biolocal:Robot on UI
From Wiki CEINGE
(Difference between revisions)
| Revision as of 16:33, 6 August 2009 (edit) Gianluca (Talk | contribs) ← Previous diff |
Current revision (16:49, 6 August 2009) (edit) (undo) Gianluca (Talk | contribs) |
||
| (5 intermediate revisions not shown.) | |||
| Line 1: | Line 1: | ||
| The CEINGE User Interface provides all the tools and libraries to manage robot certificates stored on Aladdin eToken, a USB hardware key used to safely store a robot certificate with its associated private key. | The CEINGE User Interface provides all the tools and libraries to manage robot certificates stored on Aladdin eToken, a USB hardware key used to safely store a robot certificate with its associated private key. | ||
| - | The eToken containing the | + | The eToken, containing the INFN certificate for bioinformatics applications, is attached to the UI server and can be used to generate proxy certificate. |
| - | Here follows the command to make a proxy certificate starting from the robot: | + | Here follows the command to make a proxy certificate, starting from the robot: |
| <pre> | <pre> | ||
| [gianluca@clr55 ~]$ /opt/etoken-pro/bin/mkproxy --label="Robot: Bioinformatics Applications - Gianluca Busiello's INFN ID" --id=a75ee72542ad2716d6f21087258ba1f3142981e7 | [gianluca@clr55 ~]$ /opt/etoken-pro/bin/mkproxy --label="Robot: Bioinformatics Applications - Gianluca Busiello's INFN ID" --id=a75ee72542ad2716d6f21087258ba1f3142981e7 | ||
| </pre> | </pre> | ||
| - | Once the proxy certificate is made, it is stored in the file /tmp/x509up_u551 and information on it can be requested | + | Once the proxy certificate is made, it is stored in the file /tmp/x509up_u551 and information on it can be requested by using the command: |
| <pre> | <pre> | ||
| - | [gianluca@clr55 ~]$ voms-proxy-info | + | [gianluca@clr55 ~]$ voms-proxy-info |
| - | + | ||
| WARNING: Unable to verify signature! Server certificate possibly not installed. | WARNING: Unable to verify signature! Server certificate possibly not installed. | ||
| - | Error: VOMS extension not found! | + | Error: VOMS extension not found! |
| - | + | ||
| subject : /C=IT/O=INFN/OU=Robot/L=Federico II/CN=Robot: Bioinformatics Applications - Gianluca Busiello/CN=proxy | subject : /C=IT/O=INFN/OU=Robot/L=Federico II/CN=Robot: Bioinformatics Applications - Gianluca Busiello/CN=proxy | ||
| issuer : /C=IT/O=INFN/OU=Robot/L=Federico II/CN=Robot: Bioinformatics Applications - Gianluca Busiello | issuer : /C=IT/O=INFN/OU=Robot/L=Federico II/CN=Robot: Bioinformatics Applications - Gianluca Busiello | ||
| Line 23: | Line 21: | ||
| path : /tmp/x509up_u551 | path : /tmp/x509up_u551 | ||
| timeleft : 11:58:08 | timeleft : 11:58:08 | ||
| - | <pre> | + | </pre> |
| + | Note the warning: | ||
| + | <font color=red> | ||
| + | WARNING: Unable to verify signature! Server certificate possibly not installed. | ||
| + | |||
| + | Error: VOMS extension not found! | ||
| + | </font> | ||
| + | |||
| + | It means that the proxy certificate is not initialized on the VOMS and any "attribute certificate" on the VOMS is created. To do this, use: | ||
| + | <pre> | ||
| [gianluca@clr55 ~]$ voms-proxy-init -noregen -voms unina.it | [gianluca@clr55 ~]$ voms-proxy-init -noregen -voms unina.it | ||
| + | </pre> | ||
| + | Where the -noregen option force the tools to skip the proxy creation and reuse the current one. Now the proxy info is correct and complete: | ||
| - | + | <pre> | |
| + | [gianluca@clr55 ~]$ voms-proxy-info --all | ||
| + | subject : /C=IT/O=INFN/OU=Robot/L=Federico II/CN=Robot: Bioinformatics Applications - Gianluca Busiello/CN=proxy/CN=proxy | ||
| + | issuer : /C=IT/O=INFN/OU=Robot/L=Federico II/CN=Robot: Bioinformatics Applications - Gianluca Busiello/CN=proxy | ||
| + | identity : /C=IT/O=INFN/OU=Robot/L=Federico II/CN=Robot: Bioinformatics Applications - Gianluca Busiello/CN=proxy | ||
| + | type : proxy | ||
| + | strength : 1024 bits | ||
| + | path : /tmp/x509up_u551 | ||
| + | timeleft : 10:17:17 | ||
| + | === VO unina.it extension information === | ||
| + | VO : unina.it | ||
| + | subject : /C=IT/O=INFN/OU=Robot/L=Federico II/CN=Robot: Bioinformatics Applications - Gianluca Busiello | ||
| + | issuer : /C=IT/O=INFN/OU=Host/L=Federico II/CN=voms01.scope.unina.it | ||
| + | attribute : /unina.it/Role=NULL/Capability=NULL | ||
| + | timeleft : 10:49:57 | ||
| + | uri : voms01.scope.unina.it:15003 | ||
| + | </pre> | ||
| + | |||
| + | |||
| + | Now the command line is ready to launch commands as usual: | ||
| + | <pre> | ||
| + | [gianluca@clr55 ~]$ glite wms-job-submit -a --vo unina.it test.jdl | ||
| + | </pre> | ||
Current revision
The CEINGE User Interface provides all the tools and libraries to manage robot certificates stored on Aladdin eToken, a USB hardware key used to safely store a robot certificate with its associated private key.
The eToken, containing the INFN certificate for bioinformatics applications, is attached to the UI server and can be used to generate proxy certificate.
Here follows the command to make a proxy certificate, starting from the robot:
[gianluca@clr55 ~]$ /opt/etoken-pro/bin/mkproxy --label="Robot: Bioinformatics Applications - Gianluca Busiello's INFN ID" --id=a75ee72542ad2716d6f21087258ba1f3142981e7
Once the proxy certificate is made, it is stored in the file /tmp/x509up_u551 and information on it can be requested by using the command:
[gianluca@clr55 ~]$ voms-proxy-info WARNING: Unable to verify signature! Server certificate possibly not installed. Error: VOMS extension not found! subject : /C=IT/O=INFN/OU=Robot/L=Federico II/CN=Robot: Bioinformatics Applications - Gianluca Busiello/CN=proxy issuer : /C=IT/O=INFN/OU=Robot/L=Federico II/CN=Robot: Bioinformatics Applications - Gianluca Busiello identity : /C=IT/O=INFN/OU=Robot/L=Federico II/CN=Robot: Bioinformatics Applications - Gianluca Busiello type : proxy strength : 512 bits path : /tmp/x509up_u551 timeleft : 11:58:08
Note the warning:
WARNING: Unable to verify signature! Server certificate possibly not installed.
Error: VOMS extension not found!
It means that the proxy certificate is not initialized on the VOMS and any "attribute certificate" on the VOMS is created. To do this, use:
[gianluca@clr55 ~]$ voms-proxy-init -noregen -voms unina.it
Where the -noregen option force the tools to skip the proxy creation and reuse the current one. Now the proxy info is correct and complete:
[gianluca@clr55 ~]$ voms-proxy-info --all subject : /C=IT/O=INFN/OU=Robot/L=Federico II/CN=Robot: Bioinformatics Applications - Gianluca Busiello/CN=proxy/CN=proxy issuer : /C=IT/O=INFN/OU=Robot/L=Federico II/CN=Robot: Bioinformatics Applications - Gianluca Busiello/CN=proxy identity : /C=IT/O=INFN/OU=Robot/L=Federico II/CN=Robot: Bioinformatics Applications - Gianluca Busiello/CN=proxy type : proxy strength : 1024 bits path : /tmp/x509up_u551 timeleft : 10:17:17 === VO unina.it extension information === VO : unina.it subject : /C=IT/O=INFN/OU=Robot/L=Federico II/CN=Robot: Bioinformatics Applications - Gianluca Busiello issuer : /C=IT/O=INFN/OU=Host/L=Federico II/CN=voms01.scope.unina.it attribute : /unina.it/Role=NULL/Capability=NULL timeleft : 10:49:57 uri : voms01.scope.unina.it:15003
Now the command line is ready to launch commands as usual:
[gianluca@clr55 ~]$ glite wms-job-submit -a --vo unina.it test.jdl
