Manual configuration

This guide shows how to configure Argus with a basic setup. Basically configuration consist in:

  • set service host name in configuration files;
  • set service endpoints
  • set certificates path;

Requirements

First, verify that the operating system has Java 1.8 as default JVM:

$ java -version
openjdk version "1.8.0_77"

If the command above shows an older JVM version, change the system configuration with

alternatives --config java

PAP

/etc/argus/pap/pap-admin.properties
  1. Set host variable with the machine host name.
/etc/argus/pap/pap_configuration.ini
  1. Set entity_id.
  2. Set hostname with server host name.
  3. Set certificate with the absolute path of the X509 certificate of the server.
  4. Set private_key with the absolute path of the X509 private key of the server.
/etc/argus/pap/pap_authorization.ini
Keep default values for basic setup.
/etc/sysconfig/argus-pap
Keep default values for basic setup.

More details about PAP configuration can be found in PAP configuration.

PDP

/etc/argus/pdp/pdp.ini
  1. Set entityId.
  2. Set hostname with server host name.
  3. Set paps with PAP endpoint; one or more PAP endpoints can be specified in a space separated list.
  4. Set serviceCertificate with the absolute path of the X509 certificate of the server.
  5. Set servicePrivateKey with the absolute path of the X509 private key of the server.
  6. Set trustInfoDir with the absolute path of the trusted CAs.
/etc/sysconfig/argus-pdp
Keep default values.

More details about PDP configuration can be found in PDP configuration.

PEP

/etc/argus/pepd/pepd.ini
  1. Set entityId.
  2. Set hostname with server host name.
  3. Set pdps with PDP endpoint; one or more PDP endpoints can be specified in a space separated list.
  4. Set serviceCertificate with the absolute path of the X509 certificate of the server.
  5. Set servicePrivateKey with the absolute path of the X509 private key of the server.
  6. Set trustInfoDir with the absolute path of the trusted CAs.
  7. Set vomsInfoDir with the absolute path of the VOMS directory.
/etc/sysconfig/argus-pepd
Keep default values.

More details about PEP configuration can be found in PEP configuration.

Grid Mapping

Ensure that following Grid mapping file are present:

/etc/grid-security/grid-mapfile:
This file contains mapping between Grid users and local pool account
/etc/grid-security/groupmapfile:
This file contains mapping between Grid users and local Unix groups.

Moreover, ensure there is present the directory:

/etc/grid-security/gridmapdir:
This directory contains pool accounts and users linked to them.

More information about the syntax can be found in Argus Grip Map File Syntax.

VOMS configuration

Ensure that following files are present:

/etc/grid-security/voms-grid-mapfile
This file contains mapping between Grid users and local pool account, similar to grid-mapfile described above.

Ensure that following directory are present:

/etc/grid-security/vomsdir
This directory contains a sub-directory for each supported VOs. In each of this sub-directory there is a .lsc, a file that contains a description of the certificate chain of the certificate used by a VOMS server to sign VOMS attributes.

For example for the some test VO, the directory structure is:

vomsdir/
├── testers.eu-emi.eu
│   └── emitestbed07.cnaf.infn.it.lsc
├── test.vo
│   └── vgrid02.cnaf.infn.it.lsc
└── test.vo.2
    └── vgrid02.cnaf.infn.it.lsc

The content for the test.vo lsc file is:

/C=IT/O=INFN/OU=Host/L=CNAF/CN=vgrid02.cnaf.infn.it
/C=IT/O=INFN/CN=INFN Certification Authority

More information about VOMS can be found in VOMS client documentation.

Restart services

Restart Argus services to enable the new configuration.

In EL6-based systems, run this command:

for srv in argus-pap argus-pdp argus-pepd; do service $srv restart; done

In EL7-based systems, run:

systemctl restart argus-pap argus-pdp argus-pepd

More details about service management can be found in PAP operations, PDP operations and PEP operation.

BDII configuration

Install BDII packages:

yum install bdii glite-info-provider-service

Move into directory /etc/glite/info/service and from the provided templates, create the files:

  • glite-info-glue2-argus-pap.conf
  • glite-info-glue2-argus-pdp.conf
  • glite-info-glue2-argus-pep.conf
  • glite-info-glue2-service-argus.conf

The provided templates contains a default configuration: for a basic setup, rename the files striping the extension .template.

Into the directory /var/lib/bdii/gip/provider create a shell script, for example named glite-info-glue2-provider-service-argus, with the content:

#!/bin/sh

##
# Argus services GLUE 2 info provider
##

CONF_DIR=/etc/glite/info/service

/usr/bin/glite-info-glue2-multi \
   $CONF_DIR/glite-info-glue2-argus-pap.conf,$CONF_DIR/glite-info-glue2-argus-pdp.conf,$CONF_DIR/glite-info-glue2-argus-pep.conf \
   argus-site $CONF_DIR/glite-info-glue2-service-argus.conf

Ensure that this file is owned by the user ldap and that it is readable and executable:

chown ldap:ldap glite-info-glue2-provider-service-argus
chmod 0755 glite-info-glue2-provider-service-argus

Restart the BDII service:

systemctl restart bdii