MyProxy Server Installation

Similar documents
Introduzione al GRID computing

Using the MyProxy Online Credential Repository

Troubleshooting Grid authentication from the client side

SLCS and VASH Service Interoperability of Shibboleth and glite

Overview of WMS/LB API

Grid services. Enabling Grids for E-sciencE. Dusan Vudragovic Scientific Computing Laboratory Institute of Physics Belgrade, Serbia

Globus Toolkit Manoj Soni SENG, CDAC. 20 th & 21 th Nov 2008 GGOA Workshop 08 Bangalore

g-eclipse A Framework for Accessing Grid Infrastructures Nicholas Loulloudes Trainer, University of Cyprus (loulloudes.n_at_cs.ucy.ac.

Improving Grid User's Privacy with glite Pseudonymity Service

ALICE Grid/Analysis Tutorial Exercise-Solutions

glite Grid Services Overview

LHC COMPUTING GRID INSTALLING THE RELEASE. Document identifier: Date: April 6, Document status:

glite/egee in Practice

glite UI Installation

Grid Computing. Olivier Dadoun LAL, Orsay. Introduction & Parachute method. Socle 2006 Clermont-Ferrand Orsay)

Grid Computing. Olivier Dadoun LAL, Orsay Introduction & Parachute method. APC-Grid February 2007

dcache Introduction Course

30 Nov Dec Advanced School in High Performance and GRID Computing Concepts and Applications, ICTP, Trieste, Italy

Enabling Grids for E-sciencE. A centralized administration of the Grid infrastructure using Cfengine. Tomáš Kouba Varna, NEC2009.

Configure CEM Controller on CentOS 6.9

Introduction to Grid Computing!

glite Middleware Usage

Troubleshooting Grid authentication from the client side

EUROPEAN MIDDLEWARE INITIATIVE

Bookkeeping and submission tools prototype. L. Tomassetti on behalf of distributed computing group

Grid Authentication and Authorisation Issues. Ákos Frohner at CERN

Argus: The Simplified Policy Language

E G E E - I I. Document identifier: Date: 10/08/06. Document status: Document link:

Advanced Job Submission on the Grid

Setup Desktop Grids and Bridges. Tutorial. Robert Lovas, MTA SZTAKI

Interconnect EGEE and CNGRID e-infrastructures

Implementing GRID interoperability

Argus Vulnerability Assessment *1

How to use computing resources at Grid

GLOBUS TOOLKIT SECURITY

LCG-2 and glite Architecture and components

Globus Toolkit Firewall Requirements. Abstract

Introduction to Programming and Computing for Scientists

The glite middleware. Ariel Garcia KIT

Managing Grid Credentials

Certificate Authorities: Information and Usage

R-GMA (Relational Grid Monitoring Architecture) for monitoring applications

YAIM Overview. Bruce Becker Meraka Institute. Co-ordination & Harmonisation of Advanced e-infrastructures for Research and Education Data Sharing

Enabling Grids for E-sciencE. EGEE security pitch. Olle Mulmo. EGEE Chief Security Architect KTH, Sweden. INFSO-RI

Introduction to Grid Security

Globus Installation Procedure

On the employment of LCG GRID middleware

The EPIKH, GILDA and GISELA Projects

This PDF Document was generated for free by the Aloaha PDF Suite If you want to learn how to make your own PDF Documents visit:

GROWL Scripts and Web Services

Grid Infrastructure For Collaborative High Performance Scientific Computing

Monitoring tools in EGEE

EMI Deployment Planning. C. Aiftimiei D. Dongiovanni INFN

SA1 CILogon pilot - motivation and setup

Failover procedure for Grid core services

Entrust. Discovery 2.4. Administration Guide. Document issue: 3.0. Date of issue: June 2014

Deploying the TeraGrid PKI

Globus GTK and Grid Services

RSA NetWitness Logs. EMC Ionix Unified Infrastructure Manager. Event Source Log Configuration Guide

Overview of HEP software & LCG from the openlab perspective

Deploying virtualisation in a production grid

WMS Application Program Interface: How to integrate them in your code

<Insert Picture Here> Configuration Manager Installation Process

AMGA metadata catalogue system

An OGSI CredentialManager Service Jim Basney a, Shiva Shankar Chetan a, Feng Qin a, Sumin Song a, Xiao Tu a, and Marty Humphrey b

The glite middleware. Presented by John White EGEE-II JRA1 Dep. Manager On behalf of JRA1 Enabling Grids for E-sciencE

