Firewall requirements
Regular Maintenance work
Renew myproxy certificate for PhEDEx transfers (once per month)
The present myproxy servers have problems with host certificates for PSI from SWITCH, because they contain a "(PSI)" substring, and the parentheses are not correctly escaped in the regexp matching of the myproxy code.
Therefore, the renewer DN (-R argument to myproxy-init below) and the
allowed renewers policy on the myproxy server need to be defined with wildcards to enable the matching to succeed.
voms-proxy-init -voms cms
myproxyserver=myproxy.cern.ch
servicecert="/DC=com/DC=quovadisglobal/DC=grid/DC=switch/DC=hosts/C=CH/ST=Aargau/L=Villigen/O=Paul-Scherrer-Institut (PSI)/OU=AIT/CN=t3cmsvobox.psi.ch"
servicecert='*/CN=t3cmsvobox.psi.ch'
myproxy-init -s $myproxyserver -l psi_phedex -x -R "$servicecert" -c 720
scp ~/.x509up_u$(id -u) phedex@t3ui01:gridcert/proxy.cert
# for testing, you can try
myproxy-info -s $myproxyserver -l psi_phedex
As the phedex user do
chmod 600 ~/gridcert/proxy.cert
You should test whether the renewal of the certificate works for the phedex user:
unset X509_USER_PROXY # make sure that the service credentials from ~/.globus are used!
voms-proxy-init # initializes the service proxy cert that is allowed to retrieve the user cert
myproxyserver=myproxy.cern.ch
myproxy-get-delegation -s $myproxyserver -v -l psi_phedex -a /home/phedex/gridcert/proxy.cert -o /tmp/gagatest
export X509_USER_PROXY=/tmp/gagatest
srm-get-metadata srm://t3se01.psi.ch:8443/srm/managerv1?SFN=/pnfs/psi.ch/cms
rm /tmp/gagatest
Emergency Measures
Installation
Services
Refer to the description on the
Tier-2 VOBox.
There is one important difference: While we use FTS channels for the transfers to the Tier-2, we use the SRM backend for transfers to the Tier-3, because we do not have a FTS channel for PSI. This issue is linked to registering PSI as a regular grid site, which until recently was not possible, since we only sport a Grid SE, but no CE.
So, there is no fts.map file in the configuration area for the PhEDEx services.
Backups
--
DerekFeichtinger - 19 Jan 2009