Versions Compared

Old Version 3

changes.mady.by.user Unknown User (wenzel)

Saved on

compared with

New Version Current

changes.mady.by.user Unknown User (alexconway)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

...

Import the ticket into your browser (In Chrome, go to Settings -> Advanced Settings... -> HTTP/SSL -> Manage Certificates... -> Import...). Now you should be able to access the MCDRD VO registration page. Fill in the form on this page and submit. The request will be submitted to the VO's administrator and you should get a confirmation email when the submission is made and when the request is approved.

Using the OSG

Setup:

(Subsections are modified from this page unless otherwise noted.)

...

Download the file.

No Format
$ wget http://security.fnal.gov/krb5.conf

Set the environment variable KRB5_CONFIG to point to the Fermilab configuration file.

No Format
$ export KRB5_CONFIG=`pwd`/krb5.conf

...

Initialize the Kerberos session.

No Format
$ kinit -f USERNAME@FNAL.GOV

Connect to detsim using ssh

No Format
$ ssh USERNAME@detsim.fnal.gov

You may need to use ssh_config for the SSH configuration file.

No Format
$ ssh -F ssh_config USERNAME@detsim.fnal.gov

...

  1. Export your Open Science Grid certificate from your browser.

  2. Use the scp utility to copy the certificate to your detsim account, then ssh into detsim to perform the rest of these steps.

    No Format
    $ scp /path/to/<YourCert>.p12 USERNAME@detsim.fnal.gov:~/
$ ssh USERNAME@detsim.fnal.gov

  3. Convert the certificate using the openssl command as shown (use your actual .p12 certificate filename with no angle brackets; use the output name usercert.pem as shown). (You may have to create the $HOME/.globus directory)

    No Format
    $ openssl pkcs12 -in <YourCert>.p12 -clcerts -nokeys -out $HOME/.globus/usercert.pem

  4. To get the encrypted private key (again use your actual .pl2 certificate filename; use the output name userkey.pem as shown):

    No Format
    $ openssl pkcs12 -in <YourCert>.p12 -nocerts -out $HOME/.globus/userkey.pem

  5. You must set the mode on your userkey.pem file to read/write only by the owner, otherwise grid-proxy-init will not use it

    No Format
    $ chmod go-rw $HOME/.globus/userkey.pem

...

No Format
cat > sleep_grid << +EOF
universe = grid
globusschedulerGridResource = fngp-osggt2 fnpcosg1.fnal.gov/jobmanager-condor
executable = /bin/sleep
transfer_output = true
transfer_error = true
transfer_executable = true
log = sleep_grid.log.\$(Cluster).\$(Process)
notification = NEVER
output = sleep_grid.out.\$(Cluster).\$(Process)
error = sleep_grid.err.\$(Cluster).\$(Process)
stream_output = false
stream_error = false
ShouldTransferFiles = YES
WhenToTransferOutput = ON_EXIT
globusrsl = (jobtype=single)(maxwalltime=999)
Arguments = 10
queue 5
+EOF


condor_submit sleep_grid

...

No Format
rm -f env_grid.sh
cat > env_grid.sh << +EOF
#!/bin/sh -f
printenv
pwd
cd \${_CONDOR_SCRATCH_DIR}
pwd
#
# This sets up the environment for osg in case we want to
# use grid services like srmcp
#
. $OSG_GRID/setup.sh
source \${VDT_LOCATION}/setup.sh
printenv
/bin/df
+EOF
chmod +x env_grid.sh

rm -f env_grid.run
cat > env_grid.run << +EOF
universe = grid
globusschedulerGridResource = fngp-osggt2 fnpcosg1.fnal.gov/jobmanager-condor
executable = ./env_grid.sh
transfer_output = true
transfer_error = true
transfer_executable = true
log = env_grid.log.\$(Cluster).\$(Process)
notification = NEVER
output = env_grid.out.\$(Cluster).\$(Process)
error = env_grid.err.\$(Cluster).\$(Process)
stream_output = false
stream_error = false
ShouldTransferFiles = YES
WhenToTransferOutput = ON_EXIT
globusrsl = (jobtype=single)(maxwalltime=999)
queue
+EOF

condor_submit env_grid.run