Difference between revisions of "RucioBastion"
From GridPP Wiki
(→Setting up for the first time) |
(→Setting up for the first time) |
||
Line 14: | Line 14: | ||
* Once this is set up with your key on the server you can SSH into the server as root via: | * Once this is set up with your key on the server you can SSH into the server as root via: | ||
− | ssh -v -i <your path to private key>.rsa root@rucio-bastion.gridpp.rl.ac.uk | + | ssh -v -i <your path to private key>.rsa root@rucio-bastion.gridpp.rl.ac.uk |
* You then need to set up a new user for yourself | * You then need to set up a new user for yourself | ||
Line 20: | Line 20: | ||
* Switch user to yourself | * Switch user to yourself | ||
− | * Copy your x509 certificate (*.pfx) to the bastion into your home directory | + | * Copy your x509 certificate (*.pfx) to the bastion into your home directory in a new directory .globus |
* Unpack this certificate package using the following commands: | * Unpack this certificate package using the following commands: | ||
− | openssl pkcs12 -in <*.pfx> -out | + | openssl pkcs12 -in <*.pfx> -out usercert.pem -clcerts -nokeys |
− | openssl pkcs12 -in <*.pfx> -out | + | openssl pkcs12 -in <*.pfx> -out userkey.pem -nocerts -nodes |
− | * | + | *Ensure that the new user owns these files, then edit the permissions of the cert to 644 and the permissions for the key to 600 |
− | Ensure that the new user owns these files, then edit the permissions of the cert to 644 and the permissions for the key to 600 | + | |
* Run the command to create a proxy: | * Run the command to create a proxy: | ||
− | grid-proxy-init | + | grid-proxy-init |
* You will now have a grid proxy for the next 11 hours | * You will now have a grid proxy for the next 11 hours |
Revision as of 13:29, 8 April 2021
Introduction
- The Rucio bastion server can be found at http://rucio-bastion.gridpp.rl.ac.uk/ you will not be able to access this without a cert / key combination
Setting up for the first time
In order to get access to the Bastion service you must:
- Have been issued a grid certificate
- Generate an SSH key pair
- The public key then needs to be sent to [Ian.Johnson@stfc.ac.uk Ian Johnson]
- Once this is set up with your key on the server you can SSH into the server as root via:
ssh -v -i <your path to private key>.rsa root@rucio-bastion.gridpp.rl.ac.uk
- You then need to set up a new user for yourself
- Switch user to yourself
- Copy your x509 certificate (*.pfx) to the bastion into your home directory in a new directory .globus
- Unpack this certificate package using the following commands:
openssl pkcs12 -in <*.pfx> -out usercert.pem -clcerts -nokeys openssl pkcs12 -in <*.pfx> -out userkey.pem -nocerts -nodes
- Ensure that the new user owns these files, then edit the permissions of the cert to 644 and the permissions for the key to 600
- Run the command to create a proxy:
grid-proxy-init
- You will now have a grid proxy for the next 11 hours
Repeat Use
Once set up you will only need to run the grid-proxy-init command to renew your proxy