Difference between revisions of "RucioBastion"
(→Setting up for the first time) |
(→Setting up for the first time) |
||
Line 20: | Line 20: | ||
Unpack this certificate package using the following commands | Unpack this certificate package using the following commands | ||
− | openssl pkcs12 -in <*.pfx> -out newfile. | + | openssl pkcs12 -in <*.pfx> -out newfile.cert.pem -clcerts -nokeys |
openssl pkcs12 -in <*.pfx> -out newfile.key.pem -nocerts -nodes | openssl pkcs12 -in <*.pfx> -out newfile.key.pem -nocerts -nodes | ||
Move these new files into the /home/<YOU>/.globus directory but rename them respectively usercert.pem and userkey.pem | Move these new files into the /home/<YOU>/.globus directory but rename them respectively usercert.pem and userkey.pem | ||
+ | Ensure that the new user owns these files, then edit the permissions of the cert to 644 and the permissions for the key to 600 | ||
− | then run | + | then run the command: |
− | + | grid-proxy-init | |
+ | |||
+ | You will now have a grid proxy for the next 11 hours | ||
+ | |||
+ | Once set up you will only need to run the grid-proxy-init command to renew your proxy |
Revision as of 09:33, 8 April 2021
Introduction
- The Rucio bastion server can be found at http://rucio-bastion.gridpp.rl.ac.uk/ you will not be able to access this without a cert / key combination
Setting up for the first time
In order to get access to the Bastion service you must
Generate an SSH key pair
The public key then needs to be sent to [Ian.Johnson@stfc.ac.uk Ian Johnson]
Once this is set up with your key on the server you can SSH into the server as root via: ssh -v -i <your path to private key>.rsa root@rucio-bastion.gridpp.rl.ac.uk
You then need to set up a new user for yourself
Switch user to yourself
Copy your x509 certificate (*.pfx) to the bastion into your home directory
Unpack this certificate package using the following commands openssl pkcs12 -in <*.pfx> -out newfile.cert.pem -clcerts -nokeys openssl pkcs12 -in <*.pfx> -out newfile.key.pem -nocerts -nodes
Move these new files into the /home/<YOU>/.globus directory but rename them respectively usercert.pem and userkey.pem Ensure that the new user owns these files, then edit the permissions of the cert to 644 and the permissions for the key to 600
then run the command: grid-proxy-init
You will now have a grid proxy for the next 11 hours
Once set up you will only need to run the grid-proxy-init command to renew your proxy