* Create a dummy CA certificate:
openssl genrsa -out cakey.pem 2048
openssl req -new -x509 -days 3650 -key cakey.pem -out cacert.pem -subj "/O=$(whoami)-dom/OU=PersonalCA"
* Generate user certificate signed by the dummy CA:
openssl genrsa -out userkey.pem 2048
openssl req -new -key userkey.pem -out userreq.csr -subj "/O=$(whoami)-dom/OU=PersonalCA/CN=$(whoami)"
openssl x509 -req -in userreq.csr -CA cacert.pem -CAkey cakey.pem -CAcreateserial -out usercert.pem -days 500
* Generate an host certificate signed by the CERN CA,
https://gridca.cern.ch/gridca/
and register it in the DIRAC CS.
* Setup CS and
SystemAdministrator services by following the instruction here
http://diracgrid.org/files/docs/AdministratorGuide/InstallingDIRACService/index.html
* Be sure that the CA certificate and key is in /opt/dirac/etc/grid-security/ , copy the cacert.pem in /etc/grid-security/certificates
* Be sure that the user certificate is in ~/.globus
* Be sure that the host certificate is in /opt/dirac/etc/grid-security
* The install.cfg should be:
LocalInstallation
{
# DIRAC release version
Release = v8r1p3
# Python version os the installation
PythonVersion = 27
# To install the Server version of DIRAC (the default is client)
InstallType = server
# If this flag is set to yes, each DIRAC update will be installed
# in a separate directory, not overriding the previous ones
UseVersionsDir = yes
# The directory of the DIRAC software installation
TargetPath = /opt/dirac
# DIRAC extensions to be installed i.e. LHCb, LHCbWeb for LHCb
ExtraModules = LHCb
Project = LHCb
VirtualOrganization = LHCb
Extensions = LHCb
# These are options for the configuration of the installed DIRAC software
# i.e., to produce the initial dirac.cfg for the server
# Give a Name to your User Community, it does not need to be the same name as in EGI
VirtualOrganization = LHCb
# Site name: it should follow the convention [Infrastructure].[name].[country code]
SiteName = BOINC.World.org
# Setup name
Setup = LHCb-Certification
# Default name of system instances
InstanceName = boincInstance
# Flag to use the server certificates
UseServerCertificate = yes
# Do not download CAs, CRLs
SkipCADownload = No
# Flag to set up the Configuration Server as Master (use only in the primary server)
ConfigurationMaster = yes
# Configuration Name
ConfigurationName = BOINC-Conf
# These options define the DIRAC components to be installed on "this" DIRAC server.
# The next options should only be set for the primary server,
# they properly initialize the configuration data
#
# Name of the Admin user (default: None )
AdminUserName = MrBoinc
# DN of the Admin user certificate (default: None )
#
AdminUserEmail = MrBoinc@cern.ch
AdminUserDN = DN = /O=MrBoinc-dom/OU=boincCA/CN=MrBoinc
# Name of the Admin group (default: dirac_admin )
AdminGroupName = boinc_user
# Name of the installation host (default: the current host )
# Used to build the URLs the services will publish
Host = boin-deploy-test.cern.ch
# DN of the host certificate (default: None )
HostDN = /DC=ch/DC=cern/OU=computers/CN=lhcb-boinc.cern.ch
# Components to deploy
Systems = Configuration
Systems += Framework
Services = Configuration/Server
Services+= Framework/SystemAdministrator
}
You will get dirac.cfg and BOINC-Conf.cfg in /opt/dirac/etc/.
Add the section Registry in dirac.cfg registering the
MrBoinc user.
Add the section Systems/WorkloadManagement/Services/WMSSecureGW in the dirac.cfg
Systems
{
WorkloadManagement
{
boincInstance
{
Services
{
WMSSecureGW
{
Port = 3424
HandlerPath = LHCbDIRAC/WorkloadManagementSystem/Service/WMSSecureGW.py
Authorization
{
Default = all
}
}
}
}
}
}
The dirac.cfg must contain all the "real" addresses of the DIRAC services that the
WMSSecureGW needs to contact. An updated version of the dirac.cfg can be found on the trunk of the
LHCbDIRAC repository. Currently, any change on these addresses must be done by hands on the dirac.cfg.
* Get a proxy:
dirac-proxy-init -v long term
* Start the cli:
dirac-admin-sysadmin-cli --host boin-deploy-test
* Install the new service:
[boin-deploy-test]> install service
WorkloadManagement WMSSecureGW
* You will need to install also:
ReqDB (must install
MySQL on the machine too),
ReqManager,
RequestExecutingAgent,
StorageElement.
N.B.
The
WMSSecureGW has been added to the
WorkloadManagement/Service/ConfigTemplate.cfg , so yuo con install it as any other DIRAC service using the procedure here
http://diracgrid.org/files/docs/AdministratorGuide/InstallingDIRACService/index.html
--
CinziaLuzzi - 2015-07-15