Steps 1 and 2 can be done simultaneously and both take a few days (possibly week(s)) to complete. Get the ball rolling as early as possible if you know you need grid access.
CERN requires everyone who is part of ATLAS to be registered with CERN HR
|ATLAS Secretariat Instructions||http://atlassec.web.cern.ch/atlassec/Registration.htm|
|Check your registration status||http://graybook.cern.ch/ExperimentSearch.html|
|CERN Users' office||http://usersoffice.web.cern.ch/|
Scan your passport and send it to your local team leader. Your team leader will do the registration for you using the above “New Registration” page.
|Melbourne||Geoff Taylor or Elisabetta Barberio|
Once registered, you will receive an email from CERN HR with details of your username, a temporary password, a CERN email address (firstname.lastname@example.org) as well as a link to the account management portal.
You need to log into the account configuration wizard to finish the registration, for example, you need to learn CERN's security and computing rules and pass a test, you can set an external email address so that all emails sent to your CERN email address will be forwarded to that external email address, and lastly you need to reset your passwords.
x509 certificates are the primary authentication method for grid computing.
The process of obtaining a grid certificate in Australia is covered in detail here:
# Create the $HOME/.globus directory and your public / private key files with the proper permissions [username@machine ~]$ mkdir $HOME/.globus; mv usercert.p12 $HOME/.globus; cd $HOME/.globus # Extract the private key (the passphrase you used to export your certificate will be requested) [username@machine ~]$ openssl pkcs12 -nocerts -in usercert.p12 -out userkey.pem Enter Import Password: MAC verified OK Enter PEM pass phrase: Verifying - Enter PEM pass phrase: # Extract the public key (the passphrase you used to export your certificate will be requested) [username@machine~]$ openssl pkcs12 -clcerts -nokeys -in usercert.p12 -out usercert.pem Enter Import Password: MAC verified OK # Be sure that both private and public keys do have the right permissions [username@machine~]$ chmod 644 usercert.pem; chmod 400 userkey.pem
There are 2 steps you must take to get access to the Belle GRID once you have your grid certificate (Only Step 2 above needs to be done).
Name : John Doe KEKCC account : johndoe DN : /DC=XXX/DC=yyyy/O=ZZZ/OU=aaa/CN=John Doe bbb email : email@example.com
After that, if you have access to a local Scientific Linux 5 machine, you should install gbasf2 following the instructions below: https://belle2.cc.kek.jp/~twiki/bin/view/Computing/GBasf2.
If you don't have access to a local Scientific Linux 5 or Scientific Linux 6 machine you can use the gbasf2 installation at KEK in the /sw/belle2/gbasf2 directory. If you cannot access this directory you can ask Hara-san to be added to the belle2 group.
openssl x509 -noout -in usercert.pem -subject | sed 's/subject= //' openssl x509 -noout -in usercert.pem -issuer | sed 's/issuer= //'
# Generate a proxy for the ATLAS VO -bash-4.1$ voms-proxy-init --voms atlas Enter GRID pass phrase for this identity: Contacting voms2.cern.ch:15001 [/DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch] "atlas"... Remote VOMS server contacted succesfully. Created proxy in /tmp/x509up_u1051. Your proxy is valid until Mon May 11 15:02:15 UTC 2015 # Check the proxy information -bash-4.1$ voms-proxy-info --all subject : /C=TW/O=AP/OU=GRID/CN=Goncalo Borges 152986/CN=proxy issuer : /C=TW/O=AP/OU=GRID/CN=Goncalo Borges 152986 identity : /C=TW/O=AP/OU=GRID/CN=Goncalo Borges 152986 type : full legacy globus proxy strength : 1024 path : /tmp/x509up_u1051 timeleft : 11:59:49 key usage : Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement === VO atlas extension information === VO : atlas subject : /C=TW/O=AP/OU=GRID/CN=Goncalo Borges 152986 issuer : /DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch attribute : /atlas/Role=NULL/Capability=NULL attribute : /atlas/au/Role=NULL/Capability=NULL attribute : /atlas/lcg1/Role=NULL/Capability=NULL attribute : nickname = goncalo (atlas) timeleft : 11:59:49 uri : voms2.cern.ch:15001