Access to HellasGrid
In order to get access to HellasGrid infrastructure, you have to:
1.Obtain a Digital Certificate from the HellasGrid Certification Authority.
2.Get an account at a HellasGrid User Interface.
3.Join a Virtual Organization.
4.Import your Digital Certificate to your User Interface.
Obtain a Digital Certificate from the HellasGrid Certification Authority
In order to acquire a Digital Certificate you have to visit the following web page: https://access.hellasgrid.gr/. By clicking at the first choice, you can request a personal Digital Certificate. You have first to complete a form with your personal information (first name, last name, organization, department, etc). Once you have completed this form an informative e-mail will be sent at your personal e-mail account informing you that your personal information has been registered at HellasGrid data base and request to confirm the reception of the e-mail. In case you do not confirm the e-mail reception in seven days, your registration will be removed from the HellasGrid data base.
Once you confirmed the reception of the e-mail you can proceed with the certification request procedure. Initially you will be asked to install at your web browser the certificate of the HellasGrid Certification Authority. For the Greek users the responsible authority is the HellasGrid -CA (http://access.hellasgrid.gr ).
Consequently you must generate your private key and certificate signing request at the web browser. The private key and certificate signing request will be automatically sent at HellasGrid -CA.
Once your certificate signing request has been sent at the HellasGrid -CA an informative email will be sent to you. With this email you will be requested to visit in person your appropriate Registration Authority and present the following documents:
- Your identification card or your passport.
- One document which will confirm your affiliation with your organization.
- A print out of the received e-mail.
list of the existing Registration Authorities for the Greek Users can be found at the site: http://www.grid.auth.gr/pki/hellasgrid-ca-2006/ra/. In the case you can not be served by an existing Registration Authority you must contact the Catch-all Registration Authority, operated by GridAUTH (mailto:firstname.lastname@example.org).
You can regularly check the status of your certificate signing request. Once the status of your request changes to “signed” you have to install the certificate at your web browser (the same used for the procedure obtaining the certificate).
Get an account at a HellasGrid User Interface
A User Interface is nothing more and nothing less than a Linux box having installed all the required client software, APIs and tools for developing and running applications in the Grid. In practice everyone can install and setup a UI with the required EGEE tools following the instructions in the GLITE-3 Installation Guide.
Also the Italian SA1 EGEE Activity has made available a package called UIPnP which can be installed in any Linux machine and turn it into a User Interface (you can even install it as a regular non-root user). Note though that it is preconfigured for accessing the Italian EGEE sites and some manual configuration steps are required at the moment in order to be useful for EGEE-SEE users (including Hellasrid users).
There is also a chance that your institute may already have setup a UI machine so you can ask from your local administrator to create an account for you there.
Till now, six User Interfaces has been installed to serve the HellasGrid users:
• three in Athens (ui01.isabella.grnet.gr, ui02.isabella.grnet.gr, ui01.marie.hellasgrid.gr),
• one in Thessaloniki (ui01.afroditi.hellasgrid.gr),
You can request access to the appropiate UI according to the location of your organization by following the second choice at the web page https://access.hellasgrid.gr/. If you do not have access to a User Interface or you cannot (or do not want to) install your own UI, you may request via the web page https://access.hellasgrid.gr/ for an account at the Isabella catch-all UI hosted in the GRNET site, which is located at Athens; provided of course that you have already obtained a digital certificate issued by the HellasGrid -CA. In order to connect at the User Interface at which you have an account you must use an ssh client program, for example putty, a free program which can be downloaded from the link http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html.
Join a Virtual Organization
To be authorized to use the Grid and do useful work with it you have to belong to a Virtual Organization (VO); A Virtual Organization (VO) is a group of grid users with similar interests and requirements who are able to work collaboratively with other members of the group and/or share resources (data, software, expertise, CPU, storage space, etc.) regardless of geographical location. A list of existing EGEE VOs is available at http://operations-portal.in2p3.fr/vo.
Enroll into an existing VO
If you are an experienced Grid user you are already familiar with the concept of VO and you may already belong to one of them. If you participate in one of the LHC experiments (like Atlas, CMS etc) there are already respective established VOs. If you want to join you should contact the appropriate VO manager.
In order to make life easier for the South Eastern Europe users (including the HellasGrid users), speed up and simplify the process of new application induction, EGEE-SEE has established its own VO called SEE-VO. This VO will be the most adequate for SEE users that do not fit in any of the existing EGEE VOs or are not able to create their own EGEE-wide VO. To join the SEE-VO as a HellasGrid user you have to request it via the web page: https://access.hellasgrid.gr. Please note that this page has to be visited using the browser on which you have already loaded your digital certificate otherwise the process cannot be completed.
Import your Digital Certificate to your User Interface
Till now, you have a Digital Certificate installed at your web browser. In order to use the HellasGrid infrastructure, for example to submit a job for execution, check the status of the job; get the output of the job, you have to install also your certificate to the User Interface you have an account. First you have to export your Digital Certificate from your web browser at which it is installed. To do this at Internet Explorer you must follow the path: Tools->Internet Options->Content->Certificates->Personal->Export while to do this at Mozilla Firefox you must follow the path: Edit->Preferences->Advanced->Encryption->View Certificates->Your Certificates->Backup or Tools->Options->Advanced->Encryption->View Certificates->Your Certificates->Backup. In both cases your personal certificate must be saved with .p12 extension (PKCS#12 format). So, by following the instructions of the above links you have succesfully backed up your security certificate and private key at your machine. Now you have to copy your Digital Certificate from your machine to your home directory at the User Inteface you gained an account. Then you must create your Digital Certificate and private key in .pem format. In order to do this you must execute the following two openssl commands:
openssl pkcs12 -nocerts \ -in mycertificate.p12 \ -out ~user/.globus/userkey.pem openssl pkcs12 -clcerts -nokeys \ -in mycertificate.p12 \ -out ~user/.globus/usercert.pem
The first openssl command gets as input your certificate in .p12 format (mycertificate.p12) and creates your private key in .pem format (userkey.perm).The second openssl command gets as input your certificate in .p12 format (mycertificate.p12) and creates your certificate in .pem format (usercert.pem). We must mention that the ~ user should be replaced by the path to your home area. Both your private key and certificate are stored in the .globus directory.
Finally you must give the appropiate read privileges at your private key and certificate.
chmod 444 ~/.globus/usercert.pem chmod 400 ~/.globus/userkey.pem