* Create a dummy CA certificate:

openssl genrsa -out cakey.pem 2048

openssl req -new -x509 -days 3650 -key cakey.pem -out cacert.pem -subj "/O=$(whoami)-dom/OU=PersonalCA"

* Generate user certificate signed by the dummy CA:

openssl genrsa -out userkey.pem 2048

openssl req -new -key userkey.pem -out userreq.csr -subj "/O=$(whoami)-dom/OU=PersonalCA/CN=$(whoami)"

openssl x509 -req -in userreq.csr -CA cacert.pem -CAkey cakey.pem -CAcreateserial -out usercert.pem -days 500

* Generate an host certificate signed by the CERN CA, https://gridca.cern.ch/gridca/ and register it in the DIRAC CS.

* Setup CS and SystemAdministrator services by following the instruction here http://diracgrid.org/files/docs/AdministratorGuide/InstallingDIRACService/index.html

* Be sure that the CA certificate and key is in /opt/dirac/etc/grid-security/ , copy the cacert.pem in /etc/grid-security/certificates

* Be sure that the user certificate is in ~/.globus

* Be sure that the host certificate is in /opt/dirac/etc/grid-security

* The install.cfg should be:

  #  DIRAC release version
  Release = v8r1p3
  #  Python version os the installation
  PythonVersion = 27
  #  To install the Server version of DIRAC (the default is client)
  InstallType = server
  #  If this flag is set to yes, each DIRAC update will be installed
  #  in a separate directory, not overriding the previous ones
  UseVersionsDir = yes
  #  The directory of the DIRAC software installation
  TargetPath = /opt/dirac
  #  DIRAC extensions to be installed i.e. LHCb, LHCbWeb for LHCb
  ExtraModules = LHCb
  Project = LHCb
  VirtualOrganization = LHCb
  Extensions = LHCb
  #   These are options for the configuration of the installed DIRAC software
  #   i.e., to produce the initial dirac.cfg for the server
  #  Give a Name to your User Community, it does not need to be the same name as in EGI
  VirtualOrganization = LHCb
  #  Site name: it should follow the convention [Infrastructure].[name].[country code]
  SiteName = BOINC.World.org
  #  Setup name
  Setup = LHCb-Certification
  #  Default name of system instances
  InstanceName = boincInstance
  #  Flag to use the server certificates
  UseServerCertificate = yes
  #  Do not download CAs, CRLs
  SkipCADownload = No
  #  Flag to set up the Configuration Server as Master (use only in the primary server)
  ConfigurationMaster = yes
  #  Configuration Name
  ConfigurationName =  BOINC-Conf
  #  These options define the DIRAC components to be installed on "this" DIRAC server.
  #  The next options should only be set for the primary server,
  #  they properly initialize the configuration data
  #  Name of the Admin user (default: None )
  AdminUserName = MrBoinc
  #  DN of the Admin user certificate (default: None )
  AdminUserEmail = MrBoinc@cern.ch
  AdminUserDN =  DN = /O=MrBoinc-dom/OU=boincCA/CN=MrBoinc
  #  Name of the Admin group (default: dirac_admin )
  AdminGroupName = boinc_user
  #  Name of the installation host (default: the current host )
  #  Used to build the URLs the services will publish
  Host = boin-deploy-test.cern.ch
  #  DN of the host certificate (default: None )
  HostDN = /DC=ch/DC=cern/OU=computers/CN=lhcb-boinc.cern.ch
  #  Components to deploy
  Systems = Configuration
  Systems += Framework
  Services  = Configuration/Server
  Services+= Framework/SystemAdministrator

You will get dirac.cfg and BOINC-Conf.cfg in /opt/dirac/etc/.

Add the section Registry in dirac.cfg registering the MrBoinc user. Add the section Systems/WorkloadManagement/Services/WMSSecureGW in the dirac.cfg

          Port = 3424
          HandlerPath = LHCbDIRAC/WorkloadManagementSystem/Service/WMSSecureGW.py
            Default = all

The dirac.cfg must contain all the "real" addresses of the DIRAC services that the WMSSecureGW needs to contact. An updated version of the dirac.cfg can be found on the trunk of the LHCbDIRAC repository. Currently, any change on these addresses must be done by hands on the dirac.cfg.

* Get a proxy:

dirac-proxy-init -v long term

* Start the cli:

dirac-admin-sysadmin-cli --host boin-deploy-test

* Install the new service:

[boin-deploy-test]> install service WorkloadManagement WMSSecureGW

* You will need to install also:

ReqDB (must install MySQL on the machine too), ReqManager, RequestExecutingAgent, StorageElement.


The WMSSecureGW has been added to the WorkloadManagement/Service/ConfigTemplate.cfg , so yuo con install it as any other DIRAC service using the procedure here http://diracgrid.org/files/docs/AdministratorGuide/InstallingDIRACService/index.html

-- CinziaLuzzi - 2015-07-15

This topic: LHCb > WebHome > LHCbComputing > WMSSecureGW
Topic revision: r3 - 2015-07-30 - CinziaLuzzi
This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback