Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "Federated AAI Configuration"

From EGIWiki
Jump to navigation Jump to search
(Created page with "This page lists various AAI configurations for individual Cloud technologies.<br> == OpenStack<br> == === Keystone <br> === The generic documentation about how to enable ...")
 
Line 1: Line 1:
This page lists various AAI&nbsp;configurations for individual Cloud technologies.<br>
This page lists various AAI&nbsp;configurations for individual Cloud technologies.<br>  


== OpenStack<br> ==
== OpenNebula ==


=== Keystone <br> ===
[[Fedcloud-tf:WorkGroups:_Federated_AAI:OpenNebula|OpenNebula]]


The generic documentation about how to enable VOMS support for Keystone can be found here<ref>http://keystone-voms.readthedocs.org/en/latest/</ref>.<br>
== OpenStack<br>  ==
 
=== Keystone <br>  ===
 
The generic documentation about how to enable VOMS support for Keystone can be found here<ref>http://keystone-voms.readthedocs.org/en/latest/</ref>.<br>  


When it comes to configuration, you will need the following files as a member of EGI&nbsp;FCTF.<tt class="docutils literal"><span class="pre">
When it comes to configuration, you will need the following files as a member of EGI&nbsp;FCTF.<tt class="docutils literal"><span class="pre">
</span></tt>
</span></tt>  


/etc/keystone/voms.json<br>
/etc/keystone/voms.json<br>  
<pre>{
<pre>{
     "fedcloud.egi.eu": {
     "fedcloud.egi.eu": {
Line 19: Line 23:
     }
     }
}
}
</pre>
</pre>  
Of course, the Keystone tenants EGI_FCTF and EGI_ops need to exist prior to using this mapping for the first time.<br>
Of course, the Keystone tenants EGI_FCTF and EGI_ops need to exist prior to using this mapping for the first time.<br>  


In order to accept VOMS proxy certificates for VOs fedcloud.egi.eu and ops, the following files need to be created.<br>
In order to accept VOMS proxy certificates for VOs fedcloud.egi.eu and ops, the following files need to be created.<br>  
<pre>/etc/grid-security/vomsdir/
<pre>/etc/grid-security/vomsdir/
├── fedcloud.egi.eu
├── fedcloud.egi.eu
Line 30: Line 34:
     ├── lcg-voms.cern.ch.lsc
     ├── lcg-voms.cern.ch.lsc
     └── voms.cern.ch.lsc
     └── voms.cern.ch.lsc
</pre>
</pre>  
They have to contain the following:<br>
They have to contain the following:<br>  


/etc/grid-security/vomsdir/fedcloud.egi.eu/voms1.egee.cesnet.cz.lsc:<br>
/etc/grid-security/vomsdir/fedcloud.egi.eu/voms1.egee.cesnet.cz.lsc:<br>  
<pre>/DC=org/DC=terena/DC=tcs/C=CZ/O=CESNET/CN=voms1.egee.cesnet.cz
<pre>/DC=org/DC=terena/DC=tcs/C=CZ/O=CESNET/CN=voms1.egee.cesnet.cz
/C=NL/O=TERENA/CN=TERENA eScience SSL CA
/C=NL/O=TERENA/CN=TERENA eScience SSL CA
</pre>
</pre>  
/etc/grid-security/vomsdir/fedcloud.egi.eu/voms2.grid.cesnet.cz.lsc:<br>
/etc/grid-security/vomsdir/fedcloud.egi.eu/voms2.grid.cesnet.cz.lsc:<br>  
<pre>/DC=org/DC=terena/DC=tcs/C=CZ/O=CESNET/CN=voms2.grid.cesnet.cz
<pre>/DC=org/DC=terena/DC=tcs/C=CZ/O=CESNET/CN=voms2.grid.cesnet.cz
/C=NL/O=TERENA/CN=TERENA eScience SSL CA
/C=NL/O=TERENA/CN=TERENA eScience SSL CA
</pre>
</pre>  
/etc/grid-security/vomsdir/ops/lcg-voms.cern.ch.lsc:<br>
/etc/grid-security/vomsdir/ops/lcg-voms.cern.ch.lsc:<br>  
<pre>/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch
<pre>/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch
/DC=ch/DC=cern/CN=CERN Trusted Certification Authority
/DC=ch/DC=cern/CN=CERN Trusted Certification Authority




</pre>
</pre>  
/etc/grid-security/vomsdir/ops/voms.cern.ch.lsc:<br>
/etc/grid-security/vomsdir/ops/voms.cern.ch.lsc:<br>  
<pre>/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch
<pre>/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch
/DC=ch/DC=cern/CN=CERN Trusted Certification Authority
/DC=ch/DC=cern/CN=CERN Trusted Certification Authority
</pre>
</pre>  
<br>
<br>  


<br>
<br>  


<br>
<br>  


<br>
<br>  


<br>
<br>  


<br>
<br>  


== References<br> ==
== References<br> ==


<references /><br>
<references /><br>

Revision as of 13:35, 13 May 2013

This page lists various AAI configurations for individual Cloud technologies.

OpenNebula

OpenNebula

OpenStack

Keystone

The generic documentation about how to enable VOMS support for Keystone can be found here[1].

When it comes to configuration, you will need the following files as a member of EGI FCTF.

/etc/keystone/voms.json

{
    "fedcloud.egi.eu": {
        "tenant": "EGI_FCTF"
    },
    "ops": {
        "tenant": "EGI_ops"
    }
}

Of course, the Keystone tenants EGI_FCTF and EGI_ops need to exist prior to using this mapping for the first time.

In order to accept VOMS proxy certificates for VOs fedcloud.egi.eu and ops, the following files need to be created.

/etc/grid-security/vomsdir/
├── fedcloud.egi.eu
│   ├── voms1.egee.cesnet.cz.lsc
│   └── voms2.grid.cesnet.cz.lsc
└── ops
    ├── lcg-voms.cern.ch.lsc
    └── voms.cern.ch.lsc

They have to contain the following:

/etc/grid-security/vomsdir/fedcloud.egi.eu/voms1.egee.cesnet.cz.lsc:

/DC=org/DC=terena/DC=tcs/C=CZ/O=CESNET/CN=voms1.egee.cesnet.cz
/C=NL/O=TERENA/CN=TERENA eScience SSL CA

/etc/grid-security/vomsdir/fedcloud.egi.eu/voms2.grid.cesnet.cz.lsc:

/DC=org/DC=terena/DC=tcs/C=CZ/O=CESNET/CN=voms2.grid.cesnet.cz
/C=NL/O=TERENA/CN=TERENA eScience SSL CA

/etc/grid-security/vomsdir/ops/lcg-voms.cern.ch.lsc:

/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch
/DC=ch/DC=cern/CN=CERN Trusted Certification Authority

/etc/grid-security/vomsdir/ops/voms.cern.ch.lsc:

/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch
/DC=ch/DC=cern/CN=CERN Trusted Certification Authority







References

  1. http://keystone-voms.readthedocs.org/en/latest/


Retrieved from "https://wiki.egi.eu/w/index.php?title=Federated_AAI_Configuration&oldid=55199"