Adding a VO to a VOMS server

From PDP/Grid Wiki
Revision as of 15:25, 17 July 2009 by Ronalds@nikhef.nl (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Unfortunately, there is no (officially) released version of Yaim for the configuration of a VOMS server, so the poor admin has to resort to developer-style configuration via various XML files. At least there is documentation on how to configure a VOMS server:

However, the documentation focuses on the situation where a local database is used and some script take this to the practical level.

Disclaimer: the notes below were collected during a day of trial-and-error and need to be verified. Steps may be missing, redundant or incorrect; you mileage may vary.

1) Add new VO definitions to VOMS server As root at the VOMS server, edit /opt/glite/etc/config/vo-list.cfg.xml Copy an existing VO definition (between tags <vo> ... </vo>). Change at least the following parameters: vo.name Name of the VO voms.port.number Unique port at which the VOMS server listens voms.db.name Name of the database voms.db.user.name User name for the VO's database voms.db.user.password Password for DB

2) Create database for the new VO As root at the remote database server, log in to the MySQL database First create the database: 

create database <voms.db.name>

Then grant access rights to this database for the VOMS database user: 

grant all privileges on <voms.db.name>.* to '<voms.db.user.name>'@'localhost' IDENTIFIED BY '<voms.db.user.password>';
grant all privileges on <voms.db.name>.* to '<voms.db.user.name>'@'<VOMS-server>' IDENTIFIED BY '<voms.db.user.password>';

3) Configure and start gLite VOMS server for the new VO Loging as root at the VOMS host. To configure (for all VOs unless --vo is specified): 

/opt/glite/etc/config/scripts/glite-voms-server-config.py [--vo <vo.name>] --configure

Sadly, (at least) one of the configuration scripts is not smart enough to configure a remote database server. To work around this problem, edit the file /opt/glite/etc/voms/<vo.name>/voms.conf and add the line 

--contactstring=<voms.db.host>

(note that this has to be repeated every time a VO is reconfigured)!

Before the server can be started, the necessary database tables should be populated or you shall be punished with a segfault. As root @ VOMS host: 

/opt/glite/sbin/voms-db-deploy.py deploy --vo <vo.name>

To start the server (for all VOs unless --vo is specified): 

/opt/glite/etc/config/scripts/glite-voms-server-config.py [--vo <vo.name>] --start

4) Enable gridmap generation Again, as root at the VOMS host. Set the environment: 

. /etc/glite/profile.d/glite_setenv.sh

Enable access: 

voms-admin --vo=<vo.name> --nousercert add-ACL-entry /<vo.name> ANYONE VOMS_CA 'CONTAINER_READ,MEMBERSHIP_READ' TRUE

5) Adding a user as admin: 

/opt/glite/sbin/voms-db-deploy.py add-admin --vo TEST --cert </path/to/users/grid/cert.pem>

With a bit of luck, you may be able to access the VOMS web interface: http://<voms.host>:8443/<vo.name>/

Retrieved from "https://wiki.nikhef.nl/grid/index.php?title=Adding_a_VO_to_a_VOMS_server&oldid=2881"