Adding a VO to a VOMS server

From PDP/Grid Wiki
Jump to navigationJump to search

Unfortunately, there is no (officially) released version of Yaim for the configuration of a VOMS server, so the poor admin has to resort to developer-style configuration via various XML files. At least there is documentation on how to configure a VOMS server:

However, the documentation focuses on the situation where a local database is used and some scripts take this to the practical level (thus requiring some workaround).

This guide is a collection of notes gathered during a day of trial-and-error attempting to configure a new VO on a VOMS server that uses a remote database host, and to setup to voms-admin web interface.

Disclaimer: these notes still need verification. Steps may be missing, redundant or incorrect; your mileage may vary.

1) Add new VO definitions to VOMS server

As root at the VOMS server, edit /opt/glite/etc/config/vo-list.cfg.xml Copy an existing VO definition (between tags <vo> ... </vo>). Change at least the following parameters:

  • Name of the VO
  • voms.port.number: Unique port at which the VOMS server listens
  • Name of the database
  • User name for the VO's database
  • voms.db.user.password: Password for DB

2) Create database for the new VO

As root at the remote database server, log in to the MySQL database First create the database:


Then grant access rights to this database for the VOMS database user:

GRANT ALL PRIVILEGES ON <>.* TO '<>'@'localhost' \
    IDENTIFIED BY '<voms.db.user.password>';
GRANT ALL PRIVILEGES ON <>.* TO '<>'@'<VOMS-server>' \
    IDENTIFIED BY '<voms.db.user.password>';

3) Configure and start gLite VOMS server for the new VO

Login as root at the VOMS host. To configure (for all VOs unless --vo is specified):

/opt/glite/etc/config/scripts/ [--vo <>] --configure

Sadly, (at least) one of the configuration scripts is not smart enough to configure a remote database server. To work around this problem, edit the file /opt/glite/etc/voms/<>/voms.conf and add the line


(note that this has to be repeated every time a VO is reconfigured)!

Before the server can be started, the necessary database tables should be populated or you shall be punished with a segfault. As root @ VOMS host:

/opt/glite/sbin/ deploy --vo <>

To start the server (for all VOs unless --vo is specified):

/opt/glite/etc/config/scripts/ [--vo <>] --start

4) Enable gridmap generation

Again, as root at the VOMS host. Set the environment:

. /etc/glite/profile.d/

Enable access:

voms-admin --vo=<> --nousercert add-ACL-entry /<> ANYONE VOMS_CA \ 

5) Add a VO administrator

As root at the VOMS host:

/opt/glite/sbin/ add-admin --vo <> --cert </path/to/users/grid/cert.pem>

With a bit of luck, you may be able to access the VOMS web interface: https://<>:8443/<>/