INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Installing a gLite VOMS server Joachim Flammer Integration Team, CERN EMBRACE Tutorial, Clermont-Ferrand.

Slides:



Advertisements
Similar presentations
Copyright © SkyeyTech, Inc. BUGtrack Interface.
Advertisements

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
E-science grid facility for Europe and Latin America A Data Access Policy based on VOMS attributes in the Secure Storage Service Diego Scardaci.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America FiReMan Installation Emidio Giorgio INFN.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Understanding Active Directory
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Unity Connection 7.0 Directory Integration TOI Manoj Agrawal
Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.
FP6−2004−Infrastructures−6-SSA User Interface Installation Valeria Ardizzone INFN – Catania Grid tutorial for users and.
Additional SugarCRM details for complete, functional, and portable deployment.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
Session 5: Working with MySQL iNET Academy Open Source Web Development.
EGEE-II INFSO-RI Enabling Grids for E-sciencE Introduction to R-GMA: Relational Grid Monitoring Architecture.
Ninth EELA Tutorial for Users and Managers E-infrastructure shared between Europe and Latin America User Interface installation and configuration.
Global Customer Partnership Council Forum | 2008 | November 18 1IBM - GCPC MeetingIBM - GCPC Meeting IBM Lotus® Sametime® Meeting Server Deployment and.
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) VOMS Installation and configuration Bouchra
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
IST E-infrastructure shared between Europe and Latin America VOMS and MyProxy Server installation and configuration Pedro Henrique.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Simply monitor a grid site with Nagios J.
TWSd - Security Workshop Part I of III T302 Tuesday, 4/20/2010 TWS Distributed & Mainframe User Education April 18-21, 2010  Carefree Resort  Carefree,
1 Schema Registries Steven Hughes, Lou Reich, Dan Crichton NASA 21 October 2015.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America AMGA Server Installation Tony Calanducci.
INFSO-RI Enabling Grids for E-sciencE R-GMA Server Installation Tony Calanducci INFN Catania - Italy First Latin American Workshop.
INFSO-RI Enabling Grids for E-sciencE Installation and configuration of gLite Resource Broker Emidio Giorgio INFN EGEE-EMBRACE tutorial,
INFSO-RI Enabling Grids for E-sciencE WMS + LB Installation Emidio Giorgio Giuseppe La Rocca INFN EGEE Tutorial, Rome November.2005.
EDG Security European DataGrid Project Security Coordination Group
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America WMS + LB Installation Emidio Giorgio INFN.
Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Usage of virtualization in gLite certification Andreas Unterkircher.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks VOMS Vincenzo Ciaschini EGEE/OSG Workshop.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America User Interface (gLite 1.4) Installation.
EGEE User Forum Data Management session Development of gLite Web Service Based Security Components for the ATLAS Metadata Interface Thomas Doherty GridPP.
INFSO-RI Enabling Grids for E-sciencE Installing a gLite VOMS Server Giuseppe La Rocca INFN EGEE Tutorial Rome November 2005.
OSG AuthZ components Dane Skow Gabriele Carcassi.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
INFSO-RI Enabling Grids for E-sciencE User Interface (UI) Installation Giuseppe La Rocca INFN Catania - Italy First Latin American.
VOMS: Status & Plans Vincenzo Ciaschini, Valerio Venturi MWSG Meeting, CERN, Feb
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Using GStat 2.0 for Information Validation.
INFSO-RI Enabling Grids for E-sciencE ARDA Experiment Dashboard Ricardo Rocha (ARDA – CERN) on behalf of the Dashboard Team.
Database authentication in CORAL and COOL Database authentication in CORAL and COOL Giacomo Govi Giacomo Govi CERN IT/PSS CERN IT/PSS On behalf of the.
Last update 21/01/ :05 LCG 1Maria Dimou- cern-it-gd Current LCG User Registration, VO management and Authorisation Procedures VOMS workshop
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America R-GMA Server Installation Valeria Ardizzone.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America SRM + gLite IO Server install Emidio Giorgio.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Three Managing Recipients.
1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.
EGEE-II INFSO-RI Enabling Grids for E-sciencE YAIM Overview MiMOS Grid tutorial HungChe, ASGC OPS Team.
INFSO-RI Enabling Grids for E-sciencE /10/20054th EGEE Conference - Pisa1 gLite Configuration and Deployment Models JRA1 Integration.
INFSO-RI Enabling Grids for E-sciencE Authorisation and Authentication in gLite Mike Mineter National e-Science Centre, Edinburgh.
INFSO-RI Enabling Grids for E-sciencE SRMv2.2 in DPM Sophie Lemaitre Jean-Philippe.
INFSO-RI Enabling Grids for E-sciencE VOMS & MyProxy interaction Emidio Giorgio INFN NA4 Generic Applications Meeting 10 January.
INFSO-RI Enabling Grids for E-sciencE Installing & configuring Joachim Flammer Integration Team, CERN EMBRACE Tutorial, Clermont-Ferrand.
EGEE is a project funded by the European Union under contract IST Installation and configuration of gLite services Robert Harakaly, CERN,
Site Authorization Service Local Resource Authorization Service (VOX Project) Vijay Sekhri Tanya Levshina Fermilab.
EGEE is a project funded by the European Union under contract IST New VO Integration Fabio Hernandez ROC Managers Workshop,
EGI-InSPIRE RI Grid Training for Power Users EGI-InSPIRE N G I A E G I S Grid Training for Power Users Institute of Physics Belgrade.
Enabling Grids for E-sciencE gLite security pratical tutorial Dario Russo INFN Catania Catania,
Interstage BPM v11.2 1Copyright © 2010 FUJITSU LIMITED INTERSTAGE BPM ARCHITECTURE BPMS.
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite VOMS Installation and Configuration Riccardo Bruno
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks The Dashboard for Operations Cyril L’Orphelin.
INFSO-RI Enabling Grids for E-sciencE FiReMan Catalog installation Emidio Giorgio INFN EGEE tutorial, Rome
Overview of the New Security Model Akos Frohner (CERN) WP8 Meeting VI DataGRID Conference Barcelone, May 2003.
INFSO-RI Enabling Grids for E-sciencE FiReMan Catalog installation Emidio Giorgio INFN First Latin American Workshop for Grid Administrators.
INFSO-RI Enabling Grids for E-sciencE GUMS vs. LCMAPS Oscar Koeroo.
Virtual Organization Management Registration Service (VOMRS) T. Levshina J. Weigand S. White Co-Authors: L. Bauerdick, G. Carcassi, I. Fisk, A. Heavey,
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Worker Node & Torque Client Installation.
Virtual Organisations and the NGS Mike Jones Research Computing Services e-Science & “The Grid” for Bio/Health Informaticians, IT January 2008.
Integrating ArcSight with Enterprise Ticketing Systems
UVOS and VOMS differences
R-GMA Server Installation (v. 1.4)
Installing a gLite VOMS Server
Update on EDG Security (VOMS)
Presentation transcript:

INFSO-RI Enabling Grids for E-sciencE Installing a gLite VOMS server Joachim Flammer Integration Team, CERN EMBRACE Tutorial, Clermont-Ferrand July 2005

Enabling Grids for E-sciencE INFSO-RI gLite installation & configuration Joachim Flammer 2 Overview Introduction to VOMS –Features –Registration –Groups & Roles Installing VOMS –Reminder of gLite installation –Installation via apt Configuring VOMS –Key aspects –Verifying installation Registering VOMS admin VOMS server web interface –Groups –Roles VOMS command line interface Known bugs Summary

Enabling Grids for E-sciencE INFSO-RI gLite installation & configuration Joachim Flammer 3 Introduction to VOMS Virtual Organization Membership Service (VOMS) –Account Database  Serving information in a special format (VOMS credentials)  Can be administered via command line & via web interface –Provides information on the user’s relationship with his/her Virtual Organization (VO)  Membership  Group membership  Roles of user

Enabling Grids for E-sciencE INFSO-RI gLite installation & configuration Joachim Flammer 4 Introduction to VOMS VOMS Features –Single login using (proxy-init) only at the beginning of a session  Attaches VOMS certificate to user proxy –Expiration time  The authorization information is only valid for a limited period of the time as the proxy certificate itself –Multiple VO  User may log-in into multiple VOs and create an aggregate proxy certificate, which enables him/her to access resources in any one of them –Backward compatibility  The extra VO related information is in the user’s proxy certificate  User’s proxy certificate can be still used with non VOMS-aware service –Security  All client-server communications are secured and authenticated

Enabling Grids for E-sciencE INFSO-RI gLite installation & configuration Joachim Flammer 5 VOMS architecture VOMS DB voms-proxy-init Web browser Java mgmt client mkgridmap and LDAP sync VOMS core server VOMS admin server VOMS web interfac e VOMS mgmt API gridmap Support VOMS protocol over GSI HTTPS SOAP over HTTPS HTTPS MySQL API JDBC R-GMA servicetool

Enabling Grids for E-sciencE INFSO-RI gLite installation & configuration Joachim Flammer 6 Registration process Request confirmation via Membership request via Web interface VOMS SERVER VO USER VO ADMIN Confirmation of address Request notification accept / deny via web interface create user (if accepted) Notification of accept/deny

Enabling Grids for E-sciencE INFSO-RI gLite installation & configuration Joachim Flammer 7 Groups The number of users of a VO can be very high: –E.g. the experiment ATLAS has 2000 member Make VO manageable by organizing users in groups: Examples: –VO BIOMED-FRANCE  Group Paris Sorbonne University oGroup Prof. de Gaulle Central University  Group Lyon  Group Marseille –VO BIOMED-FRANCE  BIOMED-FRANCE/STAFF can write to normal storage  BIOMED-FRANCE/STUDENTcan only to volatile space Groups can have a hierarchical structure Group membership is added automatically to your proxy when doing a voms-proxy-init

Enabling Grids for E-sciencE INFSO-RI gLite installation & configuration Joachim Flammer 8 Groups rights Assign rights to certain members of the groups –using Access Control Lists (ACL) like in a file system  Allow / Deny create/delete – controls subgroup operations add/remove – controls membership operations setACL/getACL – controls ACL operations setDefault/getDefault – controls default membership operations ALL – special permission for all operations –Specifying unit for entry:  The local database administrator  A specific user (not necessarily a member of this VO)  Anyone who has a specific VOMS attribute FQAN  Anyone who presents a certificate issued by a known CA (Including host and service certificates)  Absolutely anyone, even unauthenticated clients

Enabling Grids for E-sciencE INFSO-RI gLite installation & configuration Joachim Flammer 9 Roles Roles are specific roles a user has and that distinguishes him from others in his group: –Software manager –Administrator –Manager Difference between roles and groups: –Roles have no hierarchical structure – there is no sub-role –Roles are not used in ‘normal operation’  They are not added to the proxy by default when running voms-proxy-init  But they can be added to the proxy for special purposes when running voms-proxy-init Example: –User Yannick has the following membership  VO=BIOMED-FRANCE, Group=Paris, Role=SoftwareManager –During normal operation the role is not taken into account, e.g. Yannick can work as a normal user –For special things he can obtain the role “Software Manager”

Enabling Grids for E-sciencE INFSO-RI gLite installation & configuration Joachim Flammer 10 gLite general installation – short reminder VOMS server can be installed via a gLite deployment package –Download: Installation via –Installer script –APT Installation will install all dependencies, including –other necessary gLite modules –external dependencies (e.g. TOMCAT) You will need to install non-freely available packages yourself (e.g. Java)

Enabling Grids for E-sciencE INFSO-RI gLite installation & configuration Joachim Flammer 11 Installing VOMS via apt 1.Verify if apt is present: –rpm -qa | grep apt –Install apt if necessary:  rpm -ivh 8.SL.cern.i386.rpmhttp://linuxsoft.cern.ch/cern/slc30X/i386/SL/RPMS/apt cnc6- 8.SL.cern.i386.rpm 2.Add gLite apt repository: –Put one of the following lines in a file (e.g. glite.list) inside the /etc/apt/sources.list.d directory –rpm rhel30 externals Release1.2 updates 3.Update apt repository: –apt-get update –apt-get upgrade 4.Install VOMS server: –apt-get install glite-voms-server-config Extra packages needed (non freely distributable) : Exception: J2SE v 1.4.2_08 JRE: See

Enabling Grids for E-sciencE INFSO-RI gLite installation & configuration Joachim Flammer 12 gLite configuration – short reminder Configuration files –XML format –templates provided in /opt/glite/etc/config/templates Hierarchy of configuration file –Global configuration file –service specific configuration files Parameter groups –User parameters (‘changeme’) –Advanced parameters –System parameters

Enabling Grids for E-sciencE INFSO-RI gLite installation & configuration Joachim Flammer 13 VOMS Server key configuration aspects Virtual organization description (one instance per VO) –name of the VO –VOMS (core) service TCP port number on which the server will listen for one VO  must be a valid, unique port number – typically from upwards – address used to send s on behalf of the VOMS server MySQL database configuration –Administrator password of used MySQL database Servicetool configuration –To publish the existence and status of the VOMS server to the information system (R-GMA)

Enabling Grids for E-sciencE INFSO-RI gLite installation & configuration Joachim Flammer 14 Configure & start the VOMS server 1.Go to configuration directory and copy templates –cd /opt/glite/etc/config –cp templates/*. 2.Customize configuration files by replacing all ‘changeme’ values with the proper values 3.Go to the scripts directory and execute the VOMS Server configuration script –cd scripts –./glite-voms-server-config.py –configure 4.Start the VOMS server –./glite-voms-server-config.py --start

Enabling Grids for E-sciencE INFSO-RI gLite installation & configuration Joachim Flammer 15 Verify installation Using gLite configuration script –./glite-voms-server-config.py –status Connecting to the VOMS server via browser – :8443/voms/ :8443/voms/<your-vo-name Checking if VOMS server shows up in R-GMA – :8443/R-GMA

Enabling Grids for E-sciencE INFSO-RI gLite installation & configuration Joachim Flammer 16 Register VOMS administrator The first VOMS administrator has to be added manually using the command line tools: –Copy your public grid certificate to your VOMS server –Run voms-admin command to add yourself as admin $GLITE_LOCATION/bin/voms­admin ­­vo \ create­user \ assign­role VO VO-Admin Then you can start to work using the web interface …

Enabling Grids for E-sciencE INFSO-RI gLite installation & configuration Joachim Flammer 17 VOMS Web interface VO user can –Query membership details –Register himself in the VO You will need a valid certificate –Track his requests VO manager can –Handle request from users –Administer the VO

Enabling Grids for E-sciencE INFSO-RI gLite installation & configuration Joachim Flammer 18 VO Managers - Handling requests VO manager will be informed of new requests via mail –Query requests –Accept / Deny requests

Enabling Grids for E-sciencE INFSO-RI gLite installation & configuration Joachim Flammer 19 VO Managers - Administer a VO The administrator interface allows you to –Manage users  List users  Search for users  Create users –Manage groups  List groups  Search for groups  Create groups –Manage roles  List roles  Search for roles  Create roles

Enabling Grids for E-sciencE INFSO-RI gLite installation & configuration Joachim Flammer 20 Command-line interface Creating a VO voms-admin-configure install --vo --port --dbapwd --smtp-host --mail-from Deleting a VO voms-admin-configure remove --vo --dbapwd Adding VO administrator voms-admin --vo create-user assign-role VO VO-Admin

Enabling Grids for E-sciencE INFSO-RI gLite installation & configuration Joachim Flammer 21 Command line interface (cont.) General commands voms-admin [OPTIONS] --vo=NAME [-h HOST] [-p PORT] COMMAND PARAM voms-admin [OPTIONS] --url=URL COMMAND PARAM COMMAND: –get-vo-name –list-userslist all users of VO –create-user –delete-user USER –list-caslist certificate auth. accepted by VO –list-roles –…. See VOMS admin user guide for entire list and details

Enabling Grids for E-sciencE INFSO-RI gLite installation & configuration Joachim Flammer 22 Thank you very much for your attention!

Enabling Grids for E-sciencE INFSO-RI gLite installation & configuration Joachim Flammer 23 Backup slides

Enabling Grids for E-sciencE INFSO-RI gLite installation & configuration Joachim Flammer 24 Known bugs Parameters of a VO cannot be changed for the moment –E.g. changing the VOMS port –Only possibility is to  Remove VO  Create VO again via command line interface –Pay attention: data will not be backuped! Please refer to release notes for further details

Enabling Grids for E-sciencE INFSO-RI gLite installation & configuration Joachim Flammer 25 VOMS migration plan

Enabling Grids for E-sciencE INFSO-RI gLite installation & configuration Joachim Flammer 26 VOMS Attribute certificates The pseudo-cert is inserted to a non-critical extension of the user’s proxy One for each VOMS server contacted Signature: Zxv,n,mn,………………..xcvxvx………..cvzxxz.sdf.ds fa……sdfaafaf.dsafsaf…e…..w.r…wr…wrwr. /C=CH/O=CERN/OU=GRID/CN=Gilbert Glite /C=CH/O=CERN/OU=GRID/CN=CERN CA /C=IT/O=INFN/OU=gatekeeper/L=PR /C=IT/O=INFN/CN=INFN CA Time1: Z Time2: Z GROUP: permanentStaff ROLE: administrator User’s id Server id User info

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.