Hi Jens,
scripts are for me easier than the WEB interface if they will work I might
even start to use them also for normal requests because they can be
integrated in the management environment.
I have all the scripts that have been written up to now. I only need to
find the time to test them. One of the things I'm a bit worried about for
the tests is that they might interfere with the normal CA activity. Is
there any suggestion for this?
Anyway I'll wait for the ticket to move the discussion out of the storage
mailing list.
thanks
cheers
alessandra
On Fri, 5 Aug 2005, Jensen, J (Jens) wrote:
> Hi Alessandra,
>
> [Sorry for going offtopic for the storage list, I will stick
> this into the GOSC helpdesk and we will track it from there.
> If you are not Alessandra and have a particular interest in
> this, let me know if you want to be kept cc'ed]
>
> It wasn't really automated until now because you are the only person
> who has applied for an "unmanageable" amount of certificates.
>
> For the bulk request, there are scripts you can use. Mike
> wrote one but we have a new one in python.
>
> For the approval, we will have to "cheat". If you make all 1000
> requests with the same PIN, we know that they belong together.
> It also helps if they have similar DNs, e.g. grid000.man.ac.uk
> to grid999.man.ac.uk. If *you* approve *one*, we will approve the
> rest by modifying the database. It's a hack but should work
> and it is consistent with the CP/CPS and the overall CA security.
>
> Unfortunately we don't yet have any bulk *signing* facility
> but perhaps we can hack something if we have a couple of days.
>
> We need to solve the notification problem first, though. When
> you apply for 1000 certificates, the RA will get 1000 notification
> email! Ditto for the certificate issuance notification.
>
> Downloading is trivial if you have the serial numbers, and we can
> send you those. You may not get consecutive ones (depending on
> whether and how we solve the signing).
>
> So I'll get back to you about the scripts and let you know when you
> can start, no later than Tuesday next week. Hope that's ok.
>
> "Thank you for making a simple CA very happy" :-)
>
> Cheers,
> --jens
>
>> -----Original Message-----
>> From: GRIDPP2: Deployment and support of SRM and local storage
>> management [mailto:[log in to unmask]]On Behalf Of
>> Alessandra
>> Forti
>> Sent: 02 August 2005 09:21
>> To: [log in to unmask]
>> Subject: Re: certificates bulk requests, approvals and downloads
>>
>>
>> Hi Owen,
>>
>>> No it does not, poor RA (is it Mike Jones?)
>>
>> it will be me actually and one of the tier2 sys admin.
>>
>> It is not ideal if the RA still have to go through a bulk
>> request by hand
>> for the approval. Why this wasn't automated? Will I also receive
>> ~1000 emails of confirmation with the URL to download the
>> certificates
>> from, or an id number each I have to insert by hand in a WEB page?
>>
>> Can you point me to these scripts? If you did it I think I missed it.
>>
>> thanks
>>
>> cheers
>> alessandra
>>
>> On Fri, 29 Jul 2005, Owen Synge wrote:
>>
>>> On Fri, 29 Jul 2005 14:00:26 +0100
>>> Alessandra Forti <[log in to unmask]> wrote:
>>>
>>>> Actually....
>>>>
>>>> I hope the RA aproval can be also performed with this code. :)
>>>
>>>
>>> we are just testing on Red hat for the first time as it was
>> developed on
>>> debian, and tested on Debian.
>>>
>>> Do you have access to a debian box, it may make your life
>> easier, but
>>> Redhat testing must be done either before you use it or after,
>>>
>>> Regards
>>>
>>> Owen
>>>
>>>
>>>
>>>
>>>
>>>> On Fri, 29 Jul 2005, Alessandra Forti wrote:
>>>>
>>>>> Hi Owen,
>>>>>
>>>>> let me know when I can test the code. I hope the test
>> phase doesn't
>>>>> have to go through the usual procedure with the RA aproval.
>>>>>
>>>>> thanks
>>>>>
>>>>> cheers
>>>>> alessandra
>>>>>
>>>>> On Fri, 29 Jul 2005, Owen Synge wrote:
>>>>>
>>>>>> On Fri, 29 Jul 2005 12:16:29 +0100
>>>>>> Alessandra Forti <[log in to unmask]> wrote:
>>>>>>
>>>>>>> Hi Jens,
>>>>>>
>>>>>> Hello
>>>>>>
>>>>>> its Owen S here, Jens is on Holiday. I am back on support after a
>>>>> break > negotiating CERN and RAL's response to the next set of
>>>>> feature requests > from the experiments for the next iteration of
>>>>> Tier 0/1 SRM development > based upon Castor, sorry for the
>>>>> interruption of service. >
>>>>>>
>>>>>>> is there a way to do certificates bulk requests, approvals and
>>>>>>> downloads?
>>>>>>
>>>>>> Yes but you have to be a Beta tester for some python
>> scripts the CA
>>>>> have > created.
>>>>>>
>>>>>>> The date I'll have to do is not that far now.
>>>>>>
>>>>>> Well the CA line is they shall be very curious to see
>> how well you
>>>>> get on > with their new code.
>>>>>>
>>>>>>> thanks
>>>>>>
>>>>>> I shall chase this up today, and hopefully send you an
>> email before
>>>>>> close of play today giving details.
>>>>>>
>>>>>>> cheers
>>>>>>> Alessandra
>>>>>>
>>>>>> Thank you
>>>>>>
>>>>>> Owen
>>>>>>
>>>>>> PS
>>>>>>
>>>>>> The CA has been expecting this for some time.
>>>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>> ********************************************
>>>> * Dr Alessandra Forti *
>>>> * Technical Coordinator - NorthGrid Tier2 *
>>>> * http://www.hep.man.ac.uk/u/aforti *
>>>> ********************************************
>>>
>>
>> --
>> ********************************************
>> * Dr Alessandra Forti *
>> * Technical Coordinator - NorthGrid Tier2 *
>> * http://www.hep.man.ac.uk/u/aforti *
>> ********************************************
>>
>
--
********************************************
* Dr Alessandra Forti *
* Technical Coordinator - NorthGrid Tier2 *
* http://www.hep.man.ac.uk/u/aforti *
********************************************
|