TWiki> LHCb Web>LHCbComputing>WMSSecureGW (revision 1)EditAttachPDF
- Create a dummy CA certificate:

openssl genrsa -out cakey.pem 2048 openssl req -new -x509 -days 3650 -key cakey.pem -out cacert.pem -subj "/O=$(whoami)-dom/OU=PersonalCA"

- Generate user certificate signed by the dummy CA:

openssl genrsa -out userkey.pem 2048 openssl req -new -key userkey.pem -out userreq.csr -subj "/O=$(whoami)-dom/OU=PersonalCA/CN=$(whoami)" openssl x509 -req -in userreq.csr -CA cacert.pem -CAkey cakey.pem -CAcreateserial -out usercert.pem -days 500

- Generate an host certificate signed by the CERN CA, and register it in the DIRAC CS.

Setup CS and SystemAdministrator services by following the instruction here

Be sure that the CA certificate and key is in /opt/dirac/etc/grid-security/ , copy the cacert.pem in /etc/grid-security/certificates. Be sure that the user certificate is in ~/.globu Be sure that the host certificate is in /opt/dirac/etc/gridsecurity

The install.cfg should be:

LocalInstallation { # DIRAC release version Release = v8r1p3 # Python version os the installation PythonVersion = 27 # To install the Server version of DIRAC (the default is client) InstallType = server # If this flag is set to yes, each DIRAC update will be installed # in a separate directory, not overriding the previous ones UseVersionsDir = yes # The directory of the DIRAC software installation TargetPath = /opt/dirac # DIRAC extensions to be installed i.e. LHCb, LHCbWeb for LHCb ExtraModules = LHCb Project = LHCb VirtualOrganization = LHCb Extensions = LHCb # These are options for the configuration of the installed DIRAC software # i.e., to produce the initial dirac.cfg for the server # Give a Name to your User Community, it does not need to be the same name as in EGI VirtualOrganization = LHCb # Site name: it should follow the convention [Infrastructure].[name].[country code] SiteName = # Setup name Setup = LHCb-Certification # Default name of system instances InstanceName = boincInstance # Flag to use the server certificates UseServerCertificate = yes # Do not download CAs, CRLs SkipCADownload = No # Flag to set up the Configuration Server as Master (use only in the primary server) ConfigurationMaster = yes # Configuration Name ConfigurationName = BOINC-Conf # These options define the DIRAC components to be installed on "this" DIRAC server. # The next options should only be set for the primary server, # they properly initialize the configuration data # # Name of the Admin user (default: None ) AdminUserName = MrBoinc # DN of the Admin user certificate (default: None ) # AdminUserEmail = AdminUserDN = DN = /O=MrBoinc-dom/OU=boincCA/CN=MrBoinc # Name of the Admin group (default: dirac_admin ) AdminGroupName = boinc_user # Name of the installation host (default: the current host ) # Used to build the URLs the services will publish Host = # DN of the host certificate (default: None ) HostDN = /DC=ch/DC=cern/OU=computers/ # Components to deploy Systems = Configuration Systems += Framework Services = Configuration/Server Services+= Framework/SystemAdministrator }

-- CinziaLuzzi - 2015-07-15

Edit | Attach | Watch | Print version | History: r7 | r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r1 - 2015-07-15 - unknown
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    LHCb All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback