How to get access to WLCG



Three things are needed to have access to WLCG:

1. a personal certificate, used to authenticate with the Grid;

2. having your personal certificate registered in the CMS Virtual Organisation;

3. an account on a User Interface (any machine with the WLCG commands installed).

These steps are here explained in detail.

Getting a personal certificate

A personal certificate consists of a pair of files, the private key (userkey.pem) and the certificate itself, containing the public key (usercert.pem). To obtain a certificate, a request has to be made to a Certification Authority recognized by WLCG. You have three options:

  1. find out from the list of recognized Certification Authorities the one relative to your country and request a certificate from them following the procedures published on their web site;
  2. request a certificate from the CERN CA if you have a CERN NICE account;
  3. request a certificate from the WLCG catch-all CA if no CA exists for your country and you do not have a CERN NICE account.

When a personal certificate is renewed, normally the certificate subject is identical to the old one: in that case, nothing has to be done about the VO registration.

How to get or renew a certificate from the CERN CA

The CERN CA will issue certificates only to people with a CERN NICE account.

The steps to follow to make a request are explained in the CA website. The instructions to convert the certificate in a format appropriate for use in the Grid are here. If you have problems, write to the Helpdesk. The procedure to renew a certificate is identical to the procedure to get a certificate for the first time.

Make sure that the certificate and the private key are installed in $HOME/.globus with the following permissions:

-rw-r--r-- 1 doe zh 4541 Feb 23 17:44 usercert.pem
-r-------- 1 doe zh 963 Feb 22 11:52 userkey.pem

Notice that the private key must be readable only by you, otherwise the certificate will not work (and your private key could be stolen).

How to register in the CMS VO

When in possession of a personal certificate, a CMS user has to register his certificate in the CMS Virtual Organisation in order to be authorized to use WLCG resources. The procedure is different depending if you are already registered in the CMS VO or not.

If you never registered to the CMS VO

First of all, make sure that you are registered in the CERN Human Resources database with an e-mail address.

Follow these steps:

  1. obtain a personal certificate, if you have not done so;
  2. convert your certificate in P12 format and load it into your browser; however this is not necessary if you have obtained a CERN certificate, because it is already in the browser (use the very same browser used to request the certificate);
  3. go to the CMS VOMRS server, and follow the instructions, taking into account the following;
  4. when asked, provide an e-mail address which matches the Generic E-mail of the Preferred E-mail fields in the CERN HR database; if you have an account at CERN, choose your CERN e-mail address;
  5. if you are an US-CMS member, select Vijay Sekhri as Representative and follow these additional steps;
  6. if you are a German CMS member, select Thomas Kress as Representative;
  7. if you are an Italian CMS member, select Giuseppe Bagliesi as Representative;
  8. if you are a Taiwanese CMS member, select Chia-Ming Kuo as Representative;
  9. otherwise, select Andrea Sciabà as Representative;
  10. select which groups and roles to join following the indications of the following table. The average CMS user should only select the combination /cms/Role=cmsuser.

Group Group Roles Description Non-US-CMS member US-CMS member German CMS members Italian CMS members Taiwanese CMS members
/cms no role All CMS users Y Y Y Y Y
cmsuser Normal user in OSG Y Y Y Y Y
lcgadmin To install CMS software on WLCG N N N N N

-- MarcoCalloni - 21 Apr 2009

Edit | Attach | Watch | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r1 - 2009-04-21 - MarcoCalloni
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    Sandbox All webs login

  • Edit
  • Attach
This site is powered by the TWiki collaboration platform Powered by PerlCopyright &© 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback