Difference between revisions of "1.0 Release Notes"
From GCube System
(2 intermediate revisions by one other user not shown) | |||
Line 14: | Line 14: | ||
:::* <code>trustedGHNSynchInterval</code> indicates how often the gHN refreshes the list the gHNs it can trust (in seconds). | :::* <code>trustedGHNSynchInterval</code> indicates how often the gHN refreshes the list the gHNs it can trust (in seconds). | ||
− | ::* In a secure distribution, the ''security descriptor'' of the gHN in <code>$GLOBUS_LOCATION/etc/globus_wsrf_core/global_security_descriptor.xml</code> '''must''' be | + | ::* In a secure distribution, the ''security descriptor'' of the gHN in <code>$GLOBUS_LOCATION/etc/globus_wsrf_core/global_security_descriptor.xml</code> is enabled and configured to load the host credentials. These '''must''' be configured as follows: |
+ | |||
+ | :::* the host key in <code>/etc/grid-security/containerkey.pem</code>; | ||
+ | :::* the host certificate in <code>/etc/grid-security/containercert.pem</code. | ||
::* the environment variable <code>X509_USER_PROXY</code> is now used to contact the container from outside the process. In a secure distribution, It '''must''' contain a valid proxy certificate accepted by the container. | ::* the environment variable <code>X509_USER_PROXY</code> is now used to contact the container from outside the process. In a secure distribution, It '''must''' contain a valid proxy certificate accepted by the container. |
Latest revision as of 18:06, 4 February 2010
gCore 1.0
introduces the following changes:
Changes Related to the gHN
- distribution: there are now two distributions of the gHN, the standard distribution and the secure distribution. The secure distribution extends the standard distribution with:
- a
Delegation
service that provides delegated credentials to locally deployed services. - a
Security
library that supports authentication and authorisation of gCube calls as well as policy management. - a
gcore-stop-container
script that shutdowns a secure container.
- a
- configuration: a set of new configuration setting is available.
- the
GHNConfig.xml
has been extended with two additional configuration parameters:
-
allowedScopes
lists the VOs that the gHN is allowed to join. -
trustedGHNSynchInterval
indicates how often the gHN refreshes the list the gHNs it can trust (in seconds).
-
- the
- In a secure distribution, the security descriptor of the gHN in
$GLOBUS_LOCATION/etc/globus_wsrf_core/global_security_descriptor.xml
is enabled and configured to load the host credentials. These must be configured as follows:
- In a secure distribution, the security descriptor of the gHN in
- the host key in
/etc/grid-security/containerkey.pem
; - the host certificate in
/etc/grid-security/containercert.pem</code.
- the host key in
- the environment variable <code>X509_USER_PROXY is now used to contact the container from outside the process. In a secure distribution, It must contain a valid proxy certificate accepted by the container.
-
START_OPTIONS
has been renamed toGCORE_START_OPTIONS
. It can be now either set in the external environment or in thegcore-start-container
script.
-
Changes Related to Services
None
Changes Related to the Documentation
- new/revised sections in the Administrator's Guide.
- the Configuration Section now illustrates the setup of a secure gHN.