Difference between revisions of "1.0 Release Notes"
From GCube System
Manuele.simi (Talk | contribs) (→Changes Related to the gHN) |
|||
Line 14: | Line 14: | ||
:::* <code>trustedGHNSynchInterval</code> indicates how often the gHN refreshes the list the gHNs it can trust (in seconds). | :::* <code>trustedGHNSynchInterval</code> indicates how often the gHN refreshes the list the gHNs it can trust (in seconds). | ||
− | ::* In a secure distribution, the ''security descriptor'' of the gHN in <code>$GLOBUS_LOCATION/etc/globus_wsrf_core/global_security_descriptor.xml</code> '''must''' be | + | ::* In a secure distribution, the ''security descriptor'' of the gHN in <code>$GLOBUS_LOCATION/etc/globus_wsrf_core/global_security_descriptor.xml</code> is be enabled configured to load host credentials. |
+ | |||
+ | ::* In a secure distribution, host credentials '''must''' be configured in the following files: | ||
+ | :::* <code>/etc/grid-security/containerkey.pem</code>, the host key | ||
+ | :::* <code>/etc/grid-security/containercert.pem</code>, the host certificate | ||
::* the environment variable <code>X509_USER_PROXY</code> is now used to contact the container from outside the process. In a secure distribution, It '''must''' contain a valid proxy certificate accepted by the container. | ::* the environment variable <code>X509_USER_PROXY</code> is now used to contact the container from outside the process. In a secure distribution, It '''must''' contain a valid proxy certificate accepted by the container. |
Revision as of 17:45, 4 February 2010
gCore 1.0
introduces the following changes:
Changes Related to the gHN
- distribution: there are now two distributions of the gHN, the standard distribution and the secure distribution. The secure distribution extends the standard distribution with:
- a
Delegation
service that provides delegated credentials to locally deployed services. - a
Security
library that supports authentication and authorisation of gCube calls as well as policy management. - a
gcore-stop-container
script that shutdowns a secure container.
- a
- configuration: a set of new configuration setting is available.
- the
GHNConfig.xml
has been extended with two additional configuration parameters:
-
allowedScopes
lists the VOs that the gHN is allowed to join. -
trustedGHNSynchInterval
indicates how often the gHN refreshes the list the gHNs it can trust (in seconds).
-
- the
- In a secure distribution, the security descriptor of the gHN in
$GLOBUS_LOCATION/etc/globus_wsrf_core/global_security_descriptor.xml
is be enabled configured to load host credentials.
- In a secure distribution, the security descriptor of the gHN in
- In a secure distribution, host credentials must be configured in the following files:
-
/etc/grid-security/containerkey.pem
, the host key -
/etc/grid-security/containercert.pem
, the host certificate
-
- the environment variable
X509_USER_PROXY
is now used to contact the container from outside the process. In a secure distribution, It must contain a valid proxy certificate accepted by the container.
- the environment variable
-
START_OPTIONS
has been renamed toGCORE_START_OPTIONS
. It can be now either set in the external environment or in thegcore-start-container
script.
-
Changes Related to Services
None
Changes Related to the Documentation
- new/revised sections in the Administrator's Guide.
- the Configuration Section now illustrates the setup of a secure gHN.