Difference between revisions of "RucioBastion"
From GridPP Wiki
(→Setting up for the first time) |
(→Setting up for the first time) |
||
| Line 4: | Line 4: | ||
== Setting up for the first time == | == Setting up for the first time == | ||
| − | In order to get access to the Bastion service you must | + | In order to get access to the Bastion service you must: |
| − | + | * Have been issued a grid certificate | |
| − | The public key then needs to be sent to [Ian.Johnson@stfc.ac.uk Ian Johnson] | + | * Generate an SSH key pair |
| + | |||
| + | |||
| + | * The public key then needs to be sent to [Ian.Johnson@stfc.ac.uk Ian Johnson] | ||
Once this is set up with your key on the server you can SSH into the server as root via: | Once this is set up with your key on the server you can SSH into the server as root via: | ||
ssh -v -i <your path to private key>.rsa root@rucio-bastion.gridpp.rl.ac.uk | ssh -v -i <your path to private key>.rsa root@rucio-bastion.gridpp.rl.ac.uk | ||
| − | You then need to set up a new user for yourself | + | * You then need to set up a new user for yourself |
| − | Switch user to yourself | + | * Switch user to yourself |
| − | Copy your x509 certificate (*.pfx) to the bastion into your home directory | + | * Copy your x509 certificate (*.pfx) to the bastion into your home directory |
| − | Unpack this certificate package using the following commands | + | * Unpack this certificate package using the following commands: |
openssl pkcs12 -in <*.pfx> -out newfile.cert.pem -clcerts -nokeys | openssl pkcs12 -in <*.pfx> -out newfile.cert.pem -clcerts -nokeys | ||
openssl pkcs12 -in <*.pfx> -out newfile.key.pem -nocerts -nodes | openssl pkcs12 -in <*.pfx> -out newfile.key.pem -nocerts -nodes | ||
| − | Move these new files into the /home/<YOU>/.globus directory but rename them respectively usercert.pem and userkey.pem | + | * Move these new files into the /home/<YOU>/.globus directory but rename them respectively usercert.pem and userkey.pem |
Ensure that the new user owns these files, then edit the permissions of the cert to 644 and the permissions for the key to 600 | Ensure that the new user owns these files, then edit the permissions of the cert to 644 and the permissions for the key to 600 | ||
| − | + | * Run the command to create a proxy: | |
grid-proxy-init | grid-proxy-init | ||
| − | You will now have a grid proxy for the next 11 hours | + | * You will now have a grid proxy for the next 11 hours |
| + | |||
| + | == Repeat Use == | ||
Once set up you will only need to run the grid-proxy-init command to renew your proxy | Once set up you will only need to run the grid-proxy-init command to renew your proxy | ||
Revision as of 09:35, 8 April 2021
Introduction
- The Rucio bastion server can be found at http://rucio-bastion.gridpp.rl.ac.uk/ you will not be able to access this without a cert / key combination
Setting up for the first time
In order to get access to the Bastion service you must:
- Have been issued a grid certificate
- Generate an SSH key pair
- The public key then needs to be sent to [Ian.Johnson@stfc.ac.uk Ian Johnson]
Once this is set up with your key on the server you can SSH into the server as root via: ssh -v -i <your path to private key>.rsa root@rucio-bastion.gridpp.rl.ac.uk
- You then need to set up a new user for yourself
- Switch user to yourself
- Copy your x509 certificate (*.pfx) to the bastion into your home directory
- Unpack this certificate package using the following commands:
openssl pkcs12 -in <*.pfx> -out newfile.cert.pem -clcerts -nokeys openssl pkcs12 -in <*.pfx> -out newfile.key.pem -nocerts -nodes
- Move these new files into the /home/<YOU>/.globus directory but rename them respectively usercert.pem and userkey.pem
Ensure that the new user owns these files, then edit the permissions of the cert to 644 and the permissions for the key to 600
- Run the command to create a proxy:
grid-proxy-init
- You will now have a grid proxy for the next 11 hours
Repeat Use
Once set up you will only need to run the grid-proxy-init command to renew your proxy
