-
Notifications
You must be signed in to change notification settings - Fork 0
Security
Access to EGI Federated Cloud is managed by virtual organizations and controled with X509 certificates.
VOMS client is the only additional package required.
The package comes from EPEL repository (which should have been already enabled by Cloudify CLI step )
yum install voms-clients-cpp fetch-crl
Follow the procedure described at EGI IGTF wiki
In a nutshell, EGI trust anchors repository has to be enabled, an "all in one" package installed, and revocation lists refreshed:
cd /etc/yum.repos.d/
wget http://repository.egi.eu/sw/production/cas/1/current/repo-files/EGI-trustanchors.repo
yum install ca-policy-egi-core
fetch-crl
The last step takes some time and it may complain about some of the CAs. Unless the errors refer to CA you will use, they are harmless at this point.
Follow the procedure at FedCloud Getting started.
West-life uses the enmr.eu VO in general, registration should follow the procedure described at WeNMR website.
Appropriate records should be added to /etc/vomses and /etc/grid-security/vomsdir/VONAME/VOMSSERVERNAME.lsc
The specific information is retrieved from https://VOMSSERVERNAME:8443/voms/VONAME/configuration/configuration.action
In case of enmr.eu VO /etc/vomses should contain:
"enmr.eu" "voms2.cnaf.infn.it" "15014" "/C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it" "enmr.eu"
and the matching /etc/grid-security/vomsdir/enmr.eu/voms2.cnaf.infn.it.lsc:
/C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it
/C=IT/O=INFN/CN=INFN Certification Authority
Create a VOMS proxy of the chosen VO, using the key and certificate obtained previously:
voms-proxy-init -rfc -voms enmr.eu -key /path/to/userkey.pem -cert /path/to/usercert.pem