-
Notifications
You must be signed in to change notification settings - Fork 0
/
Install_vo_test.txt
420 lines (348 loc) · 14.6 KB
/
Install_vo_test.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
# get user key and cert
# comme root
mkdir -p /root/.xos/truststore/certs/
mkdir -p /root/.xos/truststore/private/
cp user.crt /root/.xos/truststore/certs/user.crt
cp user.key /root/.xos/truststore/private/user.key
openssl verify -CApath /etc/xos/truststore/certs/ /root/.xos/truststore/certs/user.crt
service xos-amsd restart
xos-policy-admin-chk -pem /root/.xos/truststore/certs/user.crt
dn = [/CN=584fddf7-69ae-47cc-b864-78f76e836aac], vo = [ffc8e45b-914d-41b7-aba0-a04fece111cf], role = [null]
PAM:fail in mapping connect !
* a)Please check whether AMS daemon is running correctly *
* b)Please check whether mapping rules are correct. *
* If not, try: *
* xos-policy-admin-am -vo <vo> --force *
* xos-policy-admin-gm -vo <vo> --force *
* c)Please check whether setting rule is correct. *
* If not, try: *
* xos-policy-admin-set -uidmax <num> -uidmin <num> *
* -gidmax <num> -gidmin <num> *
Oops: Permission denied
VO=f3b9b88c-1903-41a7-825f-e8591be78581
xos-policy-admin-am -vo $VO --force
xos-policy-admin-gm -vo $VO --force
xos-policy-admin-chk -pem /root/.xos/truststore/certs/user.crt
adduser sk
passwd sk
# en root sur le ressource
cp user.crt /home/sk/user.crt
cp user.key /home/sk/user.key
chown sk.sk /home/sk/user*
su -s k
mkdir -p /home/sk/.xos/truststore/certs/
mkdir -p /home/sk/.xos/truststore/private/
cp user.crt /home/sk/.xos/truststore/certs/user.crt
cp user.key /home/sk/.xos/truststore/private/user.key
openssl verify -CApath /etc/xos/truststore/certs/ /home/sk/.xos/truststore/certs/user.crt
pam_app_conv -pem /home/sk/.xos/truststore/certs/user.crt
/etc/init.d/sshd-xos restart
# en sk sur la ressource
# comme sk
chown -R sk.sk /home/sk
su - sk
mkdir -p /home/sk/.xos/truststore/certs/
mkdir -p /home/sk/.xos/truststore/private/
cp /home/sk/user.crt /home/sk/.xos/truststore/certs/user.crt
cp /home/sk/user.key /home/sk/.xos/truststore/private/user.key
cp /home/sk/user.key /home/sk/.xos/user.key
pam_app_conv -pem /home/sk/.xos/truststore/certs/user.crt
cat > /home/sk/.ssh/config-xos.modele <<EOF
Host __HOST__
XosProxyFile /home/sk/.xos/truststore/certs/user.crt
XosVoName test
EOF
HOST=`hostname`
sed "s/__HOST__/$HOST/g" /home/sk/.ssh/config-xos.modele > /home/sk/.ssh/config-xos
cat /home/sk/.ssh/config-xos
#must remove w from group (due to umask?)
chmod g-w /home/sk/.ssh/config-xos
ssh-xos $HOST
Last login: Tue Dec 2 16:39:02 2008 from paraxos5.irisa.fr
whoami
#/CN=584fddf7-69ae-47cc-b864-78f76e836aac
pwd
#/home/584fddf7-69ae-47cc-b864-78f76e836aac
cat > MyFirstFile < EOF
abc
EOF
ls -al
total 17
drwxrwxrwx 1 root root 0 2008-12-02 16:39 ./
drwxr-xr-x 13 root root 4096 2008-12-02 16:25 ../
-rwxrwxrwx 1 /CN=584fddf7-69ae-47cc-b864-78f76e836aac root 19 2008-12-02 16:37 .bash_history*
-rwxrwxrwx 1 /CN=584fddf7-69ae-47cc-b864-78f76e836aac xosuser_g60297 4 2008-12-02 16:39 MyFirstFile*
drwxrwxrwx 1 /CN=584fddf7-69ae-47cc-b864-78f76e836aac root 0 2008-12-02 16:36 tmp/
-bash-3.2$ exit
logout
Connection to paraxos5.irisa.fr closed.
