PX Verification and Validation Plan

Service/Component Description

The ProxyRenewal daemon is responsible for secure and controlled way of periodical renewal of user proxy certificates. Its primary goal is to support long-time jobs running on the grid. The ProxyRenewal package also contains a library and header file that allow developing C/C++ applications accessing the daemon.

Besides that, the px subsystem contains configuration packages for MyProxy.

Deployment scenarios

Deployment scenarios of Proxy renewal

  • The most widely used scenario is a proxy renewal daemon running on a WMS node. The daemon is responsible for renewal of proxy certificates that have been used to submit jobs to the WMS. The newer proxies are retrieved from a MyProxy server and optionally minced with VOMS attributes to retain the information present in the credential that is being renewed.

  • Other scenarios involve utilization of the PR library, which mediate the process of renewal. The library is used e.g. by FTS.

Deployment scenarios of MyProxy server

  • MyProxy servers are operated by VOs or other operators to provide users with a secure credential repository. Users first upload their credential into the repository and optionally assign them an access password. The credentials can be later retrieved by services acting for the users, like web portals or the WMS proxy renewal daemon.

Functionality tests

Features/Scenarios to be tested

Essential MyProxy Test (not implemented)

Normal workflow - correct input
Store a credential, query information on the stored credential, retrieve a stored credential, change passphrase (STORE, GET, RETRIEVE, INFO, CHANGEPASSWORD operations).

Pass/Fail Criteria
Pass: All operations performed as expected
Fail: Any of the operations failed

Error workflow - erroneous input

Pass/Fail Criteria

Features not to be tested

Proxy Renewal Test (not implemented)

Normal workflow - correct input
Generate a proxy, initiate renewal, check proxy information immediately and after a delay.

Prerequisities Make sure the certificate used by the renewal daemon is properly registered in the configuration of the MyProxy server used for the test:

authorized_renewers ""

A VOMS server must be configured properly in your /opt/glite/etc/vomses directory. The voms commands will also be needed, you can install them from the voms-client package.


su - glite
myproxy-init -s myproxy1.egee.cesnet.cz -d -n
voms-proxy-init -valid 0:40 -voms voce
proxy=`glite-proxy-renew -s myproxy1.egee.cesnet.cz -f /tmp/x509up_u155 -j https://fake.job.id/xxx start`
voms-proxy-info -file $proxy | grep timeleft; \
sleep 600; \
voms-proxy-info -file $proxy | grep timeleft
voms-proxy-info -file /tmp/x509up_u155 | grep timeleft

voms-proxy-info -file $proxy -identity; \
voms-proxy-info -file /tmp/x509up_u155 -identity

voms-proxy-info -file $proxy -fqan -actimeleft; \
voms-proxy-info -file /tmp/x509up_u155 -fqan -actimeleft

glite-proxy-renew -j https://fake.job.id/xxx stop
ls $proxy 2>&1 | grep 'No such file or directory' > /dev/null && echo OK

Pass/Fail Criteria
Pass: All checks finished as expected.
Fail: Any check failed.

Error workflow - erroneous input

Pass/Fail Criteria

Features not to be tested


Performance tests

Measuring the duration of functionality tests. For MyProxy, specifically, measuring the duration of operation GET.

Scalability tests

Possibly test renewal of multiple proxies at once and monitor processor load.

-- ZdenekSustr - 04-Feb-2011

Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r2 - 2011-02-11 - ZdenekSustr
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EGEE All webs login

This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright & by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Ask a support question or Send feedback