Testing ArcCE Argus Integration

From GridPP Wiki
Jump to: navigation, search
After configuring lcas and lcmaps on your ArcCE:

Log onto the ArcCE and get a certificate.
 
$ voms-proxy-init --voms cms
Enter GRID pass phrase for this identity:
Contacting lcg-voms2.cern.ch:15002 [/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch] "cms"...
Remote VOMS server contacted succesfully.
 
Created proxy in /tmp/x509_proxy.
 
Your proxy is valid until Fri Mar 16 04:08:21 GMT 2018
$ voms-proxy-info
subject   : /C=UK/O=eScience/OU=CLRC/L=RAL/CN=tweetie pie/CN=828088554
issuer    : /C=UK/O=eScience/OU=CLRC/L=RAL/CN=tweetie pie
identity  : /C=UK/O=eScience/OU=CLRC/L=RAL/CN=tweetie pie
type      : RFC3820 compliant impersonation proxy
strength  : 1024
path      : /tmp/x509up_proxy
timeleft  : 11:58:50
key usage : Digital Signature, Key Encipherment, Data Encipherment 
$ export X509_USER_PROXY=/tmp/x509up_proxy
 
arc-lcas checks the authorisation
 
$ /usr/libexec/arc/arc-lcas " /C=UK/O=eScience/OU=CLRC/L=RAL/CN=tweetie pie/CN=828088554" $X509_USER_PROXY liblcas.so /usr/lib64 /etc/lcas/lcas.db
LCAS   2: LCAS authorization request
LCAS   0: 2018-03-15.16:09:18 :     lcas_plugin_voms-plugin_confirm_authorization_from_x509(): voms plugin succeeded
LCAS   1: lcas.mod-lcas_run_va(): succeeded
LCAS   1: Termination LCAS
 
arc-lcmaps gets the mapping

Note by SJ: On some Condor systems, the Condor Globus Libraries meed to be avoided (else this error occurs: /usr/lib64/condor/libglobus_common.so.0: no version information available ...) To avoid them, do this: export LD_LIBRARY_PATH=/usr/lib64/:$LD_LIBRARY_PATH

/usr/libexec/arc/arc-lcmaps "/C=UK/O=eScience/OU=Liverpool/L=CSD/CN=stephen jones/CN=1985678513" $X509_USER_PROXY liblcmaps.so /usr/lib64 /etc/lcmaps/lcmaps.db voms
/usr/libexec/arc/arc-lcmaps: /usr/lib64/condor/libglobus_common.so.0: no version information available (required by /usr/libexec/arc/arc-lcmaps)
LCMAPS has lcmaps_run
LCMAPS has getCredentialData
Failed to convert GSI credential to GSS credential (major: 851968, minor: 1)
lcmaps[3883334]     LOG_ERR: 2019-10-07.08:39:30Z: lcmaps_run() WARNING: empty credential found !
lcmaps[3883334]     LOG_ERR: 2019-10-07.08:39:30Z: lcmaps_run() error: user DN empty
[root@hepgrid5 lcm]# export LD_LIBRARY_PATH=/usr/lib64/:$LD_LIBRARY_PATH


$ sudo /usr/libexec/arc/arc-lcmaps "/C=UK/O=eScience/OU=CLRC/L=RAL/CN=tweetie pie/CN=828088554" $X509_USER_PROXY liblcmaps.so /usr/lib64 /etc/lcmaps/lcmaps.db voms
LCMAPS has lcmaps_run
LCMAPS has getCredentialData
lcmaps[3944231]    LOG_INFO: 2018-03-15.16:09:37Z: Starting policy: get_account
lcmaps[3944231]    LOG_INFO: 2018-03-15.16:09:37Z: verify_log: Cert at depth 3 is a root CA: "/C=UK/O=eScienceRoot/OU=Authority/CN=UK e-Science Root"
lcmaps[3944231]    LOG_INFO: 2018-03-15.16:09:37Z: verify_log:    Key strength: 2048
lcmaps[3944231]    LOG_INFO: 2018-03-15.16:09:37Z: verify_log: Cert at depth 2 is a CA: "/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA 2B"
lcmaps[3944231]    LOG_INFO: 2018-03-15.16:09:37Z: verify_log:    signature algorithm: sha256WithRSAEncryption (=1.2.840.113549.1.1.11)
lcmaps[3944231]    LOG_INFO: 2018-03-15.16:09:37Z: verify_log:    Key strength: 2048
lcmaps[3944231]    LOG_INFO: 2018-03-15.16:09:37Z: verify_log: Cert at depth 1 is an EEC: "/C=UK/O=eScience/OU=CLRC/L=RAL/CN=tweetie pie"
lcmaps[3944231]    LOG_INFO: 2018-03-15.16:09:37Z: verify_log:    signature algorithm: sha256WithRSAEncryption (=1.2.840.113549.1.1.11)
lcmaps[3944231]    LOG_INFO: 2018-03-15.16:09:37Z: verify_log:    Key strength: 2048
lcmaps[3944231]    LOG_INFO: 2018-03-15.16:09:37Z: verify_log:    CA hash: 530f7122, serial: C626
lcmaps[3944231]    LOG_INFO: 2018-03-15.16:09:37Z: verify_log:    subjAltName rfc822Name: chris.brew@stfc.ac.uk
lcmaps[3944231]    LOG_INFO: 2018-03-15.16:09:37Z: verify_log:    policy OID: 1.3.6.1.4.1.11439.1.1.1.2.2.0
lcmaps[3944231]    LOG_INFO: 2018-03-15.16:09:37Z: verify_log:    policy OID: 1.2.840.113612.5.2.2.1
lcmaps[3944231]    LOG_INFO: 2018-03-15.16:09:37Z: verify_log:    policy OID: 1.2.840.113612.5.2.3.3.3
lcmaps[3944231]    LOG_INFO: 2018-03-15.16:09:37Z: verify_log: Cert at depth 0 (proxylevel 0) is a VOMS RFC3820 Proxy: "/C=UK/O=eScience/OU=CLRC/L=RAL/CN=tweetie pie/CN=828088554"
lcmaps[3944231]    LOG_INFO: 2018-03-15.16:09:37Z: verify_log:    signature algorithm: sha256WithRSAEncryption (=1.2.840.113549.1.1.11)
lcmaps[3944231]    LOG_INFO: 2018-03-15.16:09:37Z: verify_log:    Key strength: 1024
lcmaps[3944231]    LOG_INFO: 2018-03-15.16:09:37Z: verify_log: The verification of the certificate has succeeded.
lcmaps[3944231]    LOG_INFO: 2018-03-15.16:09:37Z: verify_log: Verification of chain without private key is OK
lcmaps[3944231]    LOG_INFO: 2018-03-15.16:09:37Z: lcmaps_plugin_verify_proxy-plugin_run(): verify proxy plugin succeeded
lcmaps[3944231]    LOG_INFO: 2018-03-15.16:09:37Z: lcmaps_plugin_c_pep-plugin_run(): Using endpoint https://argus.pp.rl.ac.uk:8154/authz, try #1
lcmaps[3944231]    LOG_INFO: 2018-03-15.16:09:37Z: lcmaps_plugin_c_pep-plugin_run(): c_pep plugin succeeded
lcmaps[3944231]  LOG_NOTICE: 2018-03-15.16:09:37Z: LCMAPS CRED FINAL: mapped uid:'<UID>',pgid:'<GID>'
<poolaccount>:<poolgroudP>