LCG - gLite Certification
To Start
Before starting your activity in the gLite Certification group you need to...
- Know who is working with you
- Get write access to the LCG Node Status Page
- Know which machines you are going to work on
- Get access to these machines
- Get write access to the certification afs area
Know who is working with you
The current gLite Certification team:
Get write access the the LCG Node Status Page
Send an e-mail to
Laurence Field explaining who you are and ask for write access to the node status page for the gLite certification group.
You need to attach to your e-mail your DN (Distinguished Name) It is the Subject in your Globus certificate
~/.globus/usercert.pem
(It is better to put
Nick in CC in this e-mail).
Know which machines you are going to work on
If you want simply to view the page before you have registered use the link:
http://grid-deployment.web.cern.ch/grid-deployment/cgi-bin/nodes-status.cgi?details=on&order=host&admin_view=all&cluster_view=gLite+Cert
After you had registered use the link:
https://lcg-nodes-status.cern.ch:8282/cgi-bin/nodes-status.cgi?details=on&order=host&admin_view=all&cluster_view=gLite+Cert
Select
gLite Cert in
Cluster: combobox and then push button
Send
to obtain nodes from gLite Certification Cluster.
Log to machines in the certification testbed
You need your ssh public key to be put in the authorized keys file of all the machines You should:
- generate an ssh key pair (if you don't have already one):
> ssh-keygen -t rsa
- send your public key to Laurence Field or Louis Poncet explaining who you are and asking to insert your key in the post-install script for the gLite certification activity. Then ask to re-run the post-install script on the node you are interested to access. (It is better to put in CC Nick to this e-mail).
- now you should be able to access the node using ssh2 with the public key authentication method.
Later on, on new installations, your key will be already there. So hopefully you don't need to ask too many times for the script to be run.
Get write access to the certification afs area
The afs area wher all the shared data of the certification group are kept is:
/afs/cern.ch/project/gd/egee
In order to have write permission on this area send an e-mail to
Antonio Retico and ask for write access to the area of interest. You need to specify your afs user name. (It is better to put
Nick in CC).
How to use the afs UI
For certification purposes we use an user-based installation of the UI in AFS. This is because in this way we can maintain several versions of the UI, corresponding to different releases or different default settings, with no need for new nodes.
The root dir for the more recent gLite UI on lxplus is the following:
/afs/cern.ch/project/gd/egee/glite/ui_R1.3
For next versions of the UI you will hopefully just need to change the release number in the path. In order to use it, you have to source the setenv file:
> source /afs/cern.ch/project/gd/egee/glite/ui_R1.1/glite-setenv.csh
If you plan to use often the UI you may want to insert this line in your
~/.tcshrc
file.
Currently this script defines X509_VOMS_DIR as:
/afs/cern.ch/project/gd/egee/glite/ui/opt/glite/etc/grid-security/vomsdir/
It seems that some problems arise if this dir contains more than a single voms host certificate. So we have moved different host certificates to different directories.
The voms server we are currently using is
lcg-voms.cern.ch
. In order to use it you should fix the variable as follows:
> setenv X509_VOMS_DIR ${UI_ROOT}/etc/grid-security/vomsdir/lcg-voms
This has to be done whenever you want to switch to another voms server. You need also the file
~/.glite/vomses
to be created.
> cat ~/.glite/vomses
"dteam" "lcg-voms.cern.ch" "15004" "/C=CH/O=CERN/OU=GRID/CN=host/lcg-voms.cern.ch" "dteam"
--
VladimirDimitrov - 31 Aug 2005