Voms installation and configuration
1 / 25

VOMS Installation and configuration - PowerPoint PPT Presentation

  • Uploaded on

The EPIKH Project. (Exchange Programme to advance e-Infrastructure Know-How). VOMS Installation and configuration. Bouchra RAHIM([email protected]) Africa 6 2011 - Joint EUMEDGRID-Support/EPIKH School for Grid Site Administrators Rabat, 02.06.2011. www.epikh.eu. Outline.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' VOMS Installation and configuration' - fancy

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Voms installation and configuration

The EPIKH Project

(Exchange Programme to advance e-Infrastructure Know-How)

VOMS Installation and configuration

Bouchra RAHIM([email protected])

Africa 6 2011 - Joint EUMEDGRID-Support/EPIKH School for Grid Site Administrators

Rabat, 02.06.2011



Virtual Organization Membership Services overview

gLite VOMS:

Installation on VOMS

Configuration on VOMS


  • Virtual Organization Membership Service (VOMS)

    • Account Database

      • Serving information in a special format (VOMS credentials)

      • Can be administered via command line & via web interface

    • Provides information on the user’s relationship with his/her Virtual Organization (VO)

      • VO - Membership

      • Group membership

      • Roles of user


  • Virtual Organizations: (VOs) are groups of Grid users (authenticated through digital certificates)

  • VO Management Service: (VOMS) serves as a central database for user authorization information, providing support for sorting users into general group hierarchy, keeping track of their roles, etc.

  • VO Manager: according to VO policies and rules, authorizes authenticated users to become VO members.

  • At the time the proxy is created, one or more VOMS servers are contacted. They will return a Attribute Certificate (AC), signed by the VO and contains information about group membership and roles within the VO.


  • One machine:

  • Operating System: Scientific Linux 5 or 4

  • Public ip address, direct and reverse address resolution on a DNS and equipped with an X509 certificate.

Which metapackages we are going to install
Which metapackages we are going to install?

There are several kinds of metapackages to install:


rpm collection to support external Certification Authority .


Contains all rpm for VOMS administration and usage.

Preparing the linux machine
Preparing the Linux machine

Network Time Protocol settings

# yum install ntp

  • Copy the ntp.conf file and the ntp directory from ftp://repo.magrid.ma/pub/CE_WN_BDII/ to /etc/ (Winscp)

  • Synchronize the date

# /etc/init.d/ntpd stop

# ntpdate ntp.marwan.ma

  • Start the ntpd service and configure it to start on boot

# /etc/init.d/ntpd start

# chkconfig ntpd on

Preparing the linux machine1
Preparing the Linux machine

Disable Selinux: make sure /etc/selinux/config contains line:

  • SELINUX=disabled

  • Please check If you have a valid hostname

  • #hostname –f

  • # cat /etc/hosts

  • Stop iptables

# /etc/init.d/iptables stop

# chkconfig iptables off

  • Reboot

Repository set up
Repository set up

Add to system repository ones specific for middleware to install

# cd /etc/yum.repos.d/

export MREPO=http://repo.magrid.ma/yumrepo/glite32

# REPO="dag lcg-CA glite-VOMS_mysql"

# for name in $REPO;

do wget $MREPO/$name.repo –O /etc/yum.repos.d/$name.repo; done

Package installation
package installation

Use yum to install needed packets

# yum install lcg-CA ca-policy-egi-core ca-policy-lcg

# yum install glite-VOMS_mysql

#yum install xml-commons-apis

Preconfiguration mysql

Check that mySQL is running

service mysqld status

if not, launch it using

service mysqld start

set the root password for mysql:

/usr/bin/mysqladmin -u root password grid2011;

  • At this point, log into mysql using the following commands:

    • mysql -uroot -pgrid2011

    • grant all on *.* to 'root'@'pcXX' identified by 'grid2011';

    • grant all on *.* to 'root'@'pcXX.magrid.ma' identified by 'grid2011';

    • quit;

Preconfiguration sendmail

start send mail

/etc/init.d/sendmail start

chkconfigsendmail on


Copy siteinfo.def and services/glite-voms_mysql from '/opt/glite/yaim/examples/siteinfo'

into your favourite dir:

mkdir /opt/glite/yaim/etc/siteinfo

mkdir /opt/glite/yaim/etc/siteinfo/services

cp /opt/glite/yaim/examples/siteinfo/site-info.def /opt/glite/yaim/etc/siteinfo

cp /opt/glite/yaim/examples/siteinfo/services/glite-voms_mysql /opt/glite/yaim/etc/siteinfo/services/

