00 sl-security/primary_db | 299 kB 00:01 242 packages excluded due to repository priority protections 0 packages excluded due to repository protections Setting up Install Process Package ca-policy-egi-core-1.43-1.noarch already installed and latest version Resolving Dependencies --> Running transaction check ---> Package emi-px.x86_64 0:1.0.0-1.sl5 set to be updated --> Processing Dependency: glite-px-myproxy-yaim for package: emi-px --> Processing Dependency: emi-version for package: emi-px --> Processing Dependency: myproxy-admin for package: emi-px --> Processing Dependency: fetch-crl for package: emi-px --> Processing Dependency: bdii for package: emi-px --> Processing Dependency: myproxy-server for package: emi-px --> Processing Dependency: glue-schema for package: emi-px --> Processing Dependency: glite-info-provider-service for package: emi-px --> Running transaction check ---> Package bdii.noarch 0:5.2.5-2.el5 set to be updated --> Processing Dependency: openldap-servers for package: bdii --> Processing Dependency: expect for package: bdii --> Processing Dependency: openldap-clients for package: bdii ---> Package emi-version.x86_64 0:1.7.0-1.sl5 set to be updated ---> Package fetch-crl.noarch 0:2.8.4-2.el5 set to be updated ---> Package glite-info-provider-service.noarch 0:1.7.0-1.el5 set to be updated ---> Package glite-px-myproxy-yaim.x86_64 0:4.1.4-2.sl5 set to be updated --> Processing Dependency: glite-yaim-core for package: glite-px-myproxy-yaim --> Processing Dependency: glite-yaim-bdii for package: glite-px-myproxy-yaim ---> Package glue-schema.noarch 0:2.0.8-1.el5 set to be updated ---> Package myproxy-admin.x86_64 0:5.5-1.el5 set to be updated --> Processing Dependency: myproxy-libs = 5.5-1.el5 for package: myproxy-admin --> Processing Dependency: myproxy = 5.5-1.el5 for package: myproxy-admin --> Processing Dependency: globus-gsi-cert-utils-progs for package: myproxy-admin --> Processing Dependency: libglobus_gsi_credential.so.1()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_gsi_cert_utils.so.0()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_gsi_sysconfig.so.1()(64bit) for package: myproxy-admin --> Processing Dependency: libltdl.so.3()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_openssl.so.0()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_proxy_ssl.so.1()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_gsi_callback.so.0()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_gsi_proxy_core.so.0()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_xio.so.0()(64bit) for package: myproxy-admin --> Processing Dependency: libmyproxy.so.5()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_openssl_error.so.0()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_oldgaa.so.0()(64bit) for package: myproxy-admin --> Processing Dependency: libvomsapi.so.1()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_gssapi_gsi.so.4()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_common.so.0()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_gss_assist.so.3()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_callout.so.0()(64bit) for package: myproxy-admin --> Processing Dependency: libglobus_usage.so.0()(64bit) for package: myproxy-admin ---> Package myproxy-server.x86_64 0:5.5-1.el5 set to be updated --> Running transaction check ---> Package expect.x86_64 0:5.43.0-5.1 set to be updated ---> Package glite-yaim-bdii.noarch 0:4.3.4-1.el5 set to be updated ---> Package glite-yaim-core.noarch 0:5.0.2-1.sl5 set to be updated ---> Package globus-callout.x86_64 0:0.7-8.el5 set to be updated --> Processing Dependency: globus-libtool >= 1 for package: globus-callout ---> Package globus-common.x86_64 0:11.6-5.el5 set to be updated ---> Package globus-gsi-callback.x86_64 0:2.8-2.el5 set to be updated --> Processing Dependency: globus-openssl >= 1 for package: globus-gsi-callback ---> Package globus-gsi-cert-utils.x86_64 0:6.7-2.el5 set to be updated ---> Package globus-gsi-cert-utils-progs.x86_64 0:6.7-2.el5 set to be updated --> Processing Dependency: globus-common-setup >= 2 for package: globus-gsi-cert-utils-progs --> Processing Dependency: globus-openssl-progs >= 1 for package: globus-gsi-cert-utils-progs ---> Package globus-gsi-credential.x86_64 0:3.5-3.el5 set to be updated ---> Package globus-gsi-openssl-error.x86_64 0:0.14-8.el5 set to be updated ---> Package globus-gsi-proxy-core.x86_64 0:4.7-2.el5 set to be updated ---> Package globus-gsi-proxy-ssl.x86_64 0:2.3-3.el5 set to be updated ---> Package globus-gsi-sysconfig.x86_64 0:3.2-1.el5 set to be updated ---> Package globus-gss-assist.x86_64 0:5.10-1.el5 set to be updated ---> Package globus-gssapi-gsi.x86_64 0:7.8-1.el5 set to be updated ---> Package globus-openssl-module.x86_64 0:1.3-3.el5 set to be updated ---> Package globus-usage.x86_64 0:1.4-2.el5 set to be updated ---> Package globus-xio.x86_64 0:2.8-4.el5 set to be updated ---> Package libtool-ltdl.x86_64 0:1.5.22-7.el5_4 set to be updated ---> Package myproxy.x86_64 0:5.5-1.el5 set to be updated --> Processing Dependency: globus-proxy-utils for package: myproxy --> Processing Dependency: voms-clients for package: myproxy ---> Package myproxy-libs.x86_64 0:5.5-1.el5 set to be updated ---> Package openldap-clients.x86_64 0:2.3.43-12.el5_6.7 set to be updated ---> Package openldap-servers.x86_64 0:2.3.43-12.el5_6.7 set to be updated EGI-trustanchors/filelists | 14 kB 00:00 EMI-1-base/filelists_db | 181 kB 00:00 EMI-1-third-party/filelists_db | 57 kB 00:00 EMI-1-updates/filelists_db | 113 kB 00:00 epel/filelists_db | 5.5 MB 00:00 sl-base/filelists | 3.3 MB 00:02 sl-security/filelists_db | 1.1 MB 00:01 ---> Package voms.x86_64 0:2.0.2-1.sl5 set to be updated --> Running transaction check ---> Package globus-common-progs.x86_64 0:11.6-5.el5 set to be updated --> Processing Dependency: autoconf for package: globus-common-progs --> Processing Dependency: finger for package: globus-common-progs --> Processing Dependency: cvs for package: globus-common-progs ---> Package globus-libtool.x86_64 0:1.2-4.el5 set to be updated ---> Package globus-openssl.x86_64 0:5.1-2.el5 set to be updated ---> Package globus-openssl-progs.x86_64 0:5.1-2.el5 set to be updated ---> Package globus-proxy-utils.x86_64 0:3.10-1.el5 set to be updated ---> Package voms-clients.x86_64 0:2.0.0-1.sl5 set to be updated --> Running transaction check ---> Package autoconf.noarch 0:2.59-12 set to be updated --> Processing Dependency: imake for package: autoconf ---> Package cvs.x86_64 0:1.11.22-7.el5 set to be updated ---> Package finger.x86_64 0:0.17-33 set to be updated --> Running transaction check ---> Package imake.x86_64 0:1.0.2-3 set to be updated --> Finished Dependency Resolution Beginning Kernel Module Plugin Finished Kernel Module Plugin Dependencies Resolved ================================================================================================================================================================================== Package Arch Version Repository Size ================================================================================================================================================================================== Installing: emi-px x86_64 1.0.0-1.sl5 EMI-1-base 1.7 k Installing for dependencies: autoconf noarch 2.59-12 sl-base 648 k bdii noarch 5.2.5-2.el5 EMI-1-updates 20 k cvs x86_64 1.11.22-7.el5 sl-base 737 k emi-version x86_64 1.7.0-1.sl5 EMI-1-updates 2.1 k expect x86_64 5.43.0-5.1 sl-base 160 k fetch-crl noarch 2.8.4-2.el5 epel 24 k finger x86_64 0.17-33 sl-base 21 k glite-info-provider-service noarch 1.7.0-1.el5 EMI-1-updates 53 k glite-px-myproxy-yaim x86_64 4.1.4-2.sl5 EMI-1-base 8.1 k glite-yaim-bdii noarch 4.3.4-1.el5 EMI-1-updates 10 k glite-yaim-core noarch 5.0.2-1.sl5 EMI-1-updates 116 k globus-callout x86_64 0.7-8.el5 epel 16 k globus-common x86_64 11.6-5.el5 epel 109 k globus-common-progs x86_64 11.6-5.el5 epel 67 k globus-gsi-callback x86_64 2.8-2.el5 epel 39 k globus-gsi-cert-utils x86_64 6.7-2.el5 epel 18 k globus-gsi-cert-utils-progs x86_64 6.7-2.el5 epel 26 k globus-gsi-credential x86_64 3.5-3.el5 epel 32 k globus-gsi-openssl-error x86_64 0.14-8.el5 epel 15 k globus-gsi-proxy-core x86_64 4.7-2.el5 epel 33 k globus-gsi-proxy-ssl x86_64 2.3-3.el5 epel 17 k globus-gsi-sysconfig x86_64 3.2-1.el5 epel 28 k globus-gss-assist x86_64 5.10-1.el5 epel 31 k globus-gssapi-gsi x86_64 7.8-1.el5 epel 55 k globus-libtool x86_64 1.2-4.el5 epel 4.2 k globus-openssl x86_64 5.1-2.el5 epel 4.6 k globus-openssl-module x86_64 1.3-3.el5 epel 13 k globus-openssl-progs x86_64 5.1-2.el5 epel 4.3 k globus-proxy-utils x86_64 3.10-1.el5 epel 45 k globus-usage x86_64 1.4-2.el5 epel 15 k globus-xio x86_64 2.8-4.el5 epel 123 k glue-schema noarch 2.0.8-1.el5 EMI-1-updates 33 k imake x86_64 1.0.2-3 sl-base 318 k libtool-ltdl x86_64 1.5.22-7.el5_4 sl-base 38 k myproxy x86_64 5.5-1.el5 epel 86 k myproxy-admin x86_64 5.5-1.el5 epel 55 k myproxy-libs x86_64 5.5-1.el5 epel 121 k myproxy-server x86_64 5.5-1.el5 epel 52 k openldap-clients x86_64 2.3.43-12.el5_6.7 sl-base 223 k openldap-servers x86_64 2.3.43-12.el5_6.7 sl-base 2.2 M voms x86_64 2.0.2-1.sl5 EMI-1-base 165 k voms-clients x86_64 2.0.0-1.sl5 EMI-1-base 178 k Transaction Summary ================================================================================================================================================================================== Install 43 Package(s) Upgrade 0 Package(s) Total download size: 5.9 M Is this ok [y/N]: Downloading Packages: (1/43): emi-px-1.0.0-1.sl5.x86_64.rpm | 1.7 kB 00:00 (2/43): emi-version-1.7.0-1.sl5.x86_64.rpm | 2.1 kB 00:00 (3/43): globus-libtool-1.2-4.el5.x86_64.rpm | 4.2 kB 00:00 (4/43): globus-openssl-progs-5.1-2.el5.x86_64.rpm | 4.3 kB 00:00 (5/43): globus-openssl-5.1-2.el5.x86_64.rpm | 4.6 kB 00:00 (6/43): glite-px-myproxy-yaim-4.1.4-2.sl5.x86_64.rpm | 8.1 kB 00:00 (7/43): glite-yaim-bdii-4.3.4-1.el5.noarch.rpm | 10 kB 00:00 (8/43): globus-openssl-module-1.3-3.el5.x86_64.rpm | 13 kB 00:00 (9/43): globus-gsi-openssl-error-0.14-8.el5.x86_64.rpm | 15 kB 00:00 (10/43): globus-usage-1.4-2.el5.x86_64.rpm | 15 kB 00:00 (11/43): globus-callout-0.7-8.el5.x86_64.rpm | 16 kB 00:00 (12/43): globus-gsi-proxy-ssl-2.3-3.el5.x86_64.rpm | 17 kB 00:00 (13/43): globus-gsi-cert-utils-6.7-2.el5.x86_64.rpm | 18 kB 00:00 (14/43): bdii-5.2.5-2.el5.noarch.rpm | 20 kB 00:00 (15/43): finger-0.17-33.x86_64.rpm | 21 kB 00:00 (16/43): fetch-crl-2.8.4-2.el5.noarch.rpm | 24 kB 00:00 (17/43): globus-gsi-cert-utils-progs-6.7-2.el5.x86_64.rpm | 26 kB 00:00 (18/43): globus-gsi-sysconfig-3.2-1.el5.x86_64.rpm | 28 kB 00:00 (19/43): globus-gss-assist-5.10-1.el5.x86_64.rpm | 31 kB 00:00 (20/43): globus-gsi-credential-3.5-3.el5.x86_64.rpm | 32 kB 00:00 (21/43): globus-gsi-proxy-core-4.7-2.el5.x86_64.rpm | 33 kB 00:00 (22/43): glue-schema-2.0.8-1.el5.noarch.rpm | 33 kB 00:00 (23/43): libtool-ltdl-1.5.22-7.el5_4.x86_64.rpm | 38 kB 00:00 (24/43): globus-gsi-callback-2.8-2.el5.x86_64.rpm | 39 kB 00:00 (25/43): globus-proxy-utils-3.10-1.el5.x86_64.rpm | 45 kB 00:00 (26/43): myproxy-server-5.5-1.el5.x86_64.rpm | 52 kB 00:00 (27/43): glite-info-provider-service-1.7.0-1.el5.noarch.rpm | 53 kB 00:00 (28/43): globus-gssapi-gsi-7.8-1.el5.x86_64.rpm | 55 kB 00:00 (29/43): myproxy-admin-5.5-1.el5.x86_64.rpm | 55 kB 00:00 (30/43): globus-common-progs-11.6-5.el5.x86_64.rpm | 67 kB 00:00 (31/43): myproxy-5.5-1.el5.x86_64.rpm | 86 kB 00:00 (32/43): globus-common-11.6-5.el5.x86_64.rpm | 109 kB 00:00 (33/43): glite-yaim-core-5.0.2-1.sl5.noarch.rpm | 116 kB 00:00 (34/43): myproxy-libs-5.5-1.el5.x86_64.rpm | 121 kB 00:00 (35/43): globus-xio-2.8-4.el5.x86_64.rpm | 123 kB 00:00 (36/43): expect-5.43.0-5.1.x86_64.rpm | 160 kB 00:00 (37/43): voms-2.0.2-1.sl5.x86_64.rpm | 165 kB 00:00 (38/43): voms-clients-2.0.0-1.sl5.x86_64.rpm | 178 kB 00:00 (39/43): openldap-clients-2.3.43-12.el5_6.7.x86_64.rpm | 223 kB 00:00 (40/43): imake-1.0.2-3.x86_64.rpm | 318 kB 00:00 (41/43): autoconf-2.59-12.noarch.rpm | 648 kB 00:00 (42/43): cvs-1.11.22-7.el5.x86_64.rpm | 737 kB 00:00 (43/43): openldap-servers-2.3.43-12.el5_6.7.x86_64.rpm | 2.2 MB 00:00 ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 727 kB/s | 5.9 MB 00:08 warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 217521f6 epel/gpgkey | 1.7 kB 00:00 Importing GPG key 0x217521F6 "Fedora EPEL <epel@fedoraproject.org>" from /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL Is this ok [y/N]: y warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID df9e12ef EMI-1-updates/gpgkey | 1.7 kB 00:00 Importing GPG key 0xDF9E12EF "Doina Cristina Aiftimiei (EMI Release Manager) <aiftim@pd.infn.it>" from /etc/pki/rpm-gpg/RPM-GPG-KEY-emi Is this ok [y/N]: y Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing : libtool-ltdl 1/43 Installing : voms 2/43 Installing : globus-openssl 3/43 Installing : globus-gsi-proxy-ssl 4/43 Installing : globus-libtool 5/43 Installing : globus-common 6/43 Installing : globus-gsi-openssl-error 7/43 Installing : globus-gsi-sysconfig 8/43 Installing : globus-openssl-module 9/43 Installing : globus-gsi-cert-utils 10/43 Installing : globus-gsi-callback 11/43 Installing : globus-gsi-credential 12/43 Installing : globus-gsi-proxy-core 13/43 Installing : globus-gssapi-gsi 14/43 Installing : globus-callout 15/43 Installing : globus-gss-assist 16/43 Installing : globus-xio 17/43 Installing : globus-usage 18/43 Installing : myproxy-libs 19/43 Installing : myproxy-server 20/43 Installing : glue-schema 21/43 Installing : globus-proxy-utils 22/43 Installing : voms-clients 23/43 Installing : myproxy 24/43 Installing : openldap-servers 25/43 Installing : expect 26/43 Installing : openldap-clients 27/43 Installing : imake 28/43 Installing : cvs 29/43 Installing : finger 30/43 Installing : autoconf 31/43 Installing : globus-common-progs 32/43 Installing : bdii 33/43 Installing : globus-openssl-progs 34/43 Installing : globus-gsi-cert-utils-progs 35/43 Installing : myproxy-admin 36/43 Installing : glite-yaim-bdii 37/43 Installing : glite-yaim-core 38/43 Installing : glite-px-myproxy-yaim 39/43 Installing : emi-version 40/43 Installing : glite-info-provider-service 41/43 Installing : fetch-crl 42/43 Installing : emi-px 43/43 Installed: emi-px.x86_64 0:1.0.0-1.sl5 Dependency Installed: autoconf.noarch 0:2.59-12 bdii.noarch 0:5.2.5-2.el5 cvs.x86_64 0:1.11.22-7.el5 emi-version.x86_64 