RucioBastion

From GridPP Wiki
Jump to: navigation, search

Introduction

Setting up for the first time

In order to get access to the Bastion service you must:

  • Have been issued a grid certificate
  • Generate an SSH key pair


  • Once this is set up with your key on the server, you can SSH into the server as <your username> via:
ssh -v -i <your path to private key>.rsa <your username>@rucio-bastion.gridpp.rl.ac.uk


  • Copy your x509 certificate (*.pfx) to the bastion into your home directory in a new directory .globus
  • Unpack this certificate package using the following commands:
openssl pkcs12 -in <*.pfx> -out usercert.pem -clcerts -nokeys
openssl pkcs12 -in <*.pfx> -out userkey.pem -nocerts -nodes
  • Ensure that the new user owns these files, then edit the permissions of the cert to 644 and the permissions for the key to 600
  • Run the command to create a proxy:
grid-proxy-init

or

voms-proxy-init -voms <your VO>
  • If you have issues here it may be necessary to run the command in debug mode:
grid-proxy-init -debug
  • You will now have a grid proxy for the next 11 hours
  • Activate the Rucio Environment with:
source /opt/rucio-env/bin/activate
  • Export variables
export RUCIO_VO=<ypur VO>
export RUCIO_ACCOUNT=<your Rucio username>
export X509_USER_PROXY=/tmp/x509up_u$(id -u)
  • Verify that it is all set up correctly
rucio ping

or

rucio whoami

Repeat Use

Once set up you will only need to run the following command to renew your proxy:

grid-proxy-init

Activating Rucio

When you are set up, and on the server, to use the Rucio commands, you need to activate the environment:

source /opt/Rucio-env/bin/activate