[root@paraxos5 ~]# service xosd stop
Stopping xosd: [ OK ]
[root@paraxos5 ~]# cat /etc/xos/config/XOSdConfig.conf
#Properties File for the client application
#Mon Dec 01 18:25:33 CET 2008
rootaddress.host=131.254.201.20
certificateLocation=/etc/xos/truststore/certs/resource.crt
xosdRootDir=.
networkInterface=
externalAddress=131.254.201.20
trustStoreSSL=/etc/xos/truststore/certs/
trustStore=/etc/xos/truststore/certs/
xosdport=60000
xmlport=55000
rootaddress.externalAddress=131.254.201.20
rootaddress.port=60000
services.size=15
privateKeyLocation=/etc/xos/truststore/private/resource.key
useSSL=false
services.13=eu.xtreemos.xosd.srdsmng.service.SRDSMngHandler
services.12=eu.xtreemos.xosd.jobmng.service.JobMngHandler
services.11=eu.xtreemos.xosd.security.vops.service.VOPSHandler
services.10=eu.xtreemos.xosd.security.rca.client.service.RCAClientHandler
services.7=eu.xtreemos.xosd.execMng.service.ExecMngHandler
services.5=eu.xtreemos.xosd.resmng.service.ResMngHandler
services.4=eu.xtreemos.xosd.jobDirectory.service.JobDirectoryHandler
services.3=eu.xtreemos.xosd.resourcemonitor.service.ResourceMonitorHandler
services.2=eu.xtreemos.xosd.xmlextractor.service.XMLExtractorHandler
services.1=eu.xtreemos.xosd.security.rca.server.service.RCAServerHandler
services.0=eu.xtreemos.xosd.daemon.DaemonGlobal
[root@paraxos5 ~]# service xosd start
Starting xosd: [ OK ]
[root@paraxos5 ~]# service xosd stop
Stopping xosd: [ OK ]
[root@paraxos5 ~]# cat /root/.xos/XATIConfig.conf
#Properties File for the client application
#Tue Dec 02 16:40:45 CET 2008
useSSL=false
xosdaddress.externalAddress=131.254.201.20
xosdaddress.host=131.254.201.20
privateKeyLocation=/etc/xos/truststore/private/resource.key
userKeyFile=/root/.xos/truststore/private/user.key
networkInterface=
trustStoreSSL=/etc/xos/truststore/certs/
address.host=131.254.201.20
userCertificateFile=/root/.xos/truststore/certs/user.crt
xosdaddress.port=60000
address.port=10000
certificateLocation=/etc/xos/truststore/certs/resource.crt
#NOTE: file .xos/XATICAConfig.conf does not exist any more
[root@paraxos5 ~]# xconsole_dixi
XtreemOS Console
$ exit
Bye
^C
[sk@paraxos5 ~]$ cat /home/sk/.xos/XATIConfig.conf
#Properties File for the client application
#Wed Nov 12 15:01:17 CET 2008
useSSL=false
xosdaddress.externalAddress=131.254.201.20
xosdaddress.host=131.254.201.20
privateKeyLocation=/etc/xos/truststore/private/reskey.pem
userKeyFile=/home/sk/.xos/truststore/private/user.key
networkInterface=
trustStoreSSL=/etc/xos/truststore/certs/
address.host=131.254.201.20
userCertificateFile=/home/sk/.xos/truststore/certs/user.crt
xosdaddress.port=60000
address.port=10000
certificateLocation=/etc/xos/truststore/certs/rescert.pem
[root@paraxos5 ~]# xps -a
Could not open Config File: open: No such file or directory
Expected File: /root/.xos/XATICAConfig.conf
Using and writing default values for configError certificate File : /etc/xos/truststore/certs/xati_dummy.pem
[root@paraxos5 ~]# cat /root/.xos/XATICAConfig.conf
xosdaddress.host=paraxos5.irisa.fr
xosdaddress.port=55000
address.host=paraxos5.irisa.fr
address.port=10001
certificateLocation=/etc/xos/truststore/certs/resource.crt
privateKeyLocation=/etc/xos/truststore/private/resource.key
trustStoreSSL=/etc/xos/truststore/certs/
useSSL=false
cdaaddress.host=paraxos5.irisa.fr
cdaaddress.port=60000
[sk@paraxos5 ~]$ xps -a
Could not open Config File: open: No such file or directory
Expected File: /home/sk/.xos/XATICAConfig.conf
Using and writing default values for configError certificate File : /etc/xos/truststore/certs/xati_dummy.pem
[sk@paraxos5 ~]$ cat /home/sk/.xos/XATICAConfig.conf
xosdaddress.host=paraxos5.irisa.fr
xosdaddress.port=55000
address.host=paraxos5.irisa.fr
address.port=10001
certificateLocation=/etc/xos/truststore/certs/resource.crt
privateKeyLocation=/etc/xos/truststore/private/resource.key
trustStoreSSL=/etc/xos/truststore/certs/
useSSL=false
