wiki:GENIMetaOps/SiteCredentials

Version 3 (modified by chaos@bbn.com, 11 years ago) (diff)

--

Follow this procedure to generate a site password for submission of monitoring data, and send that password in encrypted form to Camilo Viecco at GMOC for use with your monitoring data.

  1. Install GPG on you machine.
    1. For debian users: apt-get install gpg
    2. For ubuntu users: apt-get install gnupg
    3. For redhat users: yum install gpg
    4. For Mac Users get it from: http://macgpg.sourceforge.net/
    5. For windows users: http://www.gpg4win.org/download.html
  1. Now get Camilo Viecco's public gpg keys.
    gpg --keyserver pgp.mit.edu --recv-keys 0x3EC5EA42
    
  2. Now validate the key:
    gpg --fingerprint 0x3EC5EA42
    
    The return value should be something like:
       pub   1024D/3EC5EA42 2003-04-02
           Key fingerprint = 0781 10A0 44CC C441 594F  E5A9 858A 173E
    3EC5 EA42
       uid                  Camilo Viecco <cviecco@indiana.edu>
       sub   3072g/D63BFA6B 2003-04-02
    
    The value to check is the fingerprint: it should match:
    0781 10A0 44CC C441 594F  E5A9 858A 173E 3EC5 EA42
    
  3. Now generate a password file: Generate a new password for your organization, and save it on a single line as a text file. Password requirements: at least 12 characters (no unicode) , no spaces(or tabs) or ':'.
  1. Now we encrypt the file
    gpg -ea -r cviecco@indiana.edu $PASSWORD_FILE
    
    You are most likely going to get a warning like this:
    gpg: D63BFA6B: There is no assurance this key belongs to the named user
    pub  3072g/D63BFA6B 2003-04-02 Camilo Viecco <cviecco@indiana.edu>
     Primary key fingerprint: 0781 10A0 44CC C441 594F  E5A9 858A 173E
    3EC5 EA42
          Subkey fingerprint: 4543 9514 0EDD F4E8 08A0  9D95 A879 45D5
    D63B FA6B
    It is NOT certain that the key belongs to the person named
    in the user ID.  If you *really* know what you are doing,
    you may answer the next question with yes.
    Use this key anyway? (y/N)
    
    Say yes. A file named with the same name as the password file but with an appended '.asc' extension should have been created.

  1. Send the encrypted file (the one ending in .asc) to cviecco@grnoc.iu.edu. Please:
    • Use 'measurement api secret' as the subject of your message.
    • Include the exact name which you would like GMOC to use for your site in the body of the message. (If you have previously been submitting data to the GMOC dev site, this is the <site> name, including spelling and capitalization, which you used to identify yourself there.)
  1. Camilo Viecco will send you the production url. This is the url that should be placed on as the DestURL on the measumernt exporter config.