Difference between revisions of "EES installation instructions"
From PDP/Grid Wiki
Jump to navigationJump to search (Created page with "== Basic installation == * Install the EES: yum install ees * Add a useraccount for the ees user: useradd -r -M ees * Update ees.conf for logging: ** ''syslog''<br>comment-out ...") |
|||
| (12 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
* Install the EES: | * Install the EES: | ||
yum install ees | yum install ees | ||
| − | * | + | * When needed, add a useraccount for the ees user (should be automatic by RPM): |
useradd -r -M ees | useradd -r -M ees | ||
* Update ees.conf for logging: | * Update ees.conf for logging: | ||
| − | + | : ''syslog'' | |
| − | + | ::comment-out the ''log='' line. | |
| − | + | : ''file'' | |
| − | + | ::when needed, update the logfile to a file writeable for the ees user | |
| − | + | * enable the service | |
| − | + | chkconfig ees on | |
* start the ees | * start the ees | ||
/etc/init.d/ees start | /etc/init.d/ees start | ||
| − | * You can use the [http:// | + | * You can use the [http://software.nikhef.nl/security/nagios-plugins-ees/ EES nagios plugin] to test it is working correctly: |
| + | yum install nagios-plugins-ees | ||
| + | /usr/lib64/nagios/plugins/check_ees | ||
== Installation of Argus Obligation Handler == | == Installation of Argus Obligation Handler == | ||
* On the host running the Argus PEPd run | * On the host running the Argus PEPd run | ||
yum install ees-pepd-oh | yum install ees-pepd-oh | ||
| + | * Create a symlink: | ||
| + | ln -s /usr/share/java/ees-pepd-oh.jar /var/lib/argus/pepd/lib/ | ||
* Make sure there is a policy active in the Argus PAP that will trigger an EES run, e.g.: | * Make sure there is a policy active in the Argus PAP that will trigger an EES run, e.g.: | ||
<nowiki>resource "wn" { | <nowiki>resource "wn" { | ||
Latest revision as of 14:20, 29 September 2014
Basic installation
- Install the EES:
yum install ees
- When needed, add a useraccount for the ees user (should be automatic by RPM):
useradd -r -M ees
- Update ees.conf for logging:
- syslog
- comment-out the log= line.
- file
- when needed, update the logfile to a file writeable for the ees user
- enable the service
chkconfig ees on
- start the ees
/etc/init.d/ees start
- You can use the EES nagios plugin to test it is working correctly:
yum install nagios-plugins-ees /usr/lib64/nagios/plugins/check_ees
Installation of Argus Obligation Handler
- On the host running the Argus PEPd run
yum install ees-pepd-oh
- Create a symlink:
ln -s /usr/share/java/ees-pepd-oh.jar /var/lib/argus/pepd/lib/
- Make sure there is a policy active in the Argus PAP that will trigger an EES run, e.g.:
resource "wn" {
obligation "http://glite.org/xacml/obligation/local-environment-map" {}
obligation "http://example.org/xacml/obligation/run-ees" {}
action ".*" {
rule permit {
fqan = "/dteam"
}
}
}
- Don't forget to reload the policy in the PDP
/etc/init.d/argus-pdp reloadpolicy
- Add a [EES_OH] section to /etc/argus/pepd/pepd.ini, containing the same obligation as inserted in the PAP policy. Also make sure the eesEndpoint is set correctly.
[EES_OH] parserClass = org.glite.authz.pep.obligation.eesmap.EESObligationHandlerConfigurationParser entityId = http://argus.example.org/pepd/ees handledObligationId = http://example.org/xacml/obligation/run-ees eesEndpoint = http://ees.example.org:6217/
- Also add the EES_OH to the list of enabled obligationHandlers is the [SERVICE] section of the /etc/argus/pepd/pepd.ini:
[SERVICE] ... obligationHandlers = EES_OH ACCOUNTMAPPER_OH
- Restart the PEPd:
/etc/init.d/argus-pepd restart
It should now be possible to do a gLExec call-out to the Argus PEPd that triggers an EES run.
