Difference between revisions of "RucioBastion"
From GridPP Wiki
(→Setting up for the first time) |
(→Setting up for the first time) |
||
Line 10: | Line 10: | ||
− | * The public key then needs to be sent to [mailto:Ian.Johnson@stfc.ac.uk Ian Johnson] | + | * The public key then needs to be sent to [mailto:Ian.Johnson@stfc.ac.uk Ian Johnson] or [mailto:Timothy.Noble@stfc.ac.uk Timothy Noble] |
* Once this is set up with your key on the server you can SSH into the server as root via: | * Once this is set up with your key on the server you can SSH into the server as root via: |
Revision as of 14:23, 18 May 2021
Introduction
- The Rucio bastion server can be found at 'http://rucio-bastion.gridpp.rl.ac.uk/' you will not be able to access this without a cert / key combination or through your browser
Setting up for the first time
In order to get access to the Bastion service you must:
- Have been issued a grid certificate
- Generate an SSH key pair
- The public key then needs to be sent to Ian Johnson or Timothy Noble
- Once this is set up with your key on the server you can SSH into the server as root via:
ssh -v -i <your path to private key>.rsa root@rucio-bastion.gridpp.rl.ac.uk
- You then need to set up a new user for yourself
- Switch user to yourself
- Copy your x509 certificate (*.pfx) to the bastion into your home directory in a new directory .globus
- Unpack this certificate package using the following commands:
openssl pkcs12 -in <*.pfx> -out usercert.pem -clcerts -nokeys openssl pkcs12 -in <*.pfx> -out userkey.pem -nocerts -nodes
- Ensure that the new user owns these files, then edit the permissions of the cert to 644 and the permissions for the key to 600
- Run the command to create a proxy:
grid-proxy-init
- If you have issues here it may be necessary to run the command in debug mode:
grid-proxy-init -debug
- You will now have a grid proxy for the next 11 hours
- Activate the Rucio Environment with:
source /opt/rucio-env/bin/activate
- Export variables
export RUCIO_VO=dtm export RUCIO_ACCOUNT=root export X509_USER_PROXY=/tmp/x509up_u<your user ID>
- Verify that it is all set up correctly
rucio ping
or
rucio whoami
Repeat Use
Once set up you will only need to run the following command to renew your proxy:
grid-proxy-init
Activating Rucio
When you are set up, and on the server, to use the Rucio commands, you need to activate the environment:
source /opt/Rucio-env/bin/activate