DZero VO Registration

Contents

Introduction
User Instructions
Instructions for Site Admins (GUMS and VOMS Client configuration)
VO Administrators/Representatives Instructions
Additional Documentation
Contacting Dzero VO Admin

Introduction

This documentation serves two purposes -

User Instructions

NOTE: Please follow the instructions carefully for the registration process.

The D0 VO registration page is located at https://voms.fnal.gov:8443/vomrs/vo-dzero/vomrs. In order to use the DZero resources you need to register your certificate subject (also called Distinguished Name or the DN) with the DZero VO. The registration is a two step process -
  1. Upload your identity in the browser
  2. Fill in the VO registration form
You need to wait till your registration is approved by the VO administrators or the representatives before you can start using resources.

STEP 1: Upload your identity in the browser

If you do not have a certificate you can either request one from the DOEGrids or you can use your Fermilab Kerberos principal.

Uploading the X509 certificate into the browser

You can find documentation on how to load your certificate into the browser at several places on the web. These instructions are browser specific and may vary from browser to browser. You can also find these instructions for commonly used browsers at the bottom of the page http://computing.fnal.gov/security/pki/Get-Personal-DOEGrids-Cert.html under the section "Importing your Certificate into a Browser, and Exporting it to the File System"

Uploading the Kerberos credentials into the browser

For instructions on converting your Kerberos ticket to an X509 certificate and uploading it into your browser can be found at http://security.fnal.gov/pki/Get-KCA-Cert.html

Testing if the certificate upload in the browser was successful

To check if you have successfully loaded the certificate in the browser follow the instructions on the page http://computing.fnal.gov/security/pki/browsercerttest.html

STEP 1a: Check if you are already registered with DZero VOMS

First please make sure that you are not already registered with the Dzero VO. Dzero users (Dzero users existing before August 1, 2005) are already registered with the Dzero VO using their KCA subject. Your KCA subject looks like this -
"/DC=gov/DC=fnal/O=Fermilab/OU=People/CN=Parag A. Mhashilkar/USERID=parag"
To verify that you are also registered with the DZero VOMS -
  1. Goto DZero VOMS
  2. Type in your last name to lookup your entry
If your Grid subject already exists, then you are already registered with the DZero VOMS. To add new subject follow the instructions to "For users registered with DZero VOMS/To add another certificate" below. Please make sure to upload one of the approved certificates in the browser, which is registered with the VOMS.

STEP 2: Fill in the VO registration form

For users not registered with DZero VOMS

Fill the form for New user at Dzero VO registration page.

Note: If you have multiple certificates please enroll only one certificate first. Get the registration approved and you can later add more certificates to your registration.

Additional information about the individual fields you need to modify on the form are explained below. Keep the remaining fields to defaults -

For users registered with DZero VOMS/To add another certificate

Make sure that you have your approved certificate loaded in the browser. This is the certificate which is registered with VOMS found from step 1. above. To register new DN you don't need to load the new certificate in the browser. Expand the menu on the left hand side. Click Member Info -> Certificates -> Add Certificate. Fill the form to Add a new certificate. Enter your First name and Last name in the search criteria and click the "Search" button. This should list your registration entry with options to add your new DN. Enter the following information in the fields (see above for the description of these fields) -
  1. New DN
  2. New SN
  3. New CA
Click the "Submit" button. Repeat this process for the number of additional certificates you want to add.

For users registered with DZero VOMS/To update the Personal Info and Email address

Expand the menu on the left hand side. To update the personal information Click Members -> Edit Personal Info or to edit the email address Click Memebers -> Change Email Address Press the Search button to display your information. Make the required changes and press Submit to submit the changes.

Instructions for Site Admins

In the configuration below we assume the user jobs will run as user "samgrid". This may vary from site to site.

Client Configuration

The contents of vomses file for the Dzero VO
"dzero" "voms.fnal.gov" "15002" "/DC=org/DC=doegrids/OU=Services/CN=http/voms.fnal.gov" "dzero"
This file can be installed in ~/.edg/vomses with permissions of 0644

Configuration for edg-mkgridmap

Following lines need to be added to the edg-mkgridmap.conf. If you are using VDT, these lines should go in $VDT_LOCATION/edg/etc/edg-mkgridmap.conf
  1. Services:
  2. group vomss://voms.fnal.gov:8443/voms/dzero?/dzero/services sam
  3. Users:
  4. group vomss://voms.fnal.gov:8443/voms/dzero?/dzero/users samgrid

Configuration for GUMS

Use the following configuration if you want to generate grid-mapfiles from GUMS
  1. Services:
  2. <groupMapping name='dzero-voms' accountingVo='dzero' 
    accountingDesc='DZERO'>
       <userGroup
          className='gov.bnl.gums.VOMSGroup'
          url='https://voms.fnal.gov:8443/voms/dzero/services/VOMSAdmin'
          persistenceFactory='mysql'
          name='dzeroservice-voms'
          voGroup="/dzero/services"
          sslCertfile='/etc/grid-security/http/httpcert.pem'
          sslKey='/etc/grid-security/http/httpkey.pem'
          ignoreFQAN="false" />
       <accountMapping
          className='gov.bnl.gums.GroupAccountMapper'
          groupName='sam' />
    </groupMapping>
    
  3. Users:
  4. <groupMapping name='dzero-voms' accountingVo='dzero' 
    accountingDesc='DZERO'>
       <userGroup
          className='gov.bnl.gums.VOMSGroup'
          url='https://voms.fnal.gov:8443/voms/dzero/services/VOMSAdmin'
          persistenceFactory='mysql'
          name='dzerouser-voms'
          voGroup="/dzero/users"
          sslCertfile='/etc/grid-security/http/httpcert.pem'
          sslKey='/etc/grid-security/http/httpkey.pem'
          ignoreFQAN="false" />
       <accountMapping
          className='gov.bnl.gums.GroupAccountMapper'
          groupName='samgrid' />
    </groupMapping>
    

VO Administrators/Representatives Instructions

VO Administrators/Representatives should make sure that they are subscribed to all the relevant events regarding the user registrations. To find the list of events you can subscribe to click on the "Subscription" link in the menu on the left. Subscribing to relevant events will make sure that you will always be notified via email whenever the particular event occurs.

Once the user submits the registration request Admins/Representatives are required to approve the request. If you are subscribed to the relevant event you should get an email notifying about the new registration that is awaiting approval.

To approve users without a Fermilab ID

Users who use Fermilab resources are required to have a valid Fermilab ID. However some users do their computing on resources other than those at Fermilab. In such cases, users who do not have Fermilab ID, can become a member the Dzero VO. In such cases VO Admins/Representatives should seek an approval from Amber Boehnlein (via email/phone) informing her about the request. VO Admins can use Comments/Reasons field in the User Approval Form, to note such special cases.

To update the Personal Info or Email addresses

Follow the same "Users" instructions except that, being a VO-Admin you can see all or filter selected few user entries based on the search criteria.

Additional Documentation

You can find additional documentation or help regarding the VOMRS registration at VOMRS Help Page

Contacting Dzero VO Admin

If you have queries please send an email to the Dzero VO Admin