How to obtain and configure a certificate to use DREAM Grid resources
DREAM has been registered as a Virtual Organization (VO) in the
Open Science Grid
(OSG) and the
European Grid Initiative
(EGI). Each of these organizations also supports a wide variety of resources for opportunistic data analysis, data transfer, grid and cloud use, etc. Once you have a certificate, you can use it to access resources, for example the TTU cluster, where your certificate will automatically provision a DREAM user account and you can run data analysis and transfer jobs, and use other resources that support the DREAM VO.
Get a certificate
To use grid tools to move or analyze data, run jobs on DREAM grid-connected computing resources, etc., you will need a grid certificate. Several tools have been set up in the DREAM control room that will allow you to handle some of these tasks automatically, but to access the DREAM resources yourself, a personal certificate from any
IGTF
-accredited certificate authority (including CERN, INFN, DOEGrids, etc.) will be required. Once you have done this, you can follow instructions on the
GridSetup page to use the files you will obtain below for grid operations.
How to get a certificate from CERN
Every CERN user can get a certificate by visiting one of the following page:
Register with the DREAM VO
Once you have your personal certificate, you will need to load it into your browser and then use it to register into the
DREAM VO VOMS server
. (Note: this page will not load until you have your certificate loaded into your browser.) There are special groups defined for the DREAM primary data handling (dreamdaq) and DREAM software administration (dreamadm); you do not need to request these unless you are sure that you will need them.
Install your Grid certificate on lxplus
To install your Grid certificate on lxplus follow these steps:
- "Export" the certificate from your browser as a file. The interface for this varies from browser to browser. Internet Explorer starts with "Tools -> Internet Options -> Content"; Netscape Communicator has a "Security" button on the top menu bar; Mozilla starts with "Edit -> Preferences -> Privacy and Security -> Certificates". The certificate file will probably have the extension .p12 or .pfx.
- You will be asked for a password during the procedure. Do not forget this password.
- Login to lxplus and reate a directory called ~/.globus/
- Copy your cerficate file to this directory.
- Give the following commands, remember to substitute YourCert.p12 with the actual name of certificate file.
- openssl pkcs12 -in YourCert.p12 -clcerts -nokeys -out $HOME/.globus/usercert.pem
- openssl pkcs12 -in YourCert.p12 -nocerts -out $HOME/.globus/userkey.pem
- chmod 400 userkey.pem
- chmod 444 usercert.pem
At this point, you should have two files ~/.globus/usercert.pem and ~/.globus/userkey.pem. You have successfully installed your certificate.
Connect to the TTU farm
The TTU resources support interactive login via grid proxies using gsissh, which makes it easy to set up and administer your job. It is also possible to submit your analysis jobs remotely. If you have questions, please contact Alan Sill, Sehwook Lee, or Michele Cascella to learn the best way to do this. Questions on operational issues with the DREAM grid infrastructure can be sent to any of these people also, or if you have problems with the TTU HPCC cluster, send email to
hpccsupport@ttuNOSPAMPLEASE.edu
For more information on this topic see also the
GridSetup page.
--
AlanSill - 17-Aug-2011 --
MicheleCascella - 02-Nov-2011