EMIR TESTBED 001 2012 :

Testbed Case Applicant Details:

Testbed Applicant Product Teams involved or potentially interested Testing period and estimated duration
Shiraz Memon (EMIR PT) EMIR PT, ARC, UNICORE, gLite(optional) 4-6 weeks

Testbed Case Detailed description:

  1. Testing Use Case:
    • Before the EMIR can be deployed in a real production environment, the use case will try to simulate the EGI and the participating NGIs (or such federations) so that the performance and latency can be measured and evaluated.
  2. Testbed Required Resources:
    • List of EMI components to be deployed in the testbed infrastructure: emir-server
    • Expected number of instances per component per site: 1
    • Minimal number of sites: 10
    • Expected usage scale (ex. number of users, number of requests/jobs/?? to handle): greater than 10000 requests

Testbed Case Required Resources :

List of EMI components to be deployed in the testbed infrastructure Expected number of instances per component per site Versions/Platform to be deployed per product/component Platform
EMIR Server 1 node per site EMI-2 RC releases SL5 X86_64 with EPEL
EMIR Client 1 per product which publish info EMI rc releases SL5 X86_64 with EPEL

  1. HW requirements for instances:
    • ssh access
    • open port
    • Any Linux OS
    • 2 GB RAM
    • 4 GB of Disk Space

Testbed Case Resources Configuration:

Network requirements Accessibility requirements Component configuration Needed Grid User accounts Supported Virtual Organization fake CA or certificates

********************** Testbed Configuration Details (some details maybe specified in a second time):

  • Versions/Platform to be deployed per product/component: SL5 or SL6 64 Bit, jdk 6, maven 2, ant
  • Network requirements: ssh access and open port on each instance
  • Accessibility requirements (ex. access granted to userX, userY, etc.): -
  • Component configuration (ex. serviceX talking to serviceY, information system publishing...): -
  • Needed Grid User accounts: 3
  • Supported Virtual Organization (testers.emi-eu.emi is default): -
  • fake CA or certificates: yes.
    • The certificate issued to the servers should be of type server and client simultaneously. Therefore the extensions of the certificate contains (Both of these information available on EMIR wiki, would be helpful for those installing the emir instances.):
      • X509v3 extensions:
        • Netscape Cert Type:
        • SSL Client, SSL Server
  • Any other information useful to define the required testing environment:
  • 6 instances (3 instances should reside in countryA while the rest in CountryB)
  • 2 instances should reside in CountryC and CountryD respectively
  • 2 instances can lie in any of the above locations

Configure EMIR in 7 Steps

  1. Install emir from the emi's SL5/SL6 repository
  2. request fake ca certificate from emir@niifSPAMNOTNOSPAMPLEASE.hu
  3. change hostname, scheme, port, keystore, and truststore configurations in the dsr.config file
  4. change mongodb properties (host and port) and start the database while executing the “mongod” command
  5. Configuring Hierarchy
    1. set the "parent.url" property, if the managed emir server has parent in the hierarchy and set the acl file
    2. set the "registry.global.enable=true" and "registry.global.providerlist" property, if the managed emir server is global
  6. Configuring Access Control List (ACL)
    1. send your emir server certificate's DN to your ancestor or peer emir server's admin in the emir network (Signed email, snail mail, personally, etc.) (see the next section for howto)
    2. The parent emir server's admin MUST add the above received DN to the emir.acl file. Example: CN=SomeName,O=SomeOrg,C=DE :: serviceowner (again Signed email, snail mail, personally, etc.)
    3. If the server is global, insert the DNs of all the peers (from the global list) and immediate child emir servers
  7. Start the server: emir-start

How to generate RFC 2253 DN from Client certificate for the emir.acl?

In order to extract the subject name from certificate (PKCS#12 format), follow the two steps below:

  1. openssl pkcs12 -in <source_certficate>.p12 -out <target_certificate>.pem -passin pass:<password> -passout pass:<password>
  2. openssl x509 -subject -noout -nameopt RFC2253 -in <target_certificate>.pem
  3. Paste the DN from console to emir.acl with role, Example: RFC2253-DN :: (serviceowner | admin)

Setup /Participant Sites :


CERN - EMITESTED emi-sa26@eu-emi.eu http://emitbdsr1.cern.ch:9126/service EMI-2 EMITESTBED Production Resources
CERN - EGI TEST laurence.field@cernNOSPAMPLEASE.ch ?? ??
Juelich -EMITESTBED b.hagemeier@fz-juelichNOSPAMPLEASE.de zam052v04.zam.kfa-juelich.de

Other resources part of the network: https://maps.google.com/maps?q=http://rebus.cern.ch/emir.kml

Structure TREE

                              /            \
              emir.global-url-1 -- emir.global-url-2
                       | ---------------------------------------------------------                                                             
               emir-dsr-1-url                                              |  
              /                     \                                            |
     emir-dsr-2-url        emir-dsr-3-url                             |
                                                                       /                     \
                                                             emir-dsr-5-url        emir-dsr-6-url

Tests Logbook / Feedbacks :

-- DaniloDongiovanni - 04-Apr-2011

-- DaniloDongiovanni - 03-Apr-2012

Edit | Attach | Watch | Print version | History: r9 < r8 < r7 < r6 < r5 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r9 - 2012-07-26 - DaniloDongiovanniExternal
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EMI All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback