How to enable secure connection based on GSI

In the run file you should define: omni_config_type = 'gsi'

Before you start a diane program (master, worker, directory service) you should have the following SSL variables defined in the environment:

  • $X509_USER_PROXY : your user proxy certificate file (created with grid-proxy-init command), typically /tmp/x509up_u`id-u`
  • $X509_CERT_DIR : a directory with certificates of trusted authorities (so that you'd only accept users who's certificates were signed by one of these), typically /etc/grid-security/certificates

On the Grid worker node the environment should be correctly setup for you already. If you start worker agent on a non-Grid worker node, you need to handle these variables yourself. You should modify the wrapper scripts used by ganga submitters for that purpose (see submitters)

At CERN AFS you may find the certs in e.g.:

  • /afs/cern.ch/project/gd/LCG-share2/certificates/
  • /afs/cern.ch/project/gd/LCG-share/current/external/etc/grid-security/certificates/

Hint: how to start a worker manually from a console

env ORBdumpConfiguration=1 X509_USER_PROXY=/home/moscicki/x509up_u500 X509_CERT_DIR=/home/moscicki/certificates diane-worker-start -f ./MasterOID --enable-GSI --omniorb-config-file=client.cfg

The client.cfg file is derived from the runfile information.

-- JakubMoscicki - 31 Jan 2008

Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r2 - 2008-08-11 - JakubMoscicki
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    ArdaGrid All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2022 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback