Difference between revisions of "DPM Certificates"
Latest revision as of 10:28, 26 February 2007
DPM and DPNS
For Disk Pool Manager to function correctly, it needs to be able to present a valid host certificate. As DPNS and DPM daemons run as non privileged users (a good thing!) a copy of the certificate needs to be made that the dpmmgr user can read.
This certificate is copied by YAIM at install time to /etc/grid-security/dpmmgr/
# ls -l /etc/grid-security/dpmmgr -r--r--r-- 1 dpmmgr dpmmgr 2216 Jul 25 13:28 dpmcert.pem -r-------- 1 dpmmgr dpmmgr 3340 Jul 25 13:28 dpmkey.pem
If you later update the host certificate, you must give a new copy of the certificate to DPM, with the permissions above.
A copy of the host certificate is also given to the edginfo user, as described in DPM Information Publishing. Again, if your host certificate changes, make a new copy for edginfo.
Upgrading The Host Certificate
When your host certificate is renewed you must ensure that the copies above get renewed as well. It is possible to "hand install" the new certificate using the information above, but a slightly safer and quicker way is to use the YAIM config_DPM_mgr function:
/opt/lcg/yaim/scripts/run_function SITE-INFO.DEF config_DPM_mgr
You should restart the following services to make sure they use the new certificate: