Difference between revisions of "1.0 Release Notes"

From GCube System
Jump to: navigation, search
(Changes Related to the gHN)
Line 14: Line 14:
 
:::* <code>trustedGHNSynchInterval</code> indicates how often the gHN refreshes the list the gHNs it can trust (in seconds).  
 
:::* <code>trustedGHNSynchInterval</code> indicates how often the gHN refreshes the list the gHNs it can trust (in seconds).  
  
::* In a secure distribution, the ''security descriptor''  of the gHN in <code>$GLOBUS_LOCATION/etc/globus_wsrf_core/global_security_descriptor.xml</code> '''must''' be enabled (by decommenting the <code>containerSecDesc</code> element in <code>$GLOBUS_LOCATION/etc/globus_wsrf_core/server-config.wsdd</code>) and configured to load host credentials.
+
::* In a secure distribution, the ''security descriptor''  of the gHN in <code>$GLOBUS_LOCATION/etc/globus_wsrf_core/global_security_descriptor.xml</code> is be enabled configured to load host credentials.
 +
 
 +
::* In a secure distribution, host credentials '''must''' be configured in the following files:
 +
:::* <code>/etc/grid-security/containerkey.pem</code>, the host key
 +
:::* <code>/etc/grid-security/containercert.pem</code>, the host certificate
  
 
::*  the environment variable <code>X509_USER_PROXY</code> is now used to contact the container from outside the process. In a secure distribution, It '''must''' contain a valid proxy certificate accepted by the container.
 
::*  the environment variable <code>X509_USER_PROXY</code> is now used to contact the container from outside the process. In a secure distribution, It '''must''' contain a valid proxy certificate accepted by the container.

Revision as of 17:45, 4 February 2010

gCore 1.0 introduces the following changes:

Changes Related to the gHN

  • distribution: there are now two distributions of the gHN, the standard distribution and the secure distribution. The secure distribution extends the standard distribution with:
  • a Delegation service that provides delegated credentials to locally deployed services.
  • a Security library that supports authentication and authorisation of gCube calls as well as policy management.
  • a gcore-stop-container script that shutdowns a secure container.
  • configuration: a set of new configuration setting is available.
  • the GHNConfig.xml has been extended with two additional configuration parameters:
  • allowedScopes lists the VOs that the gHN is allowed to join.
  • trustedGHNSynchInterval indicates how often the gHN refreshes the list the gHNs it can trust (in seconds).
  • In a secure distribution, the security descriptor of the gHN in $GLOBUS_LOCATION/etc/globus_wsrf_core/global_security_descriptor.xml is be enabled configured to load host credentials.
  • In a secure distribution, host credentials must be configured in the following files:
  • /etc/grid-security/containerkey.pem, the host key
  • /etc/grid-security/containercert.pem, the host certificate
  • the environment variable X509_USER_PROXY is now used to contact the container from outside the process. In a secure distribution, It must contain a valid proxy certificate accepted by the container.
  • START_OPTIONS has been renamed to GCORE_START_OPTIONS. It can be now either set in the external environment or in the gcore-start-container script.

Changes Related to Services

None

Changes Related to the Documentation

  • new/revised sections in the Administrator's Guide.
the Configuration Section now illustrates the setup of a secure gHN.