Difference between revisions of "Federated AAI Configuration"
(voms2 DN update) |
|||
(11 intermediate revisions by 6 users not shown) | |||
Line 3: | Line 3: | ||
== OpenNebula == | == OpenNebula == | ||
[[Fedcloud-tf:WorkGroups:_Federated_AAI:OpenNebula|OpenNebula]] | The full OpenNebula configuration including AAI settings: [[Fedcloud-tf:WorkGroups:_Federated_AAI:OpenNebula|OpenNebula Configuration]] | ||
== OpenStack<br> == | == OpenStack<br> == | ||
Line 9: | Line 9: | ||
=== Keystone <br> === | === Keystone <br> === | ||
The generic documentation about how to enable VOMS support for Keystone can be found here<ref>http://keystone-voms | The generic documentation about how to enable VOMS support for Keystone can be found here<ref>http://ifca.github.io/keystone-voms/</ref>.<br> | ||
When it comes to configuration, you will need the following files as a member of EGI FCTF.<tt class="docutils literal"><span class="pre"> | When it comes to configuration, you will need the following files as a member of EGI FCTF.<tt class="docutils literal"><span class="pre"> | ||
Line 29: | Line 29: | ||
<pre>/etc/grid-security/vomsdir/ | <pre>/etc/grid-security/vomsdir/ | ||
├── fedcloud.egi.eu | ├── fedcloud.egi.eu | ||
│ ├── voms1. | │ ├── voms1.grid.cesnet.cz.lsc | ||
│ └── voms2.grid.cesnet.cz.lsc | │ └── voms2.grid.cesnet.cz.lsc | ||
└── ops | └── ops | ||
├── lcg- | ├── lcg-voms2.cern.ch.lsc | ||
└── | └── voms2.cern.ch.lsc | ||
</pre> | </pre> | ||
They have to contain the following:<br> | They have to contain the following:<br> | ||
/etc/grid-security/vomsdir/fedcloud.egi.eu/voms1. | /etc/grid-security/vomsdir/fedcloud.egi.eu/voms1.grid.cesnet.cz.lsc:<br> | ||
<pre>/DC=org/DC=terena/DC=tcs/C=CZ/O=CESNET/CN=voms1. | <pre> | ||
/C=NL/O=TERENA/CN=TERENA eScience SSL CA | /DC=org/DC=terena/DC=tcs/C=CZ/ST=Hlavni mesto Praha/L=Praha 6/O=CESNET/CN=voms1.grid.cesnet.cz | ||
/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3 | |||
</pre> | </pre> | ||
/etc/grid-security/vomsdir/fedcloud.egi.eu/voms2.grid.cesnet.cz.lsc:<br> | /etc/grid-security/vomsdir/fedcloud.egi.eu/voms2.grid.cesnet.cz.lsc:<br> | ||
<pre>/DC= | <pre> | ||
/DC=cz/DC=cesnet-ca/O=CESNET/CN=voms2.grid.cesnet.cz | |||
/DC=cz/DC=cesnet-ca/O=CESNET CA/CN=CESNET CA 3 | |||
/ | |||
</pre> | </pre> | ||
<br> | /etc/grid-security/vomsdir/ops/lcg-voms2.cern.ch.lsc:<br> | ||
<pre>/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch | |||
/DC=ch/DC=cern/CN=CERN Grid Certification Authority | |||
</pre> | |||
<br> | /etc/grid-security/vomsdir/ops/voms2.cern.ch.lsc:<br> | ||
<pre>/DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch | |||
/DC=ch/DC=cern/CN=CERN Grid Certification Authority | |||
</pre> | |||
== References<br> == | == References<br> == | ||
<references /><br> | <references /><br> |
Latest revision as of 12:12, 22 November 2017
This page lists various AAI configurations for individual Cloud technologies.
OpenNebula
The full OpenNebula configuration including AAI settings: OpenNebula Configuration
OpenStack
Keystone
The generic documentation about how to enable VOMS support for Keystone can be found here[1].
When it comes to configuration, you will need the following files as a member of EGI FCTF.
/etc/keystone/voms.json
{ "fedcloud.egi.eu": { "tenant": "EGI_FCTF" }, "ops": { "tenant": "EGI_ops" } }
Of course, the Keystone tenants EGI_FCTF and EGI_ops need to exist prior to using this mapping for the first time.
In order to accept VOMS proxy certificates for VOs fedcloud.egi.eu and ops, the following files need to be created.
/etc/grid-security/vomsdir/ ├── fedcloud.egi.eu │ ├── voms1.grid.cesnet.cz.lsc │ └── voms2.grid.cesnet.cz.lsc └── ops ├── lcg-voms2.cern.ch.lsc └── voms2.cern.ch.lsc
They have to contain the following:
/etc/grid-security/vomsdir/fedcloud.egi.eu/voms1.grid.cesnet.cz.lsc:
/DC=org/DC=terena/DC=tcs/C=CZ/ST=Hlavni mesto Praha/L=Praha 6/O=CESNET/CN=voms1.grid.cesnet.cz /C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3
/etc/grid-security/vomsdir/fedcloud.egi.eu/voms2.grid.cesnet.cz.lsc:
/DC=cz/DC=cesnet-ca/O=CESNET/CN=voms2.grid.cesnet.cz /DC=cz/DC=cesnet-ca/O=CESNET CA/CN=CESNET CA 3
/etc/grid-security/vomsdir/ops/lcg-voms2.cern.ch.lsc:
/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch /DC=ch/DC=cern/CN=CERN Grid Certification Authority
/etc/grid-security/vomsdir/ops/voms2.cern.ch.lsc:
/DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch /DC=ch/DC=cern/CN=CERN Grid Certification Authority