TWiki> LHCb Web>LHCbComputing>WMSSecureGW (revision 1)EditAttachPDF
- Create a dummy CA certificate:

openssl genrsa -out cakey.pem 2048 openssl req -new -x509 -days 3650 -key cakey.pem -out cacert.pem -subj "/O=$(whoami)-dom/OU=PersonalCA"

- Generate user certificate signed by the dummy CA:

openssl genrsa -out userkey.pem 2048 openssl req -new -key userkey.pem -out userreq.csr -subj "/O=$(whoami)-dom/OU=PersonalCA/CN=$(whoami)" openssl x509 -req -in userreq.csr -CA cacert.pem -CAkey cakey.pem -CAcreateserial -out usercert.pem -days 500

- Generate an host certificate signed by the CERN CA, https://gridca.cern.ch/gridca/ and register it in the DIRAC CS.

Setup CS and SystemAdministrator services by following the instruction here http://diracgrid.org/files/docs/AdministratorGuide/InstallingDIRACService/index.html

Be sure that the CA certificate and key is in /opt/dirac/etc/grid-security/ , copy the cacert.pem in /etc/grid-security/certificates. Be sure that the user certificate is in ~/.globu Be sure that the host certificate is in /opt/dirac/etc/gridsecurity

The install.cfg should be:

LocalInstallation { # DIRAC release version Release = v8r1p3 # Python version os the installation PythonVersion = 27 # To install the Server version of DIRAC (the default is client) InstallType = server # If this flag is set to yes, each DIRAC update will be installed # in a separate directory, not overriding the previous ones UseVersionsDir = yes # The directory of the DIRAC software installation TargetPath = /opt/dirac # DIRAC extensions to be installed i.e. LHCb, LHCbWeb for LHCb ExtraModules = LHCb Project = LHCb VirtualOrganization = LHCb Extensions = LHCb # These are options for the configuration of the installed DIRAC software # i.e., to produce the initial dirac.cfg for the server # Give a Name to your User Community, it does not need to be the same name as in EGI VirtualOrganization = LHCb # Site name: it should follow the convention [Infrastructure].[name].[country code] SiteName = BOINC.World.org # Setup name Setup = LHCb-Certification # Default name of system instances InstanceName = boincInstance # Flag to use the server certificates UseServerCertificate = yes # Do not download CAs, CRLs SkipCADownload = No # Flag to set up the Configuration Server as Master (use only in the primary server) ConfigurationMaster = yes # Configuration Name ConfigurationName = BOINC-Conf # These options define the DIRAC components to be installed on "this" DIRAC server. # The next options should only be set for the primary server, # they properly initialize the configuration data # # Name of the Admin user (default: None ) AdminUserName = MrBoinc # DN of the Admin user certificate (default: None ) # AdminUserEmail = MrBoinc@cernNOSPAMPLEASE.ch AdminUserDN = DN = /O=MrBoinc-dom/OU=boincCA/CN=MrBoinc # Name of the Admin group (default: dirac_admin ) AdminGroupName = boinc_user # Name of the installation host (default: the current host ) # Used to build the URLs the services will publish Host = boin-deploy-test.cern.ch # DN of the host certificate (default: None ) HostDN = /DC=ch/DC=cern/OU=computers/CN=lhcb-boinc.cern.ch # Components to deploy Systems = Configuration Systems += Framework Services = Configuration/Server Services+= Framework/SystemAdministrator }

-- CinziaLuzzi - 2015-07-15

Edit | Attach | Watch | Print version | History: r7 | r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r1 - 2015-07-15 - unknown
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    LHCb All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback