Setting up a MICE VOMS

About This Presentation

Title:

Description:

Number of Views:58

Avg rating:3.0/5.0

Slides: 13

Provided by: alessand52

Category:

Tags: mice | voms | catered | setting

Transcript and Presenter's Notes

Title: Setting up a MICE VOMS

1
Setting up a MICE VOMS

2
The Current System

Limitations
It relies on an LDAP server to distribute the
gridmap file to grid sites (push model)
A user cannot belong to more than one VO
A user cannot have more than 1 role in a VO
A VO cannot have subgroups
A VO is not in charge of the whole registration
process
The existing system works well if the VO is an
LHC experiment but other smaller VOs are not well
catered for

3
What is VOMS?

Virtual Organization Membership Service
A new way of authenticating GRID users
Each VO needs to setup a VO server
This can then be accessed to provide
authentication
Users need to register with CERN and read the LCG
Usage Rules
After this VO members can access grid resources
through the grid-mapfile mechanism where they are
mapped to local pool accounts in the usual
manner.

4
VOMS

5
Deployment

It can be deployed in three ways
Old extract the information from VOMS put it in
ldap server and point mkgridmapfile.conf to the
ldap server
Current point the mkgridmapfile.conf directly
to the VOMS server
Future forget about mkgridmapfile.conf and use
only VOMS through LCAS/LCMAPS
Above method is new for 2.4.0 but not tried this
yet

6
What we have now

A test VOMS server has been installed using
Northgrid Tier 2 resources at Manchester
Originally the UK testzone only supported the
gridpp VO
Now we have started to use it to support the MICE
VO
It still uses the current method of building the
grid-mapfile directly from the VOMS as that is
the easiest way of deploying at the moment.

7
What we have now

It can support multiple VOs and the VO manager
doesnt have to be local to the machine.
This is not production service yet.
It has been demonstrated to work !
The MICE and GridPP VO have been created
informally and it is not an official VO
There are procedures to become an official EGEE
VO
These need to be completed by the appropriate
MICE people
We still need at a RB that inserts the VOMS
entries in its grid-mapfile
Apart from these small issues it can be used now
The Sheffield LCG cluster has been configured to
accept the VO and can be accessed now for testing

8
How to use it

9
Details of Setup

UI client software is included in LCG2_4_0
Create a file /opt/edg/etc/vomses/VO-name.voms.tie
r2.hep.man.ac.uk with the information for that VO
VO-name Vo-server-name VO-port VO-server-dn
VO-name

10
Details of Setup

CE,SE,RB client software is also included and to
create the gridmapfile you have to add to
edg-mkgridmap.conf the following line
group vomss//voms.tier2.hep.man.ac.uk8443/edg-v
oms-admin/VO-name?/VO-name/lcg1 .VO-name

11
Voms-proxy-init

To create a proxy the new command is
voms-proxy-init
Without additional arguments this behaves like
grid-proxy-init
With arguments it allows to chose the VO and the
role and the subgroup you want the proxy for.
However because we are not using the full VOMS
features the options are not relevant at the
moment

12
Conclusion

VOMS is a powerful and flexible system
We can start to use it now
The installation is relatively straightforward
This seems to be a good way for small experiments
to access the grid resources
Need to formalise the MICE VO
Need to persuade individual grid sites to support
our VO
Expect later releases of the LCG middleware will
fully support the VOMS mechanism