Hi all,
I've put some changes into the Approved VOs document.
The CA DN fields for ENMR.EU and IPV6.HEPIX.ORG have changed. You may
wish to update if your site supports either of these VOs.
https://www.gridpp.ac.uk/wiki/GridPP_approved_VOs
Cheers,
Steve
-------- Original Message --------
Subject: [ EGI BROADCAST ] Change of a VOMS server certificate
(voms2.cnaf.infn.it) for enmr.eu VO
Date: 2016-08-23 13:28
From: Operations-portal <[log in to unmask]>
To: [log in to unmask]
Reply-To: [log in to unmask]
---------------------------------------------------------------------------------------------------------------
EGI BROADCAST TOOL : https://operations-portal.egi.eu/broadcast/send
---------------------------------------------------------------------------------------------------------------
Publication from : Alexandre Bonvin <[log in to unmask]>
----------------------------------------------------------------------------------------------------------------
Dear site managers,
This is an old message (see below) but it is still actual since several
sites did not do this update and we run into authentication problems
when one of our VOMS server went down and voms2.cnaf.infn.it took over.
It seems several sites have not yet performed this update. Could you
please check?
Thanks a lot
Alexandre
============ Original message from Diego Michelotto
=======================================
Starting from the 3rd November 2015 the INFN CA is using a new root
certificate.
Unfortunately this change, in particular the fact that there is a
*change of the CA DN*, creates issues to the VOs managed through VOMS
servers that acquired new server certificates released recently by the
INFN CA.
At this moment we have a new server certificate for the
voms2.cnaf.infn.it, that is supporting the following VOs:
- ams02.cern.ch
- comput-er.it
- enmr.eu
- euchina
- euindia
- eumed
- glast.org
- ipv6.hepix.org
- pacs.infn.it
- superbvo.org acive
- vo.dampe.org
- vo.padme.org
Therefore the configuration of grid services (SEs, CEs, UIs, WNs, ...)
must be updated to ensure the correct function with the VO proxy
certificates.
We would like to kindly ask you to update the LSC files (in
/etc/grid-security/vomsdir/"vo_name"/ to match the configuration
described here:
https://voms2.cnaf.infn.it:8443/voms/"vo_name"/configuration/configuration.action
Please replace "vo_name" with the actual VO name from the ones listed
above
You get this email because your site supports at least one VO hosted on
this server or you are a VO-manager of one of the interested VOs (just
for information).
Bellow there are some details that can help you:
The steps to be followed in order to update the .lsc file are the
following:
a. For services whose configuration is done using *YAIM*:
- Update the /"path_to"/"your_site_info.def" or
/"path_to"/vo.d/"vo_name_file" to contain the new CA_DN, for the
respective VOs.
For example, for the VO calet.org, there should be present the following
lines:
SW_DIR=$VO_SW_DIR/glast.org
DEFAULT_SE=$SE_HOST
STORAGE_DIR=$CLASSIC_STORAGE_DIR/glast.org
VOMS_SERVERS="'vomss://voms2.cnaf.infn.it:8443/voms/glast.org?/glast.org
'vomss://voms-02.pd.infn.it:8443/voms/glast.org?/glast.org'"
VOMSES="'glast.org voms2.cnaf.infn.it 15018
/C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it glast.org' 'glast.org
voms-02.pd.infn.it 15018
/C=IT/O=INFN/OU=Host/L=Padova/CN=voms-02.pd.infn.it glast.org'"
VOMS_CA_DN="'/C=IT/O=INFN/CN=INFN Certification Authority'
'/C=IT/O=INFN/CN=INFN Certification Authority'"
- Reconfigure the node by using only the config_vomsdir function:
# /opt/glite/yaim/bin/yaim -d 6 -r -s /"path_to"/"your_site_info.def" -f
config_vomsdir
- Check that the resulted .lsc file is correct
# cat /etc/grid-security/vomsdir/glast.org/voms2.cnaf.infn.it.lsc
/C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it
/C=IT/O=INFN/CN=INFN Certification Authority
b. For services whose configuration is *NOT done through YAIM*, please
update your configuration tools, if any, to correctly set the content of
the .lsc file for the respective VOs and the VOMS server indicated, like
in the example:
# cat /etc/grid-security/vomsdir/calet.org/voms2.cnaf.infn.it.lsc
/C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it
/C=IT/O=INFN/CN=INFN Certification Authority
All the Best,
Diego Michelotto
for the NGI_IT
----------------------------------------------------------------------------------------------------------------
link to this broadcast :
https://operations-portal.egi.eu/broadcast/archive/1486
----------------------------------------------------------------------------------------------------------------
|