EGEE Web>SA3>EGEECertification>SA3Testing>PXSoftwareVerificationandValidationPlan (2011-02-11, ZdenekSustr)

PX Verification and Validation Plan

Service/Component Description

The ProxyRenewal daemon is responsible for secure and controlled way of periodical renewal of user proxy certificates. Its primary goal is to support long-time jobs running on the grid. The ProxyRenewal package also contains a library and header file that allow developing C/C++ applications accessing the daemon.

Besides that, the px subsystem contains configuration packages for MyProxy.

Deployment scenarios

Deployment scenarios of Proxy renewal

The most widely used scenario is a proxy renewal daemon running on a WMS node. The daemon is responsible for renewal of proxy certificates that have been used to submit jobs to the WMS. The newer proxies are retrieved from a MyProxy server and optionally minced with VOMS attributes to retain the information present in the credential that is being renewed.

Other scenarios involve utilization of the PR library, which mediate the process of renewal. The library is used e.g. by FTS.

Deployment scenarios of MyProxy server

MyProxy servers are operated by VOs or other operators to provide users with a secure credential repository. Users first upload their credential into the repository and optionally assign them an access password. The credentials can be later retrieved by services acting for the users, like web portals or the WMS proxy renewal daemon.

Functionality tests

Features/Scenarios to be tested

Essential MyProxy Test (not implemented)

Normal workflow - correct input

Store a credential, query information on the stored credential, retrieve a stored credential, change passphrase (STORE, GET, RETRIEVE, INFO, CHANGEPASSWORD operations).

Pass/Fail Criteria

Pass: All operations performed as expected
Fail: Any of the operations failed

Error workflow - erroneous input

N/A

Pass/Fail Criteria

N/A

Features not to be tested

Proxy Renewal Test (not implemented)

Normal workflow - correct input

Generate a proxy, initiate renewal, check proxy information immediately and after a delay.

Show Code Hide Code

Prerequisities Make sure the certificate used by the renewal daemon is properly registered in the configuration of the MyProxy server used for the test:

authorized_renewers ""

A VOMS server must be configured properly in your /opt/glite/etc/vomses directory. The voms commands will also be needed, you can install them from the voms-client package.

Process

su - glite
myproxy-init -s myproxy1.egee.cesnet.cz -d -n
voms-proxy-init -valid 0:40 -voms voce
proxy=`glite-proxy-renew -s myproxy1.egee.cesnet.cz -f /tmp/x509up_u155 -j https://fake.job.id/xxx start`
voms-proxy-info -file $proxy | grep timeleft; \
sleep 600; \
voms-proxy-info -file $proxy | grep timeleft
voms-proxy-info -file /tmp/x509up_u155 | grep timeleft

voms-proxy-info -file $proxy -identity; \
voms-proxy-info -file /tmp/x509up_u155 -identity

voms-proxy-info -file $proxy -fqan -actimeleft; \
voms-proxy-info -file /tmp/x509up_u155 -fqan -actimeleft

glite-proxy-renew -j https://fake.job.id/xxx stop
ls $proxy 2>&1 | grep 'No such file or directory' > /dev/null && echo OK

Pass/Fail Criteria

Pass: All checks finished as expected.
Fail: Any check failed.

Error workflow - erroneous input

N/A

Pass/Fail Criteria

N/A

Features not to be tested

N/A

Performance tests

Measuring the duration of functionality tests. For MyProxy, specifically, measuring the duration of operation GET.

Scalability tests

Possibly test renewal of multiple proxies at once and monitor processor load.

-- ZdenekSustr - 04-Feb-2011

Topic revision: r2 - 2011-02-11 - ZdenekSustr

EGEE

Main.WebList

Welcome Guest

- Cern Search
- TWiki Search
- Google Search
EGEE All webs

Copyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Ask a support question or Send feedback