J. Basney, NCSA Category: Experimental October 10, MyProxy Protocol

GRID COMPANION GUIDE

Agent Teamwork Research Assistant. Progress Report. Prepared by Solomon Lane

Architecture Proposal

Hardware Tokens in META Centre

ENTRUST CONNECTOR Installation and Configuration Guide Version April 21, 2017

CE+WN+siteBDII Installation and configuration

Gridbus Portlets -- USER GUIDE -- GRIDBUS PORTLETS 1 1. GETTING STARTED 2 2. AUTHENTICATION 3 3. WORKING WITH PROJECTS 4

Gergely Sipos MTA SZTAKI

Grid Security Infrastructure

Globus Toolkit 4 Execution Management. Alexandra Jimborean International School of Informatics Hagenberg, 2009

X.509. CPSC 457/557 10/17/13 Jeffrey Zhu

Eclipse Technology Project: g-eclipse

glite Data Management System Hands-on

DataGrid. Document identifier: Date: 24/11/2003. Work package: Partner: Document status. Deliverable identifier:

VOMS Support, MyProxy Tool and Globus Online Tool in GSISSH-Term Siew Hoon Leong (Cerlane) 23rd October 2013 EGI Webinar

CILogon Project

AGATA Analysis on the GRID

Architecture of the WMS

Problemi di schedulazione distribuita su Grid

Getting Started with. Agents for Unix and Linux. Version

Credentials Management for Authentication in a Grid-Based E-Learning Platform

Administrator s Guide

MSE System and Appliance Hardening Guidelines

A Simplified Access to Grid Resources for Virtual Research Communities

This tutorial will guide you how to setup and run your own minecraft server on a Linux CentOS 6 in no time.

Managing Certificates

DIRAC Distributed Secure Framework

Interfacing Operational Grid Security to Site Security. Eileen Berman Fermi National Accelerator Laboratory

Grids and Security. Ian Neilson Grid Deployment Group CERN. TF-CSIRT London 27 Jan

How to Configure Guest Access with the Ticketing System

UNICORE Globus: Interoperability of Grid Infrastructures

Client tools know everything

Credential Management in the Grid Security Infrastructure. GlobusWorld Security Workshop January 16, 2003

Transcription:

MyProxy Server Installation Emidio Giorgio INFN First Latin American Workshop for Grid Administrators 21-25 November 2005 www.eu-egee.org

Outline Why MyProxy? Proxy Renewal mechanism. Remote authentication to the Grid MyProxy Server Installation. Server settings /etc/myproxy-server.config Starting parameters /etc/init.d/myproxy Server start. Testing MyProxy Server. myproxy-init -s <myproxy server> myproxy-get-delegation s <myproxy server> First Latin American Workshop for Grid Administrators 2

Long term proxy Proxy has limited lifetime (default is 12 h) Long jobs may outlive the validity of the initial proxy; if happens the job will die prematurely. Bad idea to have longer proxy. To solve this WMS allows proxies to be renewed automatically if user s credentials are stored on a myproxy server (proxy renewal service). When a job proxy is going to expire, proxy renewal daemon contacts MyProxy server and performs credentials renew For proxy renewal service user has to store credential using the command: myproxy-init s <server> -t <hours> -d n and specify which MyProxy server has to be contacted in jobs JDL: MyProxyServer = grid001.ct.infn.it ; First Latin American Workshop for Grid Administrators 3

Grid authentication with MyProxy Enabling Grids for E-sciencE UI myproxy-init MyProxy Server WEB Browser GENIUS Server (UI) myproxy-get-delegation Local WS output any grid service execution the Grid First Latin American Workshop for Grid Administrators 4

Installing MyProxy Server First Latin American Workshop for Grid Administrators 5

Installing MyProxy Server MyProxy is not glite/lcg native (external dependencies) It is distributed together with the most of glite services (UI,WMS..) Check that $LD_LIBRARY_PATH exports globus and myproxy lib %echo $LD_LIBRARY_PATH /usr/lib:/opt/glite/lib:/opt/glite/externals/lib:/opt/globus/lib:/opt/glite/ext ernals/myproxy-1.14/lib Ckeck that globus bin directory is into $PATH %echo $PATH /opt/globus/bin:/usr/java/j2sdk1.4.2_08/bin:/usr/bin:/opt/glite/bin:/ opt/glite/externals/bin:/usr/java/j2sdk1.4.2_08/bin:/opt/glite/exte rnals/bin:/opt/glite/bin:/opt/glite/externals/myproxy- 1.14/bin:/opt/globus/bin:/usr/sue/sbin First Latin American Workshop for Grid Administrators 6