cdaaddress.host=paraxos5.irisa.fr
cdaaddress.port=60000
[root@paraxos5 ~]# cat /etc/xos/config/RCAServerConfig.conf
#Properties File for the client application
#Tue Dec 02 16:46:28 CET 2008
certDNCountry=FR
attributeType=V3
keyPassword=
certificateFileName=/etc/xos/truststore/certs/rcaserver.crt
certDNOrganisation=INRIA
cdaPassword=
daysCertValidity=30
privateKey=/etc/xos/truststore/private/rcaserver.key
rcaDBFile=/etc/xos/RCADB.bin
certDNOrganisationUnit=XtreemOS
certDNLocation=Rennes
[root@paraxos5 ~]# cat /etc/xos/config/RCAClientConfig.conf
#Properties File for the client application
#Mon Dec 01 18:25:34 CET 2008
resPrivateKeyFileName=/etc/xos/truststore/private/resource.key
resAttributeCertExtFileName=/etc/xos/truststore/certs/attrextcert.crt
resAttributeCertFileName=/etc/xos/truststore/certs/attrcert.crt
cdaCertificateFileName=/etc/xos/truststore/certs/rcaserver.crt
resVOAttributeCertIncoming=/etc/xos/truststore/certs/incoming/
resIdentityCertFileName=/etc/xos/truststore/certs/resource.crt
#create an initial ResMng.conf
#not sure it is necessary
[root@paraxos5 ~]# cat /etc/xos/config/ResMng.conf
#Properties File for the client application
#Tue Dec 02 16:46:28 CET 2008
VOPSPubCert=/etc/xos/truststore/certs/vops.crt
testVOPS=false
useADS=false
[root@paraxos5 ~]# service xosd start
Starting xosd: [ OK ]
[root@paraxos5 ~]# rca_apply
Returned from service call: successMethod
[root@paraxos5 ~]# rca_list_pending
Returned from service call: successMethod
Listing pending resources:
ResouceID = [IP=131.254.201.20:60000]: [hostIP={Address = [://paraxos5.irisa.fr/131.254.201.20:60000(/131.254.201.20)]}, hostUniqueID={131.254.201.20}, operatingSystemName={Linux}, processorArchitecture={x86}, CPUCount={8.0}, RAMSize={3.44981504E9}]
[root@paraxos5 ~]# rca_list_registered
Returned from service call: successMethod
Listing registered resources:
List empty.
[root@paraxos5 ~]# rca_confirm 131.254.201.20:60000
Returned from service call: successMethod
[root@paraxos5 ~]# rca_list_pending
Returned from service call: successMethod
Listing pending resources:
List empty.
[root@paraxos5 ~]# rca_list_registered
Returned from service call: successMethod
Listing registered resources:
ResouceID = [IP=131.254.201.20:60000]: [hostIP={Address = [://paraxos5.irisa.fr/131.254.201.20:60000(/131.254.201.20)]}, hostUniqueID={131.254.201.20}, operatingSystemName={Linux}, processorArchitecture={x86}, CPUCount={8.0}, RAMSize={3.44981504E9}]
[root@paraxos5 ~]# rca_request
Returned from service call: successMethod
Requesting a new certificate...
Identity certificate:
DN: C=FR,L=Rennes,OU=XtreemOS,O=INRIA,CN=Address = [://paraxos5.irisa.fr/131.254.201.20:60000(/131.254.201.20)]
serial number: 1228233464092
issuer DN: O=INRIA,OU=RCA VO Yvon,CN=paraxos5.irisa.fr
validity start: Tue Dec 02 16:52:44 CET 2008
validity end: Thu Jan 01 17:02:44 CET 2009
Attributes of attribute certificate:
(attributes in extensions)
MemorySize = 3.44981504E9
Service =
eu.xtreemos.system.communication.redirector.ServiceCallRedirector
eu.xtreemos.xosd.daemon.Daemon
eu.xtreemos.xosd.security.rca.server.RCAServer
eu.xtreemos.xosd.xmlextractor.XMLExtractor
eu.xtreemos.xosd.resourcemonitor.ResourceMonitor
eu.xtreemos.xosd.jobDirectory.JobDirectory
eu.xtreemos.xosd.resmng.ResMng
eu.xtreemos.xosd.execMng.ExecMng
eu.xtreemos.xosd.security.rca.client.RCAClient
eu.xtreemos.xosd.security.vops.VOPS
eu.xtreemos.xosd.jobmng.JobMng
eu.xtreemos.xosd.srdsmng.SRDSMng
CPUCount = 8
CPUSpeed = 1.673527296E9
[root@paraxos5 ~]# ls -al /etc/xos/truststore/certs/incoming/
total 8
drwxr-xr-x 2 root root 4096 2008-11-26 15:42 ./
drwxr-xr-x 3 root root 4096 2008-12-02 16:57 ../
[root@paraxos5 ~]# chmod 777 /etc/xos/truststore/certs/incoming
[root@paraxos5 ~]# dixi_test -RCA avo ffc8e45b-914d-41b7-aba0-a04fece111cf 131.254.201.20:60000
Returned from service call: successMethod
Adding the resource 131.254.201.20:60000 to the VO.
