Difference between revisions of "Dirac on a vm at cern"
From GridPP Wiki
(Created page with "== Launching a virtual machine at CERN == * Use [https://openstack.cern.ch/dashboard openstack] at CERN. * Change "Current Project" to your username. * Click on "Instances" an...") |
|||
| Line 9: | Line 9: | ||
== Getting a hostcert for a virtual machine == | == Getting a hostcert for a virtual machine == | ||
| + | * Once the machine is up and running, you can log on as root via lxplus.cern.ch | ||
| + | * <pre>openssl req -new -subj "/CN=diractest.cern.ch" -out newcsr.csr -nodes -sha512 -newkey rsa:2048</pre> (replace machine name as needed) --- I can't find where I got this command from. Right now I am loosely following this [http://diego.web.cern.ch/diego/tutorials/html/environ/vm-setup.html page]. | ||
| + | * Make a backup and save it somewhere other than you virtual machine: <pre> openssl pkcs12 -export -inkey privkey.pem -in host-diractest.cert -out diractest.p12 </pre> | ||
| + | |||
| + | == Setting up the CAs == | ||
| + | * wget http://repository.egi.eu/sw/production/cas/1/current/repo-files/EGI-trustanchors.repo -O /etc/yum.repos.d/EGI-trustanchors.repo | ||
| + | * yum install ca-policy-egi-core | ||
| + | |||
| + | == Setting up a UI == | ||
| + | (Let's go with EMI3, even though we will need the EMI2 vomsclients.) <br> | ||
| + | * Get the repos: | ||
| + | <pre> | ||
| + | wget http://www.nic.funet.fi/pub/mirrors/fedora.redhat.com/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm | ||
| + | rpm -i epel-release-6-8.noarch.rpm | ||
| + | wget http://emisoft.web.cern.ch/emisoft/dist/EMI/3/sl6/x86_64/base/emi-release-3.0.0-2.el6.noarch.rpm | ||
| + | yum localinstall emi-release-3.0.0-2.el6.noarch.rpm | ||
| + | <pre> | ||
| + | * epel needs to have priority over the system repos, otherwise the install fails with "emi.saga-adapter.isn-cpp-1.0.3-1.sl6.x86_64 (EMI-3-base) Requires: libxerces-c-3.0.so()(64bit)" | ||
| + | * | ||
| + | |||
| + | * Get the EMI2 voms clients | ||
| + | <pre> | ||
| + | yum shell | ||
| + | list *voms* | ||
| + | erase voms-clients3.noarch | ||
| + | install voms-clients.x86_64 | ||
| + | run | ||
| + | exit | ||
| + | </pre> | ||
Revision as of 11:16, 10 September 2014
Contents
Launching a virtual machine at CERN
- Use openstack at CERN.
- Change "Current Project" to your username.
- Click on "Instances" and then on "Launch Instance"
- Upload public ssh key (cut and paste will do), if not already done so, in the Access & Security tab
- Choose "Any Availability Zone", "m1.medium" and "Boot from Image"
- As image I am currently trying "SLC6 Server x86_64" (diractest2) and "SLC6 CERN Server x86_64" (diractest)
- Click "Launch"
Getting a hostcert for a virtual machine
- Once the machine is up and running, you can log on as root via lxplus.cern.ch
-
openssl req -new -subj "/CN=diractest.cern.ch" -out newcsr.csr -nodes -sha512 -newkey rsa:2048
(replace machine name as needed) --- I can't find where I got this command from. Right now I am loosely following this page. - Make a backup and save it somewhere other than you virtual machine:
openssl pkcs12 -export -inkey privkey.pem -in host-diractest.cert -out diractest.p12
Setting up the CAs
- wget http://repository.egi.eu/sw/production/cas/1/current/repo-files/EGI-trustanchors.repo -O /etc/yum.repos.d/EGI-trustanchors.repo
- yum install ca-policy-egi-core
Setting up a UI
(Let's go with EMI3, even though we will need the EMI2 vomsclients.)
- Get the repos:
wget http://www.nic.funet.fi/pub/mirrors/fedora.redhat.com/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm rpm -i epel-release-6-8.noarch.rpm wget http://emisoft.web.cern.ch/emisoft/dist/EMI/3/sl6/x86_64/base/emi-release-3.0.0-2.el6.noarch.rpm yum localinstall emi-release-3.0.0-2.el6.noarch.rpm <pre> * epel needs to have priority over the system repos, otherwise the install fails with "emi.saga-adapter.isn-cpp-1.0.3-1.sl6.x86_64 (EMI-3-base) Requires: libxerces-c-3.0.so()(64bit)" * * Get the EMI2 voms clients <pre> yum shell list *voms* erase voms-clients3.noarch install voms-clients.x86_64 run exit
