How to obtain and configure a certificate to use DREAM Grid resources

DREAM has been registered as a Virtual Organization (VO) in the Open Science Grid (OSG) and the European Grid Initiative (EGI). Each of these organizations also supports a wide variety of resources for opportunistic data analysis, data transfer, grid and cloud use, etc. Once you have a certificate, you can use it to access resources, for example the TTU cluster, where your certificate will automatically provision a DREAM user account and you can run data analysis and transfer jobs, and use other resources that support the DREAM VO.

Get a certificate

To use grid tools to move or analyze data, run jobs on DREAM grid-connected computing resources, etc., you will need a grid certificate. Several tools have been set up in the DREAM control room that will allow you to handle some of these tasks automatically, but to access the DREAM resources yourself, a personal certificate from any IGTF-accredited certificate authority (including CERN, INFN, DOEGrids, etc.) will be required. Once you have done this, you can follow instructions on the GridSetup page to use the files you will obtain below for grid operations.

How to get a certificate from CERN

Every CERN user can get a certificate by visiting one of the following page:

• https://ca.cern.ch/ca/user/Request.aspx

Register with the DREAM VO

Once you have your personal certificate, you will need to load it into your browser and then use it to register into the DREAM VO VOMS server. (Note: this page will not load until you have your certificate loaded into your browser.) There are special groups defined for the DREAM primary data handling (dreamdaq) and DREAM software administration (dreamadm); you do not need to request these unless you are sure that you will need them.

Install your Grid certificate on lxplus

To install your Grid certificate on lxplus follow these steps:

1. "Export" the certificate from your browser as a file. The interface for this varies from browser to browser. Internet Explorer starts with "Tools -> Internet Options -> Content"; Netscape Communicator has a "Security" button on the top menu bar; Mozilla starts with "Edit -> Preferences -> Privacy and Security -> Certificates". The certificate file will probably have the extension .p12 or .pfx.
2. You will be asked for a password during the procedure. Do not forget this password.
3. Login to lxplus and reate a directory called ~/.globus/
   • mkdir ~/.globus/
4. Copy your cerficate file to this directory.
5. Give the following commands, remember to substitute YourCert.p12 with the actual name of certificate file.
   • openssl pkcs12 -in YourCert.p12 -clcerts -nokeys -out $HOME/.globus/usercert.pem
   • openssl pkcs12 -in YourCert.p12 -nocerts -out $HOME/.globus/userkey.pem
   • chmod 400 userkey.pem
   • chmod 444 usercert.pem

At this point, you should have two files ~/.globus/usercert.pem and ~/.globus/userkey.pem. You have successfully installed your certificate.

Connect to the TTU farm

The TTU resources support interactive login via grid proxies using gsissh, which makes it easy to set up and administer your job. It is also possible to submit your analysis jobs remotely. If you have questions, please contact Alan Sill, Sehwook Lee, or Michele Cascella to learn the best way to do this. Questions on operational issues with the DREAM grid infrastructure can be sent to any of these people also, or if you have problems with the TTU HPCC cluster, send email to hpccsupport@ttuNOSPAMPLEASE.edu

For more information on this topic see also the GridSetup page.

-- AlanSill - 17-Aug-2011 -- MicheleCascella - 02-Nov-2011