Difference between revisions of "Federated AAI Configuration"
(Created page with "This page lists various AAI configurations for individual Cloud technologies.<br> == OpenStack<br> == === Keystone <br> === The generic documentation about how to enable ...") |
|||
Line 1: | Line 1: | ||
This page lists various AAI configurations for individual Cloud technologies.<br> | This page lists various AAI configurations for individual Cloud technologies.<br> | ||
== | == OpenNebula == | ||
[[Fedcloud-tf:WorkGroups:_Federated_AAI:OpenNebula|OpenNebula]] | |||
The generic documentation about how to enable VOMS support for Keystone can be found here<ref>http://keystone-voms.readthedocs.org/en/latest/</ref>.<br> | == OpenStack<br> == | ||
=== Keystone <br> === | |||
The generic documentation about how to enable VOMS support for Keystone can be found here<ref>http://keystone-voms.readthedocs.org/en/latest/</ref>.<br> | |||
When it comes to configuration, you will need the following files as a member of EGI FCTF.<tt class="docutils literal"><span class="pre"> | When it comes to configuration, you will need the following files as a member of EGI FCTF.<tt class="docutils literal"><span class="pre"> | ||
</span></tt> | </span></tt> | ||
/etc/keystone/voms.json<br> | /etc/keystone/voms.json<br> | ||
<pre>{ | <pre>{ | ||
"fedcloud.egi.eu": { | "fedcloud.egi.eu": { | ||
Line 19: | Line 23: | ||
} | } | ||
} | } | ||
</pre> | </pre> | ||
Of course, the Keystone tenants EGI_FCTF and EGI_ops need to exist prior to using this mapping for the first time.<br> | Of course, the Keystone tenants EGI_FCTF and EGI_ops need to exist prior to using this mapping for the first time.<br> | ||
In order to accept VOMS proxy certificates for VOs fedcloud.egi.eu and ops, the following files need to be created.<br> | In order to accept VOMS proxy certificates for VOs fedcloud.egi.eu and ops, the following files need to be created.<br> | ||
<pre>/etc/grid-security/vomsdir/ | <pre>/etc/grid-security/vomsdir/ | ||
├── fedcloud.egi.eu | ├── fedcloud.egi.eu | ||
Line 30: | Line 34: | ||
├── lcg-voms.cern.ch.lsc | ├── lcg-voms.cern.ch.lsc | ||
└── voms.cern.ch.lsc | └── voms.cern.ch.lsc | ||
</pre> | </pre> | ||
They have to contain the following:<br> | They have to contain the following:<br> | ||
/etc/grid-security/vomsdir/fedcloud.egi.eu/voms1.egee.cesnet.cz.lsc:<br> | /etc/grid-security/vomsdir/fedcloud.egi.eu/voms1.egee.cesnet.cz.lsc:<br> | ||
<pre>/DC=org/DC=terena/DC=tcs/C=CZ/O=CESNET/CN=voms1.egee.cesnet.cz | <pre>/DC=org/DC=terena/DC=tcs/C=CZ/O=CESNET/CN=voms1.egee.cesnet.cz | ||
/C=NL/O=TERENA/CN=TERENA eScience SSL CA | /C=NL/O=TERENA/CN=TERENA eScience SSL CA | ||
</pre> | </pre> | ||
/etc/grid-security/vomsdir/fedcloud.egi.eu/voms2.grid.cesnet.cz.lsc:<br> | /etc/grid-security/vomsdir/fedcloud.egi.eu/voms2.grid.cesnet.cz.lsc:<br> | ||
<pre>/DC=org/DC=terena/DC=tcs/C=CZ/O=CESNET/CN=voms2.grid.cesnet.cz | <pre>/DC=org/DC=terena/DC=tcs/C=CZ/O=CESNET/CN=voms2.grid.cesnet.cz | ||
/C=NL/O=TERENA/CN=TERENA eScience SSL CA | /C=NL/O=TERENA/CN=TERENA eScience SSL CA | ||
</pre> | </pre> | ||
/etc/grid-security/vomsdir/ops/lcg-voms.cern.ch.lsc:<br> | /etc/grid-security/vomsdir/ops/lcg-voms.cern.ch.lsc:<br> | ||
<pre>/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch | <pre>/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch | ||
/DC=ch/DC=cern/CN=CERN Trusted Certification Authority | /DC=ch/DC=cern/CN=CERN Trusted Certification Authority | ||
</pre> | </pre> | ||
/etc/grid-security/vomsdir/ops/voms.cern.ch.lsc:<br> | /etc/grid-security/vomsdir/ops/voms.cern.ch.lsc:<br> | ||
<pre>/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch | <pre>/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch | ||
/DC=ch/DC=cern/CN=CERN Trusted Certification Authority | /DC=ch/DC=cern/CN=CERN Trusted Certification Authority | ||
</pre> | </pre> | ||
<br> | <br> | ||
<br> | <br> | ||
<br> | <br> | ||
<br> | <br> | ||
<br> | <br> | ||
<br> | <br> | ||
== References<br> == | == References<br> == | ||
<references /><br> | <references /><br> |
Revision as of 13:35, 13 May 2013
This page lists various AAI configurations for individual Cloud technologies.
OpenNebula
OpenStack
Keystone
The generic documentation about how to enable VOMS support for Keystone can be found here[1].
When it comes to configuration, you will need the following files as a member of EGI FCTF.
/etc/keystone/voms.json
{ "fedcloud.egi.eu": { "tenant": "EGI_FCTF" }, "ops": { "tenant": "EGI_ops" } }
Of course, the Keystone tenants EGI_FCTF and EGI_ops need to exist prior to using this mapping for the first time.
In order to accept VOMS proxy certificates for VOs fedcloud.egi.eu and ops, the following files need to be created.
/etc/grid-security/vomsdir/ ├── fedcloud.egi.eu │ ├── voms1.egee.cesnet.cz.lsc │ └── voms2.grid.cesnet.cz.lsc └── ops ├── lcg-voms.cern.ch.lsc └── voms.cern.ch.lsc
They have to contain the following:
/etc/grid-security/vomsdir/fedcloud.egi.eu/voms1.egee.cesnet.cz.lsc:
/DC=org/DC=terena/DC=tcs/C=CZ/O=CESNET/CN=voms1.egee.cesnet.cz /C=NL/O=TERENA/CN=TERENA eScience SSL CA
/etc/grid-security/vomsdir/fedcloud.egi.eu/voms2.grid.cesnet.cz.lsc:
/DC=org/DC=terena/DC=tcs/C=CZ/O=CESNET/CN=voms2.grid.cesnet.cz /C=NL/O=TERENA/CN=TERENA eScience SSL CA
/etc/grid-security/vomsdir/ops/lcg-voms.cern.ch.lsc:
/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch /DC=ch/DC=cern/CN=CERN Trusted Certification Authority
/etc/grid-security/vomsdir/ops/voms.cern.ch.lsc:
/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch /DC=ch/DC=cern/CN=CERN Trusted Certification Authority