Difference between revisions of "RucioBastion"

From GridPP Wiki
Jump to: navigation, search
(Repeat Use)
(Setting up for the first time)
Line 30: Line 30:
 
* Run the command to create a proxy:
 
* Run the command to create a proxy:
 
  grid-proxy-init
 
  grid-proxy-init
 +
 +
* If you have issues here it may be necessary to run the command in debug mode:
 +
grid-proxy-init --debug
  
 
* You will now have a grid proxy for the next 11 hours
 
* You will now have a grid proxy for the next 11 hours

Revision as of 13:51, 8 April 2021

Introduction


Setting up for the first time

In order to get access to the Bastion service you must:

  • Have been issued a grid certificate
  • Generate an SSH key pair


  • The public key then needs to be sent to [Ian.Johnson@stfc.ac.uk Ian Johnson]
  • Once this is set up with your key on the server you can SSH into the server as root via:
ssh -v -i <your path to private key>.rsa root@rucio-bastion.gridpp.rl.ac.uk
  • You then need to set up a new user for yourself
  • Switch user to yourself
  • Copy your x509 certificate (*.pfx) to the bastion into your home directory in a new directory .globus
  • Unpack this certificate package using the following commands:
openssl pkcs12 -in <*.pfx> -out usercert.pem -clcerts -nokeys
openssl pkcs12 -in <*.pfx> -out userkey.pem -nocerts -nodes
  • Ensure that the new user owns these files, then edit the permissions of the cert to 644 and the permissions for the key to 600
  • Run the command to create a proxy:
grid-proxy-init
  • If you have issues here it may be necessary to run the command in debug mode:
grid-proxy-init --debug
  • You will now have a grid proxy for the next 11 hours

Repeat Use

Once set up you will only need to run the following command to renew your proxy@

grid-proxy-init