VO_ALICE_VOMS_SERVERS="'vomss://voms.cern.ch:8443/voms/alice?/alice/' 'vomss://voms.cern.ch:8443/voms/alice?/alice/'"
VO_ALICE_VOMSES="'alice lcg-voms.cern.ch 15000 /DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch alice'
'alice voms.cern.ch 15000 /C=CH/O=CERN/OU=GRID/CN=host/voms.cern.ch alice'"
VO_ATLAS_VOMS_SERVERS="'vomss://voms.cern.ch:8443/voms/atlas?/atlas/'
'vomss://voms.cern.ch:8443/voms/atlas?/atlas/'"
VO_ATLAS_VOMSES="'atlas lcg-voms.cern.ch 15001
/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch atlas' 'atlas voms.cern.ch
15001 /C=CH/O=CERN/OU=GRID/CN=host/voms.cern.ch atlas'"
VO_ATLAS_VOMS_POOL_PATH="/lcg1"
VO_CMS_VOMS_SERVERS="'vomss://voms.cern.ch:8443/voms/cms?/cms/'
'vomss://voms.cern.ch:8443/voms/cms?/cms/'"
VO_CMS_VOMSES="'cms lcg-voms.cern.ch 15002
/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch cms' 'cms voms.cern.ch
15002 /C=CH/O=CERN/OU=GRID/CN=host/voms.cern.ch cms'"
VO_DTEAM_VOMS_SERVERS="'vomss://voms.cern.ch:8443/voms/dteam?/dteam/'
'vomss://voms.cern.ch:8443/voms/dteam?/dteam/'"
VO_DTEAM_VOMSES="'dteam lcg-voms.cern.ch 15004
/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch dteam' 'dteam voms.cern.ch
15004 /C=CH/O=CERN/OU=GRID/CN=host/voms.cern.ch dteam'"
VO_LHCB_VOMS_SERVERS="'vomss://voms.cern.ch:8443/voms/lhcb?/lhcb/'
'vomss://voms.cern.ch:8443/voms/lhcb?/lhcb/'"
VO_LHCB_VOMSES="'lhcb lcg-voms.cern.ch 15003
/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch lhcb' 'lhcb voms.cern.ch
15003 /C=CH/O=CERN/OU=GRID/CN=host/voms.cern.ch lhcb'"
VO_LHCB_VOMS_EXTRA_MAPS="lcgprod lhcbprod"
VO_OPS_VOMS_SERVERS="vomss://voms.cern.ch:8443/voms/ops?/ops/"
VO_OPS_VOMSES="'ops lcg-voms.cern.ch 15009
/C=CH/O=CERN/OU=GRID/CN=host/lcg-voms.cern.ch ops'
--
On Thu, 24 May 2007, Yves Coppens wrote:
> Hello Chris,
>
> These are the changes to site-info.def I've made. It's probably better
> that one site confirms first it work for them too (though it did for me
> but see ROLLOUT) before the others do it.
>
> <--
> VO_ALICE_VOMSES="alice lcg-voms.cern.ch 15000 /DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch alice"
>
> VO_ATLAS_VOMSES="atlas lcg-voms.cern.ch 15001 /DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch atlas"
>
> VO_CMS_VOMSES="cms lcg-voms.cern.ch 15002 /DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch cms"
>
> VO_DTEAM_VOMSES="dteam lcg-voms.cern.ch 15004 /DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch dteam"
>
> VO_LHCB_VOMSES="lhcb lcg-voms.cern.ch 15003 /DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch lhcb"
>
> VO_OPS_VOMSES="ops lcg-voms.cern.ch 15009 /DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch ops"
> -->
>
> and then I ran the config_vomses yaim function, which created new files
> in /opt/edg/etc/vomses/ Note, that I removed first the old *.cern.ch
> files in that directory as the old files caused me some trouble.
>
> The content of the new files that yaim generated is for example:
>
> $ cat /opt/edg/etc/vomses/atlas-lcg-voms.cern.ch
> "atlas" "lcg-voms.cern.ch" "15001" "/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch" "atlas"
> $ cat /opt/edg/etc/vomses/dteam-lcg-voms.cern.ch
> "dteam" "lcg-voms.cern.ch" "15004" "/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch" "dteam"
> $
>
>
> Yves
>
>
>
> On Thu, 24 May 2007, Brew, CAJ (Chris) wrote:
>
> > Hi,
> >
> > If someone has already worked them out could the post the relavant lines
> > from site-info.def.
> >
> > Thanks,
> > Chris.
> >
> > > -----Original Message-----
> > > From: Testbed Support for GridPP member institutes
> > > [mailto:[log in to unmask]] On Behalf Of Graeme Stewart
> > > Sent: 24 May 2007 16:11
> > > To: [log in to unmask]
> > > Subject: Issues from lcg-voms.cern.ch certificate change
> > >
> > > Folks
> > >
> > > Please note that on your UI and RBs it is necessary to change the DN
> > > of lcg-voms.cern.ch as given below.
> > >
> > > This applies to VOMS servers for dteam, atlas, cms, alice, lhcb (and
> > > less importantly ops).
> > >
> > > Other issues:
> > >
> > > 1. The central LFC for dteam (at least) does not recognise proxies
> > > signed by lcg-voms.cern.ch. See
> > > https://gus.fzk.de/ws/ticket_info.php?
> > > ticket=22426.
> > >
> > > 2. The VOMS DNs given by yaimtool (https://lcg-sft.cern.ch/yaimtool/
> > > yaimtool.py) are wrong. See https://gus.fzk.de/ws/ticket_info.php?
> > > ticket=22444.
> > >
> > > 3. The VOMS DNs given in various YAIM example files are wrong. See
> > > https://gus.fzk.de/ws/ticket_info.php?ticket=22445.
> > >
> > > Cheers
> > >
> > > Graeme
> > >
> > > Begin forwarded message:
> > >
> > > > From: Graeme Stewart <[log in to unmask]>
> > > > Date: 24 May 2007 15:50:24 BDT
> > > > To: [log in to unmask]
> > > > Subject: Re: [Scotgrid-tech-discuss] Fwd: LAST WARNING: lcg-
> > > > voms.cern.ch certificate will be changed on May 24th!
> > > >
> > > > Ah yes, well spotted.
> > > >
> > > > Can everyone please make sure their VOMS file for dteam-lcg-
> > > > voms.cern.ch is:
> > > >
> > > > "dteam" "lcg-voms.cern.ch" "15004" "/DC=ch/DC=cern/OU=computers/
> > > > CN=lcg-voms.cern.ch" "dteam"
> > > >
> > > > i.e., with the DN updated.
> > > >
> > > > N.B. this needs to be changed in /opt/edg/etc/vomses and
> > > /opt/glite/
> > > > etc/vomses so that both versions of voms-proxy-init (edg and glite
> > > > flavours) work.
> > > >
> > > > Speaking to Greig has revealed that neither of us can get a proxy
> > > > from voms.cern.ch, despite having the same configuration as
> > > Matt in
> > > > Lancaster - this turned out to be an issue with the DN of
> > > > voms.cern.ch changing way back last year. The correct
> > > configuration
> > > > is:
> > > >
> > > > "dteam" "voms.cern.ch" "15004" "/DC=ch/DC=cern/OU=computers/
> > > > CN=voms.cern.ch" "dteam"
> > > >
> > > > And why was this? Because it's wrong in the VOs.def example
> > > > distributed with YAIM. (It's correct in the sample site-info.def -
> > > > but hard to pick up on that fact when trying to track changes.)
> > > >
> > > > The correct site-info.def entry is:
> > > >
> > > > VO_DTEAM_VOMSES="'dteam lcg-voms.cern.ch 15004 /DC=ch/DC=cern/
> > > > OU=computers/CN=lcg-voms.cern.ch dteam' 'dteam voms.cern.ch 15004
> > > > DC=ch/DC=cern/OU=computers/CN=voms.cern.ch dteam'"
> > > >
> > > > N.B. it's also wrong in yaimtool (https://lcg-sft.cern.ch/yaimtool/
> > > > yaimtool.py).
> > > >
> > > > I will raise a ticket about the poor information - in the meantime
> > > > can you all ensure that your vomses directories contain the
> > > correct
> > > > information...
> > > >
> > > > Oh bugger, in fact it's the wrong DN for all of the LHC VOs now.
> > > >
> > > > I offer the following, to be run in /opt/{glite,edg}/etc/vomses:
> > > >
> > > > # perl -i.bak -pe 's/\/C=CH\/O=CERN\/OU=GRID\/CN=host\//\/DC=ch\/
> > > > DC=cern\/OU=computers\/CN=/' *
> > > >
> > > > Cheers
> > > >
> > > > Graeme
> > > >
> > > > On 24 May 2007, at 11:51, sskipsey wrote:
> > > >
> > > >> Graeme - I believe so. I have the emails you sent around
> > > >> originally on the issue.
> > > >>
> > > >> By the way, I noticed that I didn't /just/ have to install
> > > the new
> > > >> voms certificates - I also had to change the contents of some of
> > > >> the vomses files in /opt/edg/etc/vomses/
> > > >> I may have missed this being given as an instruction, but I
> > > >> thought I'd mention it.
> > > >>
> > > >> Sam
> > >
> > > --
> > > Dr Graeme Stewart - http://wiki.gridpp.ac.uk/wiki/User:Graeme_stewart
> > > ScotGrid - http://www.scotgrid.ac.uk/ http://scotgrid.blogspot.com/
> > >
> >
>
|