wiki:GENIMetaOps/SiteCredentials

Version 6 (modified by mrmccrac@grnoc.iu.edu, 7 years ago) (diff)

--

Follow this procedure to generate a site password for submission of monitoring data, and send that password in encrypted form to the GMOC for use with your monitoring data.

  1. Install GPG on you machine.
    1. For debian users: apt-get install gpg
    2. For ubuntu users: apt-get install gnupg
    3. For redhat users: yum install gpg
    4. For Mac Users get it from: http://macgpg.sourceforge.net/
    5. For windows users: http://www.gpg4win.org/download.html
  1. Now get the GMOC public gpg key.
    gpg --keyserver pgp.mit.edu --recv-keys 0x9E375519
    
  2. Now validate the key:
    gpg --fingerprint 0x9E375519
    
    The return value should be something like:
    pub   2048R/9E375519 2012-01-24 [expires: 2017-01-22]
          Key fingerprint = 5AC8 5C7F D3A6 94A7 52E5  4778 F9D9 273B 9E37 5519
    uid                  GMOC At GlobalNOC <gmoc@grnoc.iu.edu>
    sub   2048R/31977D79 2012-01-24 [expires: 2017-01-22]
    
    The value to check is the fingerprint: it should match:
    5AC8 5C7F D3A6 94A7 52E5  4778 F9D9 273B 9E37 5519
    
  3. Now generate a password file: Generate a new password for your organization, and save it on a single line as a text file. Password requirements: at least 12 characters (no unicode) , no spaces(or tabs) or ':'.
  1. Now we encrypt the file
    gpg -ea -r gmoc@grnoc.iu.edu $PASSWORD_FILE
    
    You are most likely going to get a warning like this:
    gpg: 31977D79: There is no assurance this key belongs to the named user
    
    pub  2048R/31977D79 2012-01-24 GMOC At GlobalNOC <gmoc@grnoc.iu.edu>
     Primary key fingerprint: 5AC8 5C7F D3A6 94A7 52E5  4778 F9D9 273B 9E37 5519
          Subkey fingerprint: CACD FC41 8A79 7E6A 981B  8AD1 EB15 4877 3197 7D79
    
    It is NOT certain that the key belongs to the person named
    in the user ID.  If you *really* know what you are doing,
    you may answer the next question with yes.
    
    Use this key anyway? (y/N)
    
    Say yes. A file named with the same name as the password file but with an appended '.asc' extension should have been created.

  1. Send the encrypted file (the one ending in .asc) to gmoc@grnoc.iu.edu. Please:
    • Use 'measurement api secret' as the subject of your message.
    • Include the exact name which you would like GMOC to use for your site in the body of the message. (If you have previously been submitting data to the GMOC dev site, this is the <site> name, including spelling and capitalization, which you used to identify yourself there.)

7.The GMOC will send you the production url. This is the url that should be placed on as the DestURL on the measumernt exporter config.