Setup for the Grid

If you need help with any of this, please look at the ComputingHelp page to see where to go.

Obtain a Grid Certificate

If you already have a valid grid certificate, you can probably skip this step. However - if you have recently moved to a Canadian institute, and your Grid certificate was issued somewhere else, you should get a Grid Canada certificate (either directly or through WestGrid, as explained below) because the "/atlas/ca" role will only be attributed to Grid Canada certificate holders. People who have the /atlas/ca role automatically get access to additional resources on the Canadian Tier 1 and Tier 2 sites. You can register multiple Grid certificates with the LCG, so getting a new one will not invalidate your old one.

For Eastern Canada, Summer Students (or anyone requiring certificates valid less than 1 year)

Follow these steps:

  1. Go to http://www.gridcanada.ca/ca/doc/user-guide.html#_certificate_request to request the new certificate.
  2. Instructions on how to get the approved certificate; the link should be in your email.
  3. Export your certificate from your browser.
  4. Create your pem files

You are recommended to use a Calendar program to remind you of when your certificate expires and to remind you a few weeks before so that you can renew.

Continue with the remainder of the instructions starting with LCG Registration.

For Western Canada

TIP Westgrid Users: This is the Account Management Portal where you can renew your grid certificate.

The procedure we recommend for users in the West who expect to use their grid certificate for more than one year is to apply for a Westgrid account; the link has instructions on how to do this. The Project ID to use is 200008 (Project Title: ATLAS Experiment, Project Contact: Mike Vetterli, Project Institution: Simon Fraser University). The web page is well documented and so we will not reproduce here. (Note: after you submit the application, you will get a number of e-mails saying you now have accounts on various machines. Be patient - there are several of these, and some of them may be created before the grid certificate is created. These accounts are useful, and give you direct access to Westgrid storage and batch queues. They are one of the reasons you chose this method of getting your grid certificate.).

Once your Westgrid account has been created, go to the Account Management Portal, login and select the "My Account" link from the main menu. There should be a download certificate and download key box on that page which you can click. After downloading, rename them as usercert.pem and userkey.pem and copy those two files to the $Home/.globus directory (create the .globus directory if it does not exist).

This will give you the usercert.pem and userkey.pem files; to get the p12 file to upload in your browser for the next step, do:

openssl pkcs12 -export -inkey userkey.pem -in usercert.pem -out my_cert.p12 -name "My WestGrid Certificate"

The name field can be anything but if you have several certificates in your browser, give it a name that will be meaningful for you!

Westgrid sends out renewal notices, currently 30 and 7 days prior to the expiry of the grid certificate, with instructions on how to renew.

LCG Registration

(Recommend browser for this step: Firefox)

Before you do anything, point your browser to https://cafiles.cern.ch/cafiles/certificates/Grid.aspx and click on the two CERN ROOT and Grid certificates and check the boxes to trust them.

If you already have a certificate but need to add a new one (for example, if changing institutes) you can follow the instructions to AddGridCertificate.

ATLAS makes use of 3 grids: LCG, OSG and NorduGrid. Canadian users should register for LCG.

Instructions for registering your grid certificates for use on LCG are on the LCG Registration page. (If you are already registered with LCG and want to modify your existing registration (e.g. add new certificates etc, go to LCG Home page instead.)

Be very careful when you are following these instructions - you want to register the certificate that you already have; you do not want to request a CERN certificate and register that! It is easy to get confused at that particular point.

Note that you will need to use your cern GEM email address (eg. First.LastName@cern.ch) when you enter the information.

You will find that registration is a multi-step process. First you register, and wait for an e-mail. Then, when the e-mail arrives, you will be invited to select the VOs that you wish to join.

The VOs (Virtual Organizations) that you need to join are:

  • /atlas
  • /atlas/ca (Canadian users only)
Also, if you are already a member of another VO, it is apparently not necessary to unregister from that VO first. You can simply join these additional VOs.

Setup the Account

Instructions to do this are in the Workbook section of getting started on the grid .

Note that if you already have a usercert.pem and userkey.pem file, copy them to the ~/.globus directory on your computer. Note that you should set the appropriate protections:

chmod 400 ~/.globus/userkey.pem
chmod 444 ~/.globus/usercert.pem

-- AsokaDeSilva - 28 Sep 2007

Edit | Attach | Watch | Print version | History: r41 < r40 < r39 < r38 < r37 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r41 - 2019-04-05 - AsokaDeSilva
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback