Difference between revisions of "DPM Certificates"

From GridPP Wiki
Jump to: navigation, search
(No difference)

Latest revision as of 10:28, 26 February 2007

Certificate Copies


For Disk Pool Manager to function correctly, it needs to be able to present a valid host certificate. As DPNS and DPM daemons run as non privileged users (a good thing!) a copy of the certificate needs to be made that the dpmmgr user can read.

This certificate is copied by YAIM at install time to /etc/grid-security/dpmmgr/

 # ls -l /etc/grid-security/dpmmgr
 -r--r--r--    1 dpmmgr   dpmmgr       2216 Jul 25 13:28 dpmcert.pem
 -r--------   1 dpmmgr   dpmmgr       3340 Jul 25 13:28 dpmkey.pem

If you later update the host certificate, you must give a new copy of the certificate to DPM, with the permissions above.

Information System

A copy of the host certificate is also given to the edginfo user, as described in DPM Information Publishing. Again, if your host certificate changes, make a new copy for edginfo.

Upgrading The Host Certificate

When your host certificate is renewed you must ensure that the copies above get renewed as well. It is possible to "hand install" the new certificate using the information above, but a slightly safer and quicker way is to use the YAIM config_DPM_mgr function:

 /opt/lcg/yaim/scripts/run_function SITE-INFO.DEF config_DPM_mgr

You should restart the following services to make sure they use the new certificate: