GRID Proxies - PADME-Experiment/padme-cdr GitHub Wiki

• The CDR Data Servers
• The CDR Central Server
• CDR Setup
• Starting the CDR service
• Stopping the CDR service
• GRID Proxies
• CDR Tools
• The KLOE Tape Library

When each of the four instances is started, it will ask for the password of the GRID-enabled certificate stored in $HOME/.globus (see CDR Setup). This is needed to create a long term local proxy which is then stored in run/long_proxy and is used by PadmeCDR to renew the short term grid-enabled proxies needed to access the LNF storage system and the CNAF tape library. This long term proxy lasts 30 days and must be explicitly renewed before it expires.

The command voms-proxy-info --file run/long_proxy --timeleft returns the number of seconds before the long term proxy expires, while the full information about the long term proxy can be obtained with:

[leonardi@padmeui cdr]$ voms-proxy-info --file run/long_proxy
subject   : /DC=org/DC=terena/DC=tcs/C=IT/O=Istituto Nazionale di Fisica Nucleare/CN=Emanuele Leonardi [email protected]/CN=1182573855
issuer    : /DC=org/DC=terena/DC=tcs/C=IT/O=Istituto Nazionale di Fisica Nucleare/CN=Emanuele Leonardi [email protected]
identity  : /DC=org/DC=terena/DC=tcs/C=IT/O=Istituto Nazionale di Fisica Nucleare/CN=Emanuele Leonardi [email protected]
type      : RFC3820 compliant impersonation proxy
strength  : 1024
path      : /home/leonardi/cdr/run/long_proxy
timeleft  : 406:44:55
key usage : Digital Signature, Key Encipherment, Data Encipherment

The command to renew the long term proxy for an additional 30 days is

[leonardi@padmeui cdr]$ voms-proxy-init --valid 720:00 --out run/long_proxy 
Enter GRID pass phrase for this identity:
Created proxy in run/long_proxy.
Your proxy is valid until Sun Dec 16 17:36:19 CET 2018

Note that the long term proxy can be renewed without restarting the PadmeCDR instances: the new proxy will be automatically used when needed.