Voms installation and configuration
This presentation is the property of its rightful owner.
Sponsored Links
1 / 25

VOMS Installation and configuration PowerPoint PPT Presentation


  • 47 Views
  • Uploaded on
  • Presentation posted in: General

The EPIKH Project. (Exchange Programme to advance e-Infrastructure Know-How). VOMS Installation and configuration. Bouchra RAHIM([email protected]) Africa 6 2011 - Joint EUMEDGRID-Support/EPIKH School for Grid Site Administrators Rabat, 02.06.2011. www.epikh.eu. Outline.

Download Presentation

VOMS Installation and configuration

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Voms installation and configuration

The EPIKH Project

(Exchange Programme to advance e-Infrastructure Know-How)

VOMS Installation and configuration

Bouchra RAHIM([email protected])

Africa 6 2011 - Joint EUMEDGRID-Support/EPIKH School for Grid Site Administrators

Rabat, 02.06.2011

www.epikh.eu


Outline

Outline

Virtual Organization Membership Services overview

gLite VOMS:

Installation on VOMS

Configuration on VOMS


Voms installation and configuration

VOMS

  • Virtual Organization Membership Service (VOMS)

    • Account Database

      • Serving information in a special format (VOMS credentials)

      • Can be administered via command line & via web interface

    • Provides information on the user’s relationship with his/her Virtual Organization (VO)

      • VO - Membership

      • Group membership

      • Roles of user


Voms installation and configuration

VOMS

  • Virtual Organizations: (VOs) are groups of Grid users (authenticated through digital certificates)

  • VO Management Service: (VOMS) serves as a central database for user authorization information, providing support for sorting users into general group hierarchy, keeping track of their roles, etc.

  • VO Manager: according to VO policies and rules, authorizes authenticated users to become VO members.

  • At the time the proxy is created, one or more VOMS servers are contacted. They will return a Attribute Certificate (AC), signed by the VO and contains information about group membership and roles within the VO.


Voms installation

VOMS Installation

5


Requirements

Requirements

  • One machine:

  • Operating System: Scientific Linux 5 or 4

  • Public ip address, direct and reverse address resolution on a DNS and equipped with an X509 certificate.


Which metapackages we are going to install

Which metapackages we are going to install?

There are several kinds of metapackages to install:

lcg-CA

rpm collection to support external Certification Authority .

glite-VOMS_mysql

Contains all rpm for VOMS administration and usage.


Preparing the linux machine

Preparing the Linux machine

Network Time Protocol settings

# yum install ntp

  • Copy the ntp.conf file and the ntp directory from ftp://repo.magrid.ma/pub/CE_WN_BDII/ to /etc/ (Winscp)

  • Synchronize the date

# /etc/init.d/ntpd stop

# ntpdate ntp.marwan.ma

  • Start the ntpd service and configure it to start on boot

# /etc/init.d/ntpd start

# chkconfig ntpd on


Preparing the linux machine1

Preparing the Linux machine

Disable Selinux: make sure /etc/selinux/config contains line:

  • SELINUX=disabled

  • Please check If you have a valid hostname

  • #hostname –f

  • # cat /etc/hosts

  • Stop iptables

# /etc/init.d/iptables stop

# chkconfig iptables off

  • Reboot


Repository set up

Repository set up

Add to system repository ones specific for middleware to install

# cd /etc/yum.repos.d/

export MREPO=http://repo.magrid.ma/yumrepo/glite32

# REPO="dag lcg-CA glite-VOMS_mysql"

# for name in $REPO;

do wget $MREPO/$name.repo –O /etc/yum.repos.d/$name.repo; done


Package installation

package installation

Use yum to install needed packets

# yum install lcg-CA ca-policy-egi-core ca-policy-lcg

# yum install glite-VOMS_mysql

#yum install xml-commons-apis


Preconfiguration mysql

PreConfiguration-MySQL

Check that mySQL is running

service mysqld status

if not, launch it using

service mysqld start

set the root password for mysql:

/usr/bin/mysqladmin -u root password grid2011;

  • At this point, log into mysql using the following commands:

    • mysql -uroot -pgrid2011

    • grant all on *.* to 'root'@'pcXX' identified by 'grid2011';

    • grant all on *.* to 'root'@'pcXX.magrid.ma' identified by 'grid2011';

    • quit;


Preconfiguration sendmail

PreConfiguration-SendMail

start send mail

/etc/init.d/sendmail start

chkconfigsendmail on


Preconfiguration

PreConfiguration

Copy siteinfo.def and services/glite-voms_mysql from '/opt/glite/yaim/examples/siteinfo'

into your favourite dir:

mkdir /opt/glite/yaim/etc/siteinfo

mkdir /opt/glite/yaim/etc/siteinfo/services

cp /opt/glite/yaim/examples/siteinfo/site-info.def /opt/glite/yaim/etc/siteinfo

cp /opt/glite/yaim/examples/siteinfo/services/glite-voms_mysql /opt/glite/yaim/etc/siteinfo/services/

Rename glite-voms_mysql as glite-voms:

mv /opt/glite/yaim/etc/siteinfo/services/glite-voms_mysql /opt/glite/yaim/etc/siteinfo/services/glite-voms