0:1.7.0-1.sl5 expect.x86_64 0:5.43.0-5.1 fetch-crl.noarch 0:2.8.4-2.el5 finger.x86_64 0:0.17-33 glite-info-provider-service.noarch 0:1.7.0-1.el5 glite-px-myproxy-yaim.x86_64 0:4.1.4-2.sl5 glite-yaim-bdii.noarch 0:4.3.4-1.el5 glite-yaim-core.noarch 0:5.0.2-1.sl5 globus-callout.x86_64 0:0.7-8.el5 globus-common.x86_64 0:11.6-5.el5 globus-common-progs.x86_64 0:11.6-5.el5 globus-gsi-callback.x86_64 0:2.8-2.el5 globus-gsi-cert-utils.x86_64 0:6.7-2.el5 globus-gsi-cert-utils-progs.x86_64 0:6.7-2.el5 globus-gsi-credential.x86_64 0:3.5-3.el5 globus-gsi-openssl-error.x86_64 0:0.14-8.el5 globus-gsi-proxy-core.x86_64 0:4.7-2.el5 globus-gsi-proxy-ssl.x86_64 0:2.3-3.el5 globus-gsi-sysconfig.x86_64 0:3.2-1.el5 globus-gss-assist.x86_64 0:5.10-1.el5 globus-gssapi-gsi.x86_64 0:7.8-1.el5 globus-libtool.x86_64 0:1.2-4.el5 globus-openssl.x86_64 0:5.1-2.el5 globus-openssl-module.x86_64 0:1.3-3.el5 globus-openssl-progs.x86_64 0:5.1-2.el5 globus-proxy-utils.x86_64 0:3.10-1.el5 globus-usage.x86_64 0:1.4-2.el5 globus-xio.x86_64 0:2.8-4.el5 glue-schema.noarch 0:2.0.8-1.el5 imake.x86_64 0:1.0.2-3 libtool-ltdl.x86_64 0:1.5.22-7.el5_4 myproxy.x86_64 0:5.5-1.el5 myproxy-admin.x86_64 0:5.5-1.el5 myproxy-libs.x86_64 0:5.5-1.el5 myproxy-server.x86_64 0:5.5-1.el5 openldap-clients.x86_64 0:2.3.43-12.el5_6.7 openldap-servers.x86_64 0:2.3.43-12.el5_6.7 voms.x86_64 0:2.0.2-1.sl5 voms-clients.x86_64 0:2.0.0-1.sl5 Complete! </verbatim> %ENDTWISTY% ---+++ Service configuration The configuration file for this service is really basic. For autorization: * DN list of authorized renewals (WMS and nagios) * DN list of trusted retrievers (nagios) %TWISTY{ mode="div" showlink=" *site-info.def* " hidelink=" *site-info.def* " remember="off" firststart="hide" showimgright="%ICONURLPATH{toggleopen}%" hideimgright="%ICONURLPATH{toggleclose}%" }% ---++++ site-info.def <verbatim> # cp -vr /opt/glite/yaim/examples/siteinfo /root/ `/opt/glite/yaim/examples/siteinfo' -> `/root/siteinfo' `/opt/glite/yaim/examples/siteinfo/site-info.def' -> `/root/siteinfo/site-info.def' `/opt/glite/yaim/examples/siteinfo/services' -> `/root/siteinfo/services' `/opt/glite/yaim/examples/siteinfo/services/glite-px' -> `/root/siteinfo/services/glite-px' `/opt/glite/yaim/examples/siteinfo/services/glite-bdii_site' -> `/root/siteinfo/services/glite-bdii_site' # cat /root/siteinfo/site-info.def SITE_NAME=INFN-CNAF PX_HOST=`hostname -f` BDII_DELETE_DELAY=0 </verbatim> %ENDTWISTY% %TWISTY{ mode="div" showlink=" *glite-px* " hidelink=" *glite-px* " remember="off" firststart="hide" showimgright="%ICONURLPATH{toggleopen}%" hideimgright="%ICONURLPATH{toggleclose}%" }% ---++++ glite-px <verbatim> # cat siteinfo/services/glite-px ############################################################################## # Copyright (c) Members of the EGEE Collaboration. 2004. # See http://www.eu-egee.org/partners/ for details on the copyright # holders. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS # OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ############################################################################## # # NAME : glite-px # # DESCRIPTION : This configuration file contains the list of variables needed # to configure Myproxy together with site-info.def. # # AUTHORS : yaim-contact@cern.ch # # NOTES : # # YAIM MODULE: glite-yaim-myproxy # ############################################################################## GRID_AUTHORIZED_RETRIEVERS="\*" GRID_AUTHORIZED_RENEWERS=" '/C=IT/O=INFN/OU=Host/L=CNAF/CN=gridit-wms-01.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee-wms-01.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=Ferrara/CN=gridrb.fe.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee-rb-01.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee-rb-02.cnaf.infn.it' '/C=IT/O=INFN/OU=grid014.ct.infn.it/L=Catania/CN=grid014.ct.infn.it/emailAddress=giuseppe.platania@ct.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=gridit-cert-rb.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=eumed-rb-1.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=euchina-rb-1.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee-rb-03.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee-rb-04.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee-rb-05.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee-rb-06.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=gridit-rb-01.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=Padova/CN=egrid-rb-01.pd.infn.it' '/C=IT/O=INFN/OU=Host/L=Padova/CN=prod-rb-01.pd.infn.it' '/C=IT/O=INFN/OU=Host/L=Padova/CN=prod-rb-02.pd.infn.it' '/C=IT/O=INFN/OU=Host/L=Padova/CN=prod-wms-01.pd.infn.it' '/C=IT/O=INFN/OU=Host/L=Padova/CN=eu-india-02.pd.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=sc2.cr.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=Bari/CN=wms1.ba.infn.it' '/C=IT/O=INFN/OU=Host/L=Bari/CN=wms2.ba.infn.it' '/C=IT/O=INFN/OU=Host/L=Bari/CN=wms3.ba.infn.it' '/C=CH/O=CERN/OU=GRID/CN=host/lxn1185.cern.ch' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee-rb-07.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee-rb-08.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee-rb-09.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=cert-rb-06.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=glite-rb-00.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=glite-rb-01.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=devel07.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=devel09.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=devel10.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=devel11.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=devel12.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=devel14.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=devel18.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=devel19.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=devel20.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=Padova/CN=cream-06.pd.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms001.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms002.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms003.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms004.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms005.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms006.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms007.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms008.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms009.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms011.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms012.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms013.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms014.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms015.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms016.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=wms017.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=cert-02.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=pps-fts.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=tigerman.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=Milano/CN=egee-rb-01.mi.infn.it' '/C=IT/O=INFN/OU=Host/L=CIRMMP/CN=wms-enmr.cerm.unifi.it' '/DC=ch/DC=cern/OU=computers/CN=wms101.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms102.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms103.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms104.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms105.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms106.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms107.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms108.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms109.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms110.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms111.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms112.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms113.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms114.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms115.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms116.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms117.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms118.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms119.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms121.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms122.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms123.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms124.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms125.cern.ch' '/DC=ch/DC=cern/OU=computers/CN=wms126.cern.ch' '/O=dutchgrid/O=hosts/OU=nikhef.nl/CN=graszode.nikhef.nl' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=mon-it.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=mon-cnaf.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=bbrbuild01.cr.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=bbr-serv09.cr.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee017.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=sb-serv01.cr.cnaf.infn.it' " GRID_TRUSTED_RETRIEVERS=" '/C=IT/O=INFN/OU=Host/L=CNAF/CN=mon-it.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=mon-cnaf.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=bbrbuild01.cr.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=bbr-serv09.cr.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=egee017.cnaf.infn.it' '/C=IT/O=INFN/OU=Host/L=CNAF/CN=sb-serv01.cr.cnaf.infn.it' " </verbatim> %ENDTWISTY% %TWISTY{ mode="div" showlink=" *host certificate required* " hidelink=" *host certificate required* " remember="off" firststart="hide" showimgright="%ICONURLPATH{toggleopen}%" hideimgright="%ICONURLPATH{toggleclose}%" }% ---++++ host certificate *required* <verbatim> # ll /etc/grid-security/host* -rw-r--r-- 1 root root 1440 Dec 29 09:30 /etc/grid-security/hostcert.pem -r-------- 1 root root 887 Dec 29 09:30 /etc/grid-security/hostkey.pem </verbatim> %ENDTWISTY% ---+++ Service configuration %TWISTY{ mode="div" showlink=" *yaim check* " hidelink=" *yaim check* " remember="off" firststart="hide" showimgright="%ICONURLPATH{toggleopen}%" hideimgright="%ICONURLPATH{toggleclose}%" }% ---++++ yaim check <verbatim> # chmod -R 600 /root/siteinfo # /opt/glite/yaim/bin/yaim -v -s /root/siteinfo/site-info.def -n glite-PX INFO: Using site configuration file: /root/siteinfo/site-info.def INFO: Sourcing service specific configuration file: /root/siteinfo/services/glite-px INFO: ################################################################### . /'.-. ') . yA,-"-,( ,m,:/ ) .oo. oo o ooo o. .oo . / .-Y a a Y-. 8. .8' 8'8. 8 8b d'8 . / ~ ~ / 8' .8oo88. 8 8 8' 8 . (_/ '====' 8 .8' 8. 8 8 Y 8 . Y,-''-,Yy,-.,/ o8o o8o o88o o8o o8o o8o . I_))_) I_))_) current working directory: /root site-info.def date: Dec 29 09:36 /root/siteinfo/site-info.def yaim command: -v -s /root/siteinfo/site-info.def -n glite-PX log file: /opt/glite/yaim/bin/../log/yaimlog Thu Dec 29 09:44:38 CET 2011 : /opt/glite/yaim/bin/yaim Installed YAIM versions: glite-px-myproxy-yaim - glite-yaim-bdii 4.3.4-1 glite-yaim-core 5.0.2-1 #################################################################### INFO: The default location of the grid-env.(c)sh files will be: /usr/libexec INFO: Sourcing the utilities in /opt/glite/yaim/functions/utils INFO: Detecting environment INFO: Executing function: config_host_certs_check INFO: Executing function: config_edgusers_check INFO: Executing function: config_proxy_server_check INFO: Executing function: config_bdii_5.2_check INFO: Executing function: config_info_service_px_check INFO: Checking is done. INFO: All the necessary variables to configure PX are defined in your configuration files. INFO: Please, bear in mind that YAIM only guarantees the definition of variables INFO: controlled in the _check functions. INFO: YAIM terminated succesfully. </verbatim> %ENDTWISTY% %TWISTY{ mode="div" showlink=" *yaim config* " hidelink=" *yaim config* " remember="off" firststart="hide" showimgright="%ICONURLPATH{toggleopen}%" hideimgright="%ICONURLPATH{toggleclose}%" }% ---++++ yaim config Please use the debug flag ( ="-d 6"=) to configure the services in order to have detailed information. For your convenience yo can save all the configuration information in a log file you can look at any time, separated from the =yaimlog= defulat one. <verbatim> # /opt/glite/yaim/bin/yaim -c -d 6 -s /root/siteinfo/site-info.def -n glite-PX DEBUG: Checking siteinfo dir is not world readable DEBUG: Checking site-info.def is syntactically correct DEBUG: Sourcing /opt/glite/yaim/bin/../defaults/site-info.pre DEBUG: Sourcing /opt/glite/yaim/bin/../defaults/glite-px.pre INFO: Using site configuration file: /root/siteinfo/site-info.def DEBUG: Sourcing site-info.def file: /root/siteinfo/site-info.def INFO: Sourcing service specific configuration file: /root/siteinfo/services/glite-px DEBUG: Sourcing /opt/glite/yaim/bin/../defaults/site-info.post DEBUG: Sourcing /opt/glite/yaim/bin/../defaults/mapping INFO: ################################################################### . /'.-. ') . yA,-"-,( ,m,:/ ) .oo. oo o ooo o. .oo . / .-Y a a Y-. 8. .8' 8'8. 8 8b d'8 . / ~ ~ / 8' .8oo88. 8 8 8' 8 . (_/ '====' 8 .8' 8. 8 8 Y 8 . Y,-''-,Yy,-.,/ o8o o8o o88o o8o o8o o8o . I_))_) I_))_) current working directory: /root site-info.def date: Dec 29 09:36 /root/siteinfo/site-info.def yaim command: -c -d 6 -s /root/siteinfo/site-info.def -n glite-PX log file: /opt/glite/yaim/bin/../log/yaimlog Thu Dec 29 09:45:30 CET 2011 : /opt/glite/yaim/bin/yaim Installed YAIM versions: glite-px-myproxy-yaim - glite-yaim-bdii 4.3.4-1 glite-yaim-core 5.0.2-1 #################################################################### INFO: The default location of the grid-env.