DVOS Installation

From Gcube Wiki
Jump to: navigation, search

This page describe the installation procedure for services of the Virtual Organisation Management (VO-Management) subsystem. The Credentials Renewal service depends on external services that must be properly installed for this service to work. Links and information on external services installation are provided in the 'Pre-installation steps' section.

Pre-installation steps

This section provides information about installation procedures of external components required by the Credentials Renewal service of the VO-Management subsystem. To install the Delegation service these steps are not required.

The aim of this section is not to fully describe installation steps of these components, but to provide useful links and hints to official documentation of external components.

  • MyProxy + SimpleCA - MyProxy and the SimpleCA must be installed and configured on the same host to act together as required by the gCube architecture. The installation is logically divided into three steps.
    • First of all, the SimpleCA must be installed and a new CA must be created following the SimpleCA installation steps.
    • Secondly, a MyProxy service must be installed and configured as described in the MyProxy documentation.
    • Thirdly, and lastly, MyProxy must be configured to expose the CA created in the first step. Instructions to do this are available in the MyProxy and SimpleCA page.
  • VOMS - Installation instructions for the VOMS service are available in the VOMS installation guide.

Once SimpleCA, MyProxy and VOMS components are in place, you can proceed with the installation and configuration of Credentials Renewal service, as described below.

Installation Procedure

This section describes the procedure to install VO-Management services, it is worth noticing that, for the Credentials Renewal service providing that 'Pre-installation steps' described above have been completed.

Delegation Service Installation

The Delegation service requires the gCore distribution on the local node. gCore can be installed as described in the gCore Administrator guide. Providing the gCore distribution has been installed, the Delegation service can be installed running the following command.

gcore-deploy-service org.gcube.common.delegation.gar

The Delegation service is planned to be included in future releases of the gCore distribution, once the Delegation will be part of gCore enabling services, the manual installation described here will not be needed any more.

Credentials Renewal Service Installation

The Credentials Renewal service requires the gCore distribution on the local node, as well as an installation of services described in the 'Pre-installation steps' section. gCore can be installed as described in the gCore Administrator guide. Providing the gCore distribution has been installed, the Credentials Renewal service can be installed running the following command:

gcore-deploy-service org.gcube.vomanagement.credentialsrenewal.gar

Once installed, the Credentials Renewal service can be configured editing the $GLOBUS_LOCATION/etc/org.gcube.vomanagement.credentialsrenewal/jndi-service.xml file. Following parameters must be specified to point the Credentials Renewal to the correct MyProxy and VOMS services:

Parameter Name Description
myProxyRepositoryHost the name of the host where the MyProxy service has been installed
myProxyRepositoryPort the port number where the MyProxy service is listening (usually is 7512)
myProxyOnlineCAHost the name of the host where the MyProxy service has been installed
myProxyOnlineCAPort the port number where the MyProxy service is listening (usually is 7512)
username the distinguished name of the Credentials Renewal RI certificate
serviceCA the distinguished name of the SimpleCA used by the MyProxy service to issue credentials
serviceDN the distinguished name of the Credentials Renewal RI certificate

At the RI startup, the service will contact the MyProxy server installed during the 'Pre-installation steps' and try to load its own credentials.

Testing and verifying the installation

The installation can be verified starting the container hosting the Delegation or the Credentials Renewal service. This can be done running the command:

gcore-start-container