LCG - gLite Certification

To Start

Before starting your activity in the gLite Certification group you need to...

• Know who is working with you
• Get write access to the LCG Node Status Page
• Know which machines you are going to work on
• Get access to these machines
• Get write access to the certification afs area

Know who is working with you

The current gLite Certification team:

• task manager: Nicholas Thackray
• at CERN:
  • Alessandro Usai
  • Antonio Retico
  • Di Qing
• at CESGA:
  • Javier Lopez Cacheiro

Get write access the the LCG Node Status Page

Send an e-mail to Laurence Field explaining who you are and ask for write access to the node status page for the gLite certification group.

You need to attach to your e-mail your DN (Distinguished Name) It is the Subject in your Globus certificate ~/.globus/usercert.pem (It is better to put Nick in CC in this e-mail).

Know which machines you are going to work on

If you want simply to view the page before you have registered use the link:

http://grid-deployment.web.cern.ch/grid-deployment/cgi-bin/nodes-status.cgi?details=on&order=host&admin_view=all&cluster_view=gLite+Cert

After you had registered use the link:

https://lcg-nodes-status.cern.ch:8282/cgi-bin/nodes-status.cgi?details=on&order=host&admin_view=all&cluster_view=gLite+Cert

Select gLite Cert in Cluster: combobox and then push button Send to obtain nodes from gLite Certification Cluster.

Log to machines in the certification testbed

You need your ssh public key to be put in the authorized keys file of all the machines You should:

• generate an ssh key pair (if you don't have already one):

> ssh-keygen -t rsa

• send your public key to Laurence Field or Louis Poncet explaining who you are and asking to insert your key in the post-install script for the gLite certification activity. Then ask to re-run the post-install script on the node you are interested to access. (It is better to put in CC Nick to this e-mail).

• now you should be able to access the node using ssh2 with the public key authentication method.

Later on, on new installations, your key will be already there. So hopefully you don't need to ask too many times for the script to be run.

Get write access to the certification afs area

The afs area wher all the shared data of the certification group are kept is: /afs/cern.ch/project/gd/egee

In order to have write permission on this area send an e-mail to Antonio Retico and ask for write access to the area of interest. You need to specify your afs user name. (It is better to put Nick in CC).

How to use the afs UI

For certification purposes we use an user-based installation of the UI in AFS. This is because in this way we can maintain several versions of the UI, corresponding to different releases or different default settings, with no need for new nodes.

The root dir for the more recent gLite UI on lxplus is the following:

/afs/cern.ch/project/gd/egee/glite/ui_R1.3

For next versions of the UI you will hopefully just need to change the release number in the path. In order to use it, you have to source the setenv file:

> source /afs/cern.ch/project/gd/egee/glite/ui_R1.1/glite-setenv.csh

If you plan to use often the UI you may want to insert this line in your ~/.tcshrc file. Currently this script defines X509_VOMS_DIR as:

/afs/cern.ch/project/gd/egee/glite/ui/opt/glite/etc/grid-security/vomsdir/

It seems that some problems arise if this dir contains more than a single voms host certificate. So we have moved different host certificates to different directories.

The voms server we are currently using is lcg-voms.cern.ch. In order to use it you should fix the variable as follows:

> setenv X509_VOMS_DIR ${UI_ROOT}/etc/grid-security/vomsdir/lcg-voms

This has to be done whenever you want to switch to another voms server. You need also the file ~/.glite/vomses to be created.

> cat ~/.glite/vomses
"dteam" "lcg-voms.cern.ch" "15004" "/C=CH/O=CERN/OU=GRID/CN=host/lcg-voms.cern.ch" "dteam"

-- VladimirDimitrov - 31 Aug 2005