Rename glite-voms_mysql as glite-voms:

mv /opt/glite/yaim/etc/siteinfo/services/glite-voms_mysql /opt/glite/yaim/etc/siteinfo/services/glite-voms

  • Or you can copy site-info.def and services/glite-voms

  • located in ftp://repo.magrid.ma/pub/VOMS/ and customize

Preconfiguration site info def

Set yaim variables as specified


  • vi /opt/glite/yaim/etc/siteinfo/site-info.def

  • VOS="voXX"

  • (XX points to your host order in the room)

  • make sure to comment the lines starting with Vo_<vo_name> and <queue-name>_to avoid syntax errors in site-info.def

  • Preconfiguration glite voms

    • set the following variables in /opt/glite/yaim/etc/siteinfo/services/glite-voms

      • MYSQL_PASSWORD=grid2011

      • VOMS_HOST=pcXX.magrid.ma

    • replace the variables starting with VO_<vo_name> by VO_VOXX and set their values as follows :

      • VO_VOXX_VOMS_PORT=15000

      • VO_VOXX_VOMS_DB_NAME=voXX_db

      • VO_VOXX_VOMS_DB_USER=voXX_user

      • VO_VOXX_VOMS_DB_PASS=grid2011

      • VOMS_DB_HOST='localhost'

      • VOMS_ADMIN_SMTP_HOST=localhost

      • VOMS_ADMIN_MAIL=<admin Email>

    Preconfiguration hostcertificates

    • copy the host certificates

      • mv /root/pcXXkey.pem /etc/grid-security/hostkey.pem

      • mv /root/pcXXcert.pem /etc/grid-security/hostcert.pem

      • chmod 400 /etc/grid-security/hostkey.pem

      • chmod 600 /etc/grid-security/hostcert.pem

    Yaim configuration
    YAIM Configuration

    • run the yaim configuration :

      • /opt/glite/yaim/bin/yaim -c -s /opt/glite/yaim/etc/siteinfo/site-info.def -n VOMS


    • import user certificate in your browser

    • you can use ftp://repo.magrid.ma/pub/VOMS/Grid-School.p12

    • Password for certificateis :[Grid2011$]

    • use that browser to connect :

    • https://pcXX.magrid.ma:8443/voms/voXX

    Registration procedure
    Registration procedure




    Membership request via Web interface

    Request confirmation

    via email

    Confirmation of email address

    Request notification

    accept / deny via web interface

    create user

    (if accepted)

    Notification of accept/deny

    Vo admin

    • Copy your usercert.pem to /root/ (you can use the one in ftp://repo.magrid.ma/pub/VOMS/usercert.pem)

    • voms-admin --vovoXX create-user /root/usercert.pem

    • voms-admin --vovoXX assign-role VO VO-ADMIN /root/usercert.pem

    Usage and mainteinance
    Usage and Mainteinance

    • People having user certificates delivered by a recognized Cas (LCG-CA) may request to subscribe your VO

    • Requests will be notified via e-mail both for requestor and administrator

    • More than one VO can be created

    • From the Web GUI different Roles may be defined to the users

    • Grid services supporting the new VO must have the specific VO setting properly configured in the site-info.def file


    # magrid #


    # MAGRID VO:





    # VOMS Specific settings: https://voms.magrid.ma:8443/voms/magrid/Configuration.do


    VO_MAGRID_VOMSES="'magrid voms.magrid.ma 15000 /C=MA/O=MaGrid/OU=CNRST/CN=voms.magrid.ma magrid'"

    VO_MAGRID_VOMS_CA_DN="'/C=MA/O=MaGrid/CN=MaGrid CA' '/C=MA/O=MaGrid/CN=MaGrid CA'"

    VO_MAGRID_WMS_HOSTS="prod-wms-01.pd.infn.it wms-4.dir.garr.it wms.ulakbim.gov.tr"

    Logs and scripts
    Logs and scripts

    • Log files can be found in

    • /var/log/messages

    • /var/log/glite/voms.<VO NAME>

    • Init scripts can be found in

    • /opt/glite/etc/config/scripts/


    INFNGRID generic installation guideMETTERE 32:


    YAIM system administrator guide:


    VOMS Installation guide


    EUMEDGRID wiki:


    EuMedGRID sites installation and setup tips


    EUMEDGRID [email protected]