Added resource 131.254.201.20:60000 to VO ffc8e45b-914d-41b7-aba0-a04fece111cf.
[root@paraxos5 ~]# ls -al /etc/xos/truststore/certs/incoming/
total 12
drwxrwxrwx 2 root root 4096 2008-12-02 17:00 ./
drwxr-xr-x 3 root root 4096 2008-12-02 16:57 ../
-rw-r--r-- 1 root root 1931 2008-12-02 17:00 attrcertffc8e45b-914d-41b7-aba0-a04fece111cfext.crt
[root@paraxos5 ~]# cp /etc/xos/truststore/certs/incoming/attrcertffc8e45b-914d-41b7-aba0-a04fece111cfext.crt /etc/xos/truststore/certs/
[root@paraxos5 ~]# service gmond stop
Shutting down GANGLIA gmond: [ OK ]
[root@paraxos5 ~]# service gmond start
Starting GANGLIA gmond: [ OK ]
[root@paraxos5 ~]# cat /etc/xos/config/Rss/config.cfg
local_port = 1905
network_interface = eth0
disk_device = sda4
bootstrap_address = 131.254.201.20
bootstrap_port = 1905
bootstrap_time = 1000
socket_timeout = 60000
...
[root@paraxos5 ~]# cat /etc/xos/config/Bamboo/stdconf.cfg
...
<initargs>
node_id 131.254.201.20:3630
</initargs>
...
gateway 131.254.201.20:3630
...
[root@paraxos5 ~]# cat /etc/xos/config/ResMng.conf
#Properties File for the client application
#Tue Dec 02 16:46:28 CET 2008
VOPSPubCert=/etc/xos/truststore/certs/vops.crt
testVOPS=true
useADS=true
[sk@paraxos5 ~]$ cat psx.jsdl
<?xml version="1.0" encoding="UTF-8"?>
<JobDefinition xmlns:jsdl="http://schemas.ggf.org/jsdl/2005/11/jsdl">
<JobDescription>
<JobIdentification>
<Description>Blank</Description>
<JobProject>Blank</JobProject>
</JobIdentification>
<Application>
<POSIXApplication
xmlns:ns1="http://schemas.ggf.org/jsdl/2005/11/jsdl-posix">
<Executable>/bin/ps</Executable>
<Argument>-aef</Argument>
<Output>/home/584fddf7-69ae-47cc-b864-78f76e836aac/ps.out</Output>
</POSIXApplication>
</Application>
<Resources>
<TotalResourceCount>
<Exact> 1 </Exact>
</TotalResourceCount>
</Resources>
</JobDescription>
</JobDefinition>
[sk@paraxos5 ~]$ ssh-xos paraxos5.irisa.fr
Last login: Tue Dec 2 16:39:08 2008 from paraxos5.irisa.fr
-bash-3.2$ pwd
/home/584fddf7-69ae-47cc-b864-78f76e836aac
-bash-3.2$ ls
MyFirstFile* tmp/
-bash-3.2$ exit
logout
Connection to paraxos5.irisa.fr closed.
[sk@paraxos5 ~]$ xconsole_dixi
XtreemOS Console
$ xrs -jsdl /home/sk/psx.jsdl
Listing resources matching JSDL query:
Address = [://paraxos5.irisa.fr/131.254.201.20:60000(/131.254.201.20)]
$ xsub -f /home/sk/psx.jsdl
Job submitted succesfully: f2c8c186-5f85-4861-852c-8aa41937a8b8
$ exit
Bye
[sk@paraxos5 ~]$ ssh-xos paraxos5.irisa.fr
Last login: Tue Dec 2 17:16:21 2008 from paraxos5.irisa.fr
-bash-3.2$ ls
MyFirstFile* ps.out* tmp/
-bash-3.2$ exit
logout
Connection to paraxos5.irisa.fr closed.