Installing MyProxy Server (cont.) Enabling Grids for E-sciencE Request host certificates for MyProxy Server. https://gilda.ct.infn.it/ca/mgt/restricted/srvreq.php Copy host certificate (hostcert.pem and hostkey.pem) in /etc/grid-certificates. chmod 644 hostcert.pem chmod 400 hostkey.pem If planning to use certificates released by unsupported EGEE CA s, be sure that their public key and CRLs (usually distributed with an rpm) are installed. The CRL of the VO GILDA are available from https://gilda.ct.infn.it/rpms/ca_gilda-0.28.1.i386.rpm First Latin American Workshop for Grid Administrators 7

myproxy-server.config Copy /opt/glite/externals/myproxy-1.14/etc/myproxyserver.config to /etc. Edit /etc/myproxy-server.config and define the access policies accepted_credentials "/C=BE/O=BEGRID/*" accepted_credentials "/C=AT/O=AustrianGrid/*" accepted_credentials "/C=TW/*" accepted_credentials "/C=CN/O=IHEP/OU=CC/*" accepted_credentials "/C=AM/O=ArmeSFo/*" accepted_credentials "/C=it/O=GILDA/*" accepted_credentials "/C=IT/O=GILDA/*" proxy certificate subjects accepted to be stored authorized_retrievers "*" certificate subject allowed to request credentials delegation authorized_renewevers "*" certificate subject allowed to request credentials renew First Latin American Workshop for Grid Administrators 8

Myproxy server init script Download and install the configuration script. rpm ivh http://grid-deployment.web.cern.ch/grid- deployment/download/rpmdir_i386-rh73- manual/external/myproxy-config-1.1.8-13.edg1.noarch.rpm Edit /etc/init.d/myproxy Comment Comment.${GLOBUS_LOCATION}/libexec/globus-script-initializer.${libexecdir}/globus-sh-tools.sh MKCONFIG="/etc/rc.d/init.d/myproxy-generate-config.pl $CERTDIR $CERTDIR $X509_USER_CERT $EDG_LOCATION/etc/edg-myproxy.conf $CONFIG" $CONFIG" Replace MYPROXY=/opt/glite/externals/myproxy-1.14/sbin/myproxy-server First Latin American Workshop for Grid Administrators 9

Before start Listening port, storing directory for credentials and configuration file could be changed setting the appropriate variables (PORT, STORE, CONFIG) on init script. PORT= -p 751X STORE= -s /var/myproxy CONFIG= -c $CONFIG Pay attention to ownerships/permissions for $STORE! (root / 700). First Latin American Workshop for Grid Administrators 10

Before start -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 7513 -j ACCEPT service iptables restart /etc/init.d/myproxy start First Latin American Workshop for Grid Administrators 11

Testing MyProxy Server First Latin American Workshop for Grid Administrators 12

MyProxy commands myproxy-init -s <host_name> -s: <host_name> specifies the hostname of the myproxy server myproxy-info -s <host_name> Get information about stored long living proxy myproxy-get-delegation -s <host_name> Get a new proxy from the MyProxy server myproxy-destroy -s <host_name> Destroy the credential into the server Check out the myproxy-xxx - - help option First Latin American Workshop for Grid Administrators 13

Store credentials on MyProxy Server Enabling Grids for E-sciencE %voms-proxy-destroy (remove local credentials) %myproxy-init -s <server name> -p <port>... Enter GRID pass phrase for this identity:... Enter MyProxy pass phrase:... A proxy valid for 168 hours (7.0 days) for user xxx now exists on ui-test.trigrid.it. Now your credentials are stored on MyProxy server, and are available for delegation or renewal by RB First Latin American Workshop for Grid Administrators 14

Get delegation %myproxy-get-delegation -s <server name> -p <port> Enter MyProxy pass phrase: A proxy has been received for user XXX in /tmp/x509up_u5xx First Latin American Workshop for Grid Administrators 15

Inspect your delegated proxy %voms-proxy-info all subject : /C=IT/O=GILDA/OU=Personal Certificate/L=INFN/CN=Emidio Giorgio/Email=emidio.giorgio@ct.infn.it/CN=proxy/CN=prox y/cn=proxy issuer : /C=IT/O=GILDA/OU=Personal Certificate/L=INFN/CN=Emidio Giorgio/Email=emidio.giorgio@ct.infn.it/CN=proxy/CN=prox y identity : /C=IT/O=GILDA/OU=Personal Certificate/L=INFN/CN=Emidio Giorgio/Email=emidio.giorgio@ct.infn.it First Latin American Workshop for Grid Administrators 16

Questions First Latin American Workshop for Grid Administrators 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback