VOMS Setup

Much of the VOMS configuration from the system perspective follows the MyProxy configuration (PxWlcg).

It consists of Linux-HA sharing the prod-voms address with lemon sensors for voms load and status.

Certificate request

Only a certificate for the prod-voms and vom101 was requested. There was no need for voms102 and voms103 since they are in high availability configuration.

Lemon monitoring

A lemon sensor for VOMS availability is set up using voms status. This reports to lemon metrics 808 and 809.

The same procedure as the BDII was followed.

Testing

User Setup

Login to lxplus
source /afs/cern.ch/project/gd/LCG-share/sl3/etc/profile.d/grid_env.csh

Create file ~/.edg/vomses/test-voms102.cern.ch with content (ONE line):

"test" "prod-voms.cern.ch" "15010" "/C=CH/O=CERN/OU=GRID/CN=host/lcg-voms.cern.ch" "test"

If you want the proxy to be successful you 'll have to register in the VO 'test' by opening https://voms102.cern.ch:8443/vo/test/vomrs We will approve you.

You don't need to repeat the registration for voms103 as they share the same db.

Testing

Running voms-proxy-init to create a new proxy

$ voms-proxy-init -voms test
Your identity: /C=CH/O=CERN/OU=GRID/CN=Tim Bell 6176
Enter GRID pass phrase:
Creating temporary proxy ............................ Done
Contacting  voms102.cern.ch:15010 [/C=CH/O=CERN/OU=GRID/CN=host/lcg-voms.cern.ch] "test" Done
Creating proxy .................................................................... Done
Your proxy is valid until Wed Apr  5 03:08:19 2006
If you get the message
Contacting  voms102.cern.ch:15010 [/C=CH/O=CERN/OU=GRID/CN=host/lcg-voms.cern.ch] "test"
Warning: test: User unknown to this VO. Error: VERR_SERVERCODE Failed.
Failed to contact servers for test.

If you get Error: VERR_NOSOCKET Failed., the server is down.

Standby testing

Check that

- vomrs is up on master tested using vomrs status

# /usr/lib/heartbeat/hb_standby

check

- vomrs has stopped on master (using vomrs status showning not running) - vomrs starts on slave (using vomrs status)

Reboot testing

Check that the master is running using vomrs status and then reboot the master.

The slave should automatically detect the problem and become master.

The vomrs status command and the voms-proxy-init should work.

On the rebooted machine, check that vomrs status shows down. Check voms-ping shows up.

Related Documents

Link Description
VomsStartStopCheck Start/Stop check for VOMS
vomsrs VOMSRS Documentation
voms VOMS Guide
voms-admin VOMS-Admin component Guide
-- TimBell - 24 Mar 2006
Edit | Attach | Watch | Print version | History: r10 < r9 < r8 < r7 < r6 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r7 - 2006-04-04 - TimBell
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    LCG All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback