
From GridPP Wiki
Jump to: navigation, search


Setting up for the first time

In order to get access to the Bastion service you must:

  • Have been issued a grid certificate
  • Generate an SSH key pair

  • Once this is set up with your key on the server, you can SSH into the server as <your username> via:
ssh -v -i <your path to private key>.rsa <your username>

  • Copy your x509 certificate (*.pfx) to the bastion into your home directory in a new directory .globus
  • Unpack this certificate package using the following commands:
openssl pkcs12 -in <*.pfx> -out usercert.pem -clcerts -nokeys
openssl pkcs12 -in <*.pfx> -out userkey.pem -nocerts -nodes
  • Ensure that the new user owns these files, then edit the permissions of the cert to 644 and the permissions for the key to 600
  • Run the command to create a proxy:


voms-proxy-init -voms <your VO>
  • If you have issues here it may be necessary to run the command in debug mode:
grid-proxy-init -debug
  • You will now have a grid proxy for the next 11 hours
  • Activate the Rucio Environment with:
source /opt/rucio-env/bin/activate
  • Export variables
export RUCIO_VO=<ypur VO>
export RUCIO_ACCOUNT=<your Rucio username>
export X509_USER_PROXY=/tmp/x509up_u$(id -u)
  • Verify that it is all set up correctly
rucio ping


rucio whoami

Repeat Use

Once set up you will only need to run the following command to renew your proxy:



voms-proxy-init --voms <your VO>

Activating Rucio

When you are set up, and on the server, to use the Rucio commands, you need to activate the environment:

source /opt/Rucio-env/bin/activate