* Create a dummy CA certificate:

openssl genrsa -out cakey.pem 2048

openssl req -new -x509 -days 3650 -key cakey.pem -out cacert.pem -subj "/O=$(whoami)-dom/OU=PersonalCA"

* Generate user certificate signed by the dummy CA:

openssl genrsa -out userkey.pem 2048

openssl req -new -key userkey.pem -out userreq.csr -subj "/O=$(whoami)-dom/OU=PersonalCA/CN=$(whoami)"

openssl x509 -req -in userreq.csr -CA cacert.pem -CAkey cakey.pem -CAcreateserial -out usercert.pem -days 500

* Generate an host certificate signed by the CERN CA, https://gridca.cern.ch/gridca/ and register it in the DIRAC CS.

Setup CS and SystemAdministrator services by following the instruction here http://diracgrid.org/files/docs/AdministratorGuide/InstallingDIRACService/index.html

Be sure that the CA certificate and key is in /opt/dirac/etc/grid-security/ , copy the cacert.pem in /etc/grid-security/certificates. Be sure that the user certificate is in ~/.globu Be sure that the host certificate is in /opt/dirac/etc/gridsecurity

The install.cfg should be:

  #  DIRAC release version
  Release = v8r1p3
  #  Python version os the installation
  PythonVersion = 27
  #  To install the Server version of DIRAC (the default is client)
  InstallType = server
  #  If this flag is set to yes, each DIRAC update will be installed
  #  in a separate directory, not overriding the previous ones
  UseVersionsDir = yes
  #  The directory of the DIRAC software installation
  TargetPath = /opt/dirac
  #  DIRAC extensions to be installed i.e. LHCb, LHCbWeb for LHCb
  ExtraModules = LHCb
  Project = LHCb
  VirtualOrganization = LHCb
  Extensions = LHCb
  #   These are options for the configuration of the installed DIRAC software
  #   i.e., to produce the initial dirac.cfg for the server
  #  Give a Name to your User Community, it does not need to be the same name as in EGI
  VirtualOrganization = LHCb
  #  Site name: it should follow the convention [Infrastructure].[name].[country code]
  SiteName = BOINC.World.org
  #  Setup name
  Setup = LHCb-Certification
  #  Default name of system instances
  InstanceName = boincInstance
  #  Flag to use the server certificates
  UseServerCertificate = yes
  #  Do not download CAs, CRLs
  SkipCADownload = No
  #  Flag to set up the Configuration Server as Master (use only in the primary server)
  ConfigurationMaster = yes
  #  Configuration Name
  ConfigurationName =  BOINC-Conf
  #  These options define the DIRAC components to be installed on "this" DIRAC server.
  #  The next options should only be set for the primary server,
  #  they properly initialize the configuration data
  #  Name of the Admin user (default: None )
  AdminUserName = MrBoinc
  #  DN of the Admin user certificate (default: None )
  AdminUserEmail = MrBoinc@cern.ch
  AdminUserDN =  DN = /O=MrBoinc-dom/OU=boincCA/CN=MrBoinc
  #  Name of the Admin group (default: dirac_admin )
  AdminGroupName = boinc_user
  #  Name of the installation host (default: the current host )
  #  Used to build the URLs the services will publish
  Host = boin-deploy-test.cern.ch
  #  DN of the host certificate (default: None )
  HostDN = /DC=ch/DC=cern/OU=computers/CN=lhcb-boinc.cern.ch
  #  Components to deploy
  Systems = Configuration
  Systems += Framework
  Services  = Configuration/Server
  Services+= Framework/SystemAdministrator

You will get dirac.cfg and BOINC-Conf.cfg in /opt/dirac/etc/.

Add the section Registry in dirac.cfg registering the MrBoinc user. Add the section Systems/WorkloadManagement/Services/WMSSecureGW in the dirac.cfg

          Port = 3424
          HandlerPath = LHCbDIRAC/WorkloadManagementSystem/Service/WMSSecureGW.py
            Default = all

* Get a proxy:

dirac-proxy-init -v long term

* Start the cli:

dirac-admin-sysadmin-cli --host boin-deploy-test

* Install the new service:

[boin-deploy-test]> install service WorkloadManagement WMSSecureGW

-- CinziaLuzzi - 2015-07-15

This topic: LHCb > WebHome > LHCbComputing > WMSSecureGW
Topic revision: r2 - 2015-07-15 - unknown
This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback