Difference between revisions of "1.0 Release Notes"
From GCube System
Manuele.simi (Talk | contribs) |
|||
(5 intermediate revisions by 2 users not shown) | |||
Line 2: | Line 2: | ||
====Changes Related to the gHN==== | ====Changes Related to the gHN==== | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | :* ''configuration'': a set of new configuration | + | :* ''distribution'': there are now two distributions of the gHN, the ''standard distribution'' and the ''secure distribution''. The secure distribution extends the standard distribution with: |
+ | ::* a <code>Delegation</code> service that provides delegated credentials to locally deployed services. | ||
+ | ::* a <code>Security</code> library that supports authentication and authorisation of gCube calls as well as policy management. | ||
+ | ::* a <code>gcore-stop-container</code> script that shutdowns a secure container. | ||
+ | |||
+ | :* ''configuration'': a set of new configuration setting is available. | ||
+ | |||
::* the <code>GHNConfig.xml</code> has been extended with two additional configuration parameters: | ::* the <code>GHNConfig.xml</code> has been extended with two additional configuration parameters: | ||
− | :::* | + | :::* <code>allowedScopes</code> lists the VOs that the gHN is allowed to join. |
− | :::* | + | :::* <code>trustedGHNSynchInterval</code> indicates how often the gHN refreshes the list the gHNs it can trust (in seconds). |
− | ::* the <code> | + | |
− | ::* <code> | + | ::* In a secure distribution, the ''security descriptor'' of the gHN in <code>$GLOBUS_LOCATION/etc/globus_wsrf_core/global_security_descriptor.xml</code> is enabled and configured to load the host credentials. These '''must''' be configured as follows: |
− | : | + | |
+ | :::* the host key in <code>/etc/grid-security/containerkey.pem</code>; | ||
+ | :::* the host certificate in <code>/etc/grid-security/containercert.pem</code. | ||
+ | |||
+ | ::* the environment variable <code>X509_USER_PROXY</code> is now used to contact the container from outside the process. In a secure distribution, It '''must''' contain a valid proxy certificate accepted by the container. | ||
+ | |||
+ | ::* <code>START_OPTIONS</code> has been renamed to <code>GCORE_START_OPTIONS</code>. It can be now either set in the external environment or in the <code>gcore-start-container</code> script. | ||
====Changes Related to Services ==== | ====Changes Related to Services ==== | ||
+ | |||
None | None | ||
====Changes Related to the Documentation ==== | ====Changes Related to the Documentation ==== | ||
:* ''new/revised sections in the Administrator's Guide''. | :* ''new/revised sections in the Administrator's Guide''. | ||
− | :: | + | :: the [[Administrator_Guide#Configuration|Configuration Section]] now illustrates the setup of a secure gHN. |
Latest revision as of 18:06, 4 February 2010
gCore 1.0
introduces the following changes:
Changes Related to the gHN
- distribution: there are now two distributions of the gHN, the standard distribution and the secure distribution. The secure distribution extends the standard distribution with:
- a
Delegation
service that provides delegated credentials to locally deployed services. - a
Security
library that supports authentication and authorisation of gCube calls as well as policy management. - a
gcore-stop-container
script that shutdowns a secure container.
- a
- configuration: a set of new configuration setting is available.
- the
GHNConfig.xml
has been extended with two additional configuration parameters:
-
allowedScopes
lists the VOs that the gHN is allowed to join. -
trustedGHNSynchInterval
indicates how often the gHN refreshes the list the gHNs it can trust (in seconds).
-
- the
- In a secure distribution, the security descriptor of the gHN in
$GLOBUS_LOCATION/etc/globus_wsrf_core/global_security_descriptor.xml
is enabled and configured to load the host credentials. These must be configured as follows:
- In a secure distribution, the security descriptor of the gHN in
- the host key in
/etc/grid-security/containerkey.pem
; - the host certificate in
/etc/grid-security/containercert.pem</code.
- the host key in
- the environment variable <code>X509_USER_PROXY is now used to contact the container from outside the process. In a secure distribution, It must contain a valid proxy certificate accepted by the container.
-
START_OPTIONS
has been renamed toGCORE_START_OPTIONS
. It can be now either set in the external environment or in thegcore-start-container
script.
-
Changes Related to Services
None
Changes Related to the Documentation
- new/revised sections in the Administrator's Guide.
- the Configuration Section now illustrates the setup of a secure gHN.