VOMS in LCG2 2_6_0

Due date for the Release: 2005-07-01

Last Update: 2005-07-01

For the Release notes:

Information about the voms-client:
voms-client 1.5.4 is packaged in this release, which is also included in the coming glite R1.2.
The following information that sites need to know will be packaged in the release:
- the contents of the $EDG_LOCATION/etc/vomses directory. It is used with users type the command:
voms-proxy-init -voms [VO nickname]:/group/Role=[VOMS-Role]
- the host certificates of the VOMS servers.
- the value of the environment variable X509_VOMS_DIR
More explanations in :
http://cern.ch/grid-deployment/cgi-bin/index.cgi?var=gis/voms-deploy#proxy

Information about the voms-server:
voms 1.5.4 and voms-admin 1.1.0 are the recommended version as they will be made available in glite R1.2. As that release is not synchronised with LCG2 2_6_0, if you wish to install and configure a VOMS server, please read http://cern.ch/grid-deployment/cgi-bin/index.cgi?var=gis/voms-deploy and get in touch with project-lcg-vo-dteam-admin@cern.ch for questions.

Information about edg-mkgridmap:
edg-mkgridmap v. 2.5.0 is made available with this release with changes by Maarten Litmaath.

For the deployment team:

Information about the voms-client:
1. Make available the "voms-client*1.5.4" rpm that you find in http://cern.ch/grid-deployment/RpmDir_i386-sl3/wp6/

2. Decide the location of X509_VOMS_DIR for the afs UI. It is the place where the voms servers' certificates live. Typically
/etc/grid-security/vomsdir.
$EDG_LOCATION/etc/vomses is a possibility.The host certificates of both voms servers are in:
/afs/cern.ch/user/d/dimou/public/host:lcg-voms.cern.ch.cert and
/afs/cern.ch/user/d/dimou/public/host:voms.cern.ch.cert

3. The files in the $EDG_LOCATION/etc/vomses directory should be the ones in the table below and will be packaged by Maarten Litmaath in rpms.
The files and the directory must belong to root (mode 644).
The contents of these files are according to the pattern:
" VO nickname", "hostname", "Port_number", "Host_Cert_Subject", "VO name"

Reminder of the ports in http://cern.ch/grid-deployment/cgi-bin/index.cgi?var=gis/voms-deploy#sysconf

Information on the voms server:
Do not offer a voms server installation package. Please see justification in the release notes.

Information on edg-mkgridmap:
The last version by Fabio Spataro is 2.4.2 available in http://cern.ch/grid-deployment/RpmDir_i386-sl3/wp6/. It contains vital fixes,without which voms servers are not taken into consideration when generating the grid-map file. Maarten will re-write the script which now exits if one of the VO servers is not contactable and the grid-map file is not re-built. The edg-mkgridmap.conf to make available is in: http://cern.ch/dimou/lcg/registrar/TF/edg-mkgridmap.conf_lcg2_2_6_0 Please copy its contents at the last moment as ATLAS and CMS might change their group structure in the coming days.

Appendix: VOMS servers at CERN in June 2005:

Software versions we run today on the CERN SL3 lcg-voms.cern.ch server [VOs configured: ALICE,ATLAS,CMS,DTEAM,LHCb] https://lcg-voms.cern.ch:8443/voms/[VOname] (load your certificate to open this URL)
- glite voms-admin v. 1.0.6 by K.Lorentey
- voms core v. 1.2.32, by V.Ciaschini/V.Venturi
- globus as packaged in vdt_globus_essentials-VDT1.2.2rh9-1
NB! This machine runs (FNAL) VOMRS on top of voms-admin. This is how the LHC Experiment VOs get populated (via CERN HR database match).

Software versions we run today on the CERN SL3 voms.cern.ch server [VOs configured: ALICE,ATLAS,CMS,DTEAM,LHCb,SIXT, SEEGrid] https://voms.cern.ch:8443/edg-voms-admin/[VOname] (load your certificate to open this URL)
- edg-voms-admin v0.7.6-1, server side is v0.7.6 by K.Lorentey
- edg-voms Version: 1.4.1 by V.Ciaschini/V.Venturi from CNAF
- Globus as packaged in VDT1.2.0rh9 (Globus 2.4.3 + patches).
NB! These VOs are populated via ldap-sync.

Maria Dimou, IT/GD Grid Infrastructure Services