Difference between revisions of "Adding a VO to a VOMS server"
| Line 4: | Line 4: | ||
However, the documentation focuses on the situation where a local database is used and some script take this to the practical level. | However, the documentation focuses on the situation where a local database is used and some script take this to the practical level. | ||
| − | + | This guide is a collection of notes during a day of trial-and-error attempting to configure a new VO on a VOMS server that uses a remote database host, and to setup to voms-admin web interface. | |
| + | |||
| + | Disclaimer: these notes still need verification. Steps may be missing, redundant or incorrect; your mileage may vary. | ||
Revision as of 15:36, 17 July 2009
Unfortunately, there is no (officially) released version of Yaim for the configuration of a VOMS server, so the poor admin has to resort to developer-style configuration via various XML files. At least there is documentation on how to configure a VOMS server:
However, the documentation focuses on the situation where a local database is used and some script take this to the practical level.
This guide is a collection of notes during a day of trial-and-error attempting to configure a new VO on a VOMS server that uses a remote database host, and to setup to voms-admin web interface.
Disclaimer: these notes still need verification. Steps may be missing, redundant or incorrect; your mileage may vary.
1) Add new VO definitions to VOMS server
As root at the VOMS server, edit /opt/glite/etc/config/vo-list.cfg.xml Copy an existing VO definition (between tags <vo> ... </vo>). Change at least the following parameters: vo.name Name of the VO voms.port.number Unique port at which the VOMS server listens voms.db.name Name of the database voms.db.user.name User name for the VO's database voms.db.user.password Password for DB
2) Create database for the new VO
As root at the remote database server, log in to the MySQL database First create the database:
CREATE DATABASE <voms.db.name>
Then grant access rights to this database for the VOMS database user:
GRANT ALL PRIVILEGES ON <voms.db.name>.* TO '<voms.db.user.name>'@'localhost' \
IDENTIFIED BY '<voms.db.user.password>';
GRANT ALL PRIVILEGES ON <voms.db.name>.* TO '<voms.db.user.name>'@'<VOMS-server>' \
IDENTIFIED BY '<voms.db.user.password>';
3) Configure and start gLite VOMS server for the new VO
Login as root at the VOMS host. To configure (for all VOs unless --vo is specified):
/opt/glite/etc/config/scripts/glite-voms-server-config.py [--vo <vo.name>] --configure
Sadly, (at least) one of the configuration scripts is not smart enough to configure a remote database server. To work around this problem, edit the file /opt/glite/etc/voms/<vo.name>/voms.conf and add the line
--contactstring=<voms.db.host>
(note that this has to be repeated every time a VO is reconfigured)!
Before the server can be started, the necessary database tables should be populated or you shall be punished with a segfault. As root @ VOMS host:
/opt/glite/sbin/voms-db-deploy.py deploy --vo <vo.name>
To start the server (for all VOs unless --vo is specified):
/opt/glite/etc/config/scripts/glite-voms-server-config.py [--vo <vo.name>] --start
4) Enable gridmap generation
Again, as root at the VOMS host. Set the environment:
. /etc/glite/profile.d/glite_setenv.sh
Enable access:
voms-admin --vo=<vo.name> --nousercert add-ACL-entry /<vo.name> ANYONE VOMS_CA \
'CONTAINER_READ,MEMBERSHIP_READ' TRUE
5) Add a VO administrator
As root at the VOMS host:
/opt/glite/sbin/voms-db-deploy.py add-admin --vo <vo.name> --cert </path/to/users/grid/cert.pem>
With a bit of luck, you may be able to access the VOMS web interface: http://<voms.host>:8443/<vo.name>/