  • Or you can copy site-info.def and services/glite-voms

  • located in ftp://repo.magrid.ma/pub/VOMS/ and customize


Preconfiguration site info def

PreConfiguration:site-info.def

Set yaim variables as specified

https://twiki.cern.ch/twiki/bin/view/LCG/Site-Info_configuration_variables#VOMS

  • vi /opt/glite/yaim/etc/siteinfo/site-info.def

  • VOS="voXX"

  • (XX points to your host order in the room)

  • make sure to comment the lines starting with Vo_<vo_name> and <queue-name>_to avoid syntax errors in site-info.def


  • Preconfiguration glite voms

    PreConfiguration:glite-voms

    • set the following variables in /opt/glite/yaim/etc/siteinfo/services/glite-voms

      • MYSQL_PASSWORD=grid2011

      • VOMS_HOST=pcXX.magrid.ma

    • replace the variables starting with VO_<vo_name> by VO_VOXX and set their values as follows :

      • VO_VOXX_VOMS_PORT=15000

      • VO_VOXX_VOMS_DB_NAME=voXX_db

      • VO_VOXX_VOMS_DB_USER=voXX_user

      • VO_VOXX_VOMS_DB_PASS=grid2011

      • VOMS_DB_HOST='localhost'

      • VOMS_ADMIN_SMTP_HOST=localhost

      • VOMS_ADMIN_MAIL=<admin Email>


    Preconfiguration hostcertificates

    PreConfiguration-HostCertificates

    • copy the host certificates

      • mv /root/pcXXkey.pem /etc/grid-security/hostkey.pem

      • mv /root/pcXXcert.pem /etc/grid-security/hostcert.pem

      • chmod 400 /etc/grid-security/hostkey.pem

      • chmod 600 /etc/grid-security/hostcert.pem


    Yaim configuration

    YAIM Configuration

    • run the yaim configuration :

      • /opt/glite/yaim/bin/yaim -c -s /opt/glite/yaim/etc/siteinfo/site-info.def -n VOMS


    Tests

    Tests

    • import user certificate in your browser

    • you can use ftp://repo.magrid.ma/pub/VOMS/Grid-School.p12

    • Password for certificateis :[Grid2011$]

    • use that browser to connect :

    • https://pcXX.magrid.ma:8443/voms/voXX


    Registration procedure

    Registration procedure

    VOMS SERVER

    VO USER

    VO ADMIN

    Membership request via Web interface

    Request confirmation

    via email

    Confirmation of email address

    Request notification

    accept / deny via web interface

    create user

    (if accepted)

    Notification of accept/deny


    Vo admin

    VO-ADMIN

    • Copy your usercert.pem to /root/ (you can use the one in ftp://repo.magrid.ma/pub/VOMS/usercert.pem)

    • voms-admin --vovoXX create-user /root/usercert.pem

    • voms-admin --vovoXX assign-role VO VO-ADMIN /root/usercert.pem


    Usage and mainteinance

    Usage and Mainteinance

    • People having user certificates delivered by a recognized Cas (LCG-CA) may request to subscribe your VO

    • Requests will be notified via e-mail both for requestor and administrator

    • More than one VO can be created

    • From the Web GUI different Roles may be defined to the users

    • Grid services supporting the new VO must have the specific VO setting properly configured in the site-info.def file

    ##########

    # magrid #

    ##########

    # MAGRID VO:

    VO_MAGRID_SW_DIR=$VO_SW_DIR/magrid

    VO_MAGRID_DEFAULT_SE=$SE_HOST

    VO_MAGRID_STORAGE_DIR=$CLASSIC_STORAGE_DIR/magrid

    VO_MAGRID_QUEUES="magrid"

    # VOMS Specific settings: https://voms.magrid.ma:8443/voms/magrid/Configuration.do

    VO_MAGRID_VOMS_SERVERS="vomss://voms.magrid.ma:8443/voms/magrid?/magrid"

    VO_MAGRID_VOMSES="'magrid voms.magrid.ma 15000 /C=MA/O=MaGrid/OU=CNRST/CN=voms.magrid.ma magrid'"

    VO_MAGRID_VOMS_CA_DN="'/C=MA/O=MaGrid/CN=MaGrid CA' '/C=MA/O=MaGrid/CN=MaGrid CA'"

    VO_MAGRID_WMS_HOSTS="prod-wms-01.pd.infn.it wms-4.dir.garr.it wms.ulakbim.gov.tr"


    Logs and scripts

    Logs and scripts

    • Log files can be found in

    • /var/log/messages

    • /var/log/glite/voms.<VO NAME>

    • Init scripts can be found in

    • /opt/glite/etc/config/scripts/


    References

    References

    INFNGRID generic installation guideMETTERE 32:

    http://igrelease.forge.cnaf.infn.it/doku.php?id=doc:guides:install-3_2

    YAIM system administrator guide:

    https://twiki.cern.ch/twiki/bin/view/LCG/YaimGuide400

    VOMS Installation guide

    https://edms.cern.ch/file/974982/1/voms-installation-configuration-guide.pdf

    EUMEDGRID wiki:

    http://wiki.eumedgrid.eu/bin/view

    EuMedGRID sites installation and setup tips

    http://wiki.eumedgrid.eu/twiki/bin/view/InfrastructureStatus/EumedSiteInstallation

    EUMEDGRID [email protected]

    https://voms2.cnaf.infn.it:8443/voms/eumed/Login.do


    Thank you for your kind attention

    Thank you for your kind attention !

    Any questions ?


  • Login