Changes between Version 5 and Version 6 of GENIMetaOps/SiteCredentials


Ignore:
Timestamp:
01/31/12 09:44:08 (12 years ago)
Author:
mrmccrac@grnoc.iu.edu
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GENIMetaOps/SiteCredentials

    v5 v6  
    1 We are currently in the process of revising the procedure of setting up site credentials to use for the submission of monitoring data.[[BR]]
    2 [[BR]]
    3 In the mean time, please email [mailto:gmoc@grnoc.iu.edu gmoc@grnoc.iu.edu] to initiate the access request.
     1Follow this procedure to generate a site password for submission of monitoring data, and send that password in encrypted form to the GMOC for use with your monitoring data.
     2
     3 1. Install GPG on you machine.
     4   a. For debian users: `apt-get install gpg`
     5   b. For ubuntu users: `apt-get install gnupg`
     6   c. For redhat users: `yum install gpg`
     7   d. For Mac Users get it from:  `http://macgpg.sourceforge.net/`
     8   e. For windows users: `http://www.gpg4win.org/download.html`
     9
     10 2. Now get the GMOC public gpg key.
     11{{{
     12gpg --keyserver pgp.mit.edu --recv-keys 0x9E375519
     13}}}
     14 3. Now validate the key:
     15{{{
     16gpg --fingerprint 0x9E375519
     17}}}
     18   The return value should be something like:
     19{{{
     20pub   2048R/9E375519 2012-01-24 [expires: 2017-01-22]
     21      Key fingerprint = 5AC8 5C7F D3A6 94A7 52E5  4778 F9D9 273B 9E37 5519
     22uid                  GMOC At GlobalNOC <gmoc@grnoc.iu.edu>
     23sub   2048R/31977D79 2012-01-24 [expires: 2017-01-22]
     24}}}
     25 The value to check is the fingerprint: it should match:
     26{{{
     275AC8 5C7F D3A6 94A7 52E5  4778 F9D9 273B 9E37 5519
     28}}}
     29 4. Now generate a password file: Generate a new password for your organization, and save it on a single line as a text file.  Password requirements: at least 12 characters (no unicode) , no spaces(or tabs) or ':'.
     30
     31 5. Now we encrypt the file
     32{{{
     33gpg -ea -r gmoc@grnoc.iu.edu $PASSWORD_FILE
     34}}}
     35 You are most likely going to get a warning  like this:
     36{{{
     37gpg: 31977D79: There is no assurance this key belongs to the named user
     38
     39pub  2048R/31977D79 2012-01-24 GMOC At GlobalNOC <gmoc@grnoc.iu.edu>
     40 Primary key fingerprint: 5AC8 5C7F D3A6 94A7 52E5  4778 F9D9 273B 9E37 5519
     41      Subkey fingerprint: CACD FC41 8A79 7E6A 981B  8AD1 EB15 4877 3197 7D79
     42
     43It is NOT certain that the key belongs to the person named
     44in the user ID.  If you *really* know what you are doing,
     45you may answer the next question with yes.
     46
     47Use this key anyway? (y/N)
     48}}}
     49 Say yes. A file named with the same name as the password file but with an appended '.asc' extension should have been created. 
     50 
     51 6. Send the encrypted file (the one ending in .asc) to gmoc@grnoc.iu.edu. Please:
     52   * Use 'measurement api secret' as the subject of your message.
     53   * Include the exact name which you would like GMOC to use for your site in the body of the message.  (If you have previously been submitting data to the GMOC dev site, this is the `<site>` name, including spelling and capitalization, which you used to identify yourself there.)
     54
     55 7.The GMOC will send you the production url. This is the url that should be placed on as the DestURL on the measumernt exporter config.