(c)sh files will be: /usr/libexec INFO: Sourcing the utilities in /opt/glite/yaim/functions/utils INFO: Detecting environment DEBUG: Detect platform: OS flavour detected is: emi DEBUG: Detected architecture is 64BIT DEBUG: Detect platform: OS type detected: sl5 DEBUG: Resulted NODE_TYPE_LIST is : PX DEBUG: Setting environment variable GRID_ENV_LOCATION, to value "/usr/libexec". DEBUG: Unset environment variable GRID_ENV_LOCATION. DEBUG: Setting environment variable LCG_LOCATION, to value "/usr". DEBUG: Unset environment variable LCG_LOCATION. DEBUG: Setting environment variable GLITE_LOCATION, to value "/usr". DEBUG: Unset environment variable GLITE_LOCATION. DEBUG: Setting environment variable GLITE_LOCATION_VAR, to value "/var". DEBUG: Unset environment variable GLITE_LOCATION_VAR. DEBUG: Appending value "/bin" to environment variable PATH. DEBUG: Deleting value "/bin" from environment variable PATH. DEBUG: Appending value "/opt/glite/share/man" to environment variable MANPATH. DEBUG: Deleting value "/opt/glite/share/man" from environment variable MANPATH. DEBUG: Sourcing node definition file: /opt/glite/yaim/bin/../node-info.d/glite-px DEBUG: Skipping function: config_crl_check because it is not defined INFO: Executing function: config_host_certs_check INFO: Executing function: config_edgusers_check INFO: Executing function: config_proxy_server_check INFO: Executing function: config_bdii_5.2_check INFO: Executing function: config_info_service_px_check DEBUG: Skipping function: config_crl_setenv because it is not defined INFO: Executing function: config_crl INFO: Now updating the CRLs - this may take a few minutes... Enabling periodic fetch-crl: [ OK ] DEBUG: fetch-crl cron enabled DEBUG: Skipping function: config_host_certs_setenv because it is not defined INFO: Executing function: config_host_certs DEBUG: Skipping function: config_edgusers_setenv because it is not defined INFO: Executing function: config_edgusers DEBUG: Creating user edguser... DEBUG: User edguser doesn't exist DEBUG: YAIM is going to add user edguser DEBUG: HOME directory ${EDG_HOME_DIR} is specified for the user DEBUG: Checking whether the group edguser infosys for user edguser already exist... DEBUG: Group edguser added DEBUG: Group infosys added DEBUG: User edguser added DEBUG: Creating user edginfo... DEBUG: User edginfo doesn't exist DEBUG: YAIM is going to add user edginfo DEBUG: HOME directory ${EDGINFO_HOME_DIR} is specified for the user DEBUG: Checking whether the group edginfo infosys for user edginfo already exist... DEBUG: Group edginfo added DEBUG: Group infosys added DEBUG: User edginfo added DEBUG: Creating user glite... DEBUG: User glite doesn't exist DEBUG: YAIM is going to add user glite DEBUG: HOME directory ${GLITE_HOME_DIR} is specified for the user DEBUG: Checking whether the group glite for user glite already exist... DEBUG: Group glite added DEBUG: User glite added DEBUG: Creating user edguser... DEBUG: Skipping user edguser since it already exists... INFO: Executing function: config_proxy_server_setenv DEBUG: Setting environment variable GLITE_PX_LOCATION, to value "/usr". DEBUG: Unset environment variable GLITE_PX_LOCATION. DEBUG: Setting environment variable GLITE_PX_LOCATION_ETC, to value "/etc". DEBUG: Unset environment variable GLITE_PX_LOCATION_ETC. DEBUG: Setting environment variable GLITE_PX_LOCATION_VAR, to value "/var/glite". DEBUG: Unset environment variable GLITE_PX_LOCATION_VAR. INFO: Executing function: config_proxy_server DEBUG: Creating Minimal myproxy configuration. INFO: Reloading MyProxy server INFO: MyProxy server not running so starting Starting myproxy-server: [ OK ] DEBUG: Skipping function: config_bdii_5.2_setenv because it is not defined INFO: Executing function: config_bdii_5.2 Stopping BDII: BDII already stopped Starting BDII slapd: [ OK ] Starting BDII update process: [ OK ] INFO: Executing function: config_info_service_px_setenv DEBUG: This function currently doesn't set any environment variables. INFO: Executing function: config_info_service_px DEBUG: Delete a previous version of the *.conf if it exists DEBUG: Create the configuration files out of the template file DEBUG: Delete a previous version of the glite-info-provider-service-myproxy-wrapper if it exists DEBUG: Create the /var/lib/bdii/gip/provider in case it doesn't exist DEBUG: Create the glite-info-provider-service-myproxy-wrapper file INFO: Configuration Complete. [ OK ] INFO: YAIM terminated succesfully. </verbatim> ---++++ Know Issue and Workaround Al momento il servizio non parte al boot (baco di yaim, notificato in [[https://ggus.eu/tech/ticket_show.php?ticket=77790][GGUS]]. <verbatim> # chkconfig myproxy-server on </verbatim> %ENDTWISTY% ---++++ Service checks %TWISTY{ mode="div" showlink=" *myproxy-init* " hidelink=" *myproxy-init* " remember="off" firststart="hide" showimgright="%ICONURLPATH{toggleopen}%" hideimgright="%ICONURLPATH{toggleclose}%" }% ---+++++ myproxy-init On a user interface: <verbatim> # $ myproxy-info -s myproxy.cnaf.infn.it -k veronesi-test username: veronesi owner: /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi name: veronesi-test timeleft: 167:55:38 (7.0 days) [veronesi@ui ~]$ myproxy-init -s myproxy.cnaf.infn.it -k veronesi-test Your identity: /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi Enter GRID pass phrase for this identity: Creating proxy ............................................................................................ Done Proxy Verify OK Your proxy is valid until: Thu Jan 5 10:03:38 2012 Enter MyProxy pass phrase: Verifying - Enter MyProxy pass phrase: A proxy valid for 168 hours (7.0 days) for user veronesi now exists on myproxy.cnaf.infn.it. </verbatim> On the !MyProxy server: <verbatim> # tail -f /var/log/messages Dec 29 10:03:40 myproxy myproxy-server[9119]: Connection from 131.154.101.141 Dec 29 10:03:41 myproxy myproxy-server[9119]: Authenticated client /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi Dec 29 10:03:42 myproxy myproxy-server[9119]: Received PUT request for username veronesi Dec 29 10:03:43 myproxy myproxy-server[9119]: Client /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi disconnected # ls -ltr /var/lib/myproxy/ total 36 -rw------- 1 myproxy myproxy 132 Dec 29 10:03 veronesi-veronesi-test.data -rw------- 1 myproxy myproxy 5912 Dec 29 10:03 veronesi-veronesi-test.creds </verbatim> %ENDTWISTY% %TWISTY{ mode="div" showlink=" *myproxy-info* " hidelink=" *myproxy-info* " remember="off" firststart="hide" showimgright="%ICONURLPATH{toggleopen}%" hideimgright="%ICONURLPATH{toggleclose}%" }% ---+++++ myproxy-info On a user interface: <verbatim> # myproxy-info -s myproxy.cnaf.infn.it -k veronesi-test username: veronesi owner: /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi name: veronesi-test timeleft: 167:55:38 (7.0 days) </verbatim> On the !MyProxy server: <verbatim> # tail -f /var/log/messages Dec 29 10:42:08 myproxy myproxy-server[9209]: Connection from 131.154.101.141 Dec 29 10:42:08 myproxy myproxy-server[9209]: Authenticated client /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi Dec 29 10:42:08 myproxy myproxy-server[9209]: Received INFO request for username veronesi Dec 29 10:42:08 myproxy myproxy-server[9209]: Client /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi disconnected </verbatim> %ENDTWISTY% %TWISTY{ mode="div" showlink=" *myproxy-get-delegation* " hidelink=" *myproxy-get-delegation* " remember="off" firststart="hide" showimgright="%ICONURLPATH{toggleopen}%" hideimgright="%ICONURLPATH{toggleclose}%" }% ---+++++ myproxy-get-delegation On a user interface: <verbatim> $ myproxy-get-delegation -s myproxy.cnaf.infn.it -k veronesi-test Enter MyProxy pass phrase: A credential has been received for user veronesi in /tmp/x509up_u23019. </verbatim> On the !MyProxy server: <verbatim> # tail -f /var/log/messages Dec 29 11:01:05 myproxy myproxy-server[31270]: Connection from 131.154.101.141 Dec 29 11:01:05 myproxy myproxy-server[31270]: Authenticated client /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi Dec 29 11:01:08 myproxy myproxy-server[31270]: Received GET request for username veronesi Dec 29 11:01:08 myproxy myproxy-server[31270]: credential passphrase matched Dec 29 11:01:08 myproxy myproxy-server[31270]: Delegating credentials for /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi lifetime=43200 Dec 29 11:01:08 myproxy myproxy-server[31270]: Client /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Paolo Veronesi disconnected </verbatim> %ENDTWISTY% %TWISTY{ mode="div" showlink=" *Additional notes* " hidelink=" *Additional notes* " remember="off" firststart="hide" showimgright="%ICONURLPATH{toggleopen}%" hideimgright="%ICONURLPATH{toggleclose}%" }% ---+++ Additional notes In order to make the WMS renewal function it is necessary: 1. To include the DN of the WMS that process the jobs among the authorized renewers on the !MyProxy server, i.e. to add =authorized_renewers DN= to the configuration and restart the server; 1. Upload the proxy of the job submitter in the !MyProxy server using =myproxy-init -s myproxy_server -d -n= 1. Submit the job with the !MyProxy server hostname being given in the JDL %ENDTWISTY% ---+++ Revision -- Main.PaoloVeronesi - 2011-12-28
Edit
|
Attach
|
PDF
|
H
istory
:
r11
<
r10
<
r9
<
r8
<
r7
|
B
acklinks
|
V
iew topic
|
More topic actions...
Topic revision: r9 - 2012-02-22
-
PaoloVeronesi
Home
Site map
CEMon web
CREAM web
Cloud web
Cyclops web
DGAS web
EgeeJra1It web
Gows web
GridOversight web
IGIPortal web
IGIRelease web
MPI web
Main web
MarcheCloud web
MarcheCloudPilotaCNAF web
Middleware web
Operations web
Sandbox web
Security web
SiteAdminCorner web
TWiki web
Training web
UserSupport web
VOMS web
WMS web
WMSMonitor web
WeNMR web
SiteAdminCorner Web
Create New Topic
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
View
Raw View
Print version
Find backlinks
History
More topic actions
Edit
Raw edit
Attach file or image
Edit topic preference settings
Set new parent
More topic actions
Account
Log In
Edit
Attach
Copyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki?
Send feedback