VOMS Server Post - installation
On the VOMS server
As we set the following parameter in the glite quattor templates:
set.mysql.root.password=false
We need to manually set the mysql root password using the command (in the mysql cli):
mysql> SET PASSWORD FOR 'root'@'voms.iihe.ac.be' = PASSWORD('The_Password');
mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('The_Password');
Remove partially installed VOs:
cd /var/glite/etc/voms-admin rm -rf <name of the vo> cd /opt/glite/etc/voms rm -rf <name of the vo>
Restart the corresponding ncm component
ncm-ncd --configure glite
Publish host certicate to be fetched by other host through url (http://voms.begrid.be/voms.begrid.be.pem):
cp /etc/grid-security/hostcert.pem /var/www/html/becms.pem
And repeat this command for every VO.
Then start httpd and add it to the boot:
service httpd start chkconfig httpd on
Optionnal : if you need to fill your VOMS server with a backed up mysql db:
# /opt/glite/sbin/voms-db-load <vo_name> Enter password:
Make sure you type this from the repository where you have your voms-<vo_name>-<date>.sql
Anyway you can type this command also:
mysql voms_iihe --user=<vo_name_user> -ppassword < voms-<vo_name>-<date>.sql
VOMS proxy validity extension
Add the following line in /opt/glite/etc/voms/VO_Name/voms.conf
--timeout=345600
Restart voms for VO_Name via
/opt/glite/etc/init.d/voms restart VO_Name
Test (if VO_Name member) with command:
voms-proxy-init -valid 1000:0 -voms VO_Name
Example of output:
Enter GRID pass phrase: Your identity: /C=BE/O=BEGRID/OU=ULB-VUB/OU=IIHE/CN=Shkelzen Rugovac Creating temporary proxy ................................. Done Contacting voms.begrid.be:18004 [/C=BE/O=BEGRID/OU=BEgrid/OU=BELNET/CN=voms.begrid.be] "beapps" Done Warning: voms.begrid.be:18004: The validity of this VOMS AC in your proxy is shortened to 345600 seconds! Creating proxy ................................. Done Your proxy is valid until Fri Jun 12 15:58:02 2009
VOMS support on CE
LCAS + LCMAPS
In /opt/edg/etc/lcmaps/gridmapfile
"/VO=becms/GROUP=/becms/ROLE=lcgadmin" becmss "/VO=becms/GROUP=/becms" .becms
In /opt/edg/etc/lcmaps/groupmapfile
"/VO=becms/GROUP=/becms/ROLE=lcgadmin" becmss "/VO=becms/GROUP=/becms" becms
Restart services
/sbin/ldconfig service globus-gatekeeper restart service globus-gridftp restart
VOMS support on the UI
In /opt/edg/etc/vomses
"becms" "voms.iihe.ac.be" "18002" "/C=BE/O=BEGRID/OU=ULB-VUB/OU=IIHE/CN=voms.iihe.ac.be" "becms"
Then you can issue:
[srugovac@master ~]$ voms-proxy-init -voms becms:/becms/Role=lcgadmin Your identity: /C=BE/O=BEGRID/OU=ULB-VUB/OU=IIHE/CN=Shkelzen Rugovac Enter GRID pass phrase: Creating temporary proxy ................................................. Done Contacting voms.iihe.ac.be:18002 [/C=BE/O=BEGRID/OU=ULB-VUB/OU=IIHE/CN=voms.iihe.ac.be] "becms" Done Creating proxy ................................................ Done Your proxy is valid until Thu Apr 20 04:13:33 2006 [srugovac@master ~]$ voms-proxy-info --all subject : /C=BE/O=BEGRID/OU=ULB-VUB/OU=IIHE/CN=Shkelzen Rugovac/CN=proxy issuer : /C=BE/O=BEGRID/OU=ULB-VUB/OU=IIHE/CN=Shkelzen Rugovac identity : /C=BE/O=BEGRID/OU=ULB-VUB/OU=IIHE/CN=Shkelzen Rugovac type : proxy strength : 512 bits path : /tmp/x509up_u740 timeleft : 11:59:52 VO : becms subject : /C=BE/O=BEGRID/OU=ULB-VUB/OU=IIHE/CN=Shkelzen Rugovac issuer : /C=BE/O=BEGRID/OU=ULB-VUB/OU=IIHE/CN=voms.iihe.ac.be attribute : /becms/Role=lcgadmin/Capability=NULL attribute : /becms/Role=NULL/Capability=NULL timeleft : 11:59:52
Last things
In all kinds of nodes (?), copy the hostcert.pem of the VOMS server in /etc/grid-security/vomsdir
VOMS services to restart
service tomcat5 restart
located in /etc/init.d/tomcat5
