Difference between revisions of "DVOS Installation"

From Gcube Wiki
Jump to: navigation, search
m (VO Management Installation moved to DVOS Installation: wrong name of subsystem)
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
This page describe the installation procedure for services of the Virtual Organisation Management subsystem. These services are based on external services that must be properly installed. Links and information on external services installation are provided in the 'Pre-installation steps' section.
+
This page describe the installation procedure for services of the Virtual Organisation Management (VO-Management) subsystem. The Credentials Renewal service depends on external services that must be properly installed for this service to work. Links and information on external services installation are provided in the 'Pre-installation steps' section.
  
 
== Pre-installation steps ==
 
== Pre-installation steps ==
This section provides information about installation procedures of external components required by VO-Management subsystem. The aim of this section is not to fully describe installation steps of these components, but to provide useful links and hints to official documentation of external components.
+
This section provides information about installation procedures of external components required by the Credentials Renewal service of the VO-Management subsystem. To install the Delegation service these steps are not required.
 +
 
 +
The aim of this section is not to fully describe installation steps of these components, but to provide useful links and hints to official documentation of external components.
  
 
* '''MyProxy + SimpleCA''' - MyProxy and the SimpleCA must be installed and configured on the same host to act together as required by the gCube architecture. The installation is logically divided into three steps.
 
* '''MyProxy + SimpleCA''' - MyProxy and the SimpleCA must be installed and configured on the same host to act together as required by the gCube architecture. The installation is logically divided into three steps.
** First of all, the SimpleCA must be installed and a new CA must be created following [http://www-unix.globus.org/toolkit/docs/4.0/security/simpleca/admin-index.html these] steps.
+
** First of all, the SimpleCA must be installed and a new CA must be created following the [http://www-unix.globus.org/toolkit/docs/4.0/security/simpleca/admin-index.html SimpleCA installation] steps.
** Secondly, a MyProxy service must be installed and configured as described [http://grid.ncsa.uiuc.edu/myproxy/install.html here].
+
** Secondly, a MyProxy service must be installed and configured as described in the [http://grid.ncsa.uiuc.edu/myproxy/install.html MyProxy documentation].
** Thirdly, and lastly, MyProxy must be configured to expose the CA created in the first step. Instructions to do this are available [http://grid.ncsa.uiuc.edu/myproxy/ca/ here].
+
** Thirdly, and lastly, MyProxy must be configured to expose the CA created in the first step. Instructions to do this are available in the [http://grid.ncsa.uiuc.edu/myproxy/ca/ MyProxy and SimpleCA ] page.
* '''VOMS''' - Installation instructions for the VOMS service are available [https://twiki.cnaf.infn.it/twiki/pub/VOMS/VomsAdminUsersGuide/VOMS-Admin-Users-Guide.pdf here].
+
* '''VOMS''' - Installation instructions for the VOMS service are available in the [https://twiki.cnaf.infn.it/twiki/pub/VOMS/VomsAdminUsersGuide/VOMS-Admin-Users-Guide.pdf VOMS installation guide].
  
Once SimpleCA, MyProxy and VOMS components are in place, you can proceed with the installation and configuration of VO-Management components as described below.
+
Once SimpleCA, MyProxy and VOMS components are in place, you can proceed with the installation and configuration of Credentials Renewal service, as described below.
  
 
== Installation Procedure==
 
== Installation Procedure==
This section describes the procedure to install VO-Management services, providing that 'Pre-installation steps' described above have been completed.
+
This section describes the procedure to install VO-Management services, it is worth noticing that, for the Credentials Renewal service providing that 'Pre-installation steps' described above have been completed.
  
 
=== Delegation Service Installation ===
 
=== Delegation Service Installation ===
Line 23: Line 25:
  
 
=== Credentials Renewal Service Installation ===
 
=== Credentials Renewal Service Installation ===
The Credentials Renewal service requires the gCore distribution on the local node. gCore can be installed as described in the [https://wiki.gcore.research-infrastructures.eu/gCube/index.php/Administrator_Guide gCore Administrator guide]. Providing the gCore distribution has been installed, the Credentials Renewal service can be installed running the following command:
+
The Credentials Renewal service requires the gCore distribution on the local node, as well as an installation of services described in the 'Pre-installation steps' section. gCore can be installed as described in the [https://wiki.gcore.research-infrastructures.eu/gCube/index.php/Administrator_Guide gCore Administrator guide]. Providing the gCore distribution has been installed, the Credentials Renewal service can be installed running the following command:
  
 
  <code>gcore-deploy-service org.gcube.vomanagement.credentialsrenewal.gar</code>
 
  <code>gcore-deploy-service org.gcube.vomanagement.credentialsrenewal.gar</code>

Latest revision as of 11:27, 10 July 2009

This page describe the installation procedure for services of the Virtual Organisation Management (VO-Management) subsystem. The Credentials Renewal service depends on external services that must be properly installed for this service to work. Links and information on external services installation are provided in the 'Pre-installation steps' section.

Pre-installation steps

This section provides information about installation procedures of external components required by the Credentials Renewal service of the VO-Management subsystem. To install the Delegation service these steps are not required.

The aim of this section is not to fully describe installation steps of these components, but to provide useful links and hints to official documentation of external components.

  • MyProxy + SimpleCA - MyProxy and the SimpleCA must be installed and configured on the same host to act together as required by the gCube architecture. The installation is logically divided into three steps.
    • First of all, the SimpleCA must be installed and a new CA must be created following the SimpleCA installation steps.
    • Secondly, a MyProxy service must be installed and configured as described in the MyProxy documentation.
    • Thirdly, and lastly, MyProxy must be configured to expose the CA created in the first step. Instructions to do this are available in the MyProxy and SimpleCA page.
  • VOMS - Installation instructions for the VOMS service are available in the VOMS installation guide.

Once SimpleCA, MyProxy and VOMS components are in place, you can proceed with the installation and configuration of Credentials Renewal service, as described below.

Installation Procedure

This section describes the procedure to install VO-Management services, it is worth noticing that, for the Credentials Renewal service providing that 'Pre-installation steps' described above have been completed.

Delegation Service Installation

The Delegation service requires the gCore distribution on the local node. gCore can be installed as described in the gCore Administrator guide. Providing the gCore distribution has been installed, the Delegation service can be installed running the following command.

gcore-deploy-service org.gcube.common.delegation.gar

The Delegation service is planned to be included in future releases of the gCore distribution, once the Delegation will be part of gCore enabling services, the manual installation described here will not be needed any more.

Credentials Renewal Service Installation

The Credentials Renewal service requires the gCore distribution on the local node, as well as an installation of services described in the 'Pre-installation steps' section. gCore can be installed as described in the gCore Administrator guide. Providing the gCore distribution has been installed, the Credentials Renewal service can be installed running the following command:

gcore-deploy-service org.gcube.vomanagement.credentialsrenewal.gar

Once installed, the Credentials Renewal service can be configured editing the $GLOBUS_LOCATION/etc/org.gcube.vomanagement.credentialsrenewal/jndi-service.xml file. Following parameters must be specified to point the Credentials Renewal to the correct MyProxy and VOMS services:

Parameter Name Description
myProxyRepositoryHost the name of the host where the MyProxy service has been installed
myProxyRepositoryPort the port number where the MyProxy service is listening (usually is 7512)
myProxyOnlineCAHost the name of the host where the MyProxy service has been installed
myProxyOnlineCAPort the port number where the MyProxy service is listening (usually is 7512)
username the distinguished name of the Credentials Renewal RI certificate
serviceCA the distinguished name of the SimpleCA used by the MyProxy service to issue credentials
serviceDN the distinguished name of the Credentials Renewal RI certificate

At the RI startup, the service will contact the MyProxy server installed during the 'Pre-installation steps' and try to load its own credentials.

Testing and verifying the installation

The installation can be verified starting the container hosting the Delegation or the Credentials Renewal service. This can be done running the command:

gcore-start-container