Difference between revisions of "1.0 Release Notes"

From GCube System
Jump to: navigation, search
(Changes Related to the gHN)
Line 2: Line 2:
  
 
====Changes Related to the gHN====
 
====Changes Related to the gHN====
:* ''distribution'': there are now two distributions of the gHN, secure and standard distribution
 
::* the secure distribution includes Local Services and Libraries from the standard onf plus:
 
:::* enhanced <code>Delegation</code> service, in charge for providing local services with delegated credentials
 
:::* enhanced <code>Security</code> library, with support for authentication and authorisation of gCube calls and policies management.
 
:::* new <code>gcore-stop-container</code> script, to shutdown a secure container
 
  
:* ''configuration'': a set of new configuration settings is available:
+
:* ''distribution'': there are now two distributions of the gHN, the ''standard distribution'' and the ''secure distribution''. The secure distribution extends the standard distribution with:
 +
::* a <code>Delegation</code> service that provides delegated credentials to locally deployed services.
 +
::* a <code>Security</code> library that supports authentication and authorisation of gCube calls as well as policy management.
 +
::* a <code>gcore-stop-container</code> script that shutdowns a secure container.
 +
 
 +
:* ''configuration'': a set of new configuration setting is available.
 +
 
 
::* the <code>GHNConfig.xml</code> has been extended with two additional configuration parameters:
 
::* the <code>GHNConfig.xml</code> has been extended with two additional configuration parameters:
:::* ''allowedScopes'', letting the Site Manager to decide to which VOs the gHN can be joined in the future (upon VO Manager decisions)
+
:::* <code>allowedScopes</code> lists the VOs that the gHN is allowed to join.
:::* ''trustedGHNSynchInterval'', how often the gHN refreshes the list of trusted gHNs (in seconds).  
+
:::* <code>trustedGHNSynchInterval</code> indicates how often the gHN refreshes the list the gHNs it can trust (in seconds).  
::* the <code>Security descriptor ($GLOBUS_LOCATION/etc/globus_wsrf_core/global_security_descriptor.xml)</code> for the gHN must be enabled (by removing the comment surrounding the ''containerSecDesc'' element in the ''$GLOBUS_LOCATION/etc/globus_wsrf_core/server-config.wsdd'') and configured to load the appropriate host credentials
+
 
::* <code>$X509_USER_PROXY</code> environment variable is now exploited to contact the gContainer from outside the process. It is expected to contain a valid proxy accepted by the local gContainer process.
+
::* In a secure distribution, the ''security descriptor''  of the gHN in <code>$GLOBUS_LOCATION/etc/globus_wsrf_core/global_security_descriptor.xml</code> '''must''' be enabled (by decommenting the <code>containerSecDesc</code> element in <code>$GLOBUS_LOCATION/etc/globus_wsrf_core/server-config.wsdd</code>) and configured to load host credentials.
:: All of these above are taken into consideration only in case of secure distribution.
+
 
::* <code>$START_OPTIONS</code> has been renamed to <code>$GCORE_START_OPTIONS</code>. It can be now either set in the external environment or in the <code>gcore-start-container</code> script
+
::* the environment variable <code>X509_USER_PROXY</code> is now used to contact the container from outside the process. In a secure distribution, It '''must''' contain a valid proxy certificate accepted by the container.
 +
 
 +
::* <code>START_OPTIONS</code> has been renamed to <code>GCORE_START_OPTIONS</code>. It can be now either set in the external environment or in the <code>gcore-start-container</code> script.
  
 
====Changes Related to Services ====
 
====Changes Related to Services ====
 +
 
None
 
None
  
 
====Changes Related to the Documentation ====
 
====Changes Related to the Documentation ====
 
:* ''new/revised sections in the Administrator's Guide''.
 
:* ''new/revised sections in the Administrator's Guide''.
:: Administrator's Guide has an enriched [[Administrator_Guide#Configuration| configuration]] section on how to setup a secure gHN.
+
:: the [[Administrator_Guide#Configuration|Configuration Section]] now illustrates the setup of a secure gHN.

Revision as of 17:35, 4 February 2010

gCore 1.0 introduces the following changes:

Changes Related to the gHN

  • distribution: there are now two distributions of the gHN, the standard distribution and the secure distribution. The secure distribution extends the standard distribution with:
  • a Delegation service that provides delegated credentials to locally deployed services.
  • a Security library that supports authentication and authorisation of gCube calls as well as policy management.
  • a gcore-stop-container script that shutdowns a secure container.
  • configuration: a set of new configuration setting is available.
  • the GHNConfig.xml has been extended with two additional configuration parameters:
  • allowedScopes lists the VOs that the gHN is allowed to join.
  • trustedGHNSynchInterval indicates how often the gHN refreshes the list the gHNs it can trust (in seconds).
  • In a secure distribution, the security descriptor of the gHN in $GLOBUS_LOCATION/etc/globus_wsrf_core/global_security_descriptor.xml must be enabled (by decommenting the containerSecDesc element in $GLOBUS_LOCATION/etc/globus_wsrf_core/server-config.wsdd) and configured to load host credentials.
  • the environment variable X509_USER_PROXY is now used to contact the container from outside the process. In a secure distribution, It must contain a valid proxy certificate accepted by the container.
  • START_OPTIONS has been renamed to GCORE_START_OPTIONS. It can be now either set in the external environment or in the gcore-start-container script.

Changes Related to Services

None

Changes Related to the Documentation

  • new/revised sections in the Administrator's Guide.
the Configuration Section now illustrates the setup of a secure gHN.