Today : Wed, 18 Sep 24 .


INFN-PADOVA wiki


Fabric Management

Notes

PmWiki

edit SideBar

Ecar

Page: Site.Ecar - Last Modified : Fri, 03 Jul 09

Ecar

LFC (cert-23)

  • Install SL3 rpm:
rpm -ivh http://www.egrid.it/download/rpm/RPMS.egrid/ecar-1.2.1-1.i386.rpm
cd /etc/grid-security/
cat hostcert.pem hostkey.pem > ecar.pem
chmod 0400 ecar.pem
service ecar start
chkconfig --add ecar
chkconfig --add ecar
  • Check service:
# ps aux|grep ecar
root      9791  0.0  0.9 89552 4160 ?        Ssl  12:31   0:00 /opt/egrid/sbin/ecar-server -v

# netstat -putan|grep ecar
tcp        0      0 0.0.0.0:8859                0.0.0.0:*                   LISTEN      19972/ecar-server
tcp        0      0 193.206.210.250:40841       193.206.210.250:3306        ESTABLISHED 19972/ecar-server
tcp        0      0 193.206.210.250:40840       193.206.210.250:3306        ESTABLISHED 19972/ecar-server
tcp        0      0 193.206.210.250:40835       193.206.210.250:3306        ESTABLISHED 19972/ecar-server
tcp        0      0 193.206.210.250:40834       193.206.210.250:3306        ESTABLISHED 19972/ecar-server
tcp        0      0 193.206.210.250:40837       193.206.210.250:3306        ESTABLISHED 19972/ecar-server
tcp        0      0 193.206.210.250:40836       193.206.210.250:3306        ESTABLISHED 19972/ecar-server
tcp        0      0 193.206.210.250:40839       193.206.210.250:3306        ESTABLISHED 19972/ecar-server
tcp        0      0 193.206.210.250:40838       193.206.210.250:3306        ESTABLISHED 19972/ecar-server

https://cert-23.pd.infn.it:8859/

StoRM (cert-32)

  • Set the following variables in <confdir>/services/ig-se_storm_backend:
STORM_ACLMODE=jit
STORM_AUTH_POLICY=ecar
STORM_ECAR_ENDPOINT=https://cert-23.pd.infn.it:8859
  • Set the following variables in /opt/storm/backend/etc/sysconfig/storm-backend:
# if ENABLE_SSL != yes, the following SSL_* options are ignored.
export ENABLE_SSL=yes

# Path to the keystore containing trusted CA
export SSL_TRUST_STORE="/opt/storm/backend/etc/ecar.ts"

# password of the trusted keystore
export SSL_TRUST_STORE_PWD="truststore_pwd"

# Path to the key store
export SSL_KEY_STORE="/opt/storm/backend/etc/ecar.p12"

# password of the keystore containing the private and
# public key used by ecar.
export SSL_KEY_STORE_PWD="keystore_pwd"

# Type of the keystore containing public and
# private key used by ecar.
export SSL_KEY_STORE_TYPE=PKCS12
  • Reconfigure with yaim
  • Manual creation of the directory /flatfiles/SE00/infngrid/ecar (I catch an error when using clientSRM Mkdir -e httpg://cert-32.pd.infn.it:8444 -s srm://cert-32.pd.infn.it/infngrid/ecar - **INVESTIGATE**: ask Cozzini/Corso and Zappi)

Test

  • ecar-client

[root@cert-23 ~]# /opt/egrid/bin/ecar-client -vvv -d https://cert-23.pd.infn.it:8859 /grid/infngrid/ecar/ "/C=IT/O=INFN/OU=Personal Certificate/L=Padova/CN=Simone Dalla Fina"
SOAP endpoint: https://cert-23.pd.infn.it:8859
LFN: /grid/infngrid/ecar/
DN: /C=IT/O=INFN/OU=Personal Certificate/L=Padova/CN=Simone Dalla Fina
FQANs:
  (none)
fs_acl access mode: 0
result: true

[root@cert-23 ~]# /opt/egrid/bin/ecar-client -vvv -r -d https://cert-23.pd.infn.it:8859 /grid/infngrid/ecar/ "/C=IT/O=INFN/OU=Personal Certificate/L=Padova/CN=Simone Dalla Fina"
SOAP endpoint: https://cert-23.pd.infn.it:8859
LFN: /grid/infngrid/ecar/
DN: /C=IT/O=INFN/OU=Personal Certificate/L=Padova/CN=Simone Dalla Fina
FQANs:
  (none)
fs_acl access mode: 24
result: true

[root@cert-23 ~]# /opt/egrid/bin/ecar-client -vvv -w -d https://cert-23.pd.infn.it:8859 /grid/infngrid/ecar/ "/C=IT/O=INFN/OU=Personal Certificate/L=Padova/CN=Simone Dalla Fina"
SOAP endpoint: https://cert-23.pd.infn.it:8859
LFN: /grid/infngrid/ecar/
DN: /C=IT/O=INFN/OU=Personal Certificate/L=Padova/CN=Simone Dalla Fina
FQANs:
  (none)
fs_acl access mode: 710
result: true

[root@cert-23 ~]# /opt/egrid/bin/ecar-client -vvv -x -d https://cert-23.pd.infn.it:8859 /grid/infngrid/ecar/ "/C=IT/O=INFN/OU=Personal Certificate/L=Padova/CN=Simone Dalla Fina"
SOAP endpoint: https://cert-23.pd.infn.it:8859
LFN: /grid/infngrid/ecar/
DN: /C=IT/O=INFN/OU=Personal Certificate/L=Padova/CN=Simone Dalla Fina
FQANs:
  (none)
fs_acl access mode: 1
result: true
[dfina@cert-21 ~]$ export LFC_HOST=cert-23.pd.infn.it

[dfina@cert-21 ~]$ lfc-mkdir /grid/infngrid/ecar

[dfina@cert-21 cert]$ lfc-getacl /grid/infngrid/ecar
# file: /grid/infngrid/ecar
# owner: /C=IT/O=INFN/OU=Personal Certificate/L=Padova/CN=Simone Dalla Fina
# group: infngrid
user::rwx
group::rwx              #effective:rwx
other::r-x
default:user::rwx
default:group::rwx
default:other::r-x

[dfina@cert-21 ~]$ lfc-setacl -m user::rwx,group::,other:: /grid/infngrid/ecar

[dfina@cert-21 ~]$ lfc-getacl /grid/infngrid/ecar
# file: /grid/infngrid/ecar
# owner: /C=IT/O=INFN/OU=Personal Certificate/L=Padova/CN=Simone Dalla Fina
# group: infngrid
user::rwx
group::---              #effective:---
other::---
default:user::rwx
default:group::rwx
default:other::r-x

[dfina@cert-21 cert]$ lcg-cr -v --vo infngrid -d srm://cert-32.pd.infn.it/infngrid/ecar/prova file:///etc/hosts -l lfn:/grid/infngrid/ecar/prova
Using grid catalog type: lfc
Using grid catalog : cert-23.pd.infn.it
Checksum type: None
SE type: SRMv2
Destination SURL : srm://cert-32.pd.infn.it/infngrid/ecar/prova
Source SRM Request Token: 890f3f5f-b6dd-433b-88ac-3a82914e5fc0
Source URL: file:/etc/hosts
File size: 237
VO name: infngrid
Destination specified: srm://cert-32.pd.infn.it/infngrid/ecar/prova
Destination URL for copy: gsiftp://cert-32.pd.infn.it:2811//flatfiles/SE00/infngrid/ecar/prova
# streams: 1
          237 bytes      0.39 KB/sec avg      0.39 KB/sec inst
Transfer took 1020 ms
Using LFN: lfn:/grid/infngrid/ecar/prova
Using GUID: guid:e9864d1e-3a2d-4acd-89e1-949f1fffe3c8
Registering LFN: /grid/infngrid/ecar/prova (e9864d1e-3a2d-4acd-89e1-949f1fffe3c8)
Registering SURL: srm://cert-32.pd.infn.it/infngrid/ecar/prova (e9864d1e-3a2d-4acd-89e1-949f1fffe3c8)
guid:e9864d1e-3a2d-4acd-89e1-949f1fffe3c8

[verlato@cert-21 cert]$ lcg-cp -v srm://cert-32.pd.infn.it/infngrid/ecar/prova file:///tmp/prova.txt
Using grid catalog type: UNKNOWN
Using grid catalog : cert-23.pd.infn.it
VO name: infngrid
Trying SURL srm://cert-32.pd.infn.it/infngrid/ecar/prova ...
[WARNING] srm://cert-32.pd.infn.it/infngrid/ecar/prova: [SE][StatusOfGetRequest] Read access to srm://cert-32.pd.infn.it:8444/infngrid/ecar/prova denied!
srm://cert-32.pd.infn.it/infngrid/ecar/prova: srm://cert-32.pd.infn.it/infngrid/ecar/prova: [SE][StatusOfGetRequest] Read access to srm://cert-32.pd.infn.it:8444/infngrid/ecar/prova denied!
lcg_cp: Permission denied

=> OK!


Powered by PmWiki
Skin by CarlosAB

looks borrowed from http://haran.freeshell.org/oswd/sinorca
More skins here