Difference between revisions of "DUNE third party copy IC to RAL"

Revision as of 15:44, 12 September 2018

Third party copies Imperial dCache to RAL ECHO

Baseline versions
dCache version: 3.2.15-1
gfal-* on an up-to-date CentOS 7 node (lxplus7.cern.ch will do) with gfal2-util version 1.5.1 (gfal2 2.15.4)

Issues

expired delegation is not updated (happens when you start testing on a Friday and come back on a Monday):

Short term solution: remove delegation from dCache, start afresh
Long term solution: wait for dCache fix provided by Dmitry to make it into the release:

Checksums on ECHO: Apparently it doesn't provide any.

Short term solution: Set webdav.enable.third-party.requiring-verification-by-default = false in dcache.conf on the head node.
Long term solution: ???

dynafed's QuoVadis certificate

Dynafed needs an intermediate CA (QuoVadis Global SSL ICA G3) which I procured from here: Downloads. It needs to go on the head and pool nodes. Remenber to make the .0 file and create a link:

[root@blah certificates]#  openssl x509 -in QuoVadis-SSL-ICA-G3.pem -noout -hash
35e514f6
[root@blah certificates]# ln -s QuoVadis-SSL-ICA-G3.pem 35e514f6.0
openssl x509 -in QuoVadis-SSL-ICA-G3.pem -noout -hash

Make a QuoVadis-SSL-ICA-G3.crl_url file while you are at it.

Side note: How to remove a delegation

use 'delegation' from dcache-srmclient-3.0.9-1.noarch (certificates must be installed in /etch/grid-security/certificates):
lx> delegation $ endpoint https://gfe02.grid.hep.ph.ic.ac.uk:8445/srm/delegation ← find this in the gfal-copy -vvv log
[https://gfe02.grid.hep.ph.ic.ac.uk:8445/srm/delegation]> $ help
[...]
[https://gfe02.grid.hep.ph.ic.ac.uk:8445/srm/delegation] $ destroy 1234 ← I can't remember where I found this.

__NOTITLE__

@@ Line 5: / Line 5: @@
 dCache version: 3.2.15-1 <br>
 gfal-* on an up-to-date CentOS 7 node (lxplus7.cern.ch will do) with gfal2-util version 1.5.1 (gfal2 2.15.4) <br>
+'''Issues'''
+# expired delegation is not updated (happens when you start testing on a Friday and come back on a Monday): <br>
+Short term solution: remove delegation from dCache, start afresh <br>
+Long term solution: wait for dCache [https://github.com/DmitryLitvintsev/dcache/wiki/DCacheDelegationPatch fix] provided by Dmitry to make it into the release: <br>
+# Checksums on ECHO: Apparently it doesn't provide any. <br>
+Short term solution: Set webdav.enable.third-party.requiring-verification-by-default = false in dcache.conf on the head node. <br>
+Long term solution: ??? <br>
+# dynafed's QuoVadis certificate <br>
+Dynafed needs an intermediate CA (QuoVadis Global SSL ICA G3) which I procured from here: [https://www.quovadisglobal.com/QVRepository/DownloadRootsAndCRL.aspx Downloads]. It needs to go on the head and pool nodes. Remenber to make the .0 file and create a link:
+<pre>
+[root@blah certificates]#  openssl x509 -in QuoVadis-SSL-ICA-G3.pem -noout -hash
+e514f6
+[root@blah certificates]# ln -s QuoVadis-SSL-ICA-G3.pem 35e514f6.0
+openssl x509 -in QuoVadis-SSL-ICA-G3.pem -noout -hash
+</pre>
+Make a QuoVadis-SSL-ICA-G3.crl_url file while you are at it. <br>
@@ Line 11: / Line 33: @@
 use 'delegation' from dcache-srmclient-3.0.9-1.noarch (certificates must  be installed in /etch/grid-security/certificates): <br>
+lx> delegation
 $ endpoint https://gfe02.grid.hep.ph.ic.ac.uk:8445/srm/delegation &larr; find this in the gfal-copy -vvv log <br>
 <nowiki> [https://gfe02.grid.hep.ph.ic.ac.uk:8445/srm/delegation]></nowiki> $ help <br>
 [...] <br>
-[https://gfe02.grid.hep.ph.ic.ac.uk:8445/srm/delegation] $ destroy 1234  &larr; I can't remember where I found this.<br>
+<nowiki> [https://gfe02.grid.hep.ph.ic.ac.uk:8445/srm/delegation]</nowiki> $ destroy 1234  &larr; I can't remember where I found this.<br>
+__NOTITLE__

Difference between revisions of "DUNE third party copy IC to RAL"

Revision as of 15:44, 12 September 2018

Third party copies Imperial dCache to RAL ECHO

Navigation menu

Personal tools

Namespaces

Variants

Views

Actions

Search

Main GridPP website

Navigation

Tools