Difference: WMSSecureGW (4 vs. 5)

Revision 52016-03-04 - CinziaLuzzi

Line: 1 to 1
 
META TOPICPARENT name="LHCbComputing"
Added:
>
>

The gateway architecture

 

 

Resized-V586R.jpg

 

 

 

How to set up the gateway machine

 

 

 * Create a dummy CA certificate:

openssl genrsa -out cakey.pem 2048

Line: 8 to 20
 
Changed:
<
<
* Generate user certificate signed by the dummy CA:
>
>
* Generate user certificate signed by the dummy CA and save it on the gateway machine under ~/.globus:
  openssl genrsa -out userkey.pem 2048
Line: 16 to 28
  openssl x509 -req -in userreq.csr -CA cacert.pem -CAkey cakey.pem -CAcreateserial -out usercert.pem -days 500
Changed:
<
<
* Generate a host certificate signed by the dummy CA:
>
>
* Generate a host certificate signed by the dummy CA (to be saved on any BOINC VM in /etc/grid-security):
  openssl genrsa -out hostkey.pem 2048 openssl req -new -key hostkey.pem -out hostreq.csr -subj "/O=$(whoami)-dom/OU=PersonalCA/CN=$(hostname -f)" openssl x509 -req -in hostreq.csr -CA cacert.pem -CAkey cakey.pem -CAcreateserial -out hostcert.pem -days 500
Deleted:
<
<
This has to be saved on any BOINC VM in /etc/grid-security
 
Changed:
<
<
* Generate a host certificate signed by the CERN CA, https://gridca.cern.ch/gridca/ and register it in the DIRAC CS.
>
>
* Generate a host certificate signed by the CERN CA, https://gridca.cern.ch/gridca/ and register it in the DIRAC CS, this has to be saved in the gateway machine under /opt/dirac/etc/grid-security.
  * Setup CS and SystemAdministrator services by following the instruction here http://diracgrid.org/files/docs/AdministratorGuide/InstallingDIRACService/index.html

* Be sure that the CA certificate and key is in /opt/dirac/etc/grid-security/ , copy the cacert.pem in /etc/grid-security/certificates

Deleted:
<
<
* Be sure that the user certificate is in ~/.globus
 
Deleted:
<
<
* Be sure that the host certificate is in /opt/dirac/etc/grid-security
  * The install.cfg should be:
Line: 150 to 158
  The WMSSecureGW has been added to the WorkloadManagement/Service/ConfigTemplate.cfg , so yuo con install it as any other DIRAC service using the procedure here http://diracgrid.org/files/docs/AdministratorGuide/InstallingDIRACService/index.html
Changed:
<
<
>
>
 

-- CinziaLuzzi - 2015-07-15 \ No newline at end of file

Added:
>
>

META FILEATTACHMENT attachment="Resized-V586R.jpg" attr="" comment="" date="1457085951" name="Resized-V586R.jpg" path="Resized-V586R.jpg" size="146636" user="cluzzi" version="1"
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback