-
LCG Grid Deployment-
gLite Pre Production Services -
PPS Admin Procedures
Disclaimer
Before a new VO is started in PPS an agreement must be done among all the interested parts (mainly the representatives of the interested user community and the PPS management).
The definition and extents of this negotiation process are out of the scope of this page.
The only output needed from this process, from the system configuration point of view, is the name of the new VO.
Information needed to VOMS Administrators
Once that above agreement has been reached the only information needed to
VOMS administrators to start the VO is
1 Vo Name
2 Full name of a contact person for the VO
3 e-mail of the contact person (it may be a mailing list)
4 Distinguished Name (DN) of the contact person (it is the subject of the Globus certificate)
The desired VO name to be used in the system should be an output of the previous negotiation process.
Once the VO has been set up
The
VOMS Administrators should provide to the VO contact person:
1 The line to be configured in the
/opt/glite/etc/vomses
file and in the
.vomses
file in the user directories.
2 The certificate of the
VOMS server to be stored on the UI in the directory
/etc/grid-security/vomsdir/
3. URL of the web interface for VO management.
Final memo to be mailed to the new VO admin
Once you created the proxy with
voms-proxy-init --voms
try a
voms-proxy-info -all
and search into the output if you find something bad.
In particular search for a string of the kind "Unable to verify signature!".
If this is the case you need to create a sub-dir inside the
/etc/grid-security/vomsdir/
and move the voms certificate inside that dir.
Then, before creating the proxy try and export
X509_VOMS_DIR=/etc/grid-security/vomsdir/
To access the web interface for VO management will need your personal certificate installed into your browser.
The site administrator could appear in the list of VO managers in the web interface. This is only for testing purposes. He/she will not interfere into the VO administration and will not receive notifications about user requests.
Please try the notification system generating a dummy request through the form at
https://cert-voms-01.cnaf.infn.it:8443/voms/NEW_VO_NAME/webui/userrequest/create
The user should receive a mail to verify that the email address inserted into the form is correct and is invited to visit a link. Once he visited the link the VO manager (you) is notified that the user made the request and is invited to decide about the request through the appropiate link. When you make the decision the user is notifided about your decision.
Kind regards.
-- Main.aretico - 21 Sep 2005